For me, the most under-reported, under-appreciated element of the Snowden leaks is the BULLRUN/EDGEHILL program, through which the NSA and GCHQ spend $250,000,000/year sabotaging information security. In a great Wired story, Andy Greenberg analyzes former NSA chief Keith Alexander's defense of the stockpiling of vulnerabilities to attack "bad guys." There is no delusion more deadly than the idea that spies will make us more secure by weakening our computers' security to make it easier to spy on us.
Last December, a group of advisers to the White House issued a report to President Obama calling on him to rein-in the intelligence community’s use of so-called zero-day vulnerabilities–newly discovered hackable software bugs for which there exist no patch. The group went on to propose that zero-days only be used sparingly for “high priority intelligence collection,” and that those uses must be approved by a “senior-level, interagency approval process.”
“In almost all instances, for widely used code, it is in the national interest to eliminate software vulnerabilities rather than to use them for US intelligence collection,” the report reads. “Eliminating the vulnerabilities–’patching’ them–strengthens the security of U.S. Government, critical infrastructure, and other computer systems.”
Obama’s response to his advisers’ review, however, added a major loophole, allowing any zero-day vulnerabilities to be exploited if they have a “clear national security or law enforcement” application.
Former NSA Chief Defends Stockpiling Software Flaws for Spying [Andy Greenberg/Wired]
Image: Commander Keith Alexander on the bridge, DonkeyHotey, CC-BY-SA)
One of UK Prime Minister Theresa May’s government ministers told a reporter from The Sun that the government is planning on invoking the “Technical Capabilities Orders” section of the Snoopers Charter, a 2016 domestic spying bill; the “orders” allow the government to demand that companies cease using working cryptography in their products and services, substituting […]
The TSA will be testing out expanded screening for carry-on electronics larger than a phone and certain food items at selected airports around the country. The new rules come just two days after a major terrorist attack in Manchester, UK, and stepped-up security in response. The TSA says they’re “testing security screening procedures for carry-on […]
1Password has taken Maciej Cegłowski’s demand for a “travel mode” for our technology to heart, introducing a new feature that locks you out of your own accounts when you’re in situations where you might lose control of your devices or be compelled to log into your accounts without your consent.
Boasting an IPX6 waterproof rating, the Trakk Bullet Ultra Compact Waterproof Bluetooth Speaker resists dust and heavy rainfall. It’s currently available in the Boing Boing Store.The Trakk Bullet offers the same wireless convenience as other portable speakers, but few are built as tough as this one. Its utilitarian construction is designed to be a totally low-maintenance […]
The Ticwatch 2 Active Smartwatch is a simpler take on an active wearable that raised over $2m dollars on Kickstarter and is currently offered in the Boing Boing Store.Somewhere in between the single-day battery life and platform-specificity of the Apple Watch and Android Wear devices, there exists the Ticwatch. Instead of trying to shoehorn another […]
Loot Crate is a subscription service that delivers a box of curated pop culture goods to your doorstep. To sample their geeky wares, you can order a single mystery box exclusively from the Boing Boing Store.Each month Loot Crate sends you 6-7 unique items and apparel, including collectibles, books, and t-shirts. Pulling inspiration from all […]