Submit a link Features Reviews Podcasts Video Forums More ▾

Podcast: If GCHQ wants to improve national security it must fix our technology

Here's a reading (MP3) of my latest Guardian column, If GCHQ wants to improve national security it must fix our technology where I try to convey the insanity of spy agencies that weaken Internet security in order to make it easier for them to spy on people, by comparing this to germ warfare.

Read the rest

Snowden at SXSW: immediate impressions


Yesterday at SXSW, Barton Gellman and I did a one-hour introductory Q&A before Edward Snowden's appearance. Right after Snowden and his colleagues from the ACLU wrapped up, I sat down and wrote up their event for The Guardian, who've just posted my impressions:

Read the rest

NSA Inside logo


(via Bruce Sterling)

Apropos of this.

FreeBSD won't use Intel & Via's hardware random number generators, believes NSA has compromised them

The maintainers of the security-conscious FreeBSD operating system have declared that they will no longer rely on the random number generators in Intel and Via's chips, on the grounds that the NSA likely has weakened these opaque hardware systems in order to ease surveillance. The decision is tied to the revelations of the BULLRUN/EDGEHILL programs, wherein the NSA and GCHQ spend $250M/year sabotaging security in standards, operating systems, software, and networks.

Read the rest

NSA net-security sabotage means the end of US Internet "stewardship"

Speaking at a presentation in DC, Bruce Schneier nailed the strategic cost of allowing the NSA to sabotage Internet security through BULLRUN: it has cost the US government all credibility as a contributor to Internet governance. The total depraved indifference to everyday Internet users displayed in the sabotage program means that the era of the US being seen as the best steward for the health and integrity of the net has come to a close. Cory 29

EFF: the NSA has endangered us all by sabotaging security

The Electronic Frontier Foundation's Cindy Cohn and Trevor Timm look at the NSA's Bullrun program, through which the US and UK governments have spent $250M/year sabotaging computer security. Cindy is the lawyer who argued the Bernstein case, which legalized civilian access to strong cryptography -- in other words, it's her work that gave us all the ability to communicate securely online. And so she's very well-situated to comment on what it means to learn that the NSA has deliberately weakened the security that ensures the integrity of the banking system, aviation control, embedded systems in everything from cars to implanted defibrillators, as well as network infrastructure, desktop computers, cloud servers, laptops, phones, tablets, TVs, and other devices.

Read the rest

Firsthand account of NSA sabotage of Internet security standards


On the Cryptography mailing list, John Gilmore (co-founder of pioneering ISP The Little Garden and the Electronic Frontier Foundation; early Sun employee; cypherpunk; significant contributor to GNU/Linux and its crypto suite; and all-round Internet superhero) describes his interactions with the NSA and several obvious NSA stooges on the IPSEC standardization working groups at the Internet Engineering Task Force. It's an anatomy of how the NSA worked to undermine and sabotage important security standards. For example, "NSA employees explicitly lied to standards committees, such as that for cellphone encryption, telling them that if they merely debated an actually-secure protocol, they would be violating the export control laws unless they excluded all foreigners from the room (in an international standards committee!)."

Read the rest