When lawmakers and cops propose banning working cryptography (as they often do in the USA), or ban it outright (as they just did in Australia), they are long on talk about "responsible encryption" and the ability of sufficiently motivated technologists to "figure it out" and very short on how that might work -- but after many years, thanks to the UK's spy agency MI5, we have a detailed plan of what this system would look like, and it's called "ghost users."
Read the rest
I have a lot of respect for ex-Microsoft Chief Software Architect Ray Ozzie, but when I saw that he'd taken to promoting a Clipper-Chip-style key escrow system, I was disheartened -- I'm a pretty keen observer of these proposals and have spent a lot of time having their problems explained to me by some of the world's leading cryptographers, and this one seemed like it had the same problems as all of those dead letters.
Read the rest
Saleem Rashid is a 15 year old self-taught British programmer who discovered a fatal defect in the Ledger Nano S, an offline cryptocurrency wallet that is marketed as being "tamper-proof."
Read the rest
Ontario Judge Bernd Zabel displayed contempt for his position and its political impartiality by showing up for work the day after the US election in a Donald Trump "Make America Great Again" hat, which he wore, and then perched on his bench. Read the rest
In July, the Electronic Frontier Foundation filed a federal lawsuit on behalf of Dr Matthew Green, a Johns Hopkins Information Security Institute Assistant Professor of Computer Science; now the US government has asked a court to dismiss Dr Green's claims. A brief from EFF explains what's at stake here: the right of security experts to tell us which computers are vulnerable to attack, and how to make them better. Read the rest
The Electronic Frontier Foundation has just filed a lawsuit that challenges the Constitutionality of Section 1201 of the DMCA, the "Digital Rights Management" provision of the law, a notoriously overbroad law that bans activities that bypass or weaken copyright access-control systems, including reconfiguring software-enabled devices (making sure your IoT light-socket will accept third-party lightbulbs; tapping into diagnostic info in your car or tractor to allow an independent party to repair it) and reporting security vulnerabilities in these devices. Read the rest
As part of its big iPhone/iPad launch event today in Cupertino, Apple also released a software update that fixes a flaw which made it possible for iCloud-stored images or video sent via iMessage to be decrypted by third parties. Today's iOS update also adds a number of cool new features. Read the rest
A paper from some of the most important names in crypto/security history scorchingly condemns plans by the US and UK governments to ban "strong" (e.g. "working") crypto. Read the rest
Matthew Green's got an excellent postmortem on the huge dump of NSA docs Der Spiegel last weekend. Read the rest
Leaked Snowden documents published by Laura Poitras and Peter Maass in The Intercept describe the NSA's SENTRY EAGLE program describe six programs aimed at weakening the capacity of people all over the world to communicate in private. Read the rest
The abrupt announcement that the widely used, anonymously authored disk-encryption tool Truecrypt is insecure and will no longer be maintained shocked the crypto world--after all, this was the tool Edward Snowden himself lectured on at a Cryptoparty in Hawai'i. Cory Doctorow tries to make sense of it all.
Joe Menn at Reuters: "A major flaw in Apple Inc software for mobile devices could allow hackers to intercept email and other communications that are meant to be encrypted, the company said on Friday, and experts said Mac computers were even more exposed." There's an OS update.
How bad is it?
"It's as bad as you could imagine, that's all I can say," said Johns Hopkins University cryptography professor Matthew Green. Read the rest
Matthew Green, for The New Yorker:, reports on the challenge of consumer cryptography.
The Justice Department did decide to back off, handing [PGP creator] Zimmermann and his fellow pro-cryptography activists, or “cypherpunks,” what appeared to be an overwhelming political and legal victory. But it turned out to be somewhat hollow: the government had given up partly because it realized that encryption wasn’t going mainstream at all. The main reason for this is as sad as it is simple: encrypting e-mail is just hard.
Times change, though, don't they? Read the rest