"ed felten"

Critical perspectives on the Singularity from eminent computer scientist Ed Felten

Princeton's Ed Felten (previously) is one of America's preeminent computer scientists, having done turns as CTO of the FTC and deputy CTO of the White House. Read the rest

A curiously incomplete history of the early years of DRM

Ernie Smith's Motherboard article on the early years of DRM gets into some fascinating stories about things like IBM's Cryptolope and Xerox PARC's Contentguard (which became a patent troll), Intertrust's belief that it is "developing the basis for a civil society in cyberspace" and the DeCSS fight. Read the rest

The 2016 elections taught us to watch for attacks that undermine the legitimacy of elections

Princeton computer scientist and former White House Deputy CTO Ed Felten (previously) writes about the security lessons of the 2016 election: first, that other nation-states are more aggressive than generally supposed, and second, that you don't need to hack the vote-totals to effect devastation on an adversary -- it's sufficient to undermine the election's legitimacy by messing with voter rolls, "so there is uncertainty about whether the correct people were allowed to vote." Read the rest

A taxonomy of algorithmic accountability

Eminent computer scientist Ed Felten has posted a short, extremely useful taxonomy of four ways that an algorithm can fail to be accountable to the people whose lives it affects: it can be protected by claims of confidentiality ("how it works is a trade secret"); by complexity ("you wouldn't understand how it works"); unreasonableness ("we consider factors supported by data, even when you there's no obvious correlation"); and injustice ("it seems impossible to explain how the algorithm is consistent with law or ethics"). Read the rest

The basics of crypto, in 4.5 pages, using only small words lawmakers can understand

Ed Felten (previously) -- copyfighter, Princeton computer scientist, former deputy CTO of the White House -- has published a four-and-a-half-page "primer for policymakers" on cryptography that explains how encryption for filesystems and encryption for messaging works, so they can be less ignorant. Read the rest

If the 2016 election is hacked, it's because no one listened to these people

Ever since the Supreme Court ordered the nation's voting authorities to get their act together in 2002 in the wake of Bush v Gore, tech companies have been flogging touchscreen voting machines to willing buyers across the country, while a cadre computer scientists trained in Ed Felten's labs at Princeton have shown again and again and again and again that these machines are absolutely unfit for purpose, are trivial to hack, and endanger the US election system. Read the rest

How security and privacy pros can help save the web from legal threats over vulnerability disclosure

I have a new op-ed in today's Privacy Tech, the in-house organ of the International Association of Privacy Professionals, about the risks to security and privacy from the World Wide Web Consortium's DRM project, and how privacy and security pros can help protect people who discover vulnerabilities in browsers from legal aggression. Read the rest

Did the FBI pay Carnegie Mellon $1 million to identify and attack Tor users?

Documents published by Vice News: Motherboard and further reporting by Wired News suggest that a team of researchers from Carnegie Mellon University who canceled their scheduled 2015 BlackHat talk identified Tor hidden servers and visitors, and turned that data over to the FBI.

No matter who the researchers and which institution, it sounds like a serious ethical breach.

First, from VICE, a report which didn't name CMU but revealed that a U.S. University helped the FBI bust Silk Road 2, and suspects in child pornography cases:

An academic institution has been providing information to the FBI that led to the identification of criminal suspects on the dark web, according to court documents reviewed by Motherboard. Those suspects include a staff member of the now-defunct Silk Road 2.0 drug marketplace, and a man charged with possession of child pornography.

It raises questions about the role that academics are playing in the continued crackdown on dark web crime, as well as the fairness of the trials of each suspect, as crucial discovery evidence has allegedly been withheld from both defendants.

Here's a screenshot of the relevant portion of one of the court Documents that Motherboard/Vice News published:

Later today, a followup from Wired about discussion that points the finger directly at CMU:

The Tor Project on Wednesday afternoon sent WIRED a statement from its director Roger Dingledine directly accusing Carnegie Mellon of providing its Tor-breaking research in secret to the FBI in exchange for a payment of “at least $1 million.” And while Carnegie Mellon’s attack had been rumored to have been used in takedowns of dark web drug markets that used Tor’s “hidden service” features to obscure their servers and administrators, Dingledine writes that the researchers’ dragnet was larger, affecting innocent users, too.

Read the rest

Today's jam: Embrace the Sun!

This morning's walk delivered a new jam, courtesy of the music in the latest Welcome to Nightvale "Weather" segment: Sifu Hotman's Embrace the Sun. Read the rest

Copyfighting, jailbreaking legend Ed Felten is the White House's new deputy CTO

He'll serve under the brilliant Megan Smith, the CTO. Read the rest

Yo! Your Honor! A Response to the Chief Justice

PACER is America's all-but-inaccessible public database of court records. Carl Malamud explains the problem—and the solution: you.

Cybersecurity czar is proud of his technical illiteracy

Michael Daniel thinks "being too down in the weeds at the technical level could actually be a little bit of a distraction"; Ed Felten counters, "Imagine reaction if White House economic advisor bragged about lack of economics knowledge, or Attorney General bragged about lack of legal expertise." Read the rest

Big Data should not be a faith-based initiative

Cory Doctorow summarizes the problem with the idea that sensitive personal information can be removed responsibly from big data: computer scientists are pretty sure that's impossible.

Trustycon: how to redesign NSA surveillance to catch more criminals and spy on a lot fewer people

The Trustycon folks have uploaded over seven hours' worth of talks from their event, an alternative to the RSA security conference founded by speakers who quit over RSA's collusion with the NSA. I've just watched Ed Felten's talk on "Redesigning NSA Programs to Protect Privacy" (starts at 6:32:33), an absolutely brilliant talk that blends a lucid discussion of statistics with practical computer science with crimefighting, all within a framework of respect for privacy, liberty and the US Bill of Rights.

Felten's talk lays out how the NSA's mass-collection program works, what its theoretical basis is for finding terrorists in all that data, and then explains how this is an incredibly inefficient and risky and expensive way of actually fighting crime. Then he goes on to propose an elegant alternative that gets better intelligence while massively reducing the degree of surveillance and the risk of disclosure.

I'm using Vid to MP3 to convert the whole seven hours' worth of talks to audio and plan on listening to them over the next couple of days.

Update: Here's that MP3 -- it's about 1GB. Thanks to the Internet Archive for hosting it!

TrustyCon - Live from San Francisco Read the rest

NSA uses Google's tracking cookies to target and "exploit" their subjects

A new set of leaked NSA slides from the Snowden trove was published in the Washington Post today, detailing NSA/GCHQ's use of Web cookies (including Google's PREF cookie) to uniquely identify people as they move around the Web, in order to target them and compromise them.

They also report on an NSA program called HAPPYFOOT that uses mobile phones to do very fine-grained tracking of targets.

Ed Felten, an eminent computer scientist and security researcher, has written a lengthy comment on the disclosures, exploring the different options companies have if they want to safeguard their tracking cookies from being hijacked by the NSA. His primary recommendation is that these cookies should only be sent over SSL. Read the rest

Why email services should be court-order resistant

With admirable clarity and brevity, Princeton's Ed Felten explains why Lavabit's owner was right to design his email service to be resistant to court orders. The whole piece is good and important, but here's the takeaway: "At Lavabit, an employee, on receiving a court order, copies user data and gives it to an outside party—in this case, the government. Meanwhile, over at Guavabit, an employee, on receiving a bribe or extortion threat from a drug cartel, copies user data and gives it to an outside party—in this case, the drug cartel. From a purely technological standpoint, these two scenarios are exactly the same."

As Felten goes on to point out, insider attacks are brutal -- just look at what happened to the NSA when insider Edward Snowden decided to go after it. Read the rest

Silk Road prosecution: how does the US criminal justice system actually work?

Popehat's Ken White (a former federal prosecutor) uses the arrest of alleged Silk Road founder Ross "Dread Pirate Roberts" Ulbricht to explain how the criminal justice system works, including the difference between a grand jury indictment and a criminal charge, and how to understand sentencing guidelines and "maximum possible sentences." It's a great way to use current events to deepen your understanding of important, complicated systems.

If you enjoy that, you should also check out Ed Felten's post that contrasts the Silk Road story with the shut down of Lavabit to explore how crypto does -- and doesn't -- change the criminal justice system. Read the rest

Next page