"ed felten"

Critical perspectives on the Singularity from eminent computer scientist Ed Felten

Princeton's Ed Felten (previously) is one of America's preeminent computer scientists, having done turns as CTO of the FTC and deputy CTO of the White House. Read the rest

A curiously incomplete history of the early years of DRM

Ernie Smith's Motherboard article on the early years of DRM gets into some fascinating stories about things like IBM's Cryptolope and Xerox PARC's Contentguard (which became a patent troll), Intertrust's belief that it is "developing the basis for a civil society in cyberspace" and the DeCSS fight. Read the rest

The 2016 elections taught us to watch for attacks that undermine the legitimacy of elections

Princeton computer scientist and former White House Deputy CTO Ed Felten (previously) writes about the security lessons of the 2016 election: first, that other nation-states are more aggressive than generally supposed, and second, that you don't need to hack the vote-totals to effect devastation on an adversary -- it's sufficient to undermine the election's legitimacy by messing with voter rolls, "so there is uncertainty about whether the correct people were allowed to vote." Read the rest

A taxonomy of algorithmic accountability

Eminent computer scientist Ed Felten has posted a short, extremely useful taxonomy of four ways that an algorithm can fail to be accountable to the people whose lives it affects: it can be protected by claims of confidentiality ("how it works is a trade secret"); by complexity ("you wouldn't understand how it works"); unreasonableness ("we consider factors supported by data, even when you there's no obvious correlation"); and injustice ("it seems impossible to explain how the algorithm is consistent with law or ethics"). Read the rest

The basics of crypto, in 4.5 pages, using only small words lawmakers can understand

Ed Felten (previously) -- copyfighter, Princeton computer scientist, former deputy CTO of the White House -- has published a four-and-a-half-page "primer for policymakers" on cryptography that explains how encryption for filesystems and encryption for messaging works, so they can be less ignorant. Read the rest

How security and privacy pros can help save the web from legal threats over vulnerability disclosure

I have a new op-ed in today's Privacy Tech, the in-house organ of the International Association of Privacy Professionals, about the risks to security and privacy from the World Wide Web Consortium's DRM project, and how privacy and security pros can help protect people who discover vulnerabilities in browsers from legal aggression. Read the rest

Today's jam: Embrace the Sun!

This morning's walk delivered a new jam, courtesy of the music in the latest Welcome to Nightvale "Weather" segment: Sifu Hotman's Embrace the Sun. Read the rest

Copyfighting, jailbreaking legend Ed Felten is the White House's new deputy CTO

He'll serve under the brilliant Megan Smith, the CTO. Read the rest

Yo! Your Honor! A Response to the Chief Justice

PACER is America's all-but-inaccessible public database of court records. Carl Malamud explains the problem—and the solution: you.

Cybersecurity czar is proud of his technical illiteracy

Michael Daniel thinks "being too down in the weeds at the technical level could actually be a little bit of a distraction"; Ed Felten counters, "Imagine reaction if White House economic advisor bragged about lack of economics knowledge, or Attorney General bragged about lack of legal expertise." Read the rest

Big Data should not be a faith-based initiative

Cory Doctorow summarizes the problem with the idea that sensitive personal information can be removed responsibly from big data: computer scientists are pretty sure that's impossible.

NSA uses Google's tracking cookies to target and "exploit" their subjects

A new set of leaked NSA slides from the Snowden trove was published in the Washington Post today, detailing NSA/GCHQ's use of Web cookies (including Google's PREF cookie) to uniquely identify people as they move around the Web, in order to target them and compromise them.

They also report on an NSA program called HAPPYFOOT that uses mobile phones to do very fine-grained tracking of targets.

Ed Felten, an eminent computer scientist and security researcher, has written a lengthy comment on the disclosures, exploring the different options companies have if they want to safeguard their tracking cookies from being hijacked by the NSA. His primary recommendation is that these cookies should only be sent over SSL. Read the rest

Why email services should be court-order resistant

With admirable clarity and brevity, Princeton's Ed Felten explains why Lavabit's owner was right to design his email service to be resistant to court orders. The whole piece is good and important, but here's the takeaway: "At Lavabit, an employee, on receiving a court order, copies user data and gives it to an outside party—in this case, the government. Meanwhile, over at Guavabit, an employee, on receiving a bribe or extortion threat from a drug cartel, copies user data and gives it to an outside party—in this case, the drug cartel.

From a purely technological standpoint, these two scenarios are exactly the same."

As Felten goes on to point out, insider attacks are brutal -- just look at what happened to the NSA when insider Edward Snowden decided to go after it. Read the rest

What NSA sabotage does to security

Princeton computer science profession Ed Felten has an excellent explanation of what it means to security to have the NSA actively sabotaging cryptographic standards and tools. As he points out, the least secure situation is to believe that you are secure when you are not -- a car without breaks can be driven slowly and cautiously, if you know the brakes are shot. But if you don't know the brakes are out, you're likely to discover the fact the hard way. Read the rest

MIT and Aaron Swartz's Secret Service files: what has MIT got to hide?

Ed Felten comments on the news that MIT has moved to delay the release of the Secret Service files on Aaron Swartz:

It seems unlikely that MIT will find information redactable under FOIA that hasn’t already been redacted by the Secret Service.

But there are two things that MIT’s filing will more likely achieve. First, it will delay the disclosure of facts about MIT’s role in the Swartz investigation. Second, it will help MIT prepare its public-relations response to whatever is in the documents.

Read the rest

Computer scientists to FBI: don't require all our devices to have backdoors for spies

In an urgent, important blog post, computer scientist and security expert Ed Felten lays out the case against rules requiring manufacturers to put wiretapping backdoors in their communications tools. Since the early 1990s, manufacturers of telephone switching equipment have had to follow a US law called CALEA that says that phone switches have to have a deliberate back-door that cops can use to secretly listen in on phone calls without having to physically attach anything to them. This has already been a huge security problem -- through much of the 1990s, AT&T's CALEA controls went through a Solaris machine that was thoroughly compromised by hackers, meaning that criminals could listen in on any call; during the 2005/6 Olympic bid, spies used the CALEA backdoors on the Greek phone company's switches to listen in on the highest levels of government.

But now, thanks to the widespread adoption of cryptographically secured messaging services, law enforcement is finding that its CALEA backdoors are of declining utility -- it doesn't matter if you can intercept someone else's phone calls or network traffic if the data you're captured is unbreakably scrambled. In response, the FBI has floated the idea of "CALEA II": a mandate to put wiretapping capabilities in computers, phones, and software.

As Felten points out, this is a terrible idea. If your phone is designed to secretly record you or stream video, location data, and messages to an adverse party, and to stop you from discovering that it's doing this, it puts you at huge risk when that facility is hijacked by criminals. Read the rest

An accountable algorithm for running a secure random checkpoint

Ed Felten presents and argues for the idea of "accountable algorithms" for use in public life -- that is, "output produced by a particular execution of the algorithm can be verified as correct after the fact by a skeptical member of the public."

He gives a great example of how to run a securely random TSA checkpoint where, at the end of each day, the public can open a sealed envelope and verify that the TSA was using a truly fair random selection method, and not just picking people they didn't like the look of:

Now we can create our accountable selection method. First thing in the morning, before the security checkpoint opens, the TSA picks a random value R and commits it. Now the TSA knows R but the public doesn’t. Immediately thereafter, TSA officials roll dice, in public view, to generate another random value S. Now the TSA adds R+S and makes that sum the key K for the day.

Now, when you arrive at the checkpoint, you announce your name N, and the TSA uses the selection function to compute S(K, N). The TSA announces the result, and if it’s “yes,” then you get searched. You can’t anticipate whether you’ll be searched, because that depends on the key K, which depends on the TSA’s secret value R, which you don’t know.

At the end of the day, the TSA opens its commitment to R. Now you can verify that the TSA followed the algorithm correctly in deciding whether to search you.

Read the rest

Next page