Big Data should not be a faith-based initiative
Cory Doctorow summarizes the problem with the idea that sensitive personal information can be removed responsibly from big data: computer scientists are pretty sure that's impossible.
Cory Doctorow summarizes the problem with the idea that sensitive personal information can be removed responsibly from big data: computer scientists are pretty sure that's impossible.
The Trustycon folks have uploaded over seven hours' worth of talks from their event, an alternative to the RSA security conference founded by speakers who quit over RSA's collusion with the NSA. I've just watched Ed Felten's talk on "Redesigning NSA Programs to Protect Privacy" (starts at 6:32:33), an absolutely brilliant talk that blends a lucid discussion of statistics with practical computer science with crimefighting, all within a framework of respect for privacy, liberty and the US Bill of Rights. — Read the rest
A new set of leaked NSA slides from the Snowden trove was published in the Washington Post today, detailing NSA/GCHQ's use of Web cookies (including Google's PREF cookie) to uniquely identify people as they move around the Web, in order to target them and compromise them. — Read the rest
With admirable clarity and brevity, Princeton's Ed Felten explains why Lavabit's owner was right to design his email service to be resistant to court orders. The whole piece is good and important, but here's the takeaway: "At Lavabit, an employee, on receiving a court order, copies user data and gives it to an outside party—in this case, the government. — Read the rest
Popehat's Ken White (a former federal prosecutor) uses the arrest of alleged Silk Road founder Ross "Dread Pirate Roberts" Ulbricht to explain how the criminal justice system works, including the difference between a grand jury indictment and a criminal charge, and how to understand sentencing guidelines and "maximum possible sentences." — Read the rest
Princeton computer science profession Ed Felten has an excellent explanation of what it means to security to have the NSA actively sabotaging cryptographic standards and tools. As he points out, the least secure situation is to believe that you are secure when you are not — a car without breaks can be driven slowly and cautiously, if you know the brakes are shot. — Read the rest
Ed Felten comments on the news that MIT has moved to delay the release of the Secret Service files on Aaron Swartz:
— Read the restIt seems unlikely that MIT will find information redactable under FOIA that hasn't already been redacted by the Secret Service.
In an urgent, important blog post, computer scientist and security expert Ed Felten lays out the case against rules requiring manufacturers to put wiretapping backdoors in their communications tools. Since the early 1990s, manufacturers of telephone switching equipment have had to follow a US law called CALEA that says that phone switches have to have a deliberate back-door that cops can use to secretly listen in on phone calls without having to physically attach anything to them. — Read the rest
Ed Felten presents and argues for the idea of "accountable algorithms" for use in public life — that is, "output produced by a particular execution of the algorithm can be verified as correct after the fact by a skeptical member of the public." — Read the rest
Today, the FTC announced a settlement with Myspace, involving charges that the social networking service misrepresented how it protects users' personal data. The settlement "bars Myspace from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy assessments for the next 20 years." — Read the rest
Original research from Princeton's Joe Calandrino, Ed Felten and Will Clarkson show that machine analysis can make very accurate guesses about the identity of people who complete bubble-in forms — that is, there's something like a recognizable, individual "penmanship" for the small scribbles used to fill in the bubbles on machine-readable forms. — Read the rest
Last week, the master key for the HDCP DRM scheme — which prevents people from connecting unapproved monitors, recorders and switches to high-def players, computers and consoles — leaked. Using this key, it is now possible to make more flexible and cheaper high-def equipment (for example, high-def recorders that save unrestricted video-files). — Read the rest
Intel has confirmed that the rumored master key crack for HDCP (the high-definition video "copy protection" used in Blu-Ray, high def consoles, and many game consoles) is real. Blu-Ray and other systems that rely on HDCP are now terminally compromised.
— Read the restAs a practical matter, the most likely scenario for a hacker would be to create a computer chip with the master key embedded it, that could be used to decode Blu-ray discs.
Engadget reports that the master key that controls HDCP, the anti-copying system used to restrict the outputs of Blu-Ray boxes, set-top boxes, and many game systems, have been compromised and published. With these keys, knowledgeable users can make their own "source" and "sink" keys for devices that permit copying at full resolution — which means that you should be able to create a hard-drive-based recorder that you can plug into your Blu-Ray player and record shows in real-time. — Read the rest
J. Alex Halderman writes, "About four months ago, Ed Felten blogged about a research paper in which Hari Prasad, Rop Gonggrijp, and I detailed serious security flaws in India's electronic voting machines. Indian election authorities have repeatedly claimed that the machines are "tamperproof," but we demonstrated important vulnerabilities by studying a machine provided by an anonymous source. — Read the rest
One of the Electronic Frontier Foundation's founding principles was Mitch Kapor's aphorism, "Architecture is politics." The design of systems determines the kinds of politics that can take place in them, and designing a system is itself a political act. As part of EFF's ongoing 20th anniversary celebrations, it held a panel called "Architecture is policy" at Carnegie-Mellon, featuring Ed Felten, Dave Farber, Lorrie Cranor, John Buckman, and Cindy Cohn — all heavy hitters in their own right, and dynamite together. — Read the rest
Ed Felten from the Freedom to Tinker blog has written a post with Princeton senior Sauhard Sahi called Census of Files Available via BitTorrent. The survey takes a random sample of files available on a trackerless BitTorrent system. The article is full of caveats–discussion happening in the comments–but does dig into the likely copyright status of the works they found. — Read the rest
Rogue archivist Carl Malamud sez,
— Read the restWell, this is just very cool. I throw a few stones over the wall to official DC, but this time I want to send some roses in the front door.
The Government Printing Office and the Office of the Federal Register just announced they're making all the "Official Journals of Government" available for free in bulk.
A lot of copyfighters were mystified by the Associated Press's recent announcement (complete with a bonkers diagram straight off a bottle of Dr. Bronner's) that they had spent millions of dollars on a DRM system for news that would limit how you could paste the text you copied from your browser window. — Read the rest
The French "Three Strikes" law is back on — a law that can punish you for being accused of copyright infringement by cutting off your internet connection, fining you, and putting you in prison. It also criminalizes offering free internet access because pirates might use it. — Read the rest