Researchers find mountains of sensitive data on totalled Teslas in junkyards

Teslas are incredibly data-hungry, storing massive troves of data about their owners, including videos of crashes, location history, contacts and calendar entries from paired phones, photos of the driver and passengers taken with interior cameras, and other data; this data is stored without encryption, and it is not always clear when Teslas are gathering data, and the only way to comprehensively switch off data-gathering also de-activates over-the-air software updates for the cars, which have historically shipped with limited or buggy features that needed the over-the-air updates to fix them.

A bipartisan, GOP-led voting machine security bill that would actually fix vulnerabilities in US elections

The Secure Elections Act is a bipartisan Senate bill with six co-sponsors that reads like a security researcher's wish-list for voting machine reforms. Specifically, it reads like Matt Blaze's wishlist, hewing closely to the excellent recommendations laid out in his testimony to the House of Representatives' Committee on Oversight and Government Reform Subcommittee on Information Technology and Subcommittee on Intergovernmental Affairs Hearing on Cybersecurity, recounting his experiences as a security researcher and as the founder of Defcon's Vote Hacking Village.

Chelsea Manning: we're spied on all the time, and the state still can't figure out who we are

Chelsea Manning spent seven years in federal prison for blowing the whistle on illegal actions by the US in Iraq and around the world; while imprisoned, she transitioned her gender and changed her name, and, on her release, found herself unpersoned, unable to identify herself to the satisfaction of the state, despite being one of the most famous people in America and despite the state's unquenchable thirst for our personal data (and her's especially).

The DoJ is using a boring procedure to secure the right to unleash malware on the internet

The upcoming Rule 41 modifications to US Criminal Justice procedure underway at the Department of Justice will let the FBI hack computers in secret, with impunity, using dangerous tools that are off-limits to independent scrutiny — all without Congressional approval and all at a moment at which America needs its law-enforcement community to be strengthening the nation's computers, not hoarding and weaponizing defects that put us all at risk.

Elsevier buys SSRN

Elsevier is one of the world's largest scholarly publishers and one of the most bitter enemies that open access publishing has; SSRN is one of the biggest open access scholarly publishing repositories in the world: what could possibly go wrong?

Clapper's ban on talking about leaks makes life difficult for crypto profs with cleared students

When James Clapper banned intelligence agency employees from discussing or acknowledging the existence of leaked docs (including the Snowden docs), he made life very hard for university professors like Matt Blaze, a security expert whose classes often have students with security clearance. — Read the rest

How the American phone companies used to feel about privacy

Back in 2008, Matt Blaze put the push for immunity for telcos that participated in GW Bush's illegal wiretapping program in context: "As someone who began his professional career in the Bell System (and who stayed around through several of its successors), the push for telco immunity represents an especially bitter disillusionment for me. — Read the rest

Airport security and architecture

Matt Blaze has a great piece on the architecture of airport security — not enough seating to put your shoes back on, conveyors that aren't the same heights as the tables that feed them. I keep thinking about how the security system is designed for an octopus: what else could hold a boarding card, a pair of shoes, a jacket, a laptop, a freedom baggie, ID, and a carry-on bag? — Read the rest

Study reveals security holes for evading wiretaps

In the NYT, John Markoff and John Schwartz report:

The technology used for decades by law enforcement agents to wiretap telephones has a security flaw that allows the person being wiretapped to stop the recorder remotely, according to research by computer security experts who studied the system.

Read the rest