In 2012, the Wall Street Journal first reported on a mysterious cellphone surveillance tool being used by law-enforcement; years later, we learned that the origin of this report was an obsessive jailhouse lawyer who didn't believe that the cops had caught him the way they said they had. Read the rest
ISPs in the UK are required to censor a wide swathe of content: what began as a strictly limited, opt-in ban on depictions of the sexual abuse of children has been steadily expanded to a mandatory ban on "extreme" pornography, "terrorist content," copyright and trademark infringement, and then there's the on-again/off-again ban on all porn sites unless they keep a record of the identity of each user and the porn they request.. Read the rest
The city council of Riviera Beach, Florida has voted unanimously to pay $600,000 to criminals who seized control of the city's computers through a ransomware attack, after three weeks of being locked out of the city systems (the city has also voted to spend $1m replacing its computers). Read the rest
Private Join and Compute is a new free/open Google tool that implements the longstanding cryptographic concept of "commutative encryption," which allows untrusted parties to merge their datasets without revealing their contents to one another, do mathematical work on the data, and learn the outcome of that work without either of them seeing the underlying data. Read the rest
Germany's Interior Minister Horst Seehofer -- a hardliner who has called for cameras at every "hot spot" in Germany -- has announced that he will seek a ban on working cryptography in Germany; he will insist that companies only supply insecure tools that have a backdoor that will allow the German state to decrypt messages and chats on demand. Read the rest
Last year the US Congress passed SESTA/FOSTA, an "anti-sex-trafficking bill" that has resulted in the shuttering of all the services formerly used by sex workers to vet their johns, massively increasing the personal physical risk borne by sex-workers and reinvigorating the dying pimping industry, as sex workers seek out protectors. Read the rest
Mark Zuckerberg's 3,000 word blog post about his plan to create a parallel set of Facebook services that contain long-overdue privacy protections has plenty to please both the regulators who are increasingly ready to fine the company billions and possibly even break it up, but also privacy advocates who will rightly cheer the announcement that the service will be increasing its end-to-end encryption offerings, only storing data in countries with good track records on human rights and the rule of law, and allowing users to mark some of their conversations as ephemeral, designed to be permanently deleted after a short while. Read the rest
ETS was originally called "Enterprise TLS," implying that it was an "enterprise-grade" version of TLS, the system used to secure internet sessions (if you visit a URL that starts with "https://", it's being protected with TLS). Read the rest
Remember Darkmatter, the UAE-based cybermercenaries who worked with the beltway bandit firm Cyberpoint to recruit ex-NSA spies to infiltrate and expose dissidents, journalists, even children who opposed the despotic regime in the Emirates? (Darkmatter is also one of the least-discriminating cybermercenary bands in the world, available to help torturers, murderers and thugs hang onto power by attacking opposition movements and letting the secret police know who to arrest, torture and kill). Read the rest
The news that Facebook had spent years paying teens to install a surveillance kit called "Facebook Research" had a key detail: as part of the program, Facebook had its users install a new "root certificate." Read the rest
Legendary cryptographer and security researcher Matt Blaze (previously) somehow acquired a key engraver and now he's "using it to engrave entirely serious labels on my keys that are not in any way ironic or confusing." Read the rest
The latest XKCD strip, "Sharing Options/#2016" is a brilliant and trenchant surfacing of the hidden rhetoric of social media, where your options are "permanently share with billions of people, including internet scammers, random predatory companies, and hostile foreign governments" or "a small set of 300 or so approved friends," and when this is questioned, the social media companies profess an inability to understand what other options could exist. Read the rest
Here's something to remember come the next Sysadmin Appreciation Day: Mexican drug lord El Chapo was only caught because his systems administrator flipped and started working for the feds, backdooring El Chapo's comms infrastructure and providing the cops with the decryption keys needed to eavesdrop on El Chapo's operations. Read the rest
When lawmakers and cops propose banning working cryptography (as they often do in the USA), or ban it outright (as they just did in Australia), they are long on talk about "responsible encryption" and the ability of sufficiently motivated technologists to "figure it out" and very short on how that might work -- but after many years, thanks to the UK's spy agency MI5, we have a detailed plan of what this system would look like, and it's called "ghost users." Read the rest
Here's my reading (MP3) of my Locus column, "What is the Internet For?" (which asks, "Is the internet a revolutionary technology?") and my short story for the fiftieth anniversary of Reason Magazine, Sole and Despotic Dominion, which builds on my 2015 Guardian column, If Dishwashers Were iPhones.
Your computer ships with a collection of trusted cryptographic certificates, called its "root of trust," which are consulted to verify things like SSL connections and software updates. Read the rest
My latest Locus Magazine column is What the Internet Is For: it describes the revolutionary principle (end-to-end communications) and technologies (general purpose computers, strong cryptography) that undergird the net, but also cautions that these are, themselves, not sufficient to revolutionize the world. Read the rest
