Eleanor Saitta's (previously) 2016 essay "Coercion-Resistant Design" (which is new to me) is an excellent introduction to the technical countermeasures that systems designers can employ to defeat non-technical, legal attacks: for example, the threat of prison if you don't back-door your product. Read the rest

SpiderOak is a cloud backup service with a warrant canary: a formal statement that assured users that the company and its operators had never been made to secretly cooperate with the government, law enforcement or other surveilling authority. The canary reportedly disappeared this weekend, then reappeared, along with a statement saying it was being replaced by a "transparency report."

We just released our most recent transparency report, available at https://t.co/c09TN6WC6I. This will replace our #warrantcanary. The final version of the canary is available at https://t.co/VPzkLXDkWh. The transparency report will be updated every six months.

— SpiderOak (@SpiderOak) August 3, 2018

Don't be mad at the company! The canary worked exactly as it was supposed to. Read the rest

Even before he took the job of Chief Security Officer of Yahoo, Alex Stamos had a reputation for being a badass: a thoughtful security ethicist who served as an expert witness in defense of Aaron Swartz, Stamos cemented his reputation by publicly humiliating the director of the NSA over mass surveillance. Read the rest

In early 2015, Reddit published a transparency report that contained heading for National Security Requests, noting, "As of January 29, 2015, reddit has never received a National Security Letter, an order under the Foreign Intelligence Surveillance Act, or any other classified request for user information." Read the rest

EFF, Mozilla and pals are launching Let's Encrypt, an all-free certificate authority, in September -- but they've released a transparency report months in advance. Read the rest

The exceptionally broad new surveillance bill lets the government do nearly unlimited warrantless mass surveillance, even of lawyer-client privileged communications, and bans warrant canaries, making it an offense to "disclose information about the existence or non-existence" of a warrant to spy on journalists. Read the rest

When the anonymous authors of the Truecrypt security tool mysteriously yanked their software last month, there was widespread suspicion that they had been ordered by the NSA to secretly compromise their software. A close look at the cryptic message they left behind suggests that they may have encoded a secret clue in the initials of each word of the sentence ("Using TrueCrypt is not secure as it may contain unfixed security issues"), the Latin phrase "uti nsa im cu si" which some claim can be translated as a warning that the NSA had pwned Truecrypt. Read the rest