A critical flaw in Switzerland's e-voting system is a microcosm of everything wrong with e-voting, security practice, and auditing firms

Switzerland is about to have a national election with electronic voting, overseen by Swiss Post; e-voting is a terrible idea and the general consensus among security experts who don't work for e-voting vendors is that it shouldn't be attempted, but if you put out an RFP for magic beans, someone will always show up to sell you magic beans, whether or not magic beans exist. Read the rest

Using structured encryption to search protected photos in the cloud

In a recent presentation at the Real World Crypto symposium, researchers affiliated with Brown University and a startup called Pixek presented their work developing an app that encrypts photos at the moment they're taken and uploads them in encrypted form to a cloud server, in such a way that the keys remain on the user's device, meaning the service provider can't view the photos. Read the rest

Cryptpad: a free/open, end-to-end encrypted, zero-knowledge shared text editor

Tools like Etherpad and Google Docs are transformative ways to collaborate on text (including code); I've used them in contexts as varied as making unofficial transcripts of statements at UN agencies to liveblogging conference presentations -- but they all share a weakness, which is that whomever owns the document server can see everything you're typing. Read the rest

Snowden: Dropbox is an NSA surveillance target, use Spideroak instead

A remarkable moment from last night's remarkable Snowden video from the Guardian. Read the rest