USRowing, the governing body for the sport of rowing in the U.S., recently announced the discovery of likely fraud in one of its leadership elections. Further investigation into this region’s voting resulted in the determination that fraudulent ballots were cast in the Mid-Atlantic election that directly affected the outcome of the Mid-Atlantic Regional Director of […]
CALEA II: Risks of wiretap modifications to endpoints
May 16, 2013 by
Today I joined a group of twenty computer scientists in issuing a report criticizing an FBI plan to require makers of secure communication tools to redesign their systems to make wiretapping easy. We argue that the plan would endanger the security of U.S. users and the competitiveness of U.S. companies, without making it much harder […]
Design is a poor guide to authorization
May 13, 2013 by
James Grimmelmann has a great post on the ambiguity of the concept of “circumvention” in the law. He writes about the Computer Fraud and Abuse Act (CFAA) language banning “exceeding authorized access” to a system. There are, broadly speaking, two ways that a computer user could “exceed[] authorized access.” The computer’s owner could use words […]
Security Lessons from the Big DDoS Attacks
March 29, 2013 by
Last week saw news of new Distributed Denial of Service (DDoS) attacks. These may be the largest DDoS attacks ever, peaking at about 300 Gbps (that is, 300 billion bits per second) of traffic aimed at the target but, notwithstanding some of the breathless news coverage, these attacks are not vastly larger than anything before. […]
How the DMCA Chills Research
March 29, 2013 by
I have a new piece in Slate, on how the DMCA chills security research. In the piece, I tell three stories of DMCA threats against Alex Halderman and me, and talk about how Congress can fix the problem. “The Chilling Effects of the DMCA: The outdated copyright law doesn’t just hurt consumers—it cripples researchers.” “These […]
