April 24, 2014

avatar

Cookies that give you away: The surveillance implications of web tracking

[Today we have another announcement of an exciting new research paper. Undergraduate Dillon Reisman, for his senior thesis, applied our web measurement platform to study some timely questions. -Arvind Narayanan]

Over the past three months we’ve learnt that NSA uses third-party tracking cookies for surveillance (1, 2). These cookies, provided by a third-party advertising or analytics network (e.g. doubleclick.com, scorecardresearch.com), are ubiquitous on the web, and tag users’ browsers with unique pseudonymous IDs. In a new paper, we study just how big a privacy problem this is. We quantify what an observer can learn about a user’s web traffic by purely passively eavesdropping on the network, and arrive at surprising answers.
[Read more...]

avatar

Signing Mass Surveillance Declarations and Petitions: Should Academics Take a Stance?

Quite often, especially since the Snowden revelations began, tech policy academics will be approached by NGO’s and colleagues to sign petitions ‘to end mass surveillance’. It’s not always easy to decide whether you want to sign. If you’re an academic, you might want to consider co-signing one initiative launched today. [Read more...]

avatar

The Politics of the EU Court Data Retention Opinion: End to Mass Surveillance?

The Wall Street Journal headlines: “EU Court Opinion: Data Retention Directive Incompatible With Fundamental Rights”. The Opinion is strong, but in fact not yet an outright victory to privacy and civil liberties. The jury is out: the Opinion is a non-binding, but influential advice to the E.U. Court, that will deliver its final judgment come next spring. Now is a perfect moment to analyze the Opinion, as well as the institutional politics of the E.U. Court — critical in understanding the two-tier approach to surveillance and fundamental rights in Europe. The two-tier approach converges, after 60 years, when the E.U. accedes to the European Convention of Human Rights anytime soon. Amidst the Snowden revelations, these are the fundamental legal developments that will ultimately answer the question whether European law can end mass surveillance.

[Read more...]

avatar

NSA Strategy 2012-16: Outsourcing Compliance to Algorithms, and What to Do About It

Over the weekend, two new NSA documents revealed a confident NSA SIGINT strategy for the coming years and a vast increase of NSA-malware infected networks across the globe. The excellent reporting overlooked one crucial development: constitutional compliance will increasingly be outsourced to algorithms. Meaningful oversight of intelligence practises must address this, or face collateral constitutional damage. [Read more...]

avatar

The 2008 Liberty Case: An Authoritive Ruling on Snowden’s Disclosures

The other day, I was re-reading the 2008 Liberty vs. The United Kingdom ruling of the European Court of Human Rights (‘ECHR’). The case reads like any BREAKING / REVEALED news report on Edward Snowden’s disclosures, and will play a crucial role in the currently pending court cases in Europe on the legality of the surveillance programs. Liberty is also great material for comparing surveillance jurisprudence across the Atlantic.

[Read more...]

avatar

When an Ethnographer met Edward Snowden

If you talk about ‘metadata’, ‘big data’ and ‘Big Brother’ just as easily as you order a pizza, ethnography and anthropology are probably not your first points of reference. But the outcome of a recent encounter of ethnographer Tom Boellstorff and Edward Snowden (not IRL but IRP), is that tech policy wonks and researchers should be careful with their day to day vocabulary, as concepts carry politics of control and power.

[Read more...]

avatar

U.S. Citizenship and N.S.A. Surveillance – Legal Safeguard or Practical Backdoor?

The main takeaway of two recent disclosures around N.S.A. surveillance practices, is that Americans must re-think ‘U.S. citizenship’ as the guiding legal principle to protect against untargeted surveillance of their communications. Currently, U.S. citizens may get some comfort through the usual political discourse that ‘ordinary Americans’ are protected, and this is all about foreigners. In this post, I’ll argue that this is not the case, that the legal backdoor of U.S. Citizenship is real and that relying on U.S. citizenship for protection is not in America’s interests. As a new CITP Fellow and a first time contributor to this amazing blog, I’ll introduce myself and my research interests along the way.   [Read more...]

avatar

The Debian OpenSSL Bug: Backdoor or Security Accident?

On Monday, Ed wrote about Software Transparency, the idea that software is more resistant to intentional backdoors (and unintentional security vulnerabilities) if the process used to create it is transparent. Elements of software transparency include the availability of source code and the ability to read or contribute to a project’s issue tracker or internal developer discussion. He mentioned a case that I want to discuss in detail: in 2008, the Debian Project (a popular Linux distribution used for many web servers) announced that the pseudorandom number generator in Debian’s version of OpenSSL was broken and insecure.
[Read more...]

avatar

Software Transparency

Thanks to the recent NSA leaks, people are more worried than ever that their software might have backdoors. If you don’t believe that the software vendor can resist a backdoor request, the onus is on you to look for a backdoor. What you want is software transparency.

Transparency of this type is a much-touted advantage of open source software, so it’s natural to expect that the rise of backdoor fears will boost the popularity of open source code. [Read more...]