November 26, 2024

RSA doesn't quite deny undermining customers' crypto

Reuters reported on Saturday that the NSA had secretly paid RSA Data Security $10 million to make a certain flawed algorithm the default in RSA’s BSAFE crypto toolkit, which many companies relied on. RSA issued a vehement but artfully worded quasi-denial. Let’s look at the story, and RSA’s denial.

Software backdoors and the White House NSA panel report

Yesterday the five-member panel appointed by the President to review “Intelligence and Communications Technologies” issued its report. The report is serious and substantial, and makes 46 specific recommendations for change. I expect to have a lot to say about the report and its aftermath, but for today I want to focus on one small aspect: […]

Judge Leon explains why the NSA uses everyone's metadata

There are many interesting things to discuss in Judge Leon’s opinion from yesterday, finding the NSA’s phone metadata program likely unconstitutional. In this post, I’ll focus on an interesting bit of computer science in the judge’s ruling, and I’ll explain why the judge’s computer science argument is actually more powerful than he realized.

How to protect yourself against NSA tracking

Jonathan Mayer and I have a new piece in Slate about how the NSA piggybacks on the web tracking activities of advertisers and other services. Essentially, the trackers tag computers and smartphones with unique tracking IDs that are attached to web requests, and the NSA uses those tracking IDs to follow users. I wrote last […]

The Politics of the EU Court Data Retention Opinion: End to Mass Surveillance?

The Wall Street Journal headlines: “EU Court Opinion: Data Retention Directive Incompatible With Fundamental Rights”. The Opinion is strong, but in fact not yet an outright victory to privacy and civil liberties. The jury is out: the Opinion is a non-binding, but influential advice to the E.U. Court, that will deliver its final judgment come […]