March 19, 2024

Expert Panel Report: A New Governance Model for Communications Security?

Today, the vulnerable state of electronic communications security dominates headlines across the globe, while surveillance, money and power increasingly permeate the ‘cybersecurity’ policy arena. With the stakes so high, how should communications security be regulated? Deirdre Mulligan (UC Berkeley), Ashkan Soltani (independent, Washington Post), Ian Brown (Oxford) and Michel van Eeten (TU Delft) weighed in on […]

Encryption as protest

As a computer scientist who studies Privacy-Enhancing Technologies, I remember my surprise when I first learned that some groups of people view and use them very differently than I’m used to. In computer science, PETs are used for protecting anonymity or confidentiality, often via application of cryptography, and are intended to be bullet-proof against an […]

Why King George III Can Encrypt

[This is a guest post by Wenley Tong, Sebastian Gold, Samuel Gichohi, Mihai Roman, and Jonathan Frankle, undergraduates in the Privacy Technologies seminar that I offered for the second time in Spring 2014. They did an excellent class project on the usability of email encryption.] PGP and similar email encryption standards have existed since the early […]

Engineering an insider-attack-resistant email system and why you wouldn't want to use it

Earlier this week, Felten made the observation that the government eavesdropping on Lavabit could be considered as an insider attack against Lavabit users. This leads to the obvious question: how might we design an email system that’s resistant to such an attack? The sad answer is that we’ve had this technology for decades but it […]

NSA Apparently Undermining Standards, Security, Confidence

The big NSA revelation of last week was that the agency’s multifaceted strategy to read encrypted Internet traffic is generally successful. The story, from the New York Times and ProPublica, described NSA strategies ranging from the predictable—exploiting implementation flaws in some popular crypto products; to the widely-suspected but disappointing—inducing companies to insert backdoors into products; […]