December 28, 2024

Predictions for 2013

After a year’s hiatus, our annual predictions post is back! As usual, these predictions reflect the results of brainstorming among many affiliates and friends of the blog, so you should not attribute any prediction to any individual (including me–I’m just the scribe). Without further ado, the tech policy predictions for 2013:

Turktrust Certificate Authority Errors Demonstrate The Risk of "Subordinate" Certificates

Update: More details have continued to come out, and I think that they generally support the less-paranoid version of events. There continues to be discussion on the mozilla.dev.security.policy list, Turktrust has given more details, and Mozilla has just opened up for public viewing their own detailed internal response documentation (including copies of all of the […]

You found a security hole. Now what?

The recent conviction of Andrew “Weev” Auernheimer for identity theft and conspiracy has renewed interest in the question of what researchers should do when they find security vulnerabilities in popular products. See, for example, Matt Blaze’s op-ed on how the research community views these matters, and Weev’s own response. Weev and associates discovered a flaw […]

Uncertified voting equipment

(Or, why doing the obvious thing to improve voter throughput in Harris County early voting would exacerbate a serious security vulnerability.) I voted today, using one of the many early voting centers in my county. I waited roughly 35 minutes before reaching a voting machine. Roughly 1/3 of the 40 voting machines at the location […]

Goodbye, Stanford. Hello, Princeton!

[Editor’s note: The Center for Information Technology Policy (CITP) is delighted to welcome Arvind Narayanan as an Assistant Professor in Computer Science, and an affiliated faculty member in CITP. Narayanan is a leading researcher in digital privacy, data anonymization, and technology policy. His work has been widely published, and includes a paper with CITP co-authors […]