The main takeaway of two recent disclosures around N.S.A. surveillance practices, is that Americans must re-think ‘U.S. citizenship’ as the guiding legal principle to protect against untargeted surveillance of their communications. Currently, U.S. citizens may get some comfort through the usual political discourse that ‘ordinary Americans’ are protected, and this is all about foreigners. In […]
U.S. Citizenship and N.S.A. Surveillance – Legal Safeguard or Practical Backdoor?
The Linux Backdoor Attempt of 2003
Josh wrote recently about a serious security bug that appeared in Debian Linux back in 2006, and whether it was really a backdoor inserted by the NSA. (He concluded that it probably was not.) Today I want to write about another incident, in 2003, in which someone tried to backdoor the Linux kernel. This one […]
Silk Road, Lavabit, and the Limits of Crypto
Yesterday we saw two stories that illustrate the limits of cryptography as a shield against government. In San Francisco, police arrested a man alleged to be Dread Pirate Roberts (DPR), the operator of online drug market Silk Road. And in Alexandria, Virginia, a court unsealed documents revealing the tussle between the government and secure email […]
On Security Backdoors
I wrote Monday about revelations that the NSA might have been inserting backdoors into security standards. Today I want to talk through two cases where the NSA has been accused of backdooring standards, and use these cases to differentiate between two types of backdoors.
NSA Apparently Undermining Standards, Security, Confidence
The big NSA revelation of last week was that the agency’s multifaceted strategy to read encrypted Internet traffic is generally successful. The story, from the New York Times and ProPublica, described NSA strategies ranging from the predictable—exploiting implementation flaws in some popular crypto products; to the widely-suspected but disappointing—inducing companies to insert backdoors into products; […]