Security Versus Security: Balancing Encryption, Privacy, and National Secuirty
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
BUGS in the SYSTEM a Primer on the Software Vulnerability Ecosystem and Its Policy Implications
ANDI WILSON, ROSS SCHULMAN, KEVIN BANKSTON, AND TREY HERR BUGS IN THE SYSTEM A Primer on the Software Vulnerability Ecosystem and its Policy Implications JULY 2016 About the Authors About New America New America is committed to renewing American politics, Andi Wilson is a policy analyst at New America’s Open prosperity, and purpose in the Digital Age. We generate big Technology Institute, where she researches and writes ideas, bridge the gap between technology and policy, and about the relationship between technology and policy. curate broad public conversation. We combine the best of With a specific focus on cybersecurity, Andi is currently a policy research institute, technology laboratory, public working on issues including encryption, vulnerabilities forum, media platform, and a venture capital fund for equities, surveillance, and internet freedom. ideas. We are a distinctive community of thinkers, writers, researchers, technologists, and community activists who Ross Schulman is a co-director of the Cybersecurity believe deeply in the possibility of American renewal. Initiative and senior policy counsel at New America’s Open Find out more at newamerica.org/our-story. Technology Institute, where he focuses on cybersecurity, encryption, surveillance, and Internet governance. Prior to joining OTI, Ross worked for Google in Mountain About the Cybersecurity Initiative View, California. Ross has also worked at the Computer The Internet has connected us. Yet the policies and and Communications Industry Association, the Center debates that surround the security of our networks are for Democracy and Technology, and on Capitol Hill for too often disconnected, disjointed, and stuck in an Senators Wyden and Feingold. unsuccessful status quo. -
BUGS in the SYSTEM a Primer on the Software Vulnerability Ecosystem and Its Policy Implications
ANDI WILSON, ROSS SCHULMAN, KEVIN BANKSTON, AND TREY HERR BUGS IN THE SYSTEM A Primer on the Software Vulnerability Ecosystem and its Policy Implications JULY 2016 About the Authors About New America New America is committed to renewing American politics, Andi Wilson is a policy analyst at New America’s Open prosperity, and purpose in the Digital Age. We generate big Technology Institute, where she researches and writes ideas, bridge the gap between technology and policy, and about the relationship between technology and policy. curate broad public conversation. We combine the best of With a specific focus on cybersecurity, Andi is currently a policy research institute, technology laboratory, public working on issues including encryption, vulnerabilities forum, media platform, and a venture capital fund for equities, surveillance, and internet freedom. ideas. We are a distinctive community of thinkers, writers, researchers, technologists, and community activists who Ross Schulman is a co-director of the Cybersecurity believe deeply in the possibility of American renewal. Initiative and senior policy counsel at New America’s Open Find out more at newamerica.org/our-story. Technology Institute, where he focuses on cybersecurity, encryption, surveillance, and Internet governance. Prior to joining OTI, Ross worked for Google in Mountain About the Cybersecurity Initiative View, California. Ross has also worked at the Computer The Internet has connected us. Yet the policies and and Communications Industry Association, the Center debates that surround the security of our networks are for Democracy and Technology, and on Capitol Hill for too often disconnected, disjointed, and stuck in an Senators Wyden and Feingold. unsuccessful status quo. -
Software Assurance
Information Assurance State-of-the-Art Report Technology Analysis Center (IATAC) SOAR (SOAR) July 31, 2007 Data and Analysis Center for Software (DACS) Joint endeavor by IATAC with DACS Software Security Assurance Distribution Statement A E X C E E C L I L V E R N E Approved for public release; C S E I N N I IO DoD Data & Analysis Center for Software NF OR MAT distribution is unlimited. Information Assurance Technology Analysis Center (IATAC) Data and Analysis Center for Software (DACS) Joint endeavor by IATAC with DACS Software Security Assurance State-of-the-Art Report (SOAR) July 31, 2007 IATAC Authors: Karen Mercedes Goertzel Theodore Winograd Holly Lynne McKinley Lyndon Oh Michael Colon DACS Authors: Thomas McGibbon Elaine Fedchak Robert Vienneau Coordinating Editor: Karen Mercedes Goertzel Copy Editors: Margo Goldman Linda Billard Carolyn Quinn Creative Directors: Christina P. McNemar K. Ahnie Jenkins Art Director, Cover, and Book Design: Don Rowe Production: Brad Whitford Illustrations: Dustin Hurt Brad Whitford About the Authors Karen Mercedes Goertzel Information Assurance Technology Analysis Center (IATAC) Karen Mercedes Goertzel is a subject matter expert in software security assurance and information assurance, particularly multilevel secure systems and cross-domain information sharing. She supports the Department of Homeland Security Software Assurance Program and the National Security Agency’s Center for Assured Software, and was lead technologist for 3 years on the Defense Information Systems Agency (DISA) Application Security Program. Ms. Goertzel is currently lead author of a report on the state-of-the-art in software security assurance, and has also led in the creation of state-of-the-art reports for the Department of Defense (DoD) on information assurance and computer network defense technologies and research. -
The Spies We Trust: Third Party Service Providers and Law Enforcement Surveillance
THE SPIES WE TRUST: THIRD PARTY SERVICE PROVIDERS AND LAW ENFORCEMENT SURVEILLANCE Christopher Soghoian Submitted to the faculty of the Graduate School in partial fulfillment of the requirements for the degree Doctor of Philosophy in the School of Informatics, Department of Computer Science Indiana University August 2012 Accepted by the Graduate Faculty, Indiana University, in partial fulfillment of the requirements of the degree of Doctor of Philosophy. Doctoral Geoffrey Fox, Ph.D. Committee (Principal Advisor) Markus Jakobsson, Ph.D. Fred Cate, J.D. May 1, 2012 Marc Rotenberg, J.D. ii Copyright c 2012 Christopher Soghoian This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States License. iii “The creatures outside looked from pig to man, and from man to pig, and from pig to man again; but already it was impossible to say which was which.” —GEORGE ORWELL,ANIMAL FARM iv Acknowledgements First, I would like to thank L. Jean Camp, who selflessly put herself at risk in order to save me from two extremely unpleasant encounters with the FBI. I will be indebted to her forever. I would also like to thank Stephen Braga and Jennifer Granick, two stellar attorneys who came to my defense in 2006 after the FBI took an interest in my work, raiding my home at 2AM and seizing my personal documents and computers. Their expert assistance led to the return of my possessions in just three weeks and the closing of the FBI’s criminal and TSA’s civil investigations without any charges filed. Jennifer Granick came to my assistance a second time (and was joined by Steve Leckar) in 2010 after the Federal Trade Commission’s Inspector General investigated me for using my government badge to attend a closed-door surveillance industry conference. -
A Lot More Than a Pen Register, and Less Than a Wiretap
Pell and Soghoian: A Lot More than a Pen Register, and Less than a Wiretap 1 A LOT MORE THAN A PEN REGISTER, AND LESS THAN A WIRETAP: WHAT THE STINGRAY TEACHES US ABOUT HOW CONGRESS SHOULD APPROACH THE REFORM OF LAW ENFORCEMENT SURVEILLANCE 2 AUTHORITIES Stephanie K. Pell* & Christopher Soghoian** 16 YALE J.L. & TECH. 134 (2013) ABSTRACT In June 2013, through an unauthorized disclosure to the media by ex-NSA contractor Edward Snowden, the public learned that the NSA, since 2006, had been collecting nearly all domestic phone call detail records and other telephony metadata pursuant to a controversial, classified interpretation of Section 215 of the USA PATRIOT Act. Prior to the Snowden disclosure, the existence of this intelligence program had been kept secret from the general public, though some members of Congress knew both of its existence and of the statutory interpretation the government was using to justify the bulk collection. Unfortunately, the classified nature of the Section 215 metadata program prevented them from alerting the public directly, so they were left to convey their criticisms of the program directly to certain federal agencies as part of a non-public oversight process. The efficacy of an oversight regime burdened by such strict secrecy is now the subject of justifiably intense debate. In the context of that debate, this Article examines a very different surveillance technology—one that has been used by federal, state and local law enforcement agencies for more than two decades without invoking even the muted scrutiny Congress applied to the Section 215 metadata program. -
Supreme Court of the United States
No. 19-783 IN THE Supreme Court of the United States NATHAN VAN BUREN, Petitioner, v. UNITED STATES, Respondent. ON WRIT OF CERTIORARI TO THE UNITED STATES CouRT OF APPEALS FOR THE ELEVENTH CIRcuIT BRIEF OF AMICI CURIAE COMPUTER SECURITY RESEARCHERS, ELECTRONIC FRONTIER FOUNDATION, CENTER FOR DEMOCRACY & TECHNOLOGY, BUGCROWD, RAPID7, SCYTHE, AND TENABLE IN SUPPORT OF PETITIONER ANDREW CROCKER Counsel of Record NAOMI GILENS ELECTRONic FRONTIER FOUNDATION 815 Eddy Street San Francisco, California 94109 (415) 436-9333 [email protected] Counsel for Amici Curiae 296514 A (800) 274-3321 • (800) 359-6859 i TABLE OF CONTENTS Page TABLE OF CONTENTS..........................i TABLE OF CITED AUTHORITIES ..............iii INTEREST OF AMICI CURIAE ..................1 SUMMARY OF ARGUMENT .....................4 ARGUMENT....................................5 I. The Work of the Computer Security Research Community Is Vital to the Public Interest...................................5 A. Computer Security Benefits from the Involvement of Independent Researchers ...........................5 B. Security Researchers Have Made Important Contributions to the Public Interest by Identifying Security Threats in Essential Infrastructure, Voting Systems, Medical Devices, Vehicle Software, and More ...................10 II. The Broad Interpretation of the CFAA Adopted by the Eleventh Circuit Chills Valuable Security Research. ................16 ii Table of Contents Page A. The Eleventh Circuit’s Interpretation of the CFAA Would Extend to Violations of Website Terms of Service and Other Written Restrictions on Computer Use. .................................16 B. Standard Computer Security Research Methods Can Violate Written Access Restrictions...........................18 C. The Broad Interpretation of the CFAA Discourages Researchers from Pursuing and Disclosing Security Flaws ...............................22 D. Voluntary Disclosure Guidelines and Industry-Sponsored Bug Bounty Programs A re Not Sufficient to Mitigate the Chill . -
US Technology Companies and State Surveillance in the Post-Snowden Context: Between Cooperation and Resistance Félix Tréguer
US Technology Companies and State Surveillance in the Post-Snowden Context: Between Cooperation and Resistance Félix Tréguer To cite this version: Félix Tréguer. US Technology Companies and State Surveillance in the Post-Snowden Context: Be- tween Cooperation and Resistance. [Research Report] CERI. 2018. halshs-01865140 HAL Id: halshs-01865140 https://halshs.archives-ouvertes.fr/halshs-01865140 Submitted on 30 Aug 2018 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Distributed under a Creative Commons Attribution| 4.0 International License UTIC Deliverable 5 US Technology Companies and State Surveillance in the Post-Snowden Context: Between Cooperation and Resistance Author: Félix Tréguer (CERI-SciencesPo) 1 tech Executive Summary This deliverable looks at the growing hybridization between public and private actors in the field of communications surveillance for national security purposes. Focusing on US-based multinationals dominating the digital economy globally which became embroiled in the post-Snowden debates (companies like Google, Apple, Facebook, Microsoft, Yahoo), the report aims at understanding the impact of the Snowden scandal on the strategies of these companies in relation to state Internet surveillance. To that end, the report identifies seven factors that are likely to influence the stance of a given company and its evolution depending on the changing context and constraints that it faces across time and space. -
A Deep Dive Into Technical Encryption Concepts to Better Understand Cybersecurity & Data Privacy Legal & Policy Issues
Journal of Intellectual Property Law Volume 28 Issue 2 Article 2 October 2020 A Deep Dive into Technical Encryption Concepts to Better Understand Cybersecurity & Data Privacy Legal & Policy Issues Anthony Volini DePaul University, [email protected] Follow this and additional works at: https://digitalcommons.law.uga.edu/jipl Part of the Internet Law Commons, and the Privacy Law Commons Recommended Citation Anthony Volini, A Deep Dive into Technical Encryption Concepts to Better Understand Cybersecurity & Data Privacy Legal & Policy Issues, 28 J. INTELL. PROP. L. 291 (2020). Available at: https://digitalcommons.law.uga.edu/jipl/vol28/iss2/2 This Article is brought to you for free and open access by Digital Commons @ Georgia Law. It has been accepted for inclusion in Journal of Intellectual Property Law by an authorized editor of Digital Commons @ Georgia Law. Please share how you have benefited from this access For more information, please contact [email protected]. A Deep Dive into Technical Encryption Concepts to Better Understand Cybersecurity & Data Privacy Legal & Policy Issues Cover Page Footnote Senior Professional Lecturer at DePaul University College of Law, Registered Patent Attorney, M.S. Cybersecurity (Networking & Infrastructure) (Anticipated 2021), Certified Information Privacy Professional/United States (CIPP/US), CIPP/Europe (CIPP/E), Cybersecurity Fundamentals Certificate (CSXF). Many thanks to Christopher Boyd (3L) and Ashley Weringa (3L), DePaul University College of Law for their assistance, as well as Professor Joshua Sarnoff, Mat Kresz, Karen Heart, David Habich, Colin Black, Thomas Combs, and Brian Barnes for offering their insights. This article is available in Journal of Intellectual Property Law: https://digitalcommons.law.uga.edu/jipl/vol28/iss2/2 Volini: A Deep Dive into Technical Encryption Concepts to Better Understa DEMO2 (DO NOT DELETE) 6/2/2021 11:58 PM A DEEP DIVE INTO TECHNICAL ENCRYPTION CONCEPTS TO BETTER UNDERSTAND CYBERSECURITY & DATA PRIVACY LEGAL & POLICY ISSUES Anthony G. -
Forecasting the Future
VIRTUAL EVEN T FORECASTING #predict2019 THE FUTURE Tuesday, December 18, 2018 10:00 AM ET - 4 PM E T AGENDA All sessions are scheduled in Eastern Standard Time (EST) 10:00 - 10:30am - Keynote by Micro Hering: Looking towards 2019 – will we have AIOps take over DevOps 10:30 - 11:00am - Keynote by Chenxi Wang: Cloud Transformation Drives Security Roadmap 11:00 - 11:30pm - Panel: Making DevOps More Ops-friendly 11:30 - 12:00pm - How to Manage Open Source 11:30 - 12:00pm - Panel: The Business Risk within the DevOps Delivery Model Value of Value Stream Mapping 12:00 - 12:30pm - Panel: Ubiquitous Open 12:00 - 12:30pm - The Future of DevOps; Source Makes for Security Challenges Predictions from NS1 12:30 - 1:00pm - Charting the Course to AIOps 12:30 - 1:00pm - Seeing DevOps 2020 1:00 - 1:30pm - Visit the Exhibitors 1:30 - 2:00pm - Panel: Cloud Security in 2019 2:00 - 2:30pm - Panel: Continuous 2:00 - 2:30pm - Accelerate software delivery: Testing Equals Quality How to make 2019 your cloud-native year 2:30 - 3:00pm - Keynote by Rich Mogull: DevSecOps Predicts 2019 3:00 - 3:30pm - Keynote by John Willis 10am - 10:30am Keynote: Looking towards 2019 – will we have AIOps take over DevOps - Mirco Hering, Principal Director – APAC DevOps and Agile, Accenture 2018 has seen a huge uptake in DevOps across Enterprises. There were lots of good news but we also learned new failure patterns. In this keynote Mirco will look back at 2018 and what he learned over the year and then look to 2019 and what the new year will bring for DevOps. -
The Hacker's Aegis
Emory Law Journal Volume 60 Issue 5 2010 The Hacker's Aegis Derek E. Bambauer Oliver Day Follow this and additional works at: https://scholarlycommons.law.emory.edu/elj Recommended Citation Derek E. Bambauer & Oliver Day, The Hacker's Aegis, 60 Emory L. J. 1051 (2010). Available at: https://scholarlycommons.law.emory.edu/elj/vol60/iss5/1 This Article is brought to you for free and open access by the Journals at Emory Law Scholarly Commons. It has been accepted for inclusion in Emory Law Journal by an authorized editor of Emory Law Scholarly Commons. For more information, please contact [email protected]. BAMBAUER&DAY GALLEYSFINAL 6/6/2011 10:27 AM THE HACKER’S AEGIS Derek E. Bambauer* ∗∗ Oliver Day ABSTRACT Intellectual property (IP) law stifles critical research on software security vulnerabilities, placing computer users at risk. Researchers who discover flaws often face IP-based legal threats if they reveal findings to anyone other than the software vendor. This Article argues that the interplay between law and vulnerability data challenges existing scholarship on how intellectual property law should regulate information about improvements on protected works, and suggests weakening, not enhancing, IP protections where infringement is difficult to detect, lucrative, and creates significant negative externalities. It proposes a set of three reforms—“patches,” in software terms—to protect security research. Legal reform would create immunity from civil IP liability for researchers who follow “responsible disclosure” rules. Linguistic reform would seek to make the term hacker less threatening either by recapturing the term’s original meaning, or abandoning it. -
Protecting Fundamental Rights in a Digital Age Proceedings, Outcome and Background Documents
Protecting fundamental rights in a digital age Proceedings, Outcome and Background Documents 2013 – 2014 Inquiry on electronic mass surveillance of EU citizens Protecting fundamental rights in a digital age Proceedings, Outcome and Background Documents 2013-2014 1 2 Introduction by Claude Moraes MEP, Rapporteur of the Inquiry on electronic mass surveillance of EU citizens.................................................................................................................................................................5 European Parliament resolution of 12 March 2014 on the US NSA surveillance programme, surveillance bodies in various Member States and their impact on EU citizens’ fundamental rights and on transatlantic cooperation in Justice and Home Affairs (2013/2188(INI))...................................................................................9 Explanatory statement (A7-0139/2014).............................................................................................................49 European Parliament resolution of 4 July 2013 on the US National Security Agency surveillance programme, surveillance bodies in various Member States and their impact on EU citizens’ privacy (2013/2682(RSP))........57 Working document on the US and EU Surveillance programmes and their impact on EU citizens fundamental rights by Claude Moraes...............................................................................................................65 Working document on the relation between the surveillance practices in the -
The List Serves: Population Control and Power
THE LIST THE LIST SERVES THE LIST SERVES POPULATION CONTROL AND POWER KENNETH C. WERBIN A SERIES OF READERS PUBLISHED BY THE INSTITUTE OF NETWORK CULTURES ISSUE NO.: 22 INSTITUTE OF NETWORK CULTURES NETWORK INSTITUTE OF THE LIST SERVES POPULATION CONTROL AND POWER KENNETH C. WERBIN 2 THEORY ON DEMAND Theory on Demand #22 The List Serves: Population Control and Power Kenneth C. Werbin With a foreword by Geert Lovink Edited by: Miriam Rasch Cover design: Katja van Stiphout Design: Leonieke van Dipten EPUB development: Leonieke van Dipten Publisher: Institute of Network Cultures, Amsterdam, 2017 ISBN: 978-94-92302-15-1 The research was supported by Le Fonds Québecois de la recherche sur la société et la culture and The Social Sciences and Humanities Research Council of Canada. Contact Institute of Network Cultures Phone: +3120 5951865 Email: [email protected] Web: http://www.networkcultures.org This publication is available through various print on demand services and freely downloadable from http://networkcultures.org/publications This publication is licensed under the Creative Commons Attribution-NonCommercial-NoD- erivatives 4.0 International (CC BY-NC-SA 4.0). THE LIST SERVES: POPULATION CONTROL AND POWER 3 CONTENTS Acknowledgments 9 Preface by Geert Lovink 11 Introduction. In Lists We Are... 16 The List Served: Ancient Times The List Served: The Classification of the Human Species The List Serves: Disciplinary and Juridical-legal Mechanisms The List Serves: The Apparatuses of Security The List Serves: Milieus of Circulation and Populations The List Serves: Risk Assessment The List Serves: Freedom of Circulation The List Serves: Governmentality Chapter 1.