DOCSLIB.ORG

BUGS in the SYSTEM a Primer on the Software Vulnerability Ecosystem and Its Policy Implications

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
BUGS in the SYSTEM a Primer on the Software Vulnerability Ecosystem and Its Policy Implications ANDI WILSON, ROSS SCHULMAN, KEVIN BANKSTON, AND TREY HERR BUGS IN THE SYSTEM A Primer on the Software Vulnerability Ecosystem and its Policy Implications JULY 2016 About the Authors About New America New America is committed to renewing American politics, Andi Wilson is a policy analyst at New America’s Open prosperity, and purpose in the Digital Age. We generate big Technology Institute, where she researches and writes ideas, bridge the gap between technology and policy, and about the relationship between technology and policy. curate broad public conversation. We combine the best of With a specific focus on cybersecurity, Andi is currently a policy research institute, technology laboratory, public working on issues including encryption, vulnerabilities forum, media platform, and a venture capital fund for equities, surveillance, and internet freedom. ideas. We are a distinctive community of thinkers, writers, researchers, technologists, and community activists who Ross Schulman is a co-director of the Cybersecurity believe deeply in the possibility of American renewal. Initiative and senior policy counsel at New America’s Open Find out more at newamerica.org/our-story. Technology Institute, where he focuses on cybersecurity, encryption, surveillance, and Internet governance. Prior to joining OTI, Ross worked for Google in Mountain About the Cybersecurity Initiative View, California. Ross has also worked at the Computer The Internet has connected us. Yet the policies and and Communications Industry Association, the Center debates that surround the security of our networks are for Democracy and Technology, and on Capitol Hill for too often disconnected, disjointed, and stuck in an Senators Wyden and Feingold. unsuccessful status quo. This is what New America’s Cybersecurity Initiative is designed to address. Working across our International Security program and the Open Kevin Bankston is the Director of New America’s Open Technology Institute, we believe that it takes a wider Technology Institute, where he works in the public interest network to face the multitude of diverse security issues. to promote policy and regulatory reforms to strengthen We engage across organizations, issue areas, professional communities by supporting open communications fields, and business sectors. And through events, writing networks, platforms, and technologies. He previously and research, our aim is to help improve cybersecurity in served as OTI’s Policy Director. ways that work—for the countries, for companies and for individuals. is a fellow with the Belfer Center's Cyber Security Trey Herr Our work is made possible through the generous support Project at the Harvard Kennedy School. He focuses of the William and Flora Hewlett Foundation, the Arizona on trends in state developed malicious software, the State University, Microsoft Corporation, Symantec Inc., The structure of criminal markets for malware components, Home Depot, Endgame Inc., and Facebook. and the proliferation of malware. Trey is also a non- resident fellow with New America’s Cybersecurity Initiative. About the Open Technology Institute Acknowledgments The Open Technology Institute (OTI) works at the intersection of technology and policy to ensure that every The authors would like to thank Chris Riley, Joe Hall, Katie community has equitable access to digital technology Moussouris and our other external reviewers for their and its benefits. We promote universal access to input and comments on an earlier version of this paper. communications technologies that are both open and This paper does not necessarily reflect their views. We secure, using a multidisciplinary approach that brings would also like to thank Donna Wentworth for her many together advocates, researchers, organizers, and valuable contributions to the paper. As well, we appreciate innovators. the extensive help of New America’s staff and fellows, especially Ian Wallace, Jordan McCarthy, Liz Woolery, Robert Morgus, and Robyn Greene. Contents Executive Summary 2 Introduction 4 What Are Vulnerabilities? 5 Who Discovers Vulnerabilities? 7 What Are Exploits and How Are They Used? 9 How Are Vulnerabilities Disclosed So They Can Be Patched? 10 How Are Vulnerabilities Patched (or Not)? 12 Which Laws Discourage Security Research and Vulnerability Disclosure? 13 What is the Vulnerabilities Market? 15 Why Governments Do (or Don't) Disclose the Vulnerabilities They Find or Buy 19 Conclusion: What Policies Will Foster the Discovery, Disclosure, and Patching of 20 Vulnerabilities? Notes 25 EXECUTIVE SUMMARY In recent years, a seemingly endless string of fix or exploit them. These bug-hunters range from massive data breaches in both the private and independent researchers, to small academic teams public sectors have been front-page news. Whether or security firms, to large tech companies working the target is a company like Sony or a government to improve their products, or even governments— agency like OPM, such breaches are very often made including our own government, and other much less possible by a software vulnerability—a “bug” in the rights-respecting states—seeking to use these flaws system—that was unknown or left unaddressed by for law enforcement or intelligence investigations. the target or its software vendor. After finding a vulnerability, the discoverer has three basic options: not disclosing the vulnerability The existence of such vulnerabilities—or “vulns” to the public or the software vendor; fully disclosing for short—is unavoidable. Software is complex and the vuln to the public, which in some cases may humans are fallible, so vulnerabilities are bound be the best way to get it patched but in others to occur. Much of cybersecurity can be reduced to may leave users of the software dangerously a constant race between the software developers exposed; and partial or “responsible” disclosure and security experts trying to discover and patch to the vendor so that they can fix the bug before it vulnerabilities, and the attackers seeking to uncover becomes public. Partial disclosure is often preferred and exploit those vulnerabilities. The question for because it can sometimes take months for a vendor policymakers is, what can they do to help speed the to fix their product, and even longer for all the discovery and patching of vulnerabilities so that affected users to update their software to patch the our computer systems—and therefore our economic security hole. stability, our national security, and consumers’ privacy—are safer? This paper is intended to Confusing the issue of disclosure is the fact that be a primer on the vulnerability ecosystem for there is a range of laws—such as the Computer policymakers and advocates seeking to answer that Fraud and Abuse Act, the Digital Millennium question, describing what vulns are, who discovers Copyright Act, and the Electronic Communications them, who buys them, how and when they do (or Privacy Act—that by their broad and vague terms don’t) get patched, and why. arguably criminalize and create civil penalties for actions that security researchers routinely engage There is a wide range of actors seeking to discover in while conducting legitimate security research. security flaws in software, whether to fix them, Unless reformed, these laws will continue to chill exploit them, or sell them to someone else who will researchers’ disclosure of critical vulnerabilities, for 2 OPEN TECHNOLOGY INSTITUTE fear that they will be sued or even thrown in jail. use of them for a variety of purposes, from law enforcement to foreign intelligence surveillance, Another disincentive to researchers’ disclosure and the longer they are secret and unpatched, the of vulnerabilities so that they can be patched is longer they are useful. Governments have to weigh the existence of open markets for vulnerabilities, the security value of disclosure versus the benefit of where researchers can often get top dollar from stockpiling and using vulnerabilities for their own criminal networks or governments seeking to purposes. exploit those vulnerabilities, or from intermediary agents who buy from researchers and then resell to In conclusion, we offer five initial policy criminals and states. Companies have responded by recommendations to ensure that more creating innovative vulnerability reward programs vulnerabilities are discovered and patched sooner: (VRPs), including “bug bounty” programs where (1) The U.S. government should minimize its they pay rewards for bugs that are submitted. participation in the vulnerability market, since it Some of these programs also seek to reduce the is the largest buyer in a market that discourages legal chill on researchers by promising not to sue researchers from disclosing vulns to be patched; those who submit through these programs. It is (2) The U.S. government should establish strong, sometimes difficult for these programs to compete clear procedures for government disclosure of the with the much more lucrative open market, but vulnerabilities it buys or discovers, with a heavy they give researchers who want to help improve presumption toward disclosure; (3) Congress should cybersecurity—and perhaps get a little cash or establish clear rules of the road for government recognition for their discovery—a legitimate avenue hacking in order to better protect cybersecurity and to pursue. civil liberties; (4) Government and industry should support bug bounty programs as an alternative to Researchers often have a range of incentives to the vulnerabilities market and
Load more

Recommended publications
  • The Million Dollar Dissident: NSO Group's Iphone Zero-Days Used Against a UAE Human Rights Defender
    Research Teaching News Lab Projects GLA2010 In the News About Publications Newsletter People Archives Events Opportunities Contact The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender August 24, 2016 Categories: Bill Marczak, John Scott-Railton, Reports and Briefings Authors: Bill Marczak and John Scott-Railton, Senior Researchers at the Citizen Lab, with the assistance of the research team at Lookout Security. Media coverage: The New York Times, Motherboard, Gizmodo, Wired, Washington Post, ZDNet. This report describes how a government targeted an internationally recognized human rights defender, Ahmed Mansoor, with the Trident, a chain of zero-day exploits designed to infect his iPhone with sophisticated commercial spyware. 1. Executive Summary Ahmed Mansoor is an internationally recognized human rights defender, based in the United Arab Emirates (UAE), and recipient of the Martin Ennals Award (sometimes referred to as a “Nobel Prize for human rights”). On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government- exclusive “lawful intercept” spyware product. NSO Group is reportedly owned by an American venture capital firm, Francisco Partners Management. The ensuing investigation, a collaboration between researchers from Citizen Lab and from Lookout Security, determined that the links led to a chain of zero-day exploits (“zero-days”) that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware.
    [Show full text]
  • BUGS in the SYSTEM a Primer on the Software Vulnerability Ecosystem and Its Policy Implications
    ANDI WILSON, ROSS SCHULMAN, KEVIN BANKSTON, AND TREY HERR BUGS IN THE SYSTEM A Primer on the Software Vulnerability Ecosystem and its Policy Implications JULY 2016 About the Authors About New America New America is committed to renewing American politics, Andi Wilson is a policy analyst at New America’s Open prosperity, and purpose in the Digital Age. We generate big Technology Institute, where she researches and writes ideas, bridge the gap between technology and policy, and about the relationship between technology and policy. curate broad public conversation. We combine the best of With a specific focus on cybersecurity, Andi is currently a policy research institute, technology laboratory, public working on issues including encryption, vulnerabilities forum, media platform, and a venture capital fund for equities, surveillance, and internet freedom. ideas. We are a distinctive community of thinkers, writers, researchers, technologists, and community activists who Ross Schulman is a co-director of the Cybersecurity believe deeply in the possibility of American renewal. Initiative and senior policy counsel at New America’s Open Find out more at newamerica.org/our-story. Technology Institute, where he focuses on cybersecurity, encryption, surveillance, and Internet governance. Prior to joining OTI, Ross worked for Google in Mountain About the Cybersecurity Initiative View, California. Ross has also worked at the Computer The Internet has connected us. Yet the policies and and Communications Industry Association, the Center debates that surround the security of our networks are for Democracy and Technology, and on Capitol Hill for too often disconnected, disjointed, and stuck in an Senators Wyden and Feingold. unsuccessful status quo.
    [Show full text]
  • Databreaches in Healthcare the Attractiveness of Leaked Healthcare Data for Cybercriminals 2 Whitepaper: Databreaches in Healthcare
    Databreaches in Healthcare The attractiveness of leaked healthcare data for cybercriminals 2 Whitepaper: Databreaches in healthcare Table of Contents Introduction.................................................................................................. 5 An international problem ............................................................................................................................ 6 The risk of digitization ................................................................................................................................ 6 The medical IoT ............................................................................................................................................ 7 Overview of the attack vector: What has Healthcare suffered in the past? ............................................ 8 What are the most common causes of health data compromise? ................................................................... 10 Hacking/IT incidents ................................................................................................................................. 10 Social Engineering......................................................................................................................................11 Examples ......................................................................................................................................................11 Why is the healthcare vertical such an attractive target?.......................................................................
    [Show full text]
  • Software Assurance
    Information Assurance State-of-the-Art Report Technology Analysis Center (IATAC) SOAR (SOAR) July 31, 2007 Data and Analysis Center for Software (DACS) Joint endeavor by IATAC with DACS Software Security Assurance Distribution Statement A E X C E E C L I L V E R N E Approved for public release; C S E I N N I IO DoD Data & Analysis Center for Software NF OR MAT distribution is unlimited. Information Assurance Technology Analysis Center (IATAC) Data and Analysis Center for Software (DACS) Joint endeavor by IATAC with DACS Software Security Assurance State-of-the-Art Report (SOAR) July 31, 2007 IATAC Authors: Karen Mercedes Goertzel Theodore Winograd Holly Lynne McKinley Lyndon Oh Michael Colon DACS Authors: Thomas McGibbon Elaine Fedchak Robert Vienneau Coordinating Editor: Karen Mercedes Goertzel Copy Editors: Margo Goldman Linda Billard Carolyn Quinn Creative Directors: Christina P. McNemar K. Ahnie Jenkins Art Director, Cover, and Book Design: Don Rowe Production: Brad Whitford Illustrations: Dustin Hurt Brad Whitford About the Authors Karen Mercedes Goertzel Information Assurance Technology Analysis Center (IATAC) Karen Mercedes Goertzel is a subject matter expert in software security assurance and information assurance, particularly multilevel secure systems and cross-domain information sharing. She supports the Department of Homeland Security Software Assurance Program and the National Security Agency’s Center for Assured Software, and was lead technologist for 3 years on the Defense Information Systems Agency (DISA) Application Security Program. Ms. Goertzel is currently lead author of a report on the state-of-the-art in software security assurance, and has also led in the creation of state-of-the-art reports for the Department of Defense (DoD) on information assurance and computer network defense technologies and research.
    [Show full text]
  • The Economic Functioning of Online Drugs Markets
    ISSN 2042-2695 CEP Discussion Paper No 1490 Revised August 2017 (Replaced July 2017 version) The Economic Functioning of Online Drugs Markets V. Bhaskar Robin Linacre Stephen Machin Abstract The economic functioning of online drug markets using data scraped from online platforms is studied. Analysis of over 1.5 million online drugs sales shows online drugs markets tend to function without the significant moral hazard problems that, a priori, one might think would plague them. Only a small proportion of online drugs deals receive bad ratings from buyers, and online markets suffer less from problems of adulteration and low quality that are a common feature of street sales of illegal drugs. Furthermore, as with legal online markets, the market penalizes bad ratings, which subsequently lead to significant sales reductions and to market exit. The impact of the well-known seizure by law enforcement of the original Silk Road and the shutdown of Silk Road 2.0 are also studied, together with the exit scam of the market leader at the time, Evolution. There is no evidence that these exits deterred buyers or sellers from online drugs trading, as new platforms rapidly replaced those taken down, with the online market for drugs continuing to grow. Keywords: dark web, drugs JEL codes:K42 This paper was produced as part of the Centre’s Communities Programme. The Centre for Economic Performance is financed by the Economic and Social Research Council. Acknowledgements Robin Linacre contributed to this paper in a personal capacity and in his own time. The research is not linked to any of his work for either the Sentencing Council or the Ministry of Justice.
    [Show full text]
  • 2007 Annual Report
    ELECTRONIC FRONTIER FOUNDATION Annual Report 2 0 0 7 About Us From the Internet to the iPhone, technologies are transforming our society and em- powering us as speakers, citizens, creators, and consumers. When our freedoms in the networked world come under attack, the Electronic Frontier Foundation (EFF) is the first line of defense. EFF broke new ground when it was founded in 1990 — well before the Internet was on most people’s radar — and continues to confront cutting-edge issues defending free speech, privacy, innovation, and consumer rights today. From the beginning, EFF has championed the public interest in every critical battle affecting digital rights. Blending the expertise of lawyers, policy analysts, activists, and technologists, EFF achieves significant victories on behalf of consumers and the general public. EFF fights for freedom primarily in the courts, bringing and defending lawsuits even when that means taking on the U.S. government or large corporations. By mobilizing more than 80,000 concerned citizens through our Action Center, EFF beats back bad legislation. In addition to advising policymakers, EFF educates the press and public. Sometimes just defending technologies isn’t enough, so EFF also supports the development of freedom- enhancing inventions. Support EFF! All of the important work EFF does would not be possible without the generous support of individuals like you. In 2007, nearly half of our operating income came from individuals and members. We try to make it easy for you to show your support, accepting everything from cash, check and credit card donations to Paypal and stock donations. We can set up automatic monthly distributions from your credit card, and we participate in many employer payroll deduction plans, including the Combined Federal Campaign (CFC).
    [Show full text]
  • Malware Trends
    NCCIC National Cybersecurity and Communications Integration Center Malware Trends Industrial Control Systems Emergency Response Team (ICS-CERT) Advanced Analytical Laboratory (AAL) October 2016 This product is provided subject only to the Notification Section as indicated here:http://www.us-cert.gov/privacy/ SUMMARY This white paper will explore the changes in malware throughout the past several years, with a focus on what the security industry is most likely to see today, how asset owners can harden existing networks against these attacks, and the expected direction of developments and targets in the com- ing years. ii CONTENTS SUMMARY .................................................................................................................................................ii ACRONYMS .............................................................................................................................................. iv 1.INTRODUCTION .................................................................................................................................... 1 1.1 State of the Battlefield ..................................................................................................................... 1 2.ATTACKER TACTIC CHANGES ........................................................................................................... 2 2.1 Malware as a Service ...................................................................................................................... 2 2.2 Destructive Malware ......................................................................................................................
    [Show full text]
  • Threatpost | the First Stop for Security News
    Threatpost | The first stop for security news Categories Category List Cloud Security Critical Infrastructure Cryptography Government Category List Hacks Malware Mobile Security Privacy Category List SAS Vulnerabilities Web Security Authors Michael Mimoso Christopher Brook Additional Categories Slideshows The Kaspersky Lab News Service Featured Authors Michael Mimoso Christopher Brook The Kaspersky Lab News Service Featured Posts All Wireless ‘BlueBorne’ Attacks Target Billions of… Apache Foundation Refutes Involvement in Equifax… Popular D-Link Router Riddled with Vulnerabilities Many Questions, Few Answers For Equifax… Equifax Says Breach Affects 143 Million… New Dridex Phishing Campaign Delivers Fake… Podcasts Latest Podcasts All Threatpost News Wrap, September 1, 2017 Threatpost News Wrap, August 25, 2017 Threatpost News Wrap, August 18, 2017 Threatpost News Wrap, August 11, 2017 Threatpost News Wrap, August 4, 2017 Black Hat USA 2017 Preview Recommended The Kaspersky Lab Security News Service Videos Latest Videos All Mark Dowd on Exploit Mitigation Development iOS 10 Passcode Bypass Can Access… BASHLITE Family Of Malware Infects 1… How to Leak Data From Air-Gapped… Bruce Schneier on the Integration of… Chris Valasek Talks Car Hacking, IoT,… Recommended The Kaspersky Lab Security News Service Search Twitter Facebook Google LinkedIn YouTube RSS Welcome > Blog Home>Vulnerabilities > Zerodium Offering $1M for Tor Browser Zero Days 0 0 22 0 Zerodium Offering $1M for Tor Browser Zero Days by Chris Brook September 13, 2017 , 12:54 pm The exploit acquisition vendor Zerodium is doubling down again. Weeks after the company said it would pay $500,000 for zero days in private messaging apps such as Signal and WhatsApp, Zerodium said Wednesday it will pay twice that for a zero day in Tor Browser.
    [Show full text]
  • II3230-KEAMANAN INFORMASI Etika Dan Hukum Penggunaan
    II3230-KEAMANAN INFORMASI Etika dan Hukum Penggunaan TOR Faras Banas Lubis -18217046 SEKOLAH TINGGI ELEKTRO DAN INFORMATIKA (STEI) INSTITUT TEKNOLOGI BANDUNG (ITB) 2020 Daftar Isi Daftar Isi ......................................................................................................................................... 1 Daftar Gambar ................................................................................................................................ 2 Ringkasan ........................................................................................................................................ 3 BAB I PENDAHULUAN ............................................................................................................... 4 BAB II CARA KERJA TOR .......................................................................................................... 6 A. Definisi TOR ........................................................................................................................ 6 B. Fitur-Fitur TOR .................................................................................................................... 8 C. Cara Kerja TOR ................................................................................................................... 8 a. Relay............................................................................................................................... 11 b. Bridge ............................................................................................................................
    [Show full text]
  • Ethical Hacking
    Ethical Hacking Alana Maurushat University of Ottawa Press ETHICAL HACKING ETHICAL HACKING Alana Maurushat University of Ottawa Press 2019 The University of Ottawa Press (UOP) is proud to be the oldest of the francophone university presses in Canada and the only bilingual university publisher in North America. Since 1936, UOP has been “enriching intellectual and cultural discourse” by producing peer-reviewed and award-winning books in the humanities and social sciences, in French or in English. Library and Archives Canada Cataloguing in Publication Title: Ethical hacking / Alana Maurushat. Names: Maurushat, Alana, author. Description: Includes bibliographical references. Identifiers: Canadiana (print) 20190087447 | Canadiana (ebook) 2019008748X | ISBN 9780776627915 (softcover) | ISBN 9780776627922 (PDF) | ISBN 9780776627939 (EPUB) | ISBN 9780776627946 (Kindle) Subjects: LCSH: Hacking—Moral and ethical aspects—Case studies. | LCGFT: Case studies. Classification: LCC HV6773 .M38 2019 | DDC 364.16/8—dc23 Legal Deposit: First Quarter 2019 Library and Archives Canada © Alana Maurushat, 2019, under Creative Commons License Attribution— NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) https://creativecommons.org/licenses/by-nc-sa/4.0/ Printed and bound in Canada by Gauvin Press Copy editing Robbie McCaw Proofreading Robert Ferguson Typesetting CS Cover design Édiscript enr. and Elizabeth Schwaiger Cover image Fragmented Memory by Phillip David Stearns, n.d., Personal Data, Software, Jacquard Woven Cotton. Image © Phillip David Stearns, reproduced with kind permission from the artist. The University of Ottawa Press gratefully acknowledges the support extended to its publishing list by Canadian Heritage through the Canada Book Fund, by the Canada Council for the Arts, by the Ontario Arts Council, by the Federation for the Humanities and Social Sciences through the Awards to Scholarly Publications Program, and by the University of Ottawa.
    [Show full text]
  • Constructing Norms for Global Cybersecurity
    Temple University Beasley School of Law LEGAL STUDIES RESEARCH PAPER NO. 2016-52 Constructing Norms for Global Cybersecurity Martha Finnemore George Washington University Duncan B. Hollis Temple University Beasley School of Law November 4, 2016 Cite: 110 American Journal of International Law __ (Forthcoming, 2016) This paper can be downloaded without charge from the Social Science Research Network Electronic paper Collection: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2843913 CONSTRUCTING NORMS FOR GLOBAL CYBERSECURITY By Martha Finnemore and Duncan B. Hollis* On February 16, 2016, a U.S. court ordered Apple to circumvent the security features of an iPhone 5C used by one of the terrorists who committed the San Bernardino shootings.1 Apple refused. It argued that breaking encryption for one phone could not be done without under- mining the security of encryption more generally.2 It made a public appeal for “everyone to step back and consider the implications” of having a “back door” key to unlock any phone—which governments (and others) could deploy to track users or access their data.3 The U.S. govern- ment eventually withdrew its suit after the F.B.I. hired an outside party to access the phone.4 But the incident sparked a wide-ranging debate over the appropriate standards of behavior for companies like Apple and for their customers in constructing and using information and com- munication technologies (ICTs).5 That debate, in turn, is part of a much larger conversation. Essential as the Internet is, “rules of the road” for cyberspace are often unclear and have become the focus of serious conflicts.
    [Show full text]
  • Statement of Kevin S. Bankston Policy Director of New America's Open
    Statement of Kevin S. Bankston Policy Director of New America’s Open Technology Institute & Co-Director of New America’s Cybersecurity Initiative Before the U.S. House of Representatives Subcommittee on Information Technology of the Committee on Oversight and Government Reform Hearing on “Encryption Technology and Possible U.S. Policy Responses” April 29, 2015 Chairman Hurd, Ranking Member Kelly and Members of the Subcommittee: Thank you for giving me the opportunity to testify today on the importance of strong encryption technology to Americans’ continued security and prosperity, and allowing me to articulate the arguments against recent suggestions that Congress should legislate to limit the availability of strongly encrypted products and services. I represent New America’s Open Technology Institute (OTI), where I am Policy Director of the OTI program and also Co-Director of New America’s cross-programmatic Cybersecurity Initiative. New America is a nonprofit civic enterprise dedicated to the renewal of American politics, prosperity, and purpose in the digital age through big ideas, technological innovation, next generation politics, and creative engagement with broad audiences. OTI is New America’s program dedicated to technology policy and technology development in support of digital rights, social justice, and universal access to open and secure communications networks. In September, Apple and Google enhanced the security of all smartphone users by modifying the operating system software of iPhones and Android smartphones, respectively,
    [Show full text]