The (Revived) Encryption War Continues

The Latest:

As Encryption Spreads, U.S. Grapple with Clash between Privacy, Security – Ellen Nakashima and Barton Gellman writing in The Washington Post reveal that federal officials are considering a variety of means of ensuring access to encrypted communications, including split key approaches, as well as, in certain circumstances, mirror accounts. Under the split key approach (difficult from an engineering and cryptography standpoint), a technology company creates a decryption key that is split into pieces, with different pieces held by different parties, and all of the pieces are needed for decryption. But even aside from the question of trust in the holders of the key parts, risk of disclosure of the decrypted information and the like, as security expert/researcher, Dino A. Dai Zovi (@dinodaizovi) tweeted: “The big question of the #cryptodebate isn’t whether vendors can make a decryption key for USG, but what happens when other [governments] want it too?”

How Do We Build Encryption Backdoors? – Professor Matthew Green (Johns Hopkins) analyzes the problems with building encryption backdoors, including split key approaches, at his A Few Thoughts on Cryptographic Engineering blog

Background – 2014-15, the Crypto Wars Return

James Comey, F.B.I. Director, Hints at Action as Cellphone Data Is Locked – The New York Times, and FBI director Attacks Tech Companies for Embracing New Modes of Encryption; James Comey says Data Encryption Could Deprive Police and Intelligence Agencies of Potentially Live-saving Information – The Guardian

Apple Will No Longer Unlock Most iPhones, iPads for Police, even with Search Warrants – The Washington Post

iPhone Encryption and the Return of the Crypto Wars – Bruce Schneier

What NSA Director Mike Rogers Doesn’t Get About Encryption – Julian Sanchez at CATO

What President Obama is getting wrong about encryption – The Washington Post

The FBI Keeps Demanding Impossible Solutions to Its Encryption Problem – MotherBoard/Vice

Background – the 1990’s (and earlier) Crypto Wars

Keeping Secrets: Four Decades Ago, University Researchers Figured out the Key to Computer Privacy, Sparking a Battle with the National Security Agency that Continues Today. – Henry Corrigan-Gibbs (Stanford Magazine)

Encryption and Globalization – a 2011 academic paper (Columbia Science and Technology Law Review, Vol. 23, 2012) by Peter Swire and Kenesa Ahmad, which includes a brief summary of the original 90’s “Crypto Wars”

Crypto Wars – Wikipedia

Hacker Lexicon: What is End-to-End Encryption – Wired


Want to Protect your Phone from the Cops? You Might Want to Use a Passcode, Not a Fingerprint; Virginia Court Rules Using Fingerprint Technology to Protect Your Phone Doesn’t Carry Same Legal Rights as Passcodes – FastCompany




Robotics Law and Policy

The reading syllabus (pdf; two pages) for Professor Ryan Calo’s (University of Washington) course on law and robotics – an excellent resource for those interested in robotics/drones/AI. Among other things, it includes Professor Calo’s own paper, Robotics and the Lessons of Cyberlaw, 103 California Law Review (forthcoming 2015), and Professor Jack Balkin’s (Yale) The Path of Robotics Law, 5 California Law Review Circuit (forthcoming 2015).


The agenda (and conference roundup) for the “We Robot 2015″ conference on robotics, law and policy recently held at the University of Washington, including links to various academic papers such as Woodrow Hartzog’s Unfair and Deceptive Robots

What is a Robot, Anyway? – Harvard Business Review

If a Robot Kills Someone, Who is to Blame? – The Globe and Mail

The Myth Of AI: A Conversation With Jaron Lanier – Edge; and a response: Why I Don’t Worry About a Super AI – Kevin Kelly at Technium

Robots for Humans: Addressing the Engineering Challenges – IHS GlobalSpec

EU v. Google (link roundup)


China’s Great Cannon

Toronto’s Citizen Lab at the Munk School of Global Affairs posits in an online report that, separate and apart from China’s “Great Firewall”, China possesses a “Great Cannon” offensive cyberattack tool which hijacks traffic to (or from) IP addresses, and which can replace unencrypted content as a man-in-the-middle. According to the report:

“The operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of an attack tool to enforce censorship by weaponizing users. Specifically, the Cannon manipulates the traffic of bystander’ systems outside China, silently programming their browsers to create a massive DDoS attack. While employed for a highly visible attack in this case, the Great Cannon clearly has the capability for use in a manner similar to the NSA’s QUANTUM system, affording China the opportunity to deliver exploits targeting any foreign computer that communicates with any China-based website not fully utilizing HTTPS.”



Law, Tech and Policy

Why Security Pros Don’t Like Obama’s Proposal for Antihacking Law – Christian Science Monitor’s Passcode

Edward Snowden’s Impact – an assessment by law professor Orin Kerr in The Washington Post

U.S. Secretly Tracked Billions of Calls for Decades – USA Today

How the Computer Got Its Revenge on the Soviet Union; Condemned as a Capitalist Tool, the Computer Would Help Expose the USSR’s Weakness – Nautilus

Internet Privacy, Funded by Spooks: A Brief History of the Broadcasting Board of Governors (BBG) – Pando Daily

The Anti-Information Age; How Governments are Reinventing Censorship in the 21st Century – The Atlantic

Will Deep Links Ever Truly Be Deep? – The Buzz over Linking Mobile Apps Obscures Links’ True Potential to Create Profound Networks of Knowledge and Share Power More Widely – Scott Rosenberg at Medium’s Backchannel

The GNU Manifesto Turns Thirty – The New Yorker; the text of the GNU Manifesto written by Richard Stallman at the beginning of the GNU Project in March 1985 (including subsequent clarifying footnotes)

No, Entrepreneurs, Most of You Don’t Need Angel Investors or Venture Capitalists – Washington Post

16 ideas from Marc Andreessen for a More Dynamic US Economy – Marc Andreessen’s twitter stream @pmarca (excerpted at the American Enterprise Institute’s public policy blog)

4chan’s Overlord Christopher Poole Reveals Why He Walked Away – Rolling Stone

General Interest

Fifty Great Genre-Bending Books Everyone Should Read – Flavorwire

The 100 Best Books of the Decade So Far – The Oyster Review

The 100 Best Films of the Decade So Far – A.V. Club


FCC’s Net Neutrality Proposal (link roundup; updated to reflect release of the FCC Order)

Release of the Net Neutrality Order (March 12, 2015):

FCC Webpages Regarding the Release of the Open Internet Order: main page and webpage with links to the Commissioners’ statements and the FCC Order itself (direct link to pdf of the FCC Order – 400 pages)

But will the FCC Order survive court challenges? – On Net Neutrality, Six Ways The FCC’s Public Utility Order Will Lose In Court – Larry Downes in Forbes

Passage of the FCC Proposal (February 26, 2015):

FCC Press Release Regarding Passage of the Net Neutrality Rules.

The FCC Approves Strong Net Neutrality Rules – Washington Post

Why Everyone was Wrong about Net Neutrality – Tim Wu in The New Yorker

It’s Not Really Net Neutrality – Michael Wolff in USA Today

The FCC’s Net Neutrality Rules: Five Things You Need to Know – PCWorld

FCC’s Original Proposal (February 4, 2015):

FCC Fact Sheet (four pages) – Chairman Wheeler Proposes New Rules for Protecting the Open Internet

This is How We Will Ensure Net Neutrality – FCC Chairman Tom Wheeler’s OpEd in Wired

The Head of the FCC Just Proposed the Strongest Net Neutrality Rules Ever – The Washington Post

Don’t Call Them ‘Utility’ Rules: The FCC’s Net Neutrality Regime, Explained – ArsTechnica explainer

AT&T Previews Lawsuit it Plans to File Against FCC Over Net Neutrality – ArsTechnica

GOP, Tech Industry Mostly Out of Step Over Net Neutrality Issue – Los Angeles Times


Net Neutrality: President Obama’s Plan for a Free and Open Internet – President Obama Statement (November 2014)

Net Neutrality: A Guide to (and History of) a Contested Idea – The Atlantic (April 2014)

The Problem with Net Neutrality – Law Professor Richard Epstein (January 2014)




President Obama on Surveillance, Cybersecurity and Related Matters

Re/code’s Kara Swisher interviews the President at Stanford University on February 13th (25 minute video).

00:20    Cybersecurity breaches
04:17    U.S. offensive capabilities
06:22    U.S. cybercommand
08:02    Government relationship with Silicon Valley
10:51    Encryption and Backdoors
15:24    Privacy and Data Ownership
18:13    Immigration, STEM, diversity, loss of U.S. tech leadership
23:22    President’s personal tech habits


President Obama’s Cyber Pitch Misses Mark in Silicon Valley – The Hill

What President Obama is Getting Wrong about Encryption – The Washington Post

Quote of the Day:

“While most blogs weren’t deathless examples of great writing, there was the opportunity for individualism, and you don’t get that from . . . . a feed of things snipped and reblogged and pinned and shoveled into The Feed. The web turns into bushels of confetti shoveled into a jet engine, and while something does emerge out the other end, it’s usually made impressive by its velocity and volume, not the shape it makes.”

— James Lileks at The Bleat on why he does not include social sharing buttons on his website or cross-post to Facebook




Equation Group (link roundup)

Background: Russian Researchers Expose Breakthrough U.S. Spying Program – Reuters

Additional Detail: How ‘Omnipotent’ Hackers Tied to NSA Hid for 14 Years and Were Found at Last – ArsTechnica

The Kaspersky Report that started it all: “Equation Group: Questions and Answers” (pdf – 44 pages)

Additional Links: The Equation Group’s Sophisticated Hacking and Exploitation Tools – Bruce Schneier at LawFare:

“This is targeted surveillance. There’s nothing here that implies the NSA is doing this sort of thing to every computer, router, or hard drive. It’s doing it only to networks it wants to monitor . . . On one hand, it’s the sort of thing we want the NSA to do. It’s targeted. It’s exploiting existing vulnerabilities. In the overall scheme of things, this is much less disruptive to Internet security than deliberately inserting vulnerabilities that leave everyone insecure. On the other hand, the NSA’s definition of ‘targeted’ can be pretty broad . . . On the other other hand — can I even have three hands? — I remember a line from my latest book: ‘Today’s top-secret programs become tomorrow’s PhD theses and the next day’s hacker tools.’ . . . We need to figure out how to maintain security in the face of these sorts of attacks, because we’re all going to be subjected to the criminal versions of them in three to five years. That’s the real problem.”

The entire (not-too-lengthy) post by Schneier at LawFare is worth a read.

Surprise: America Already Has a Manhattan Project for Developing Cyber Attacks – Kevin Poulsen in Wired


How Secure are SecureDrop and Similar Services – in Design and in Use?

Point: How to Leak to The Intercept – Micah Lee at The Intercept

Counterpoint: The Intercept’s Invitation to Criminality — and to Intelligence Agencies – Benjamin Wittes at LawFare

Additional Debate: The Intercept, SecureDrop, and Foreign Intelligence Services: A Response – Benjamin Wittes at LawFare

Background: “DeadDrop/StrongBox Security Assessment (August 11, 2013)” (pdf)