FAA Requires (Non-Commercial) Drone Registration

FAA Press Release

FAA Interim Final Rule (pdf; 211 pages)


New York Times short summary

Mandatory Drone Registration Begins – practical aspects from IEEE Spectrum

Legality: From earlier this year, Is a Drone Registration Mandate Illegal? – Competitive Enterprise Institute. See also, Critics Threaten Lawsuit Over Drone Registration Rules – The Hill

Related – On Drones:

CDT Proposes Privacy Best Practices for Drones – CDT (Center for Democracy & Technology). The pdf (12 pages) of CDT’s “Model Privacy Best Practices for Unmanned Aircraft” is available here

WireCutter’s The Best Drones; scroll towards the bottom for the useful How to Fly Safely (and Know Your Rights)

A Field Guide to Civilian Drones – New York Times

FAA Approved Commercial Drone Exemptions – Verge

Amazon Proposes Drone Highway As It Readies For Flying Package Delivery – Forbes

Academic Paper: Self-Defense Against Robots and Drones (pdf; 80 pages) – A. Michael Froomkin & Zak Colangelo; see also If I Fly a UAV Over My Neighbor’s House, Is It Trespassing? – The Atlantic

Drone Wars: The Drone Papers series – The Intercept


EU Court of Justice Safe Harbor Ruling (link round-up)

The Judgment of the Court of Justice of the European Union (October 6, 2015)

Press Release of the Court of Justice of the European Union

Interview (Wall Street Journal) with the new President of the European Court of Justice

News Reports:

Data Transfer Pact Between U.S. and Europe Is Ruled Invalid – New York Times

This Privacy Activist Has Just won an Enormous Victory Against U.S. surveillance – Here’s How – Washington Post

Layperson Explainer:

US and EU in Data Privacy Clash: What You Need to Know – CNBC

Subsequent Developments – What Now?

Privacy Watchdogs Give EU, US Three Months to Negotiate New Safe Harbor Deal If There’s No New Deal by the End of January, National Data Protection Authorities Threaten Coordinated Legal Action Against Offending Companies – PCWorld

Europe’s Top Digital-Privacy Watchdog Zeros In on U.S. Tech Giants – New York Times

U.S. Tech Firms Look To Data Centers on European Soil – Wall Street Journal

Plaintiff Max Schrems:

Tech Companies Like Facebook Not Above the Law, Says Max Schrems; Austrian Student Who Took on Facebook over Data Privacy in the European Court of Justice and Won Says the Fightback is Just Beginning – The Guardian

First Thoughts on Decision C-362/14 – Max Schrems at Europe v. Facebook; Also see more Max Schrems reaction and background (pdf)

Big Tech Reaction:

The Collapse of the US-EU Safe Harbor: Solving the New Privacy Rubik’s Cube – Microsoft President and Chief Legal Officer, Brad Smith

Eric Schmidt Thinks a Ruling by Europe’s Top Court Threatens ‘One of the Greatest Achievements of Humanity’ – Business Insider

Other Reaction and Analysis:

Here’s How the Facebook Case has Just Transformed the Surveillance Debate – Washington Post

No Safe Harbor: How NSA Spying Undermined U.S. Tech and Europeans’ Privacy – EFF

Behind the European Privacy Ruling That’s Confounding Silicon Valley – New York Times

Fallout From EU-US Safe Harbor Ruling will be Dramatic and Far-Reaching; Clever Ruling by the Court of Justice will be Almost Impossible to Circumvent – ArsTechnica

Schrems v. Data Protection Commissioner – Some Inconvenient Truths The European Court of Justice Ignores and Surveillance Reform Is Only Hope for Reviving Safe Harbor – both by Timothy Edgar at LawFare

Adding Some Nuance on the European Court’s Safe Harbor Decision – Megan Graham at LawFare

Europe’s Top Court Goes Off the Rails – Richard Epstein at Politico

The Party’s Over: EU Data Protection Law after the Schrems Safe Harbour Judgment – EULaw.Analysis

My FT Oped on the Safe Harbor Fallout – Evgeny Morozov

Europe Has to Rebuild Its Safe Harbor – BloombergView Editorial Board

Enacting ECPA Reforms Will Help Resolve the US-EU Safe Harbor Negotiations – The Hill


Ad Tracking/Blocking War (link round-up)

The Problems:

20 Home Pages, 500 Trackers Loaded: Media Succumbs to Monitoring Frenzy – Frédéric Filloux at Monday Note

The Verge’s Web Sucks – blog.lmorchard.com

The Cost of Mobile Ads on 50 News Websites – New York Times; See also the Times’ Putting Mobile Ad Blockers to the Test

How Much of Your Audience is Fake? – Marketers Thought the Web Would Allow Perfectly Targeted Ads But it Hasn’t Worked Out That Way – BloombergBusiness

Facebook Ads Are All-Knowing, Unblockable, and in Everyone’s Phone – BloombergBusiness

Analysis and Opinion:

Why It’s OK to Block Ads – James Williams at the University of Oxford’s Practical Ethics blog

Why Publishers Don’t Care (Yet) that the Mobile Web is so Awful – Peter Rojas

Popping the Publishing Bubble – Ben Thompson at Stratechery

Welcome to Hell: Apple vs. Google vs. Facebook and the Slow Death of the Web – Nily Patel at The Verge

Ad Blocking: The Unnecessary Internet Apocalypse – The Ad Industry Needs to Disrupt the Disruptors – Randall Rothenberg, CEO of the Interactive Advertising Bureau, at Advertising Age; But, see IAB’s subsequent mea culpa Getting LEAN with Digital Ad UX

How We Pass the Buck – Ads, Blocking, and How We Make Sure It’s Never Actually Our Fault – Anil Dash

Ad Blocking and the Future of the Web – Jeffrey Zeldman

Ad Blocking – Seth Godin

Advertising is Unwanted – Dave Winer

Facebook, Others Confuse Consumers for Profit – Nate Cardozo of EFF at San Jose Mercury News Opinion

News You Can Use:

A List of Content Blockers for iOS 9 – The Loop

A Study About Content Blockers for iOS 9 – Carlos Oliveira at Oli.78

Related – The Content Wars: Alternative Distribution and Platforms:

AMP and Incentives – Tim Kadlec at his TimKadlec.com

Notes from the Platform’s Edge – Platforms for Everyone, Publications For No One – The Awl

Open Standards Without All That Nasty Interop – Dave Winer

Related – General:

Re/code’s Sale and Life After Advertising – Katie Benner at BloombergView

Websites Can Now Identify You By the Way You Type – A New Kind of Surveillance that Gets Very Little Attention – AlterNet


Problems with Current Crypto Implementation

Academic Paper: “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice” (pdf; 13 pages), published earlier this year, but presented at a recent conference

General Explanation (by two of the fourteen co-authors of the academic paper): How is NSA Breaking So Much Crypto? – Freedom to Tinker

EFF’s Two Part Explainer: Logjam, Part 1: “Why the Internet is Broken Again” and Logjam, Part 2: “Did the NSA Know the Internet Was Broken”

EFF’s Practical Advice: How to Protect Yourself from NSA Attacks on 1024-bit DH

Bruce Schneier: Breaking Diffie-Hellman with Massive Precomputation (Again) and his previous post The Logjam (and Another) Vulnerability against Diffie-Hellman Key Exchange


CalECPA Enactment

Text of CalECPA (California Electronic Communications Privacy Act) as signed into law by Governor Brown

News Story: California Requires Warrant To Search Electronic Communications – National Law Review

Reaction to Enactment:

California Now Has the Nation’s Best Digital Privacy Law – Kim Zetter at Wired

California Cops, Want to Use a Stingray? Get a Warrant, Governor Says – ArsTechnica

Background on CalECPA: EFF’s CalECPA information page

Background on ECPA Reform (federal): ECPA Reform: A Primer – Andrew K. Woods in JustSecurity


Quote of the Day – On the TPP:

“You would think as a free trade loving, free market loving venture capitalist I would be a huge proponent of the [Trans-Pacific Partnership Agreement (TPP)]. But I am not. I am very concerned about the copyright provisions in TPP which feel very much in the old world model of intellectual property protection and which would make it hard for the US government to evolve copyright laws in an era of digital content, more open innovation, and remix culture . . . . I realize that perfect is the enemy of the good and you need to have a comprehensive view of a trade bill like this and not focus on one issue. But copyright law is a big deal for the innovation economy and if I were in Congress, I would be seriously thinking about voting no on TPP.”

— Fred Wilson (Union Square Ventures) at AVC

TPP Final Text

More on the TPP:

News Story: Trans-Pacific Partnership Is Reached, but Faces Scrutiny in Congress – New York Times

From the EFF: The Final Leaked TPP Text Is All That We Feared and EFF TPP explainer

Analysis and Criticism:

The Trans-Pacific Free-Trade Charade – Joseph Stieglitz and Adam Hersh

Here’s the Leaked Trans-Pacific Partnership Document that has Some High-powered Advocates Worried – Business Insider

Video from the Cato Institute – TPP in Perspective: 150 Years of U.S. Trade Policy in Less than 4 Minutes

Previously: Impact of Trade Pacts on IP and the Internet (link roundup)



Law, Tech and Policy

Summary of the “Happy Birthday” decision: Chain of Title Proves Fatal to “Happy Birthday” Copyright Claim – Tyler Ochoa at The Technology & Marketing Law Blog; See also, the court’s decision (pdf)

Another notable copyright decision: Appeals Court Strikes a Blow for Fair Use in Long-awaited Copyright Ruling – ArsTechnica; See also: 9th Circuit Sides With Fair Use in Dancing Baby Takedown Case – The Technology & Marketing Law Blog; and the court’s opinion (pdf)

Microsoft Email Case (wikipedia): The $98.6 Billion E-Mail – Microsoft is Fighting a Case in Federal Appeals Court that may Decide the Future of U.S. Cloud Computing – Bloomberg BusinessWeek

Administrative Subpoenas: Here’s a Way the Government Can Easily Get Your Phone Records Without Even Asking a Judge – Washington Post

The Fifth Amendment and Passcodes: Fifth Amendment Protects Passcode on Smartphones, Court Holds and A Revised Approach to the Fifth Amendment and Obtaining Passcodes – Orin Kerr at the Washington Post

OPM Hack Update: OPM Says 5.6 million Fingerprints Stolen in Cyberattack, Five Times as Many as Previously Thought – Washington Post

On the Internet of Things: Why The Internet of Things Is Going Nowhere The Next Phase of the IoT is Stuck Unless We Replace Crummy Outdated Technology – Pat Burns. See also, The Price of the Internet of Things will be a Vague Dread of a Malicious World – Marcelo Renesi, and Internet of Things That Lie: the Future of Regulation is Demonology – Cory Doctorow

Moore’s Law: Smaller, Faster, Cheaper, Over: The Future of Computer Chips – New York Times; Also at the New York Times: IBM Scientists Find New Way to Shrink Transistors

Apple: On Apple’s Incredible Platform Advantage – Steve Cheney on Apple’s computer chip advantage

General Interest

Scouring the Web to Make New Words ‘Lookupable’ – New York Times

Angus Deaton Wins the Nobel Prize in Economics:

The Nobel Committee’s explainers (pdf): for general readers and for technical readers

Angus Deaton: A Skeptical Optimist Wins the Economics Nobel – New Yorker

Five Minutes with Angus Deaton: ‘If the rich can write the rules then we have a real problem’ – London School of Economics

A Cockeyed Optimist – Angus Deaton’s ‘Great Escape’ – New York Times

Svetlana Alexievich Wins the Nobel Prize in Literature:

Everything You Need to Know About Svetlana Alexievich – The Guardian

Svetlana Alexievich’s Chorus of Fire – New York Times

Voices from Chernobyl(book excerpt) – Paris Review

Meanwhile: 2010 Peace Laureate Languishes in Chinese Jail in Face of International Indifference – Reporters without Borders

On David Carr: Press Rewind – What One Journalist Learned by Vicariously Sitting in on David Carr’s Master Class – Brendan Fitzgerald at The Morning News; See also, previously: We Need a David Carr Portable Companion; Here’s the first Draft – Karen Wickre at BackChannel/Medium


Leaked NSC Memo on Encryption – Is It All Just Kabuki?

Background: The leaked NSC Draft Options Paper – at The Washington Post

News Story: Obama Faces Growing Momentum to Support Widespread Encryption – The Washington Post

Skepticism: Obama Edges Toward Full Support for Encryption – But Does He Understand What that Means? – Kieren McCarthy at The Register:

“By voluntary cooperation [in the absence of compulsion], what is the White House saying? That the encryption is secure and backdoor-free until a company cooperates with the Feds, at which point the encryption is somehow dialed back, and messages and files can be suddenly magically read? That sounds like a backdoor. Does the White House want, say, Apple to volunteer, at the sight of a warrant, to intercept key exchanges in the cloud so that intercepted iMessages can be decrypted? Won’t that undermine the whole practice of end-to-end encryption by introducing backdoors by another name? Either encryption is secure and backdoor-free, or it isn’t and is generally useless. We assume by ‘voluntary cooperation,’ the President is willing to be told to get lost by the tech giants in November – if they have the strength to do so. If not, then all of this is a sham; a political maneuver to keep privacy-loving nerds quiet. It is very possible that the decision has already been made and outreach is about to begin, leading to the leak of the NSC memo.”


The Revived Encryption Wars Continue (updated)

The Latest (09.15.2015):

The FBI’s Problem Isn’t ‘Going Dark’ – Its Problem is Going Slowly – Marshall Erwin at JustSecurity

Of Course the Government Wants to Read Your Texts – Megan McArdle at BloombergView

Why the Fear over Ubiquitous Data Encryption is Overblown – Mike McConnell, Michael Chertoff and William Lynn op-ed in The Washington Post

Some Additional Background:

A History of Backdoors – Matthew Green at his A Few Thoughts on Cryptographic Engineering

Deep Dive into Crypto “Exceptional Access” Mandates: Effective or Constitutional—Pick One – EFF

Can the FBI and IC already Access Apple’s iMessages (and Tor Users)?

iPhones, the FBI, and Going Dark – Nicholas Weaver guest post at LawFare

Let’s Talk about iMessage (again) – Matthew Green at his A Few Thoughts on Cryptographic Engineering; Also from Matthew Green: Can Apple read your iMessages?

FBI Director Claims Tor and the ‘Dark Web’ Won’t Let Criminals Hide From His Agents – The Intercept’s Unofficial Sources

  “We can ‘win’ the crypto wars in public, and still lose behind closed doors. If Apple & WhatsApp quietly backdoor their crypto the FBI wins” – Christopher Soghoian (@csoghoian): July 10, 2015


FBI and Apple’s Encryption – Bruce Schneier

Apple and Other Tech Companies Tangle With U.S. Over Data Access – New York Times

Background – 2014-15, the Crypto Wars Return

Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications (pdf; 34 pages) – MIT Computer Science and Artificial Intelligence Laboratory Technical Report (July 6, 2015)

Code Specialists Oppose U.S. and British Government Access to Encrypted Communication – New York Times on the July 6th MIT report

Encryption, Public Safety, and ‘Going Dark’ – FBI Director James Comey writing at LawFare in advance of several Congressional hearings July 8th on encryption and related issues.

Let’s Get Real About Decryption, Says GCHQ Tech Director – ComputerWeekly

It’s Time to End the ‘Debate’ on Encryption Backdoors – Kevin Bankstown at JustSecurity arguing that it is time for FBI head James Comey to admit that he has lost the battle over encryption backdoors

Encryption, Biometrics, and the Status Quo Ante – Paul Rosenzweig at LawFare proposing mandatory biometric encryption, a novel, but problematic proposal in the encryption debate

The Battle Between Washington and Silicon Valley Over Encryption – CSM’s Passcode

James Comey, F.B.I. Director, Hints at Action as Cellphone Data Is Locked – The New York Times, and FBI director Attacks Tech Companies for Embracing New Modes of Encryption; James Comey says Data Encryption Could Deprive Police and Intelligence Agencies of Potentially Live-saving Information – The Guardian

How Do We Build Encryption Backdoors? – Professor Matthew Green (Johns Hopkins) analyzes the problems with building encryption backdoors, including split key approaches, at his A Few Thoughts on Cryptographic Engineering blog

You Can’t Backdoor a Platform – Jonathan Mayer at his Web Policy blog

As Encryption Spreads, U.S. Grapple with Clash between Privacy, Security – Ellen Nakashima and Barton Gellman writing in The Washington Post reveal that federal officials are considering a variety of means of ensuring access to encrypted communications, including split key approaches, as well as, in certain circumstances, mirror accounts. Under the split key approach (difficult from an engineering and cryptography standpoint), a technology company creates a decryption key that is split into pieces, with different pieces held by different parties, and all of the pieces are needed for decryption. But even aside from the question of trust in the holders of the key parts, risk of disclosure of the decrypted information and the like, as security expert/researcher, Dino A. Dai Zovi (@dinodaizovi) tweeted: “The big question of the #cryptodebate isn’t whether vendors can make a decryption key for USG, but what happens when other [governments] want it too?”

Apple Will No Longer Unlock Most iPhones, iPads for Police, even with Search Warrants – The Washington Post

iPhone Encryption and the Return of the Crypto Wars – Bruce Schneier

What NSA Director Mike Rogers Doesn’t Get About Encryption – Julian Sanchez at CATO

What President Obama is getting wrong about encryption – The Washington Post

The FBI Keeps Demanding Impossible Solutions to Its Encryption Problem – MotherBoard/Vice

Background – the 1990’s (and earlier) Crypto Wars

Keeping Secrets: Four Decades Ago, University Researchers Figured out the Key to Computer Privacy, Sparking a Battle with the National Security Agency that Continues Today. – Henry Corrigan-Gibbs (Stanford Magazine)

Encryption and Globalization – a 2011 academic paper (Columbia Science and Technology Law Review, Vol. 23, 2012) by Peter Swire and Kenesa Ahmad, which includes a brief summary of the original 90’s “Crypto Wars”

Crypto Wars – Wikipedia

Hacker Lexicon: What is End-to-End Encryption – Wired


Want to Protect your Phone from the Cops? You Might Want to Use a Passcode, Not a Fingerprint; Virginia Court Rules Using Fingerprint Technology to Protect Your Phone Doesn’t Carry Same Legal Rights as Passcodes – FastCompany


Some Recent Academic Papers of Interest

Constitutional Malware – Jonathan Mayer

Surveillance Duration Doesn’t Affect Privacy Expectations: An Empirical Test of the Mosaic Theory – Lior Strahilevitz and Matthew B. Kugler

Can Americans Resist Surveillance? – Ryan Calo

Investigating the Computer Security Practices and Needs of Journalists – Susan McGregor, Franziska Roesner, Polina Charters and Tobin Holliday

Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services – Albert Kwon, Mashael AlSabah, David Lazar, Marc Dacier, and Srinivas Devadas


Four New Resources

EFF has created a new tool, Democracy.io, to facilitate sending messages to members of the US Senate and House of Representatives. EFF Announcement: Launching Democracy.io as a Step Toward a Better Democracy

Version 5.0 of Professor James Grimmelmann’s (University of Maryland) Internet Law: Cases and Problems has been released (pdf casebook; $30 suggested price).

2015 edition of Professor Eric Goldman’s (Santa Clara University School of Law; High Tech Law Institute) Internet Law Cases and Materials has also been released (pdf – $8, hard copy – $20 plus shipping/tax, and kindle – $9.99 editions).

Politico has a Morning CyberSecurity Tipsheet. Sign up at the link.

All four have been added to my updated list of Internet Law and Policy Resources.


Quote of the Day

“For as long as the idea of the ‘mobile internet’ has been around, we’ve thought of it as a cut-down subset of the ‘real’ Internet. I’d suggest it’s time to invert that – to think about mobile as the real internet and the desktop as the limited, cut-down version.”

Benedict Evans, from his post: “Forget About the Mobile Internet“. Read the whole thing.



Law, Tech and Policy

Why It’s Hard to Sue the NSA: You Have to Prove It Spied on You – Wired

Tech Companies May be our Best Hope for Resisting Government Surveillance – Ryan Calo at Fusion; and his related academic paper: Can Americans Resist Surveillance?

A New Design (Indistinguishability Obfuscation or IO) for Cryptography’s Black Box – Quanta

Don’t Worry, Smart Machines Will Take Us With Them; Why Human Intelligence and AI will Co-Evolve – Stephen Hsu at Nautilus

Why Are There Any Jobs Still Left? Technology Eliminates Jobs, Not Work – Reason

Securing Today’s Data Against Tomorrow’s Quantum Computers – MIT Technology Review; Related: NSA Plans for a Post-Quantum World – Schneier on Security

A Bit of Internet History, or How Two Members of Congress Helped Create a Trillion or So Dollars of Value – David Post in The Washington Post

The Web We Have to Save: The Rich, Diverse, Free Web that I Loved — and Spent Years in an Iranian Jail For — is Dying; Why is Nobody Stopping It? – Medium

What Ever Happened to Google Books? – Tim Wu at The New Yorker

DIY Tractor Repair Runs Afoul Of Copyright Law – NPR

General Interest

We Need a David Carr Portable Companion; Here’s the first Draft – Karen Wickre at BackChannel/Medium

Harvard Linguist Points out the 58 Most Commonly Misused Words and Phrases – MetroWest Daily News on Steven Pinker’s book, The Sense of Style

How to Fix Twitter: Twitter’s 140-character Limit Doesn’t Get You Better Writing – Dave Winer; Why Twitter Must Blow Past 140 – Dave Winer; Should Twitter Lose the 140-character Limit or Would that be Suicide? – Mathew Ingram at Fortune; The Network’s the Thing – Eugene Wei

Richard Stallman: How I Do My Computing – Stallman.org

Two from BuzzFeed: Scientists Are Hoarding Data And It’s Ruining Medical Research – Ben Goldacre; Here’s What Actually Gets Terrorists To Tell The Truth — And It’s Not Torture – Peter Aldhous


The OPM Hack (link roundup – updated)

Update 08.31.2015:

China and Russia are Using Hacked Data to Target U.S. Spies, Officials Say– Los Angeles Times

How Bad? Very Bad:

Newly Disclosed Hack Got ‘Crown Jewels’; ‘This is Not the End of American Human Intelligence, but it’s a Significant Blow,’ a Former NSA Official Says– Politico

Hackers May Have Obtained Names of Chinese With Ties to U.S. Government – New York Times

The Hack on the U.S. Government was Not a ‘cyber Pearl Harbor’ (But it was a Very Big Deal) – Washington Post

Officials: Chinese Had Access to U.S. Security Clearance Data for One Year – Washington Post

Attack Gave Chinese Hackers Privileged Access to U.S. Systems – New York Times

China’s Hackers Got What They Came For – The Hill

Hacking as Offensive Counterintelligence;   China’s Hack Just Wrecked American Espionage and China’s Spies Hit the Blackmail Jackpot With Data on 4 Million Federal Workers – John Schindler at his XXCommittee blog and at The Daily Beast

How Was It Discovered? During a Product Demo:

Report: Hack of Government Employee Records Discovered by Product Demo Security Tools Vendor Found Breach, Active over a Year, at OPM During Sales Pitch – ArsTechnica

Level of OPM Incompetency? High. Very Old Software, Unencrypted Databases, and Foreign Contractors, Including Chinese, with Root Access:

Encryption “would not have helped” at OPM, Says DHS Official; Attackers had Valid User Credentials and Run of Network, Bypassing Security – ArsTechnica, with details of the OPM systems and lack of security

  “!! OPM IT outsourced to foreigner contractors, with root access, working from their home country. In this case, China” – John Schindler (@20committee): June 17, 2015

Oversight Chairman: Fire Leaders of Hacked Agency – Politico


5 Chinese Cyber Attacks That Might Be Even Worse Than the OPM Hack – Defense One


Former NSA and CIA Director, Michael Hayden (quote via Benjamin Wittes @ Lawfare.com) as to what he would have done if he had had the ability to get Chinese records equivalent to the OPM records when he was serving in his IC positions:

“I would not have thought twice. I would not have asked permission. I’d have launched the star fleet. And we’d have brought those suckers home at the speed of light . . . This is shame on us for not protecting that kind of information.”

From Benjamin Wittes writing on the OPM hack at LawFare in his post “Is the Privacy Community Focused on the Wrong Government?“:

“For the record, I have no problem with the Chinese going after this kind of data. Espionage is a rough business and the Chinese owe as little to the privacy rights of our citizens as our intelligence services do to the employees of the Chinese government. It’s our government’s job to protect this material, knowing it could be used to compromise, threaten, or injure its people—not the job of the People’s Liberation Army to forebear collection of material that may have real utility. Yet I would have thought that privacy groups that take such strong views of the need to put limits on American collection, even American collection overseas against non-U.S. persons, would look a little askance at a foreign intelligence operation consisting of the bulk collection of the most highly-personal information—an operation involving not only government employees but also those close to them. You’d think this would raise someone’s privacy hackles, if not mine.”

Adam Elkus writing at BusinessInsider:

“[C]leaning up the systematic dysfunction in OPM and other agencies will require a harsh and swift hand and plenty of pink slips. Fantasizing about super-hackers and visions of cyber-doom are more fun than the boring but necessary drudgery, for example, of modernizing a decrepit and decaying federal information technology base or ensuring that basic security protocols are observed.”

Megan McArdle at BloombergView:

“The serial IT disasters we have seen over the past seven years do not need a blue-ribbon commission or a really stern memo to fix them. If we want these holes fixed before they become catastrophic, we need leaders with a scorched-earth determination to have adequate IT. The only way that determination happens is if these failures become an existential threat to the careers of the politicians in charge.”


Wassenaar Arrangement Implementation (updated)

The Latest (08.01.2015) – Proposed Rules Pulled for Rewrite:

Pardon the “Intrusion” – Cybersecurity Worries Scuttle Wassenaar Changes – Lexology

Unusual Re-do of US Wassenaar Rules Applauded – Kaspersky Lab Threat Post

The US is Rewriting its Controversial Zero-day Export Policy – The Verge

Proposed Implementation:

Bureau of Industry and Standards’ Wassenaar Arrangement 2013 Plenary Agreements Implementation: Intrusion and Surveillance Items (pdf; 49 pages)

BIS FAQs on the Intrusion and Surveillance Items Implementation


Wassenaar Arrangement – Wikipedia

The International Rules that Have the Security World on Alert – The Verge

Analysis and Opinion:

Why an Arms Control Pact has Security Experts Up in Arms – Kim Zetter in Wired

Proposed U.S. Export Controls: Implications for Zero-Day Vulnerabilities and Exploits – Mailyn Fidler at LawFare

Changes to Export Control Arrangement Apply to Computer Exploits and More – Jennifer Granick and Mailyn Fidler at JustSecurity

What Is the U.S. Doing About Wassenaar, and Why Do We Need to Fight It? – EFF

Also from the EFF: Commerce Department FAQ on Proposed Wassenaar Implementation Gives Answers, Raises More Questions

Why Changes to Wassenaar Make Oppression and Surveillance Easier, Not Harder – ADD/XOR/ROL blog

Why You Should Fear the New Regulations More Than You Think – Dave Aitel


Regulating the Zero-Day Vulnerability Trade: A Preliminary Analysis (pdf; 78 pages) – academic paper by Mailyn Fidler forthcoming in “I/S: A Journal of Law and Policy for the Information Society”

Recommended: Law, Tech and Policy

Opinion: The Reasonable Expectation Fallacy – Dan Geer writing at CSM’s Passcode

The Intercept on XKEYSCORE: XKEYSCORE: NSA’S Google for the World’s Private Communications and Behind the Curtain; a Look at the Inner Workings of NSA’s XKEYSCORE

Hackers Installed Sophisticated Malware on U.S. Computers. Why Doesn’t Anyone Care?; The Worm was Designed to Gather Intelligence on the Ongoing Iranian Nuclear Talks – Reason on the Duqu2 worm

Cyber-Espionage Nightmare; A Groundbreaking Online-spying Case Unearths Details that Companies Wish You Didn’t Know About How Vital Information Slips Away From Them – MIT Technology Review

Introducing the ‘Right to Eavesdrop on Your Things’; Data Privacy is a Big Enough Deal that Americans Need a New Right – Stanford professor Keith Winstein at Politico

Presentation by Benedict Evans of Andreessen Horowitz on how “Mobile is Eating the World”

As More Tech Start-Ups Stay Private, So Does the Money – Farhad Manjoo in the New York Times

The Rabbit-Hole of ‘Relevant’ – Mattathias Schwartz in the New York Times:

“When a law has a name like ‘Patriot’ or ‘Freedom,’ it’s a sign that you should read the fine print. Somewhere down there, in the terraced subclauses of some forgettable subsection, is a word with a special meaning, a word that offers shelter and concealment to whatever it is that the law actually does.”

Three Pieces on the Open Web: Dave Winer – Key Concept of the Open Web: Working Together; David Weinberger – The Internet That Was (and Still Could Be); As Corporations Like Facebook Gain Control Over More and More Online Activities, the Web’s Core Values are at Stake; and Dries Buyteart – Winning back the Open Web.

The Wait-for-Google-to-Do-It Strategy; America’s Communications ­Infrastructure is Finally Getting Some Crucial Upgrades Because One Company is Forcing ­Competition When Regulators Won’t – MIT Technology Review

A New Wave of US Internet Companies is Succeeding in China—By Giving the Government What it Wants – Josh Horowitz at Quartz

The End of Advertising As We Know It – Michael Wolff