This category contains articles that discuss security policy issues, both at the corporate level and at the national and international levels. This domain contains security guidelines and procedures, as well as national policy considerations addressing national security, privacy, and more.
I usually agree with the opinions expressed by Bruce Schneier. Seldom do I think that he is dead wrong, and yet less often do I think that an essay of his is bluntly unsubstantiated. About a month ago, he published such a post, titled: How Israel Regulates Encryption. He quoted a research that sounds sensible, but ended up interpreting it entirely wrongly, in my opinion.
A few days ago I gave a lecture about innovation and one topic that came up was the security of e-voting. It is widely accepted by the security community that e-voting cannot be made secure enough, and yet existing literature on the topic seems to lack high level discussion on the basis for this assumption.
Following is my opinion on why reliable fully digital e-voting cannot be accomplished given its threat and security models.
TED published an excellent talk: Why Privacy Matters, by Glenn Greenwald.
Seldom do I call an online lecture "a must for all audience", but the TED lecture by Glenn Greenwald is worth such an enforcement. Glenn Greenwald is one of the key reporters who published material based on the leaks of Edward Snowden. He also wrote a good book about it called "No Place to Hide"; a book on which I wrote a review about 6 months ago.
If you know that privacy is important, but cannot explain why people who've done nothing wrong need it, or worse yet, if you really do not see why a surveillance state is bad also for law-abiding citizens, then you must listen to this. It packs hours of social, psychological, and public policy discussions into a few minutes.
I was quoted by The Enquirer saying that we shall all assume that data (from wearables and otherwise) that is collected by service providers will never be deleted. The data collected by wearables is only as protected as the network that holds it – and it is likely to be stored indefinitely.
"The trend today, given the ever-decreasing cost of storage, is to store data forever. A CIO will prefer to pay a bit more for a little more disk space than risk his job and company prosperity by deciding to discard data that is one day determined to have been useful."
EDITED TO ADD: This story was also pubished by USA Today, and others.
Shodan is a search engine for computers. It allows to search for hosts on the Internet not by the text they serve but by their technical properties as they reflect in responses to queries. The crawler Shodan uses to build its index does not read text that websites emit when visited, but instead it reads the information that the machine provides when probed.
Like most other technologies, this is another dual-use technology. It has both legitimate and malicious uses. The tool can be used for research, but it can be, and indeed has been, used for vicious purposes. Shodan will readily map and report Internet-accessible web-cams, traffic lights, and other IoT devices, including those with lax protection, such as those using default passwords or no passwords for log-in.
So is Shodan bad? Not at all. Those are exactly the forces that make us all more secure.
The revelations made by Edward Snowden did not show us anything that we never thought possible. It did reveal, however, that many of the things that were possible in theory found their way to reality. Those revelations also gave opportunity for many of the chronic paranoids and conspiracy-theorists to say "I told you". Fact is, digital life causes us to rely on more and more service providers, in the shape of government agencies and private organizations, and those providers were now caught violating our trust. When we buy products and services, we trust their provider to follow the norms we believe it follows. When such trust breaks, we need to think what next. In my opinion, this situation forms an opportunity for Europe to catch up.
The term "network neutrality" is mentioned very often lately; also in the context of FCC ruling, such as here, and here. Since the definition of net neutrality is not always clear, this topic is not subject to as much public debate as it probably should. Here is my take of what network neutrality is, and why it is difficult to regulate and enforce. I will start with my proposed technical and service-related definition of "network neutrality", and will follow with a brief explanation of why this is both difficult and important.