Why We Encrypt

Bruce Schneier:

Every time you use encryption, you’re protecting someone who needs to use it to stay alive.

This is the clearest statement I’ve seen of the case for ubiquitous, on-by-default encryption.

Connection: Wiretap Laws

I’m experimenting with a new kind of post, where I simply make a connection between two or more ideas, usually with little or no commentary. Here’s the first one: Ed Felten, yesterday: CALEA II: Risks of wiretap modifications to endpoints Today I joined a group of twenty computer scientists in issuing a report criticizing an FBI plan to… Continue reading Connection: Wiretap Laws

Heads-Up for LinkedIn Users

If you have a LinkedIn account, stop what you’re doing and change your LinkedIn password immediately. I’m not kidding–just do it. Once you’re logged in, click on your name near the upper-right corner, click Settings from the menu, click the Account tab near the lower-left corner, and click Change password. Now that you’ve changed your… Continue reading Heads-Up for LinkedIn Users

Internet Wiretap Bill Misses the Mark

Charlie Savage reported Monday in the New York Times that the Obama administration is seeking legislation that would require “back-doors” in all encryption products and services in the US. Of course, they cite terrorism as a primary motivation. How best to balance the needs of law enforcement (and of government in general) with the privacy… Continue reading Internet Wiretap Bill Misses the Mark

When Low Tech Is the Best Tech

We’ve been thinking about developing a quick application to replace a paper HR process—should be a simple state machine with four possible states: Submitted, Accepted, Rejected, and Completed. But then we realized we would need email notifications and a coherent security model. These requirements—workflow, notification, and security—happen reasonably well in the old paper model. Not… Continue reading When Low Tech Is the Best Tech

The Enterprise Information Protection Paradigm

It used to be that network infrastructure was one of an organization’s most valuable assets and security was geared toward protecting the infrastructure; but costs are falling, and the network has become a commodity. Meanwhile, the volume and value of information stored electronically are growing rapidly. For this reason, Dan Greer advocates a paradigm shift… Continue reading The Enterprise Information Protection Paradigm