Julian Sanchez on the NSA and Surveillance Reform

Julian Sanchez of the Cato Institute has a lengthy audio interview on NSA surveillance and reform. Worth listening to.

Posted on September 24, 2014 at 2:21 PM • 5 Comments

Comments

DanielSeptember 24, 2014 3:29 PM

He also has a post up regarding the iPhone 8 encryption issue.

http://www.cato.org/blog/old-technopanic-new-ibottles

It is in part a reply to a series of posts by Orin Kerr at the Volokh Conspiracy.

And Orin's reply is here:

http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/09/24/julian-sanchez-on-encryption-law-enforcement-and-the-balance-of-power/

and his original series of posts end here (with links to the others)

http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/09/22/apples-dangerous-game-part-3-where-do-you-draw-the-line-and-whats-the-privacy-tradeoff/


DBSeptember 25, 2014 9:54 AM

@vas pup

I don't get it. If iptables allows no incoming connections at all (as should be the case with "general home users") then just how will any bash vulnerability allow full remote takeover? Obviously web servers are different.

Steve FriedlSeptember 25, 2014 9:58 AM

The bash bug thing is a big deal because it can be triggered by merely setting an environment variable, and webservers do this when spawning CGI scripts. Somebody sets a funky query string or a user agent, it gets put in the environment by the webserver, and *boom*, remote execution from a simple web query.

Big big deal.

WmSeptember 29, 2014 8:10 AM

Very interesting, but as long a people are focused upon government and bureaucrats regulating themselves, there will never be any individual privacy and security. Individual privacy and security starts and ends with the individual finding ways of securing his own privacy and security.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.