Essays in the Category "Privacy and Surveillance"
Page 3 of 16
What "Efail" Tells Us About Email Vulnerabilities and Disclosure
Last week, researchers disclosed vulnerabilities in a large number of encrypted email clients: specifically, those that use OpenPGP and S/MIME, including Thunderbird and AppleMail. These are serious vulnerabilities: An attacker who can alter mail sent to a vulnerable client can trick that client into sending a copy of the plaintext to a web server controlled by that attacker. The story of these vulnerabilities and the tale of how they were disclosed illustrate some important lessons about security vulnerabilities in general and email security in particular…
It's Not Just Facebook. Thousands of Companies are Spying on You
In the wake of the Cambridge Analytica scandal, news articles and commentators have focused on what Facebook knows about us. A lot, it turns out. It collects data from our posts, our likes, our photos, things we type and delete without posting, and things we do while not on Facebook and even when we’re offline. It buys data about us from others. And it can infer even more: our sexual orientation, political beliefs, relationship status, drug use, and other personality traits—even if we didn’t take the personality test that Cambridge Analytica developed…
Can Consumers' Online Data Be Protected?
This essay appeared as half of a point/counterpoint with Priscilla Regan, in a CQ Researcher report on Privacy and the Internet.
Con
Everything online is hackable. This is true for Equifax’s data and the federal Office of Personal Management’s data, which was hacked in 2015. If information is on a computer connected to the internet, it is vulnerable.
But just because everything is hackable doesn’t mean everything will be hacked. The difference between the two is complex, and filled with defensive technologies, security best practices, consumer awareness, the motivation and skill of the hacker and the desirability of the data. The risks will be different if an attacker is a criminal who just wants credit-card details—and doesn’t care where he gets them from—or the Chinese military looking for specific data from a specific place…
How to Fight Mass Surveillance Even Though Congress Just Reauthorized It
What the battle looks like after Section 702's reauthorization
For over a decade, civil libertarians have been fighting government mass surveillance of innocent Americans over the Internet. We’ve just lost an important battle. On Jan. 18, when President Trump signed the renewal of Section 702, domestic mass surveillance became effectively a permanent part of U.S. law.
Section 702 was initially passed in 2008, as an amendment to the Foreign Intelligence Surveillance Act of 1978. As the title of that law says, it was billed as a way for the National Security Agency to spy on non-Americans located outside the United States. It was supposed to be an efficiency and cost-saving measure: The NSA was already permitted to tap communications cables located outside the country, and it was already permitted to tap communications cables from one foreign country to another that passed through the United States. Section 702 allowed it to tap those cables from inside the United States, where it was easier. It also allowed the NSA to request surveillance data directly from Internet companies under a program called PRISM…
How the Supreme Court Could Keep Police From Using Your Cellphone to Spy on You
The cellphones we carry with us constantly are the most perfect surveillance device ever invented, and our laws haven’t caught up to that reality. That might change soon.
This week, the Supreme Court will hear a case with profound implications for your security and privacy in the coming years. The Fourth Amendment’s prohibition of unlawful search and seizure is a vital right that protects us all from police overreach, and the way the courts interpret it is increasingly nonsensical in our computerized and networked world. The Supreme Court can either update current law to reflect the world, or it can further solidify an unnecessary and dangerous police power…
Testimony Before the House Subcommittee on Digital Commerce and Consumer Protection
Testimony and Statement for the Record of Bruce Schneier
Fellow and Lecturer, Belfer Center for Science and International Affairs, Harvard Kennedy School
Fellow, Berkman Center for Internet and Society at Harvard Law School
Hearing on “Securing Consumers’ Credit Data in the Age of Digital Commerce”
Before the
Subcommittee on Digital Commerce and Consumer Protection
Committee on Energy and Commerce
United States House of Representatives
1 November 2017
2125 Rayburn House Office Building
Washington, DC 20515
Mister Chairman and Members of the Committee, thank you for the opportunity to testify today concerning the security of credit data. My name is Bruce Schneier, and I am a security technologist. For over 30 years I have studied the technologies of security and privacy. I have authored 13 books on these subjects, including …
Who Is Publishing NSA and CIA Secrets, and Why?
There’s something going on inside the intelligence communities in at least two countries, and we have no idea what it is.
Consider these three data points. One: someone, probably a country’s intelligence organization, is dumping massive amounts of cyberattack tools belonging to the NSA onto the Internet. Two: someone else, or maybe the same someone, is doing the same thing to the CIA.
Three: in March, NSA Deputy Director Richard Ledgett described how the NSA penetrated the computer networks of a Russian intelligence agency and was able to monitor them as they attacked the U.S. State Department in 2014. Even more explicitly, a U.S. ally—my guess is the U.K.—was not only hacking the Russian intelligence agency’s computers, but also the surveillance cameras inside their building. “They [the U.S. ally] monitored the [Russian] hackers as they maneuvered inside the U.S. systems and as they walked in and out of the workspace, and were able to see faces, the officials said.”…
Infrastructure Vulnerabilities Make Surveillance Easy
Weakness in digital communications systems allows security to be bypassed, leaving users at risk of being spied on.
Governments want to spy on their citizens for all sorts of reasons. Some countries do it to help solve crimes or to try to find “terrorists” before they act.
Others do it to find and arrest reporters or dissidents. Some only target individuals, others attempt to spy on everyone all the time.
Many countries spy on the citizens of other countries: for reasons of national security, for advantages in trade negotiations, or to steal intellectual property.
None of this is new. What is new, however, is how easy it has all become. Computers naturally produce data about their activities, which means they’re constantly producing surveillance data about us as we interact with them…
Snoops May Soon Be Able to Buy Your Browsing History. Thank the US Congress
Think about all of the websites you visit every day. Now imagine if the likes of Time Warner, AT&T and Verizon collected all of your browsing history and sold it on to the highest bidder. That’s what will probably happen if Congress has its way.
This week, lawmakers voted to allow internet service providers to violate your privacy for their own profit. Not only have they voted to repeal a rule that protects your privacy, they are also trying to make it illegal for the Federal Communications Commission to enact other rules to protect your privacy online…
How to Keep Your Private Conversations Private for Real
Don't get doxed.
This essay also appeared in The Age.
A decade ago, I wrote about the death of ephemeral conversation. As computers were becoming ubiquitous, some unintended changes happened, too: Before computers, what we said disappeared once we’d said it. Neither face-to-face conversations nor telephone conversations were routinely recorded. A permanent communication was something different and special; we called it correspondence.
The Internet changed this. We now chat by text message and email, on Facebook and on Instagram. These conversations—with friends, lovers, colleagues, fellow employees—all leave electronic trails. And while we know this intellectually, we haven’t truly internalized it. We still think of conversation as ephemeral, forgetting that we’re being recorded and what we say has the permanence of correspondence…
Sidebar photo of Bruce Schneier by Joe MacInnis.