Skip to content

Posts by Paul Rosenzweig

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Distinguished Visiting Fellow at the Homeland Security Studies and Analysis Institute. He also serves as a Professorial Lecturer in Law at George Washington University, a Senior Editor of the Journal of National Security Law & Policy, and as a Visiting Fellow at The Heritage Foundation.

Fourth Circuit Decision in Lavabit

By
Wednesday, April 16, 2014 at 2:33 PM

Readers will recall the Lavabit case in the Fourth Circuit, which I earlier described here, and here.  Lavabit ran an encrypted email service allegedly used for communication by Edward Snowden.  As part of its investigation, the US government sought to have Lavabit turn over the private encryption SSL key that would have decrypted Snowden’s mail . . .
Read more »

House Judiciary Hearing on ICANN

By
Friday, April 11, 2014 at 10:24 AM

I testified yesterday at the House Judiciary Committee hearing on the proposed transfer of the IANA function to ICANN.  You can find my testimony (and that of the other witnesses) at the committee web site.   I was struck, at the hearing, by a few items that seem worth noting: The Administration’s testimony was, essentially, to . . .
Read more »

Bits and Bytes — Open SSL Bug

By
Wednesday, April 9, 2014 at 8:00 AM

The disturbing news comes courtesy of Nicole Perlroth of the New York Times.  Apparently there is a significant bug in the Open SSL protocol that provides most of the https security on the network.  Here’s the lede: The tiny padlock icon that sits next to many web addresses, suggesting protection of users’ most sensitive information . . .
Read more »

Wynhdam v. FTC Decided

By
Tuesday, April 8, 2014 at 11:54 AM

Some time ago I called Wyndham v. FTC the “most important cybersecurity case you’ve never heard of.”  Well, it was decided today.  For those who need a reminder, the case involved the FTC’s effort to use its general power to regulate “unfair” business practices as a means of compelling consumer organizations like Wyndham hotels to . . .
Read more »

Wishful Thinking Department

By
Monday, April 7, 2014 at 1:29 PM

Conversation at the Rosenzweig breakfast table this morning: Wife:  “That’s just dreaming.” Me: “What?” Wife (pointing to front page New York Times article): “Thinking that the Chinese will become more transparent.” Apparently, the US has been giving the Chinese briefings on “the Pentagon’s doctrine for defending against cyberattacks against the United States — and for . . .
Read more »

Bits and Bytes — Military Focus

By
Monday, April 7, 2014 at 8:15 AM

Three items of particular interest to our cyber warfare aficionados in today’s Bits and Bytes (plus one lagniappe on the Internet of Things): Developments in Iranian Cyber Warfare 2013-14.  From the Institute for National Security Studies in Israel:  “Over the course of 2013, Iran became one of the most active players in the international cyber . . .
Read more »

Congress Considers the IANA Transfer to ICANN

By
Friday, April 4, 2014 at 2:02 PM

As we noted earlier, the Administration is proposing to transfer a significant Internet function (the Internet Assigned Numbers Authority) to an international NGO.  As you may imagine the proposal has generated some discussion in Congress.  On April 2, the House Commerce Committee held a hearing on the proposal, and the House Judiciary Committee is planning . . .
Read more »

The James Madison of Our Times ?!

By
Monday, March 31, 2014 at 2:32 PM

I was on a panel at American University on Friday to discuss cyber and the role of corporations.  Ben was on the same panel and the moderator (Dan Marcus) introduced Ben as the “James Madison of the Lawfare blog.”  I thought that was kind of neat and it made me think of this picture: BTW, . . .
Read more »

New Tech and National Security Law — Tile

By
Tuesday, March 25, 2014 at 8:30 AM

Who needs the NSA?  Now you can buy Tile for just $20 and track anything you want. Tile is a small white square that you can affix to almost anything.  It’s only a few millimeters thick — thin enough to stick on the back of your cellphone.  Tile uses Bluetooth and connects to an iPhone . . .
Read more »

Defining Success for the ICANN Transition

By
Monday, March 24, 2014 at 8:15 AM

Last week, the Administration announced its plan to devolve governance of the Internet’s naming function (which goes by the acronym IANA) to a non-profit organization, the Internet Corporation for Assigned Names and Numbers (or ICANN).  If implemented, the Administration’s plan will remove the last vestiges of direct American legal control over the Internet.  This is, . . .
Read more »

Legal Limits on the Transfer of Control to ICANN

By
Wednesday, March 19, 2014 at 10:00 AM

As I wrote earlier this week, the big news recently in cyberspace was the announcement by the Department of Commerce, National Telecommunications and Information Administration, that it planned to effectuate a transfer of control of the Internet Assigned Numbers Authority to the the Internet Corporation for Assigned Names and Numbers, a non-profit corporation.  At the . . .
Read more »

Turning Off Transponders — Aviation Security and MH370

By
Wednesday, March 19, 2014 at 8:00 AM

In an earlier post regarding MH370, I wondered why it was that transponders on airplanes were still capable of being turned off.  I feel rather justified to realize that I’m not the only one asking the question.  Gregg Easterbrook has an op-ed in The New York Times in which he makes the same point and . . .
Read more »

Thinking about MH370

By
Sunday, March 16, 2014 at 3:42 PM

Fools, they say, rush in where angels fear to tread.  Proving that I am less angelic than foolish (and confident that the blogosphere will quickly forget these musings), I thought I’d offer a few Homeland Security-related thoughts on lessons learned from MH370.   Of course this speculation can be utterly overtaken by events, but even at . . .
Read more »

Who Controls the Internet Address Book? ICANN, NTIA and IANA

By
Saturday, March 15, 2014 at 3:10 PM

It is almost axiomatic in Washington, that the bureaucracy buries news of which it is not proud with a release late in the day on a Friday afternoon.  Though it is a bit harsh to say so, one suspects that the Department of Commerce felt that way about its announcement yesterday that the United States . . .
Read more »

Two Passports on Malysian Air Stolen

By
Saturday, March 8, 2014 at 11:06 AM

The news is here.  European officials confirm that at least two of the passengers whose passports were used to board MH370 were not, in fact, on the plane and that those who boarded the plane were using stolen passports.  In a follow on post, I’ll detail some of the steps that the world has taken . . .
Read more »

The Continuing Low-Grade Cyber Conflict Between Ukraine and Russia

By
Tuesday, March 4, 2014 at 3:44 PM

The Russia-Ukraine conflict is quickly becoming a textbook example of low-grade cyber tactics that will likely occur in almost all future conflicts.  It has yet to, thankfully, graduate to a full-scale cyber assault, but we are seeing a number of back-and-forth moves that paint the picture of two contestants feeling each other out, but not . . .
Read more »

The Debate About the NSA Is Over

By
Monday, March 3, 2014 at 11:17 AM

Well, not really.  But you know that a trend is going against the NSA when the American Bar Association offers a course entitled, “The Ethical Implications of NSA Surveillance.”  According to the the ABA: Our panel will take you through the revelations about NSA to date and outline the steps law firms can (and ethically must) take . . .
Read more »

NATO to the Cyber-Defense?

By
Monday, March 3, 2014 at 9:35 AM

As a follow up to my post of yesterday about cyber in the Russo-Ukrainian conflict, here is another thought from Admiral (Ret.) James Stavridis, the former commander of NATO.  In his view NATO should: Conven[e] allies with cyber-capabilities (this is not a NATO specialty) to consider options — at a minimum to defend Ukraine if . . .
Read more »

The Russian-Ukrainian Cyber Conflict

By
Sunday, March 2, 2014 at 12:15 PM

As the world watches the slow-motion catastrophe that is happening in Crimea and the Ukraine and wondering how it will all play out on the ground, many in the cyber community are asking a different question — how will it play out in the cyber domain?  Here is some of what we know is already . . .
Read more »

Keynotes @ RSA

By
Tuesday, February 25, 2014 at 1:31 PM

The security company RSA is hosting a conference this week in San Francisco, at which I’ll be speaking tomorrow on a minor panel.  This morning however is the big keynote set of speeches.  And what is most striking to me is, if you will forgive me, the lack of humility in the security researcher community.  . . .
Read more »