Skip to content

Posts by Paul Rosenzweig

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Distinguished Visiting Fellow at the Homeland Security Studies and Analysis Institute. He also serves as a Professorial Lecturer in Law at George Washington University, a Senior Editor of the Journal of National Security Law & Policy, and as a Visiting Fellow at The Heritage Foundation.

Bits and Bytes

By
Wednesday, May 28, 2014 at 12:15 PM

Two interesting items today: Shane Harris has a look inside the FBI’s efforts to track the Chinese hackers.  Here’s the intro: “SolarWorld was fighting a losing battle. The U.S. subsidiary of the German solar panel manufacturer knew that its Chinese competitors, backed by generous government subsidies, were flooding the American market with steeply discounted solar . . .
Read more »

How Much Harm Did Snowden Do?

By
Thursday, May 22, 2014 at 5:38 PM

It is difficult, if not impossible, for those outside the Intelligence Community to make a fair assessment of how much harm the Snowden leaks did to national security.  And, perhaps, for those inside the IC, it is difficult as well, for converse reasons.  In any event, for those who are interested, the Guardian has received . . .
Read more »

More Thoughts on the DOJ China Indictment

By
Tuesday, May 20, 2014 at 9:40 AM

Jack has already offered a number of thoughts on the indictment yesterday of 5 Chinese PLA members for cyber espionage.  Let me offer a few additional thoughts that pick up on some of those threads: If the NYT article by Sanger is to be credited, this indictment was part of a strategy adopted more than . . .
Read more »

For the Delicious Irony Files

By
Friday, May 16, 2014 at 9:20 AM

A report from the cyber underground where most of my Lawfare colleagues don’t normally follow:  File this one as a delicious irony (or, if you prefer, a delightful irrationality).  Many will recall that back in 2010 when WikiLeaks first started releasing classified materials many of the financial intermediaries (Visa, Mastercard, Western Union and PayPal) started . . .
Read more »

Your Secret Stingray’s No Secret Anymore

By
Friday, May 16, 2014 at 8:56 AM

I don’t always agree with Chris Soghoian, but he always has something interesting to say, and his new paper (co-authored with Stephanie Pell) touching on surveillance and national security is worth looking at.  The title gives you a good sense of it: Your Secret Stingray’s No Secret Anymore: The Vanishing Government Monopoly Over Cell Phone . . .
Read more »

Bits and Bytes

By
Wednesday, May 14, 2014 at 6:58 AM

Estonian Voting. A new group, Estonia Voting, claims that there are major cybersecurity gaps in the Estonian electronic voting system: “As international experts on e-voting security, we decided to perform an independent evaluation of the system, based on election observation, code review, and laboratory testing. What we found alarmed us. There were staggering gaps in procedural and operational . . .
Read more »

DOJ Seeks Broader Search Warrant Authority to Combat Botnets

By
Saturday, May 10, 2014 at 12:21 PM

That’s the report from Ellen Nakashima of the Washington Post.  According to her: “The Justice Department is seeking a change in criminal rules that would make it easier for the FBI to obtain warrants to hack into suspects’ computers for evidence when the computer’s physical location is unknown — a problem that officials say is . . .
Read more »

The Wrong Way to Deal with the ICANN/IANA Transition

By
Friday, May 9, 2014 at 11:43 AM

We have written previously about the decision by the Department of Commerce (through the NTIA — the National Telecommunications and Information Administration) to transition control of the Internet Assigned Number Authority (IANA) to the Internet Corporation for Assigned Names and Numbers (ICANN).  Some in Congress have expressed their concern about the transition — worrying that . . .
Read more »

FTC Must Disclose Its Cybersecurity Standard

By
Wednesday, May 7, 2014 at 4:53 PM

Those who have been following the debate know that the FTC recently won a pretty significant victory in its effort to enforce cybersecurity standards for organizations that hold consumer data.  A district court held that inadequate cybersecurity could be an “unfair business practice” within the regulatory ambit of the FTC. We are now at the . . .
Read more »

The President’s Big Data Report — Some Hat; Some Cattle

By
Friday, May 2, 2014 at 9:07 AM

The Administration has released its long-awaited, review of Big Data — a report from the Executive Office of the President on the phenomenon of large-scale data collection and analysis.  The review was accompanied by a blog post (apparently, this is now the official form of Executive communication, instead of a formal press release) from Counselor . . .
Read more »

Governing a Distributed Network: Common Goods and Emergence

By
Sunday, April 27, 2014 at 10:48 AM

In May I will be participating in a conference at the Hague Institute for Global Justice.  Part of the Global Governance Reform Initiative, the conference is entitled “The Future of Cyber Governance” and will address questions relating to the internationalization of network governance questions.  My own contribution builds on some of the thoughts I’ve already . . .
Read more »

3D Printing on the High Seas

By
Friday, April 25, 2014 at 4:23 PM

I knew this was coming.  Just not this soon.  The Navy is sending a 3D printer to sea.  It’s a small step: “The crew has been making everything from disposable medical supplies (think plastic syringes), to a new cap they designed for an oil tank, to model planes to move around their mock-up of the . . .
Read more »

HPSCI in the Next Congress

By
Friday, April 25, 2014 at 1:14 PM

What follows is rank speculation.  It is teasing out a trend from some isolated facts and it may well be completely in error.  But, that having been said, the tea leaves tell me that the future holds a far more confrontational relationship between the House Permanent Select Committee on Intelligence and the intelligence community which . . .
Read more »

DHS Unity of Effort

By
Wednesday, April 23, 2014 at 2:05 PM

Big news over at the Department of Homeland Security.  Now in its 11th year, the Department continues to be operationally disaggregated into its component parts, with little of the cross-cutting economies of scale and efficiencies of effort that were a promised result of its creation.  Prior Secretaries have tried to tame the process with limited . . .
Read more »

It Ain’t the Name, It’s the Search, Stupid …..

By
Monday, April 21, 2014 at 12:00 PM

Debate continues to swirl around the proposed transfer of control of the internet’s naming function (IANA) to the Internet Corporation for Assigned Names and Numbers (ICANN).  But one of the grounds of concern (censorship) seems, the more I think about it, to be less of a problem.  To be sure, internet names have symbolic first . . .
Read more »

And the Cobbler’s Children Have No Shoes ….

By
Monday, April 21, 2014 at 7:00 AM

For quite some time, it has been apparent that the announcement of the NIST Cybersecurity Framework would be a seminal event.  Though couched as a voluntary program, many expected that the Framework would become the de facto ground for liability.  After all, if the National Institute for Standards and Technology has determined a baseline framework . . .
Read more »

Bits and Bytes

By
Saturday, April 19, 2014 at 9:03 AM

India suggests renaming the Internet.  Not, apparently, a joke: “In a major diplomatic initiative, India is all set to challenge the U.S.’ hegemony of the World Wide Web at a global meet on Internet governance in Sao Paulo (Brazil) next week. India has decided to propose renaming of Internet as ‘Equinet’ so that all nations . . .
Read more »

Fourth Circuit Decision in Lavabit

By
Wednesday, April 16, 2014 at 2:33 PM

Readers will recall the Lavabit case in the Fourth Circuit, which I earlier described here, and here.  Lavabit ran an encrypted email service allegedly used for communication by Edward Snowden.  As part of its investigation, the US government sought to have Lavabit turn over the private encryption SSL key that would have decrypted Snowden’s mail . . .
Read more »

House Judiciary Hearing on ICANN

By
Friday, April 11, 2014 at 10:24 AM

I testified yesterday at the House Judiciary Committee hearing on the proposed transfer of the IANA function to ICANN.  You can find my testimony (and that of the other witnesses) at the committee web site.   I was struck, at the hearing, by a few items that seem worth noting: The Administration’s testimony was, essentially, to . . .
Read more »

Bits and Bytes — Open SSL Bug

By
Wednesday, April 9, 2014 at 8:00 AM

The disturbing news comes courtesy of Nicole Perlroth of the New York Times.  Apparently there is a significant bug in the Open SSL protocol that provides most of the https security on the network.  Here’s the lede: The tiny padlock icon that sits next to many web addresses, suggesting protection of users’ most sensitive information . . .
Read more »