Some revisions to our recent paper on the rediscovery of software vulnerabilities.
Bruce Schneier is an internationally renowned security technologist, called a “security guru” by The Economist. He is the author of 12 books — including "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World" — as well as hundreds of articles, essays, and academic papers. His influential newsletter “Crypto-Gram” and blog “Schneier on Security” are read by over 250,000 people. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation’s Open Technology Institute, a board member of the Electronic Frontier Foundation, and an Advisory Board member of the Electronic Privacy Information Center. He is also the Chief Technology Officer of Resilient Systems, Inc.
Subscribe to this Lawfare contributor via RSS.
Software and computer systems are a standard target of intelligence collection in an age where everything from your phone to your sneakers has been turned into a connected computing device. A modern government intelligence organization must maintain access to some software vulnerabilities into order to target these devices. However, the WannaCry ransomware and NotPetya attacks have called attention to the perennial flipside of this issue—the same vulnerabilities that the U.S. government uses to conduct this targeting can also be exploited by malicious actors if they go unpatched.
There's something going on inside the intelligence communities in at least two countries, and we have no idea what it is.
Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet.
Russia was behind the hacks into the Democratic National Committee’s computer network that led to the release of thousands of internal emails just before the party’s convention began, U.S. intelligence agencies have reportedly concluded. This points to the possibility of an even worse problem in November—that our election systems and our voting machines could be vulnerable to a similar attack.
Current debates on Going Dark don't ask that we choose between security and privacy; they present a choice between less security and more security.
In the wake of the horrific and devastating Paris terror attacks, we're at a pivotal moment, as Western governments are already lining up to authorize more invasive surveillance powers.