Matt Tait is a senior cybersecurity fellow at the Robert S. Strauss Center for International Security and Law at the University of Texas at Austin. Previously he was CEO of Capital Alpha Security, a consultancy in the UK, worked at Google Project Zero, was a principal security consultant for iSEC Partners, and NGS Secure, and worked as an information security specialist for GCHQ.
Subscribe to this Lawfare contributor via RSS.
French President-elect Emmanuel Macron has a lot on his mind as he prepares to assume office. One topic we can be sure he’s thinking about: what to do about the dumping of various of his campaign documents and emails online just hours before the election.
Last Wednesday, after increasing public and political pressure to declassify more information about Russian interference in the 2016 election, the Office of the Director of National Intelligence announced that it was now conducting a formal review into foreign interference in U.S. presidential elections at the request of the President. This is the ODNI statement it in its entirety:
This morning, counterterrorism and homeland security adviser Lisa Monaco announced that President Obama has ordered a “full review” of “hacking-related activity aimed at disrupting” the 2016 presidential election.
And the President is not alone in calling for continued scrutiny of Russian interference in the election; his announcement follows bipartisan calls from Congress for investigations into the matter.
It didn’t take long after Trump’s unexpected election as the 45th president of the United States for the encryption debate to reemerge.
Michael Specter and the “Keys Under Doormats” (KUD) group have an interesting post, entitled “Apple's Cloud Key Vault, Exceptional Access, and False Equivalences” responding to my earlier post on Apple’s Cloud Key Vault.
The conversation so far has meandered somewhat over different sites, so if you’ve not been following along, the conversation thus far is:
The vulnerability equities process (VEP) is broken. While it is designed to ensure the satisfaction of many equities, in reality it satisfies none—or at least, none visible to those beyond the participants of the insular process. Instead of meaningfully shaping best outcomes, the VEP provides thin public relations cover when the US government is questioned on its strategy around vulnerabilities.
Just over a week ago, at the BlackHat hacker convention in Las Vegas, Ivan Krstić, Head of Security Engineering and Architecture at Apple gave a talk entitled “Behind the scenes of iOS Security,” the slides of which are available here.