Matt Tait is the Chief Operating Officer of Corellium. Previously he was CEO of Capital Alpha Security, a consultancy in the UK, worked at Google Project Zero, was a principal security consultant for iSEC Partners, and NGS Secure, and worked as an information security specialist for GCHQ.
Subscribe to this Lawfare contributor via RSS.
I read the Wall Street Journal’s article yesterday on attempts by a GOP operative to recover missing Hillary Clinton emails with more than usual interest. I was involved in the events that reporter Shane Harris described, and I was an unnamed source for the initial story.
French President-elect Emmanuel Macron has a lot on his mind as he prepares to assume office. One topic we can be sure he’s thinking about: what to do about the dumping of various of his campaign documents and emails online just hours before the election.
Last Wednesday, after increasing public and political pressure to declassify more information about Russian interference in the 2016 election, the Office of the Director of National Intelligence announced that it was now conducting a formal review into foreign interference in U.S. presidential elections at the request of the President. This is the ODNI statement it in its entirety:
This morning, counterterrorism and homeland security adviser Lisa Monaco announced that President Obama has ordered a “full review” of “hacking-related activity aimed at disrupting” the 2016 presidential election.
And the President is not alone in calling for continued scrutiny of Russian interference in the election; his announcement follows bipartisan calls from Congress for investigations into the matter.
It didn’t take long after Trump’s unexpected election as the 45th president of the United States for the encryption debate to reemerge.
Michael Specter and the “Keys Under Doormats” (KUD) group have an interesting post, entitled “Apple's Cloud Key Vault, Exceptional Access, and False Equivalences” responding to my earlier post on Apple’s Cloud Key Vault.
The conversation so far has meandered somewhat over different sites, so if you’ve not been following along, the conversation thus far is:
The vulnerability equities process (VEP) is broken. While it is designed to ensure the satisfaction of many equities, in reality it satisfies none—or at least, none visible to those beyond the participants of the insular process. Instead of meaningfully shaping best outcomes, the VEP provides thin public relations cover when the US government is questioned on its strategy around vulnerabilities.