Nicholas Weaver

nweaver's picture

Nicholas Weaver is a senior staff researcher focusing on computer security at the International Computer Science Institute in Berkeley, California, and a lecturer in the Computer Science department at the University of California at Berkeley. All opinions are his own.

Subscribe to this Lawfare contributor via RSS.

Cyber & Technology

Facebook’s Cryptocurrency: Stop It Before It Starts

On June 18, Facebook announced its forthcoming cryptocurrency, Libra. The company says it intends to integrate it into Facebook’s Messenger and WhatsApp products. Although Facebook says it has created an “independent” subsidiary, Calibra, and purports that the currency itself will be controlled by an independent Libra Foundation, the coin is really a Facebook project.

Cybersecurity

The GCHQ’s Vulnerabilities Equities Process

In the U.S. there has been a long debate about “vulnerability equities”—that is, whether the government should disclose a vulnerability it discovers to the vendor, which will then allow users to apply a patch and be defended against exploitation, or keep the vulnerability secret to enable the government’s exploitation of targets. There is little data on how the process works. But the U.S. has the potential to learn how the British handle the same problem.

China

The Technical Consequences of Trump’s Telecom Supply Chain Emergency

On May 15, President Trump once again declared a national emergency to invoke legal authority to make sweeping changes to U.S. policy, this time to secure the telecommunications supply chain. I’ve already made my views clear on Huawei’s suitability for U.S. markets and the need for a blanket ban on Chinese-sourced telecommunications equipment in U.S. infrastructure.

Cyber & Technology

A Risk Analysis of Huawei 5G

Telecommunications networks are special—they are designed to enable wiretapping. Mandates such as the Communications Assistance for Law Enforcement Act (CALEA) in the U.S. and similar requirements elsewhere effectively require that the network operator use equipment that contains surveillance hooks to answer government requests.