Security States

Latest in Security States

Security States

Bad Code: The Whole Series

Over the last month, on our New Republic: Security States newsfeed, we rolled out a series designed to explain why fairly allocating the costs of software deficiencies between software makers and users is so critical to addressing the growing problem of vulnerability-ridden code---and how such a regime will require questioning some of our deep-seated beliefs about the very nature of software security. Below is a consolidation of the five-part series in full.

Security States

Bad Code: Part V

Does holding software providers accountable for the insecurity of their code amount to going nuclear on the industry---the equivalent of pushing the big red button? I argue that this is the way critics see it, in the fifth and final installment of our Security States cyberliability series. Meanwhile proponents see liability as a far subtler weapon, along the lines of a many-levered machine. The distinction is a crucial one, one that suggests the two sides are talking past each other.

Security States

Bad Code: Part IV

If you believe software providers should be held more accountable for insecure code or coding practices, you might be tempted to point an accusing finger at the contract law framework that courts use to parse software license agreements. The problem is a little bigger than contract law, I argue, in the latest installment of our Security States cyberliability series.

Security States

On The Timing of a Trial in the 9/11 Case

We're a long ways way off from a trial in United States v. Mohammed et. al.  

That's the essence of my Security States piece, which went up today.  It begins:

So when will the 9/11 case go to trial, anyway? I have observed the Guantanamo proceedings for a while now, and hear the question a lot—from supporters and critics of the military prosecution of Khalid Sheikh Mohammed and four accused co-conspirators.


Madison's Vacillations---and Ours

As part of our work on a chapter for an upcoming book on Madisonian thought and contemporary public policy, Ben and I wrote this piece for Security States about James Madison's vacillations on executive power and security issues---first as Founder, then as opposition leader, and then as President. Lawfare readers might remember that last year, we wrote a book chapter entitled "

Security States

Bad Code: Part III

What do software users have in common with Mary Mallon, better known today as Typhoid Mary? A lot---and that's why we shouldn't be leaving the quality of code in the hands of the market. Confused? Connect the rest of the dots over at Security States, where we've just published the latest installment in our series on what it would take to hold software makers liable for the insecurity of their products.


How the Government Justifies Its Data Hauls: The Sieve Theory

What does the government's demand for Lavabit's encryption keys have to do with its justification for its bulk data collection under FISA Section 215? Basic logic. I dub that logic the "sieve theory" of government data filtration, in my latest piece over at the New Republic: Security States (a note to the mathematically inclined: this has nothing to do with sifted sets of integers).

Subscribe to Lawfare