RSA takes one for the team, but which team?

RSA_EMCEdward Snowden says (according to Reuters) that RSA Security accepted $10 million from the National Security Agency in exchange for installing (or allowing to have installed) a secret backdoor so the NSA could decrypt messages as it pleased. Hell no says RSA (a division of storage vendor EMC), stating in very strong terms that this was not at all the case. But then in a second day look at the RSA/EMC statement bloggers began to see the company as dissembling, their firm defense as really more of a non-denial denial. So what’s the truth here and what’s the lesson?

For the truth I reached deep into the bowels of elliptic […]

Gallows humor for the NSA privacy debate

williamsessionsIt’s hard to believe sometimes, but I began writing this column — in print back then — during the Reagan Administration. It was 1987 and the crisis du jour was called Iran-Contra, remember it? Colonel Oliver North got a radio career out of breaking federal law. The FBI director back then was William Sessions, generally called Judge Sessions because he had been a federal judge. I interviewed Sessions in 1990 about the possibility that American citizens might have their privacy rights violated by an upcoming electronic surveillance law. “What would keep an FBI agent from tapping his girlfriend’s telephone?” I asked, since it would shortly be possible to do so from the agent’s desk.

“It would never […]

The Google File System makes NSA’s hack blatantly illegal and they know it

nsa_google_snoopThe latest Edward Snowden bombshell that the National Security Agency has been hacking foreign Google and Yahoo data centers is particularly disturbing. Plenty has been written about it so I normally wouldn’t comment except that the general press has, I think, too shallow an understanding of the technology involved. The hack is even more insidious than they know.

The superficial story is in the NSA slide (above) that you’ve probably seen already. The major point being that somehow the NSA — probably through the GCHQ in Britain — is grabbing virtually all Google non-spider web traffic from the Google Front End Servers, because that’s where the SSL encryption is decoded.

Yahoo has no such encryption.

The major point […]

How Big Data is destroying the U.S. healthcare system

denied-stampOne thing I find ironic in the current controversy over problems with the healthcare.gov insurance sign-up web site is that the people complaining don’t really mean what they are saying. Not only do they have have little to no context for their arguments, they don’t even want the improvements they are demanding. This is not to say nothing is wrong with the site, but few big web projects have perfectly smooth launches. From all the bitching and moaning in the press you’d think this experience is a rarity. But as those who regularly read this column know, more than half of big IT projects don’t work at all. So I’m not surprised that […]

Privacy is dead and here’s how

privacy-do-not-disturb

My friend Dave Taht, who battles bufferbloat for us all, pointed me today to a document from the Wireless Internet Service Provider Association. It’s the WISPA CALEA Compliance Guide, which details most of the rules that wireless ISPs are required to follow by CALEA — the Communications Assistance for Law Enforcement Act of 1994. These rules, variants of which apply to all telcos and to ISPs of all kinds (not just wireless), say what those companies are required to do to comply with the law. More directly, it specifies how they can be required to intercept customer communications and relay that content to law enforcement agencies.

Read it if you have a moment. The document, which is […]