Showing posts with label national security agency. Show all posts
Showing posts with label national security agency. Show all posts

11 May 2007

Identifying ID Card Flaws

As costs for the hare-brained UK ID Card continue to spiral out of control, the LSE has put together a timely submission to the House of Commons Home Affairs Committee inquiry into “A surveillance society?” that picks apart the current scheme's weaknesses.

05 February 2007

Lifelogging

I've touched on the subject of lifelogging - recording every moment of your waking day - before, but this feature is by far the best exploration of the subject I've come across.

What's fascinating is that it draws together so many apparently disparate threads: openness, privacy, security, search technologies, storage, memories, blogging, online videos, virtual worlds, etc. etc. (Via 3pointD.com.)

09 January 2007

Microsoft Vista: "Checked" by the NSA

News that the US's official eavesdropper, the National Security Agency, has had a hand in Vista is going to go down really well with the governments of China, Russia, India, etc. etc.:

For the first time, the giant software maker is acknowledging the help of the secretive agency, better known for eavesdropping on foreign officials and, more recently, U.S. citizens as part of the Bush administration's effort to combat terrorism. The agency said it has helped in the development of the security of Microsoft's new operating system -- the brains of a computer -- to protect it from worms, Trojan horses and other insidious computer attackers.

Interestingly:

Novell, which sells a Linux-based operating system, also works with government agencies on software security issues, spokesman Bruce Lowry said in an e-mail, "but we're not in a position to go into specifics of the who, what, when types of questions."

But at least you can look at the code to find out what they did - unlike with Vista.... (Via The Inquirer.)

02 July 2006

The Economics of Security

In his lastest Wired column, Bruce S. is writing about a subject particularly dear to my heart: the economics of security. He was lucky enough to go up to the fifth Workshop on the Economics of Information Security at Cambridge: I had hoped to go, but a sudden influx of work prevented me.

My own interest in this area was sparked by a talk that Ross Anderson, now a professor at Cambridge, gave down in London. I vaguely knew Ross at university, when both of us had rather more hair than we do now. Since this was 30 years ago, it's not suprising that he didn't remember me when I introduced myself at the London talk, pointing out that the last time I had seen him was in Whewell's Court: he stared at me as if I was completely bonkers. Ah well.

Schneier gives a good summary of what this whole area is about, and why it is so important:

We generally think of computer security as a problem of technology, but often systems fail because of misplaced economic incentives: The people who could protect a system are not the ones who suffer the costs of failure.

When you start looking, economic considerations are everywhere in computer security. Hospitals' medical-records systems provide comprehensive billing-management features for the administrators who specify them, but are not so good at protecting patients' privacy. Automated teller machines suffered from fraud in countries like the United Kingdom and the Netherlands, where poor regulation left banks without sufficient incentive to secure their systems, and allowed them to pass the cost of fraud along to their customers. And one reason the internet is insecure is that liability for attacks is so diffuse.

Read the whole column, and then, if you are feeling strong, try Ross's seminal essay on the subject: "Why Information Security Is Hard -- An Economic Perspective".