New article on the NSA's efforts to control academic cryptographic research in the 1970s. It includes new interviews with public-key cryptography inventor Martin Hellman and then NSA-director Bobby Inman....

The interesting story of how engineers at Ford Motor Co. invented the superconducting quantum interference device, or SQUID. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Last month, for the first time since US export restrictions on cryptography were relaxed two decades ago, the US government has fined a company for exporting crypto software without a license. News article. No one knows what this means....

Pew Research has released a new survey on American's perceptions of privacy. The results are pretty much in line with all the other surveys on privacy I've read. As Cory Doctorow likes to say, we've reached "peak indifference to surveillance."...

It's not happening often, but it seems that some ISPs are blocking STARTTLS messages and causing web encryption to fail. EFF has the story....

Orin Kerr has a new article that argues for narrowly constructing national security law: This Essay argues that Congress should adopt a rule of narrow construction of the national security surveillance statutes. Under this interpretive rule, which the Essay calls a "rule of lenity," ambiguity in the powers granted to the executive branch in the sections of the United States...

Good paper, and layman's explanation. Internet voting scares me. It gives hackers the potential to seriously disrupt our democratic processes....

Kaspersky Labs is reporting (detailed report here, technical details here) on a sophisticated hacker group that is targeting specific individuals around the world. "Darkhotel" is the name the group and its techniques has been given. This APT precisely drives its campaigns by spear-phishing targets with highly advanced Flash zero-day exploits that effectively evade the latest Windows and Adobe defenses, and...

Security is a combination of protection, detection, and response. It's taken the industry a long time to get to this point, though. The 1990s was the era of protection. Our industry was full of products that would protect your computers and network. By 2000, we realized that detection needed to be formalized as well, and the industry was full of...

I'm not sure why this is news, except that it makes for a startling headline. (Is the New York Times now into clickbait?) It's not as if people are throwing squid onto the field, as Detroit hockey fans do with octopus. As usual, you can also use this squid post to talk about the security stories in the news that...

My company, Co3 Systems, is hiring both technical and nontechnical positions. If you live in the Boston area, click through and take a look....

Chicago is doing random explosives screenings at random L stops in the Chicago area. Compliance is voluntary: Police made no arrests but one rider refused to submit to the screening and left the station without incident, Maloney said. [...] Passengers can decline the screening, but will not be allowed to board a train at that station. Riders can leave that...

Robert Lee and Thomas Rid have a new paper: "OMG Cyber! Thirteen Reasons Why Hype Makes for Bad Policy."...

Interesting paper by Melissa Hathaway: "Connected Choices: How the Internet Is Challenging Sovereign Decisions." Abstract: Modern societies are in the middle of a strategic, multidimensional competition for money, power, and control over all aspects of the Internet and the Internet economy. This article discusses the increasing pace of discord and the competing interests that are unfolding in the current debate...

Verizon is tracking the Internet use of its phones by surreptitiously modifying URLs. This is a good description of how it works....