The thing about infrastructure is that everyone uses it. If it's secure, it's secure for everyone. And if it's insecure, it's insecure for everyone. This forces some hard policy choices. When I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was QUANTUM. This is the NSA's...

Scientists are attaching cameras to Humboldt squid to watch them communicate with each other. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Over the next two weeks, I am speaking about my new book -- Data and Goliath, if you've missed it -- in New York, Boston, Washington, DC, Seattle, San Francisco, and Minneapolis. Stop by to get your book signed, or just to say hello....

In December, Google's Executive Chairman Eric Schmidt was interviewed at the CATO Institute Surveillance Conference. One of the things he said, after talking about some of the security measures his company has put in place post-Snowden, was: "If you have important information, the safest place to keep it is in Google. And I can assure you that the safest place...

Glenn Greenwald, Laura Poitras, and Edward Snowden did an "Ask Me Anything" on Reddit. Point out anything interesting in the comments. And note that Snowden mentioned my new book: One of the arguments in a book I read recently (Bruce Schneier, "Data and Goliath"), is that perfect enforcement of the law sounds like a good thing, but that may not...

New paper: "Surreptitiously Weakening Cryptographic Systems," by Bruce Schneier, Matthew Fredrikson, Tadayoshi Kohno, and Thomas Ristenpart. Abstract: Revelations over the past couple of years highlight the importance of understanding malicious and surreptitious weakening of cryptographic systems. We provide an overview of this domain, using a number of historical examples to drive development of a weaknesses taxonomy. This allows comparing different...

On Monday, I asked Adm. Rogers a question....

AT&T is charging a premium for gigabit Internet service without surveillance: The tracking and ad targeting associated with the gigabit service cannot be avoided using browser privacy settings: as AT&T explained, the program "works independently of your browser's privacy settings regarding cookies, do-not-track and private browsing." In other words, AT&T is performing deep packet inspection, a controversial practice through which...

New research on tracking the location of smart phone users by monitoring power consumption: PowerSpy takes advantage of the fact that a phone's cellular transmissions use more power to reach a given cell tower the farther it travels from that tower, or when obstacles like buildings or mountains block its signal. That correlation between battery use and variables like environmental...

This is freaky: A new study showcases the first example of an animal editing its own genetic makeup on-the-fly to modify most of its proteins, enabling adjustments to its immediate surroundings. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

It's not just national intelligence agencies that break your https security through man-in-the-middle attacks. Corporations do it, too. For the past few months, Lenovo PCs have shipped with an adware app called Superfish that man-in-the-middles TLS connections. Here's how it works, and here's how to get rid of it. And you should get rid of it, not merely because it's...

The Intercept has an extraordinary story: the NSA and/or GCHQ hacked into the Dutch SIM card manufacturer Gemalto, stealing the encryption keys for billions of cellphones. People are still trying to figure out exactly what this means, but it seems to mean that the intelligence agencies have access to both voice and data from all phones using those cards. Me...

Earlier this month, Mark Burnett released a database of ten million usernames and passwords. He collected this data from already-public dumps from hackers who had stolen the information; hopefully everyone affected has changed their passwords by now. News articles....

Interesting article on the submarine arms race between remaining hidden and detection. It seems that it is much more expensive for a submarine to hide than it is to detect it. And this changing balance will affect the long-term viability of submarines....

I'm not sure what to make of this, or even what it means. The IRS has a standard called IDES: International Data Exchange Service: "The International Data Exchange Service (IDES) is an electronic delivery point where Financial Institutions (FI) and Host Country Tax Authorities (HCTA) can transmit and exchange FATCA data with the United States." It's like IRS data submission,...