Cybersecurity

Issues relating to information security and securing critical infrastructure.

Wyden: NSA Eavesdropping is Hurting U.S. Economy

Washington Times
Many overseas customers now understand that the U.S. Constitution offers them no protection from NSA eavesdropping.

Online Storage Firm Sees Beyond the Cloud

San Antonio Express News
ITIF estimates the PRISM revelations could cost U.S. cloud computing firms up to $35 billion.

ITIF Amicus Brief in the matter of Joffe v. Google

October 4, 2013
| Testimony and Filings

In an amicus brief filed with the Ninth Circuit of the United States Court of Appeals, ITIF urged the Court to reconsider the decision in Joffe v. Google because the Court’s ruling needlessly treats modern digital wireless communications in a manner that is fundamentally different than the treatment of old-world analog wireless communications. This deviation from technology neutrality puts standard practices used by the information technology (“IT”) industry at legal risk. Most notably, the ruling calls into legal question practices used by IT security professionals every day to secure wireless networks. As a result, the Court’s decision will make it harder for IT security professionals to their jobs, thus rendering wireless networks more susceptible to intrusion. This cannot be what Congress intended.

Second, the Court’s holding that an unencrypted Wi-Fi communication is not readily accessible to the general public, assuming it is not a radio communication, rests on faulty factual assumptions. The Court justified its conclusion on two grounds.

The Court’s first basis for its holding is that an unencrypted Wi-Fi communication is not “readily” available because Wi-Fi networks typically have a limited geographic scope. But Wi-Fi networks do not have clear geographic bounds, and regularly reach into public areas that are, in fact, “readily” available to the general public. Indeed, the very communications at issue in this case were accessed from public streets.

The Court’s second basis for its holding is that an unencrypted Wi-Fi communication is “encoded” and sent to a “specific destination”—and that as a result “sophisticated hardware and software” is needed to receive and decode the communication from another computer. But encoding—as distinct from encryption—does nothing to render a communication inaccessible. In fact, the Wi-Fi specifications note that data passed over unencrypted wireless connections are “unprotected.” Similarly, the fact that the encoding includes a destination address does nothing to render the communication inaccessible to another computer on the wireless network. Moreover, the hardware and software used for packet sniffing are no more sophisticated than the hardware and software used for all Wi-Fi communications. And, in fact, the televisions, set-top boxes and digital video recorders that the general public readily uses to access television broadcasts—which the Court held are not radio communications—are similarly sophisticated, and the broadcasts are also encoded, yet no one would dispute that unscrambled, unencrypted television broadcasts are readily accessible to the general public.

In short, neither of the Court’s factual bases for its holding that an unencrypted Wi-Fi communication is not readily accessible to the general public is correct. ITIF urges the Court to grant rehearing or rehearing en banc.

NSA’s Involvement in Standards Setting Erodes Trust

Wall Street Journal
Recent allegations that the National Security Agency has influenced encryption standards could have lasting implications for the competitiveness of U.S. companies.

SAP Seeks an Edge from NSA Surveillance Worries

PC World
SAP may build a second data center in Australia to meet customer demand for locally delivered cloud services in the wake of PRISM.

Tough Love to Restore Privacy

The Hill
In this op-ed, former Obama Administration official Chris Finan sites ITIF’s report on the impact of PRISM on the cloud computing industry.

The Morning Download: NSA Sparks Cloud Nationalism

Wall Street Journal
Europeans are beginning to demonstrate their preference for non-U.S. cloud vendors, something multinationals need to be concerned about.

Has the NSA Won the Crypto Wars?

October 1, 2013 - 12:00pm - 1:30pm
Information Technology and Innovation Foundation
1101 K St. NW
610 A
Washington
DC
20005

Until recently, many people believed that the so-called “Crypto Wars” were over and that the U.S. government supported strong encryption for the public. Now new leaks allege that the NSA has deliberately introduced weaknesses and backdoors into commercial products and security standards. These revelations may have substantive and long-lasting consequences on the reputations of U.S. Read more »

Has the NSA Won the Crypto Wars?

October 1, 2013
Panelists explored the impact of allegations that the NSA has deliberately introduced vulnerabilities in cryptographic protocols.

Until recently, many people believed that the so-called “Crypto Wars” were over and that the U.S. government supported strong encryption for the public. Now new leaks allege that the NSA has deliberately introduced weaknesses and backdoors into commercial products and security standards. These revelations may have substantive and long-lasting consequences on the reputations of U.S. tech companies. In addition, these claims may significantly weaken the effectiveness of the federal government in helping improve cyber security in commercial products, both domestically and internationally. Read more »

See video