Privacy

The False Promise of Data Nationalism

The False Promise of Data Nationalism

December 9, 2013
| Reports

A growing number of policy makers believe that data is more private and secure if it is stored domestically. This report shows why this is a false promise by providing a short guide to the implications of storing data on servers in foreign countries, with a foreign-owned service provider, or both, under various conditions. The report also recommends the United States engage its trade partners in developing a “Geneva Convention on the Status of Data” that establishes international legal standards for government access to data.

NSA Surveillance May Cause Breakup of Internet, Warn Experts

The Guardian
The Snowden revelations are pushing the Internet towards a tipping point with huge ramifications for online communications.

Tech Braces for Privacy Storm in Europe

Politico
Daniel Castro argues new global privacy laws could have significant negative consequences for the digital economy.

ITIF Amicus Brief in the matter of Joffe v. Google

October 4, 2013
| Testimony and Filings

In an amicus brief filed with the Ninth Circuit of the United States Court of Appeals, ITIF urged the Court to reconsider the decision in Joffe v. Google because the Court’s ruling needlessly treats modern digital wireless communications in a manner that is fundamentally different than the treatment of old-world analog wireless communications. This deviation from technology neutrality puts standard practices used by the information technology (“IT”) industry at legal risk. Most notably, the ruling calls into legal question practices used by IT security professionals every day to secure wireless networks. As a result, the Court’s decision will make it harder for IT security professionals to their jobs, thus rendering wireless networks more susceptible to intrusion. This cannot be what Congress intended.

Second, the Court’s holding that an unencrypted Wi-Fi communication is not readily accessible to the general public, assuming it is not a radio communication, rests on faulty factual assumptions. The Court justified its conclusion on two grounds.

The Court’s first basis for its holding is that an unencrypted Wi-Fi communication is not “readily” available because Wi-Fi networks typically have a limited geographic scope. But Wi-Fi networks do not have clear geographic bounds, and regularly reach into public areas that are, in fact, “readily” available to the general public. Indeed, the very communications at issue in this case were accessed from public streets.

The Court’s second basis for its holding is that an unencrypted Wi-Fi communication is “encoded” and sent to a “specific destination”—and that as a result “sophisticated hardware and software” is needed to receive and decode the communication from another computer. But encoding—as distinct from encryption—does nothing to render a communication inaccessible. In fact, the Wi-Fi specifications note that data passed over unencrypted wireless connections are “unprotected.” Similarly, the fact that the encoding includes a destination address does nothing to render the communication inaccessible to another computer on the wireless network. Moreover, the hardware and software used for packet sniffing are no more sophisticated than the hardware and software used for all Wi-Fi communications. And, in fact, the televisions, set-top boxes and digital video recorders that the general public readily uses to access television broadcasts—which the Court held are not radio communications—are similarly sophisticated, and the broadcasts are also encoded, yet no one would dispute that unscrambled, unencrypted television broadcasts are readily accessible to the general public.

In short, neither of the Court’s factual bases for its holding that an unencrypted Wi-Fi communication is not readily accessible to the general public is correct. ITIF urges the Court to grant rehearing or rehearing en banc.

Has the NSA Won the Crypto Wars?

October 1, 2013
Panelists explored the impact of allegations that the NSA has deliberately introduced vulnerabilities in cryptographic protocols.

Until recently, many people believed that the so-called “Crypto Wars” were over and that the U.S. government supported strong encryption for the public. Now new leaks allege that the NSA has deliberately introduced weaknesses and backdoors into commercial products and security standards. These revelations may have substantive and long-lasting consequences on the reputations of U.S. tech companies. In addition, these claims may significantly weaken the effectiveness of the federal government in helping improve cyber security in commercial products, both domestically and internationally. Read more »

See video

Security, Freedom and Privacy in the Digital Age

September 17, 2013
| Presentations

Daniel Castro spoke about security, freedom, and privacy at a panel discussion hosted by the Knight Foundation.

Has the US government learned nothing from the Clipper Chip?

September 11, 2013
| Blogs & Op-eds

The allegation that the NSA has covertly weakened the design of cryptographic standards and introduced vulnerabilities in commercial products is a disturbing claim with severe implications Congress should thoroughly investigate. The policy of the U.S. government should be to strengthen, not weaken, online security.

Syndicate content