Archives for category: Opeds

I am a long time tablet PC user. I have owned a Toshiba (great resolution), Dell XT (great support, they basically upgraded me to an XT2) and a Lenovo Helix (which simply sucks). I love being able to take notes directly in a pdf, if only because it allows me to comment on student work and keep a copy of my comments for reference. OneNote is great for making handwriting notes during meetings, to sketch ideas, or to do mathematics. But I’ve never been a great fan of Microsoft products (OneNote is really a surprising exception), so I always said that if Apple would introduce a tablet, I would switch. They did, so here I am…
Read the rest of this entry »

The LIBE Committee and the STOA Panel of the European Parliament together with the Luxembourg Presidency organised a conference in Brussels earlier this week. The aim was to discuss possible European policies to improve privacy and strengthen IT security, among the leading international security and privacy experts. The discussions were actually lively but unfortunately also quite chaotic, so this post is really my effort to bring some structure in the debate.
Read the rest of this entry »

Pressure from government on companies and institutions to provide access to encrypted communications and stored data us increasing. Many people call it the second crypto war. An influential report often cited in the discussion is “Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications” written by a score of well known and respected scientists. The report raises many important and relevant points. However, it is very much focused on the argument that government access is a bad idea from a technical perspective. And I happen to disagree with that point of view. There are many good reasons against indiscriminate government access to public infrastructure, but the technical arguments are the least convincing in my mind. In fact I think it is dangerous and ineffective to argue against government access on technical grounds. Instead the real arguments against indiscriminate government access are of an ethical, legal, political and organisational nature. Here is why.
Read the rest of this entry »

I am invited to a high-level conference co-organised by the LIBE Committee and the STOA Panel of the European Parliament together with the Luxembourg Presidency in Brussels this week. The title of the conference is “Protecting online privacy by enhancing IT security and strengthening EU IT capabilities”. The aim is to discuss, interact and come up with bold, innovative, out-of-the-box ideas to help foster an EU online privacy protection and IT security strategy for the next years. In preparation they have asked all participants to submit their top-3 policy recommendations. Below you’ll find mine. Read the rest of this entry »

Only the owner of a cryptographic key can decrypt any message encrypted against it. Therefore, if you want to send a message securely to another person, you have to know and use his key to encrypt the message. You have to be certain that it belongs to that person, and not to somebody else that tries to eavesdrop on your communication. This is why many secure communication apps allow you to verify keys using a short fingerprint that is uniquely tied to the key and that can be verified ‘out of band’. This means you have to ask for someone’s fingerprint (over the phone, or by looking at his business card) and compare it to the fingerprint your app shows for that person’s key. Apple’s iMessage is a notable exception, though. And frequently criticised for it.
Read the rest of this entry »

I was interviewed on Dutch national radio this weekend, to talk about the upcoming NCSC One and GCCS conferences. Both deal with cybersecurity (and a little privacy as well). During the interview, after talking about how complex the world has become, how increasingly dependent we have become on computers and the internet, and how hard it is to make systems secure, they asked me whether the situation wasn’t basically hopeless. I answered that it depends who you ask, and on the mood the person is in. And this got me thinking…

Read the rest of this entry »

There is a new version of Signal out for iOS, that now includes the TextSecure messaging protocol. This means there finally is a free, open source, messaging system that allows users on both Android and iPhone to exchange messages securely (and also make secure phone calls, by the way). This is a big deal, and I am really happy about it. What I am really upset about though is the horrible user interface of Signal on iOS.

Read the rest of this entry »