Archives for category: Opeds

I am invited to a high-level conference co-organised by the LIBE Committee and the STOA Panel of the European Parliament together with the Luxembourg Presidency in Brussels this week. The title of the conference is “Protecting online privacy by enhancing IT security and strengthening EU IT capabilities”. The aim is to discuss, interact and come up with bold, innovative, out-of-the-box ideas to help foster an EU online privacy protection and IT security strategy for the next years. In preparation they have asked all participants to submit their top-3 policy recommendations. Below you’ll find mine. Read the rest of this entry »

Only the owner of a cryptographic key can decrypt any message encrypted against it. Therefore, if you want to send a message securely to another person, you have to know and use his key to encrypt the message. You have to be certain that it belongs to that person, and not to somebody else that tries to eavesdrop on your communication. This is why many secure communication apps allow you to verify keys using a short fingerprint that is uniquely tied to the key and that can be verified ‘out of band’. This means you have to ask for someone’s fingerprint (over the phone, or by looking at his business card) and compare it to the fingerprint your app shows for that person’s key. Apple’s iMessage is a notable exception, though. And frequently criticised for it.
Read the rest of this entry »

I was interviewed on Dutch national radio this weekend, to talk about the upcoming NCSC One and GCCS conferences. Both deal with cybersecurity (and a little privacy as well). During the interview, after talking about how complex the world has become, how increasingly dependent we have become on computers and the internet, and how hard it is to make systems secure, they asked me whether the situation wasn’t basically hopeless. I answered that it depends who you ask, and on the mood the person is in. And this got me thinking…

Read the rest of this entry »

There is a new version of Signal out for iOS, that now includes the TextSecure messaging protocol. This means there finally is a free, open source, messaging system that allows users on both Android and iPhone to exchange messages securely (and also make secure phone calls, by the way). This is a big deal, and I am really happy about it. What I am really upset about though is the horrible user interface of Signal on iOS.

Read the rest of this entry »

Societal concerns are increasingly left to the marketplace to resolve. We no longer discuss and prioritise societal issues in a dialogue with society as a whole. We no longer share, discuss, or build a vision on long term solutions to the problems that we face. They are no longer solved at the (super)national level, by imposing laws or regulations, or creating economic incentives through grants or tax rules. Instead we rely on the concerns and personal choices of individual citizens to create societal change, in the hope that
individual decisions in ‘the marketplace’ will create such change as some kind of emergent behaviour.
Read the rest of this entry »

In a recent (dutch) blog post I argued that the latest change in plans for a nationwide eID system in the Netherlands spelled trouble. Instead of the proposed solution I argued that a system using attribute based credentials (ABCs) would be preferable in terms of both security and privacy. One of the solution providers involved in the eID system responded, arguing that using ABCs would in fact be less privacy friendly than the proposed eID system. His argument was that the Dutch eID system would (also) be used to control access to highly sensitive data, like health records, fiscal records, etc. In such systems it is desirable to log all access attempts, to be able to determine after the fact who accessed which records, and whether that was allowed under the circumstances. The untraceability of transactions guaranteed by using ABCs would, according to the author, make this technology therefore unsuitable for such applications. I will show that this argument is false, and that ABCs are perfectly capable of allowing certain transactions to be traced. Unlike the proposed solutions for the Dutch eDI system however, this tracing is only application specific, with the consent and/or explicit knowledge of the user, and not system wide and uncontrolled.

Read the rest of this entry »

Today I read this (several months old) blog post, explaining that many peer-to-peer marketplaces fail because they do not solve a real problem. But I think the issue is more complex than presented there, and I think this is also relevant for the question of how to make more people use privacy friendly apps and services.
Read the rest of this entry »