Archives for posts with tag: security

Quantum computing research is receiving a huge boost from the European Union. Today a Dutch newspaper mentioned that KPN, a large Dutch telecom operator, is going to secure one of their main links using ‘quantum encryption’ to protect against attacks using such quantum computers. I doubt that is going to help much.

Read the rest of this entry »

Email kennen we allemaal. In het icoontje van elk email programma staat een gesloten envelop. En dat is grove leugen. Want email werkt helemaal niet hetzelfde als een brief versturen in een gesloten envelop! Het is eerder vergelijkbaar met het sturen van een briefkaart. De postbodes, of in het geval van email alle tussenliggende computers die de email naar de ontvanger doorsturen, kunnen meelezen.

Read the rest of this entry »

The LIBE Committee and the STOA Panel of the European Parliament together with the Luxembourg Presidency organised a conference in Brussels earlier this week. The aim was to discuss possible European policies to improve privacy and strengthen IT security, among the leading international security and privacy experts. The discussions were actually lively but unfortunately also quite chaotic, so this post is really my effort to bring some structure in the debate.
Read the rest of this entry »

A few years ago I was approached by someone with an intriguing question: would it be possible to restrict access to a website based on your current location? The person who asked me was busy with a project in a neighbourhood close to where I grew up. Part of it is a national monument. The neighbourhood association wanted to revive the history of the neighbourhood by creating a web page for every house in the neighbourhood. To also restore some of the community spirit they didn’t want to just set up a universally accessible website. Instead they wanted to create a page you could only visit if you were actually standing in front of the house. This would invite people to walk around in (their own) neighbourhood, visit web pages linked to certain houses, and in the process get in contact with the current inhabitants. The reason I blog about it is that they are officially launched the project (and corresponding website, last Friday. And unfortunately I couldn’t be there…

Read the rest of this entry »

I was interviewed on Dutch national radio this weekend, to talk about the upcoming NCSC One and GCCS conferences. Both deal with cybersecurity (and a little privacy as well). During the interview, after talking about how complex the world has become, how increasingly dependent we have become on computers and the internet, and how hard it is to make systems secure, they asked me whether the situation wasn’t basically hopeless. I answered that it depends who you ask, and on the mood the person is in. And this got me thinking…

Read the rest of this entry »

There is a new version of Signal out for iOS, that now includes the TextSecure messaging protocol. This means there finally is a free, open source, messaging system that allows users on both Android and iPhone to exchange messages securely (and also make secure phone calls, by the way). This is a big deal, and I am really happy about it. What I am really upset about though is the horrible user interface of Signal on iOS.

Read the rest of this entry »

De Nederlandse overheid werkt al een aantal jaren aan een nieuw eID stelsel (een elektronische vorm van identificatie online) ter vervanginging van DigiD. Dat is ook wel nodig, want DigiD is kwetsbaar, wat tot grote schade kan leiden. Onder deze druk, en vanwege het feit dat marktpartijen de oorspronkelijke plannen voor het eID stelsel niet zagen zitten, heeft de overheid er onlangs voor gekozen een andere koers te varen. Het eID stelsel wordt een uitbreiding van eHerkenning (een systeem voor online identificatie voor bedrijven), en gaat Idensys heten. Dat is wat mij betreft niet alleen een stap terug (eHerkenning is gebaseerd op verouderde en relatief onveilige concepten), maar zelfs een stap in de verkeerde richting.

De oorspronkelijke plannen voor een eID stelsel

Read the rest of this entry »