Artificial Intelligence and the Attack/Defense Balance

Artificial intelligence technologies have the potential to upend the longstanding advantage that attack has over defense on the Internet. This has to do with the relative strengths and weaknesses of people and computers, how those all interplay in Internet security, and where AI technologies might change things. You can divide Internet security tasks into two sets: what humans do well and what computers do well. Traditionally, computers excel at speed,…

March 15, 2018

The 600+ Companies PayPal Shares Your Data With

One of the effects of GDPR — the new EU General Data Protection Regulation — is that we’re all going to be learning a lot more about who collects our data and what they do with it. Consider PayPal, that just released a list of over 600 companies they share customer data with. Here’s a good visualization of that data. Is 600 companies unusual? Is it more than average? Less?…

March 14, 2018

E-Mailing Private HTTPS Keys

I don’t know what to make of this story: The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities Comodo and, until recently, Symantec. It was sent to Jeremy Rowley, an executive vice president at DigiCert, a certificate authority that acquired Symantec’s certificate issuance business after Symantec was caught flouting binding industry rules, prompting Google to distrust…

March 13, 2018

Two New Papers on the Encryption Debate

Seems like everyone is writing about encryption and backdoors this season. “Policy Approaches to the Encryption Debate,” R Street Policy Study #133, by Charles Duan, Arthur Rizer, Zach Graves and Mike Godwin. “Encryption Policy in Democratic Regimes,” East West Institute. I recently blogged about the new National Academies report on the same topic. Here’s a review of the National Academies report, and another of the East West Institute’s report. EDITED…

March 12, 2018

Friday Squid Blogging: Interesting Interview

Here’s an hour-long audio interview with squid scientist Sarah McAnulty. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Source:

March 10, 2018

OURSA Conference

Responding to the lack of diversity at the RSA Conference, a group of security experts have announced a competing one-day conference: OUR Security Advocates, or OURSA. It’s in San Francisco, and it’s during RSA, so you can attend both. Source:

March 9, 2018