Matter of fact, it’s all dark

Deputy Attorney General Rod Rosenstein touched on encryption when speaking at the U.S. Naval Academy recently: Encryption is a foundational element of data security and authentication … But the advent of “warrant-proof” encryption is a serious problem … Our society has never had a system where evidence of criminal wrongdoing ... Read More
Replacing SSNs to combat Identity Theft

Replacing SSNs to combat Identity Theft

As previously discussed in my blog post, Do Health Care Providers Need Your SSN?, your PII (Personally Identifiable Information—please, never “PII data”, which is redundant) can be monetized by evildoers. Given sufficient data and effort, identity theft fraudsters can use your health insurance to fraudulently obtain treatment, exploit your credit ... Read More
Health Care

Do Health Care Providers Need Your SSN?

The U.S. Social Security Number (SNN) was introduced in the 1930s as an identifier for the (then new) Social Security program, whose official name is actually the “Old-Age, Survivors, and Disability Insurance program” (OASDI). As you’ve no doubt read, the SSN was never intended to be a globally unique identifier ... Read More
Whither Cash?

Whither Cash?

With every big data breach, news reports highlight consumers swearing they’ll never use their credit cards again. Of course they’re soon back at it: for most folks, paying for everything using cash or check is tedious in today’s marketplaces. In fact, there’s opposing pressure, toward a cashless society. Sweden has ... Read More
Key Management and Passwords and the Law

Key Management and Passwords and the Law

Anyone with any sense is at least a wee bit frightened of encryption because of the chance of data loss: lose the key and the data is effectively gone, even if it’s sitting right there in an encrypted file. Website passwords really present the same problem: lose one, and whatever ... Read More
Data Security

What the Flock?! Can the data from your car be captured?

A recent BBC article described a product from Flock Safety that comprises a mailbox-mounted, solar-powered automated license plate recognition reader (ALPR) that transmits its data to a repository using 3G cellular. The idea is for neighborhoods to log vehicles entering and leaving, enabling reporting suspicious visitors to police, who can ... Read More

More Security Isn’t Always Good

That’s a provocative title, and deliberately so. The point is that “more” security doesn’t always have the intended effect. Yes, we all know about “defense in depth” and that a single security solution isn’t the answer. That’s still true—I’m talking about unintended secondary effects of adding security. Computing terminology features ... Read More
Technology and Privacy

Law v. Technology

A great number of the cases that make it to the United States Supreme Court hinge upon the Fourth Amendment (henceforth 4A) to the U.S. Constitution. The protections this Amendment offers against unreasonable search and seizure need frequent interpretation against changing technology. In early June, the high court agreed to ... Read More

Cryptography for Mere Mortals #16

An occasional feature, Cryptography for Mere Mortals attempts to provide clear, accessible answers to questions about cryptography for those who are not cryptographers or mathematicians: Q: Another crypto headline failure: “AES-256 keys sniffed in seconds using €200 of kit a few inches away“! Now is it time to panic? To ... Read More