The more I learn about threat modeling, the more I think the toughest part is how we answer the question: “What can go wrong?” Perhaps that’s “finding threats.” Maybe it’s “discovering” or “eliciting” them. Maybe it’s analogizing from threats we know about. I’m not yet even sure what to call it. But what it does…Read More Managed Attribution Threat Modeling
Bruce Schneier and I wrote an article on Facebook’s privacy changes: “A New Privacy Constitution for Facebook.”Read More Facebook’s Privacy Constitution
[Update: clarified a sentence about whose privacy is touched, and where.] I had missed the story “Big Brother on wheels: Why your car company may know more about you than your spouse.” There are surprising details, including that you might be able to shut it off, and the phrase “If a customer declines, we do…Read More Automotive Privacy
The decision in Carpenter v. United States is an unusually positive one for privacy. The Supreme Court ruled that the government generally can’t access historical cell-site location records without a warrant. (SCOTUS Blog links to court documents. The court put limits on the “third party” doctrine, and it will be fascinating to see how those…Read More Carpenter!
Last week, in “Threat Modeling: Citizens Versus Systems,” I wrote: I think that was a right call for the first project, because the secondary data flows are a can of worms, and drawing them would, frankly, look like a can of worms. (and) Many organizations don’t disclose them beyond saying “we share your data to…Read More Citizen Threat Modeling and more data
Recently, we shared a privacy threat model which was centered on the people of Seattle, rather than on the technologies they use. Because of that, we had different scoping decisions than I’ve made previously. I’m working through what those scoping decisions mean. First, we cataloged how data is being gathered. We didn’t get to “what…Read More Threat Modeling: Citizens Versus Systems