Post thumbnail
Amazon has released a set of documents, “Updates to Device Security Requirements for Alexa Built-in Products.” I want to look at these as a specific way to express a threat model, which is threat modeling along the supply chain, talk about the proliferation of this different kind of model, and what it means for engineering.…
Read More Amazon’s “Alexa Built-in” Threat ModelThe Open Technology Institute has an Open Letter to Law Enforcement in the U.S., UK, and Australia: Weak Encryption Puts Billions of Internet Users at Risk. (press release, letter.) I am pleased to be one of the signers. In closely related news, nominations for the 2020 Caspar Bowden Award for Outstanding Research in Privacy Enhancing…
Read More Encryption & Privacy Policy and Technology
Post thumbnail
The more I learn about threat modeling, the more I think the toughest part is how we answer the question: “What can go wrong?” Perhaps that’s “finding threats.” Maybe it’s “discovering” or “eliciting” them. Maybe it’s analogizing from threats we know about. I’m not yet even sure what to call it. But what it does…
Read More Managed Attribution Threat ModelingBruce Schneier and I wrote an article on Facebook’s privacy changes: “A New Privacy Constitution for Facebook.”
Read More Facebook’s Privacy Constitution
Post thumbnail
[Update: clarified a sentence about whose privacy is touched, and where.] I had missed the story “Big Brother on wheels: Why your car company may know more about you than your spouse.” There are surprising details, including that you might be able to shut it off, and the phrase “If a customer declines, we do…
Read More Automotive Privacy
Post thumbnail
The decision in Carpenter v. United States is an unusually positive one for privacy. The Supreme Court ruled that the government generally can’t access historical cell-site location records without a warrant. (SCOTUS Blog links to court documents. The court put limits on the “third party” doctrine, and it will be fascinating to see how those…
Read More Carpenter!Last week, in “Threat Modeling: Citizens Versus Systems,” I wrote: I think that was a right call for the first project, because the secondary data flows are a can of worms, and drawing them would, frankly, look like a can of worms. (and) Many organizations don’t disclose them beyond saying “we share your data to…
Read More Citizen Threat Modeling and more data
Post thumbnail
Recently, we shared a privacy threat model which was centered on the people of Seattle, rather than on the technologies they use. Because of that, we had different scoping decisions than I’ve made previously. I’m working through what those scoping decisions mean. First, we cataloged how data is being gathered. We didn’t get to “what…
Read More Threat Modeling: Citizens Versus Systems