Does Apple’s Cloud Key Vault Answer the Key Escrow Question?

In a recent talk at Black Hat, Apple's head of security engineering (Ivan Krsti?) described many security mechanisms in iOS. One in particular stood out: Apple's Cloud Key Vault, the way that Apple protects cryptographic keys stored in iCloud. A number of people have criticized Apple for this design, saying that they have effectively conceded the "Going Dark" encryption debate to the FBI. They didn't, and what they did was done for very valid business reasons -- but they're taking a serious risk... more

Internet Access: A Chokepoint for Development

In the 1980's internet connectivity meant allowing general public to communicate and share knowledge and expertise with each other instantly and where it was not possible otherwise. Take the story of Anatoly Klyosov, connecting Russia to the western world for the first time in 1982, as an example. A bio-chemist who was not allowed to leave the soviet territory for security reasons. The internet enabled him to participate in meetings with his counterparts at Harvard University, University of Stockholm and beyond. more

Challenging UDRP Awards in Courts of Competent Jurisdiction

The Uniform Domain Name Dispute Resolution Policy (UDRP) is not an exclusive forum for the resolution of domain names accused of cybersquatting even though registration agreements use the word "mandatory" in the event of third-party claims. The UDRP is mandatory only in the sense that respondents are "obliged by virtue of the [registration] agreement to recognize the validity of a proceeding initiated by a third-party claimant." more

China’s QUESS and Quantum Communications

In mid-August China launched "QUESS" (Quantum Experiments at Space Scale), a new type of satellite that it hopes will be capable of "quantum communications" which is supposed to be hack-proof, through the use of "quantum entanglement". This allows the operator to ensure that no one else is listening to your communications by reliably distributing keys that are then used for encryption in order to be absolutely sure that there is no one in the middle intercepting that information. more

Security Against Election Hacking - Part 2: Cyberoffense Is Not the Best Cyberdefense!

State and county election officials across the country employ thousands of computers in election administration, most of them are connected (from time to time) to the internet (or exchange data cartridges with machines that are connected). In my previous post I explained how we must audit elections independently of the computers, so we can trust the results even if the computers are hacked. more

The Impact of Reverse Domain Name Hijacking on Supplemental Filings in UDRP Cases

In another blog post, I wrote about the sometimes confusing circumstances in which domain name dispute panelists will consider supplemental, or additional, filings from the parties (in addition to a complaint and response) in cases under the Uniform Domain Name Dispute Resolution Policy (UDRP). I quoted the WIPO Overview, which states, in part, that supplemental filings may be appropriate where a party can "show its relevance to the case and why it was unable to provide that information in the complaint or response." more

Security Against Election Hacking - Part 1: Software Independence

There's been a lot of discussion of whether the November 2016 U.S. election can be hacked. Should the U.S. Government designate all the states' and counties' election computers as "critical cyber infrastructure" and prioritize the "cyberdefense" of these systems? Will it make any difference to activate those buzzwords with less than 3 months until the election? First, let me explain what can and can't be hacked. Election administrators use computers in (at least) three ways... more

Video: Interview with Jari Arkko at IETF 96 in Berlin

Would you like to understand the major highlights of the 96th meeting of the Internet Engineering Task Force (IETF) last month in Berlin? What were some of the main topics and accomplishments? How many people were there? What else went on? If so, you can watch a short video interview I did below with IETF Chair Jari Arkko. more

ICANN the Machine…

ICANN's new gTLD expansion is really quite an ingenious ploy to grow the once small California non-profit into an unstoppable machine, worth hundreds of millions of dollars, which soon plans to finally be free from any external oversight. I have no doubt that ICANN pats itself on the back for pulling the wool over so many eyes, including stakeholders, new gTLD applicants, politicians, and the global general public. more

Reselling Domain Names on the Secondary Market: Bona Fide Offering, or Not?

On the question of reselling domain names on the secondary market, a dissenting panelist in a 2005 case observed that "[t]here is no doubt Respondent is in the business of being a reseller of domain names that consist of common English words" and then suggested that the "fundamental question before the Panel is whether or not such a business should be allowed under the UDRP." He concluded that such a business should not be allowed... more