Author Archives: Michael Froomkin

Please Vote for Jotwell

Posted on December 12, 2013 by Michael Froomkin

2013VOTETHISBLAWG1Please vote for Jotwell in the ABA Journal’s ‘Blawg 100’ competition. [I’m leaving this at the top until the 20th – scroll down for new stuff]
Continue reading

Posted in Jotwell | 1 Comment

How to Tell if the Goverment is Lying About the NSA

Posted on December 10, 2013 by Michael Froomkin

Watch their lips. If they’re moving…

(Apologies if this auto-played; I had inconsistent results with different browsers. Embedding Daily Show links is harder than it should be.)

Posted in Surveillance | 1 Comment

SSL Certificate Trust Model Has Problems

Posted on December 9, 2013 by Michael Froomkin

French agency caught minting SSL certificates impersonating Google:

The secure sockets layer (SSL) credentials were digitally signed by a valid certificate authority, an imprimatur that caused most mainstream browsers to place an HTTPS in front of the addresses and display other logos certifying that the connection was the one authorized by Google. In fact, the certificates were unauthorized duplicates that were issued in violation of rules established by browser manufacturers and certificate authority services.

The certificates were issued by an intermediate certificate authority linked to the Agence nationale de la sécurité des systèmes d’information, the French cyberdefense agency better known as ANSSI. After Google brought the certificates to the attention of agency officials, the officials said the intermediate certificate was used in a commercial device on a private network to inspect encrypted traffic with the knowledge of end users, Google security engineer Adam Langley wrote in a blog post published over the weekend. Google updated its Chrome browser to reject all certificates signed by the intermediate authority and asked other browser makers to do the same. Firefox developer Mozilla and Microsoft, developer of Internet Explorer have followed suit. ANSSI later blamed the mistake on human error. It said it had no security consequences for the French administration or the general public, but the agency has revoked the certificate anyway.

An intermediate certificate authority is a crucial link in the “chain of trust” that’s key in connections protected by SSL and its successor protocol, known as transport layer security (TLS). Because intermediate certificates are signed by a root certificate embedded in the browser, they have the ability to mint an unlimited number of digital certificates for virtually any site. The individual certificates will be accepted by default by most browsers.

Maybe it’s time to dust off and update my article on digital signatures and digital certificates, The Essential Role of Trusted Third Parties in Electronic Commerce, 75 Ore. L. Rev. 49 (1996). I think this was the first article published in a US law review on the topic, and even though it’s held up well, there have been many developments in nearly 20 years. On the other hand, there are three new papers I need to finish first…

Posted in Law: Internet Law | Comments Off on SSL Certificate Trust Model Has Problems

Gators & Crocs Use Tools

Posted on December 9, 2013 by Michael Froomkin

croc3ScienceShot: First Example of Tool Use in Reptiles:

In what appears to be the first example of tool use among reptiles, researchers have discovered that both animals use twigs and sticks to attract nest-building birds. In 2007, behavioral ecologist Vladimir Dinets noticed that mugger crocodiles (Crocodylus palustris) at a zoo in India would balance small sticks on their snouts near a rookery where egrets compete for sticks to build their nests. Once, one of the crocs lunged at an egret that approached. Intrigued, Dinets studied alligators (Alligator mississippiensis) at four sites in Louisiana. The alligators put sticks on their snouts … much more frequently near egret rookeries and during the nest-building season, he and colleagues report online in Ethology Ecology & Evolution.

rsz_tauren01-fullArguably this shows gators and crocs have better sense when it comes to hunting than the NSA, which apparently spent millions of dollars spying on online gamers for fear terrorists might use World of Warcraft or Second Life as meeting sites. It was, for some reason, a very popular assignment all over the TLA world:

Meanwhile, the FBI, CIA, and the Defense Humint Service were all running human intelligence operations – undercover agents – within Second Life. In fact, so crowded were the virtual worlds with staff from the different agencies, that there was a need to try to “deconflict” their efforts – or, in other words, to make sure each agency wasn’t just duplicating what the others were doing.

Sticks would have been cheaper, and about as useful.

Posted in Science/Medicine, Surveillance | 1 Comment

This Mission Patch is REAL

Posted on December 8, 2013 by Michael Froomkin

Satellite-logo-for-spyingThe first time I saw this on a web site, I imagined it was a parody. The second time I saw it — at Forbes — I had to check for a second that the piece wasn’t posted on April 1.

But no, this is the genuine mission patch for a spy rocket lofted into orbit this week by the Office of National Intelligence:

“NROL-39 is represented by the octopus, a versatile, adaptable, and highly intelligent creature. Emblematically, enemies of the United States can be reached no matter where they choose to hide,” says Karen Furgerson, a spokesperson for the National Reconnaissance Office (NRO). “‘Nothing is beyond our reach’ defines this mission and the value it brings to our nation and the warfighters it supports, who serve valiently all over the globe, protecting our nation.”

O.M.G.

Posted in Civil Liberties | 1 Comment

As We Suspected (Updated)

Posted on December 8, 2013 by Michael Froomkin

FBI can secretly activate your webcam, without you being any the wiser – ex-official – Pogo Was Right Blog.

Update: Juan Cole offers a useful juxtaposition: FBi Laptop Camera Snooping and Orwell’s 1984: Side by Side Comparison. Click through for the graphic.

Posted in Law: Privacy | Comments Off on As We Suspected (Updated)