- Our Work
Last November, the Federal Communications Commission (FCC) issued a landmark privacy rule governing how Internet service providers (ISPs) could collect and share customer data. On April 4, 2017, President Trump signed a joint resolution that repealed this rule before it could ever take effect.
This panel will discuss how we arrived at this juncture and how the Internet privacy landscape may evolve in light of these developments. We will also explore the roles (and shortcomings) of both policy and technical mechanisms in protecting user privacy on the Internet.
Future nuclear arms-control agreements are likely to place numerical limits on the total number of warheads in the arsenals of the weapon states. Verifying these agreements would face at least two fundamentally new challenges. First, inspectors would have to confirm that the number of declared items does not exceed the agreed limit; and, second, inspectors would also have to confirm the authenticity of nuclear warheads prior to dismantlement. Both tasks may involve procedures that put at risk classified or otherwise sensitive information. A viable verification regime needs to protect this information or, even better, use procedures and technologies that do not acquire the sensitive information in the first place. This presentation reviews the emerging challenges for nuclear verification and proposes elements of verification approaches that build in information security from the outset.
Internet surveillance for national-security purposes is largely regulated by two legal authorities. The Foreign Intelligence Surveillance Act (FISA) largely regulates surveillance on US territory, while Executive Order (EO) 12333 largely regulates surveillance abroad. Surveillance programs conducted under FISA are subject to legal restrictions imposed by Congress and the courts, while surveillance programs under EO 12333 are conducted solely under the authority of the President.
The talk considers that possibility that the legal protections built into in FISA can be circumvented by exploiting the Internet’s routing protocols. Specifically, we consider the possibility that routing hijacks can be used to deliberately divert American traffic abroad, where it can be collected under EO 12333. We analyze the lawfulness of using routing hijacks to circumvent FISA, and discuss how several newly-developed secure routing protocols might (or might not) prevent these hijacks. We conclude with a policy recommendation: Congress should expand FISA to cover the surveillance of any and all Internet traffic collected abroad.
Law enforcement officials have often called for regulation of encryption technology, to improve their ability to access data when they have a valid court order. This has generated a lot of debate and controversy, but surprisingly little public discussion has been devoted to the details of how an encryption regulation might actually work. This talk will dig into the details of encryption regulation, to consider specific options for how a regulation might be written, how companies might change product designs and users might change their behavior as a result, and how these changes might affect equities such as public safety, cybersecurity, privacy, civil liberties, and economic competitiveness. No recommendation for or against regulation will be offered. Instead, the goal will be to explore the decision space and point toward a more substantive public debate.
Civil liberties activist Timothy Edgar describes how he tried to make a difference by going inside America’s growing surveillance state as an intelligence official in his new book, Beyond Snowden. Edgar explains how Snowden’s leaks of top secret documents led to reforms that made the NSA more transparent, more accountable, more protective of privacy—and, contrary to conventional wisdom, actually strengthened the NSA by making it more effective. While the reforms implemented by the Obama administration were a good first step, much more needs to be done to prevent abuse. Donald Trump’s election in 2016 prompted fears among both civil libertarians and intelligence officials that a new president would abuse his national security powers. The United States leads the world in mass surveillance. In Beyond Snowden, Edgar explains how the United States can lead the world in surveillance reform.