19 June 2007:
The Court of Appeals and Email Privacy
29 June 2007:
Quantum Cryptography
3 July 2007:
Beer and Privacy
5 July 2007:
Belgian Court Rules ISPs Must Stop File-Sharing
6 July 2007:
The Greek Cellphone Tapping Scandal
7 July 2007:
Pen Registers and the Internet
13 July 2007:
Security and Usability: Windows Vista
13 July 2007:
Fidget Toys
19 July 2007:
Checkers: Solved
20 July 2007:
Secondary Uses and Privacy
23 July 2007:
Security Flaw in the iPhone
26 July 2007:
Hacking Forensic Software
28 July 2007:
Insider Attacks
1 August 2007:
Electronic Voting Machines
3 August 2007:
Are Secure Systems Possible?
6 August 2007:
Dealing With Security Problems
14 August 2007:
Safes, Locks, and Override Codes
20 August 2007:
The Skype Outage
24 August 2007:
Defending Against the Owner
26 August 2007:
The Amtrak Ticket System Outage
28 August 2007:
Update on the Amtrak Outage
29 August 2007:
The FBI and Computer Security (Updated)
10 September 2007:
What's Missing in the iPod Touch
23 September 2007:
Personal Data Disclosed via Peer-to-Peer Networks
30 September 2007:
The Mets
1 October 2007:
The Technical-Social Contract
5 October 2007:
Screendump: #1 in a Random Series of Messages You Shouldn't See
10 October 2007:
This is Disgusting
16 October 2007:
The Proper Benefit of an iPhone Design Mistake
19 October 2007:
Comcast Apparently Blocking Some Peer-to-Peer Traffic
22 October 2007:
More on Comcast Blocking Peer-to-Peer Traffic
31 October 2007:
"Do Not Track": All or Nothing?
12 November 2007:
A Bad Week for Privacy
16 November 2007:
Attempted Credit Card Fraud?
27 November 2007:
The FBI Denies Tracking Ethnic Foods
5 December 2007:
Facebook Apologizes
6 December 2007:
More Tracking Mania: PDFs with Ads
9 December 2007:
Western Digital's Crippled Drive
12 December 2007:
Ask.com's "AskEraser"
12 December 2007:
Full Text Feed Coming Soon
31 December 2007:
Full Text Feed Installed
31 December 2007:
Exploiting Linkages for Good
6 January 2008:
Good NY Times Magazine Article on E-Voting
9 January 2008:
A License for Geiger Counters?
11 January 2008:
Hacking Trains
15 January 2008:
A New Internet Wiretapping Plan?
18 January 2008:
The CIA Blames Hackers for Power Outages
23 January 2008:
Apple Adds the Missing Applications to the iPod Touch
27 January 2008:
The Dangers of the Protect America Act
29 January 2008:
Massive Computer-Assisted Fraud
4 February 2008:
Underwater Fiber Cuts in the Middle East
7 February 2008:
Abandoned Ship Anchor Found Near Cable Cut
13 February 2008:
Teach a Man to Phish
16 February 2008:
A Technical Mistake
24 February 2008:
A Pakistani ISP "Hijacks" Youtube
13 March 2008:
Privacy: Little Brother
26 March 2008:
The Passport File Controversy
27 March 2008:
Comcast Will Stop Blocking BitTorrent
29 March 2008:
Threat Models
4 April 2008:
Buggy Voting Systems in New Jersey
6 April 2008:
An Outage from Managing P2P Traffic?
8 April 2008:
Ships Impounded in Cable Cut
18 April 2008:
Comcast Outage: Not P2P-Related
19 April 2008:
PayPal is Wrong About Unsafe Browsers
22 April 2008:
New Jersey Supreme Court Protects Internet Users' Privacy
27 April 2008:
The Fate of Old Hardcopy Journals
17 June 2008:
The Associated Press and Fair Use
10 July 2008:
FISA and Border Searches of Laptops
24 July 2008:
Cybersecurity Advice for (Possible) President Obama
29 July 2008:
Control as a Motive for Content Owners
10 August 2008:
Update on Laptop Border Searches
12 August 2008:
The MBTA versus (Student) Security Researchers
3 September 2008:
This Blog and Creative Commons
4 September 2008:
Political Agendas for Network Design?
5 November 2008:
Working the Polls
24 November 2008:
Will Google Need a Bailout Some Day?
28 November 2008:
Making Security Incomprehensible
2 December 2008:
Cybercrime and "Remote Search"
15 December 2008:
The Report on "Securing Cyberspace for the 44th Presidency"
20 December 2008:
Another Cluster of Cable Cuts
30 December 2008:
Companies, Courts, and Computer Security
9 January 2009:
A Telegraph-Era TLD?
13 January 2009:
YouTube, the Government, and Privacy
22 January 2009:
More on YouTube, the Government, and Privacy
4 February 2009:
More on Access to Alcohol Breath Tester Source Code
28 February 2009:
Computer Processing and the Law
2 March 2009:
The White House Removes Videos from YouTube
3 March 2009:
EFF's Surveillance Self-Defense Website
8 March 2009:
Access to Old Information
19 March 2009:
Internet Records Retention Bill
12 April 2009:
The Cybersecurity Act of 2009
29 April 2009:
The Open Source Quality Challenge
23 July 2009:
Emailing Attachments versus Sending Links
12 September 2009:
Skype's EULA
15 September 2009:
Update to Skype's EULA
21 September 2009:
A Good Mailer for Mac OS?
26 September 2009:
The Problem of Computerized Search
3 November 2009:
The Role of a Cybersecurity Czar
19 November 2009:
Congress and Peer-to-Peer Filesharing
11 December 2009:
The Real Face of Cyberwar?
18 December 2009:
Intercepting U.S. Surveillance Videos
13 January 2010:
Why I Won't Buy an E-book Reader -- and When I Might
13 January 2010:
Google, China, and Lawful Intercept
16 January 2010:
Why Isn't My Web Site Encrypted?
11 June 2010:
I'm Not Dead Yet
13 July 2010:
Clarke and Knake's "Cyberwar"
15 July 2010:
How DRM Can Hurt Sales
16 July 2010:
Scary Security Developments
16 August 2010:
A Facebook Privacy Study
8 September 2010:
Online Symposium on "The Future of the Internet -- And How to Stop It"
14 September 2010:
Intel's "Known-Good" Plan
23 September 2010:
The Buried Threat in that Tweet
27 September 2010:
Stuxnet: The First Weaponized Software?
16 October 2010:
The Worm and the Wiretap
11 November 2010:
Firewall Configuration Study
2 March 2011:
Doing History
18 March 2011:
The RSA SecurID Problem
28 March 2011:
I've Gone Encrypted
20 April 2011:
Apple and Location-Tracking
28 May 2011:
RSA Breach Fallout?
30 June 2011:
Robert Morris, 78
18 July 2011:
Will the Circle Be Unbroken?
2 October 2011:
The Untrusted Path
21 October 2011:
The Sins of the Flash
27 October 2011:
Correction re "Sins of the Flash"
17 November 2011:
Rewriting History
18 November 2011:
Water Supply System Apparently Hacked, with Physical Damage
25 December 2011:
Lessons from Suppressing Research
27 December 2011:
Weird Idea of the Day
28 December 2011:
Weird Idea of the Day -- Analysis
10 January 2012:
Types of Attack
13 January 2012:
Bilateral Authentication
18 January 2012:
USACM SOPA and PIPA Letters
5 February 2012:
The FBI and Scotland Yard versus Anonymous: Security Lessons
28 April 2012:
The Dangers of Asking for Social Network Passwords
15 May 2012:
An Interesting Recount
18 May 2012:
Another Company Doesn't Understand Phishing
30 May 2012:
Update on Hand Recount
1 June 2012:
Flame On!
6 June 2012:
Restricting Anti-Virus Won't Work
10 June 2012:
Password Leaks
19 June 2012:
Fixing Holes
3 August 2012:
I'm Going to Washington...
9 August 2012:
State-Sponsored Banking Trojan?
21 May 2013:
The Oldest Algorithmic Patent?
23 August 2013:
I'm Back...
30 August 2013:
Searching the NSA's Emails
14 October 2013:
Software is Hard: The Healthcare.gov Problem
6 December 2013:
Alternate Universes: Academic Publishing in Computer Science vs. Law
5 February 2014:
Why the US Doesn't have Chip-and-PIN Credit Cards Yet
23 February 2014:
Goto Fail
24 February 2014:
Speculation About Goto Fail
9 April 2014:
Open Source Quality Challenge Redux
11 April 2014:
Heartbleed: Don't Panic
22 April 2014:
Doing Crypto
29 April 2014:
What Does "Network Neutrality" Mean?
4 June 2014:
Machine Learning and the Fourth Amendment
6 June 2014:
The Battle of Midway
20 July 2014:
What Spies Do
22 July 2014:
What Should PGP Look Like?
15 September 2014:
The U2 Incident
23 September 2014:
Apple's "Warrant-Proof" Encryption
11 November 2014:
If it Doesn't Exist, it Can't be Abused
19 December 2014:
Did the DPRK Hack Sony?
5 February 2015:
The Uses and Abuses of Cryptography
16 February 2015:
What Must We Trust?
19 February 2015:
Hiding in the Firmware?
27 February 2015:
Packet Loss: How the Internet Enforces Speed Limits
15 March 2015:
Update on Net Neutrality
1 April 2015:
ISPs to Enforce Copyright Law
24 April 2015:
What Congress Should Do About Cybersecurity
28 May 2015:
Hacking: Users, Computers, and Systems
2 June 2015:
Facebook and PGP
7 July 2015:
Keys under the Doormat
15 October 2015:
I'm Shocked, Shocked to Find There's Cryptanalysis Going On Here (Your plaintext, sir.)
24 November 2015:
Why I Wrote Thinking Security
22 December 2015:
Cryptography is Hard
3 January 2016:
Why More Effort Won't Solve the Exceptional Access Problem
1 February 2016:
Caveats About "Computer Science For All"
28 March 2016:
The FBI and the iPhone: Important Unanswered Questions
8 April 2016:
Problems with the Burr-Feinstein Bill
24 August 2016:
Does Apple's Cloud Key Vault Answer the Key Escrow Question?
25 August 2016:
Once Again, Don't Panic
7 March 2017:
Wikileaks, the CIA, and the Press
1 May 2017:
The n^2 Problem
8 May 2017:
Physicality and Comprehensibility
12 May 2017:
Patching is Hard
16 May 2017:
Who Pays?
28 June 2017:
Patching is Hard and Risky---But Sometimes, You MUST
1 September 2017:
Security is a System Property
16 September 2017:
Preliminary Thoughts on The Equifax Hack
18 September 2017:
Update on Equifax
20 September 2017:
Yet Another Update on Equifax
5 October 2017:
Replacing Social Security Numbers Is Harder Than You Think
16 October 2017:
Two More Crypto Holes
16 October 2017:
Another Thought About KRACK
27 October 2017:
Historical Loop
16 November 2017:
Facebook's Initiative Against "Revenge Porn"
4 December 2017:
Voluntary Reporting of Cybersecurity Incidents
30 December 2017:
Bitcoin---The Andromeda Strain of Computer Science Research
4 January 2018:
Meltdown and Spectre: Security is a Systems Property
7 March 2018:
Please Embed Bibliographic Data in Online Documents
13 March 2018:
Ed Felten to be Named as a PCLOB Board Member
24 March 2018:
Crypto War III: Assurance
25 April 2018:
Ray Ozzie's Proposal: Not a Step Forward
4 May 2018:
Facebook's New Dating App
14 May 2018:
The Security Problem with HTML Email
19 July 2018:
Posting PDFs
7 August 2018:
The Economics of Hacking an Election
8 August 2018:
Foldering
6 September 2018:
The National Academies Report "The Future of Voting"
27 October 2018:
A Voting Disaster Foretold
9 November 2018:
Protecting Privacy Differently
25 January 2019:
Yes, "algorithms" can be biased. Here's why.
19 February 2019:
Microsoft is Abandoning SHA-1 Hashes for Updates---But Why?
11 March 2019:
Facebook and Privacy
25 March 2019:
A Dangerous, Norm-Destroying Attack
15 June 2019:
Buying Computers Properly
1 August 2019:
Facebook, Privacy, and Cryptography
12 September 2019:
What is a Security Mechanism?
7 October 2019:
The Crypto Wars Resume
14 November 2019:
The Early History of Usenet, Part I: Prologue
14 November 2019:
The Early History of Usenet, Part II: The Technological Setting
15 November 2019:
The Early History of Usenet, Part III: Hardware and Economics
17 November 2019:
The Early History of Usenet, Part IV: File Format
21 November 2019:
The Early History of Usenet, Part V: Implementation and User Experience
22 November 2019:
The Early History of Usenet, Part VI: Authentication and Norms
25 November 2019:
The Early History of Usenet, Part VII: The Public Announcement
30 November 2019:
The Early History of Usenet, Part VIII: Usenet Growth and B-news
26 December 2019:
The Early History of Usenet, Part IX: The Great Renaming
9 January 2020:
The Early History of Usenet, Part X: Retrospective Thoughts
9 January 2020:
The Early History of Usenet, Part XI: Errata
19 January 2020:
Y2038: It's a Threat
14 March 2020:
Notes on a Zoom Class
2 April 2020:
Zoom Security: The Good, the Bad, and the Business Model
4 April 2020:
Zoom Cryptography and Authentication Problems
6 April 2020:
Trusting Zoom?
22 April 2020:
In Memoriam: Joel Reidenberg
26 April 2020:
The Price of Lack of Clarity
29 April 2020:
Software Done in a Hurry
24 May 2020:
Facebook, Abuse, and Metadata
11 June 2020:
Trust Binding
15 July 2020:
Hot Take on the Twitter Hack
13 August 2020:
Covid-19 Vaccinations, Certificates, and Privacy
25 February 2021:
Security Priorities
26 June 2021:
Where Did "Data Shadow" Come From?
5 July 2021:
Attacker Target Selection
18 November 2022:
In Memoriam: Frederick P. Brooks, Jr. --- Personal Recollections
