Quantum surveillance and 'shared secrets'. A biometric step too far? CEPS Liberty and Security in Europe, July 2010

It is no longer sensible to regard biometrics as having neutral socio-economic, legal and political impacts. Newer generation biometrics are fluid and include behavioural and emotional data that can be combined with other data. Therefore, a range of issues needs to be reviewed in light of the increasing privatisation of ‘security’ that escapes effective, democratic parliamentary and regulatory control and oversight at national, international and EU levels, argues Juliet Lodge, Professor and co-Director of the Jean Monnet European Centre of Excellence at the University of Leeds, U

The Trickle-Down War

The history of the European nation-state, wrote political sociologist Charles Tilly, is inextricably bound up with the history of warfare. To oversimplify Tilly’s nuanced and complex arguments, the story goes something like this: As power-holders (originally bandits and local strongmen) sought to expand their power, they needed capital to pay for weapons, soldiers and supplies. The need for capital and new recruits drove the creation of taxation systems and census mechanisms, and the need for more effective systems of taxation and recruitment necessitated better roads, better communications and better record keeping. This in turn enabled the creation of larger and more technologically sophisticated armies. The complexity and expense of maintaining more professionalized standing armies made it increasingly difficult for non-state groups to compete with states, giving centralized states a war-making advantage and enabling them to increasingly monopolize the means of large-scale violence. But the need to recruit, train and sustain ever-larger and more sophisticated armies also put pressure on these states to provide basic services, improving nutrition, education, and so on. Ultimately, we arrive at the late 20th century European welfare state, with its particular trade-offs between the state and its subjects

Actor-network procedures: Modeling multi-factor authentication, device pairing, social interactions

As computation spreads from computers to networks of computers, and migrates into cyberspace, it ceases to be globally programmable, but it remains programmable indirectly: network computations cannot be controlled, but they can be steered by local constraints on network nodes. The tasks of "programming" global behaviors through local constraints belong to the area of security. The "program particles" that assure that a system of local interactions leads towards some desired global goals are called security protocols. As computation spreads beyond cyberspace, into physical and social spaces, new security tasks and problems arise. As networks are extended by physical sensors and controllers, including the humans, and interlaced with social networks, the engineering concepts and techniques of computer security blend with the social processes of security. These new connectors for computational and social software require a new "discipline of programming" of global behaviors through local constraints. Since the new discipline seems to be emerging from a combination of established models of security protocols with older methods of procedural programming, we use the name procedures for these new connectors, that generalize protocols. In the present paper we propose actor-networks as a formal model of computation in heterogenous networks of computers, humans and their devices; and we introduce Procedure Derivation Logic (PDL) as a framework for reasoning about security in actor-networks. On the way, we survey the guiding ideas of Protocol Derivation Logic (also PDL) that evolved through our work in security in last 10 years. Both formalisms are geared towards graphic reasoning and tool support. We illustrate their workings by analysing a popular form of two-factor authentication, and a multi-channel device pairing procedure, devised for this occasion.Comment: 32 pages, 12 figures, 3 tables; journal submission; extended references, added discussio

Stopping The Presses: Evaluating The Effectiveness Of The 2013 Justice Department’s New Protections For Journalists

The Obama Administration ushered in a new era of accountability and communication between the government and those it governs. With the rise of social media and the creation of White House accounts on various platforms it seemed as if the Obama administration was taking his pledge to have the most transparent presidency of all time to serious heights. However, during the first term of the Obama administration, the justice department under Attorney General Eric Holder set some dangerous precedents. The justice department pursued several prosecutions of people who had leaked government secrets and developed a successful formula for these cases by way of the Espionage Act. Out of this behavior, a new landscape for the relationship between the government and the media was formed. After backlash, they conducted a review and used experts from outside the Whitehouse in the media, and academia to provide feedback. They then released a list of protections and new policies to protect journalists to undo the precedents they may have set and encourage future due diligence in the prosecutorial process regarding the role of media in leaks. I am evaluating how effective those protections are and whether they accomplish the goals they set out to meet.Plan II Honors Progra

Historical Amnesia: British and U.S. Intelligence, Past and Present

Many intelligence scandals in the news today seem unprecedented - from Russian meddling in the 2016 U.S. Presidential election, to British and U.S. intelligence agencies monitoring activities of their citizens. They seem new largely because, traditionally, intelligence agencies on both sides of the Atlantic were excessively secretive about their past activities: even the names “GCHQ” and “NSA” were airbrushed from declassified records, and thus missing from major historical works and scholarship on on post-war international relations. The resulting secrecy about British and U.S. intelligence has led to misunderstandings and conspiracy theories in societies about them. Newly opened secret records now reveal the long history of many subjects seen in today’s news-cycle: Anglo-American intelligence cooperation, interference by countries in foreign elections, disinformation, and the use and abuse of intelligence by governments. Newly declassified records also add to our understanding of major chapters of international history, like Britain’s post-war end of empire. Without overcoming our historical amnesia disorder about U.S. and British intelligence, citizens, scholars and policy-makers cannot hope to understand the proper context for what secret agencies are doing today

Privacy Games: Optimal User-Centric Data Obfuscation

In this paper, we design user-centric obfuscation mechanisms that impose the minimum utility loss for guaranteeing user's privacy. We optimize utility subject to a joint guarantee of differential privacy (indistinguishability) and distortion privacy (inference error). This double shield of protection limits the information leakage through obfuscation mechanism as well as the posterior inference. We show that the privacy achieved through joint differential-distortion mechanisms against optimal attacks is as large as the maximum privacy that can be achieved by either of these mechanisms separately. Their utility cost is also not larger than what either of the differential or distortion mechanisms imposes. We model the optimization problem as a leader-follower game between the designer of obfuscation mechanism and the potential adversary, and design adaptive mechanisms that anticipate and protect against optimal inference algorithms. Thus, the obfuscation mechanism is optimal against any inference algorithm

Perfectly Secure Communication, based on Graph-Topological Addressing in Unique-Neighborhood Networks

We consider network graphs $G=(V,E)$ in which adjacent nodes share common secrets. In this setting, certain techniques for perfect end-to-end security (in the sense of confidentiality, authenticity (implying integrity) and availability, i.e., CIA+) can be made applicable without end-to-end shared secrets and without computational intractability assumptions. To this end, we introduce and study the concept of a unique-neighborhood network, in which nodes are uniquely identifiable upon their graph-topological neighborhood. While the concept is motivated by authentication, it may enjoy wider applicability as being a technology-agnostic (yet topology aware) form of addressing nodes in a network