Archive for the 'Politics' Category

Apple and the FBI

Thursday, February 25th, 2016

I’m quoted in this article on the controversy over the FBI’s requests to Apple for assistance in unlocking an iPhone used by one of the San Bernardino terrorists: Unlocking Terrorist’s iPhone Won’t Risk Your Security, Discovery News, 24 February 2016.

“Backdoors are complicated and impossible technical challenges and would risk everyone’s privacy,” Evans said. “But what the FBI is asking for is different from what Apple says the FBI is asking for.”

For the most part, I think the article gets things right. It is very misleading to conflate what the FBI has asked for here with a cryptographic backdoor that would indeed dangerously risk everyone’s privacy and security. I covered some of the technical aspects of this in my introductory computing course last week.


Thursday, May 2nd, 2013

UVa Today has an article about my talk yesterday on open education: Evans: U.Va. Should Be a Global Leader in MOOCS, Online Learning, UVaToday, 1 May 2013. The article focuses just on the last slide, which is my proposal for what UVa should do.

The full talk is available at and below:

Privacy-Preserving Applications on Smartphones

Wednesday, July 6th, 2011

Our paper on Privacy-Preserving Applications on Smartphones is now available:

Yan Huang, Peter Chapman, and David Evans. Privacy-Preserving Applications on Smartphones. 6th USENIX Workshop on Hot Topics in Security (HotSec 2011), San Francisco. 9 August 2011. [PDF, 6 pages]

Abstract: Smartphones are increasingly becoming the most trusted computing device typical people own. They are often used to store highly sensitive information including email, financial accounts, and medical records. These properties make smartphones an ideal platform for privacy-preserving applications. To date, this area remains largely unexplored mainly because theoretical solutions to privacy-preserving computation were thought to be too heavyweight, even for standard PCs. We propose using smartphones to perform secure two (or more)-party computation. The limitations of smartphones provide a number of challenges for building such applications, but the novel trust model they provide, in particular the interactions between the phones and carriers, provides unique opportunities for useful secure computations against realistic adversaries. In this paper, we introduce the issues that make smartphones a unique platform for secure computation, identify some interesting potential applications, and describe our initial experiences creating privacy-preserving applications on Android devices.

You can also try our out demo applications and download the secure computation framework used to build them.

Peter Chapman will present the paper at HotSec on August 9 in San Francisco.

Open-Source GSM Hacking

Wednesday, December 2nd, 2009

IEEE Spectrum has an article on Karsten Nohl’s efforts to lead an open-source GSM hacking project: Open-Source Effort to Hack GSM, IEEE Spectrum, 30 November 2009.

If you’re still using a cellphone based on early digital standards, you better be careful what you say. The encryption technology used to prevent eavesdropping in GSM (Global System for Mobile communications), the world’s most widely used cellphone system, has more security holes than Swiss cheese, according to an expert who plans to poke a big hole of his own.

Karsten Nohl, chief research scientist with H4RDW4RE, a Sunnyvale, Calif.-based security research firm, is mounting what could be the most ambitious attempt yet to compromise the GSM phone system, which is used by over 3 billion people around the world. Others have cracked the A5/1 encryption technology used in GSM before, but their results have remained secret. However, Nohl, who earned a Ph.D. in computer science at the University of Virginia and is a member of Germany’s Chaos Computer Club (CCC), intends to go one big step further: By the end of the year, he plans to make the keys available to everyone on the Internet.

GSM cracking has a long history, which began in the late 1990s in academic circles and has since sprouted a handful of commercial businesses. Today, these companies legally sell GSM call-interception solutions–which are relatively expensive–mostly to government intelligence agencies. In general, supplying and using this software is illegal in the wider market, but no one can say for certain how many groups have illegally gained access to the technology.

That’s the point Nohl hopes to drive home: The A5/1 algorithm is a broken 64-bit encryption technology, a relic of the Cold War era, when laws prohibited the export of strong encryption technology from the United States. It needs to be replaced–ideally by the much stronger, 128-bit A5/3 system, which is already being used in newer-generation digital cellular systems, such as Universal Mobile Telecommunications System (UMTS). “If you go from the 64 bits of the A5/1 cipher to the 128 bits of A5/3,” says Nohl, cracking requires an amount of memory storage that is beyond what “is available on earth.”

A big problem with plugging the GSM encryption hole, according to the security expert, is that operators are unwilling to admit that a problem even exists. Many want to avoid spending additional money on upgrading aging and amortized GSM infrastructure, he says. The GSM Association, which represents the interests of GSM mobile operators around the world, says only that it is aware of various eavesdropping projects. In the same breath, it points to the complexities of identifying and recording calls from RF signals.

A Belated Apology to Alan Turing

Friday, September 11th, 2009

British Prime Minister Gordon Brown has issued a long overdue apology to Alan Turing on behalf of the British government. The full text is here.

Turing was a quite brilliant mathematician, most famous for his work on breaking the German Enigma codes. It is no exaggeration to say that, without his outstanding contribution, the history of World War Two could well have been very different. He truly was one of those individuals we can point to whose unique contribution helped to turn the tide of war. The debt of gratitude he is owed makes it all the more horrifying, therefore, that he was treated so inhumanely. In 1952, he was convicted of ‘gross indecency’ – in effect, tried for being gay. His sentence – and he was faced with the miserable choice of this or prison – was chemical castration by a series of injections of female hormones. He took his own life just two years later.

… But even more than that, Alan deserves recognition for his contribution to humankind. For those of us born after 1945, into a Europe which is united, democratic and at peace, it is hard to imagine that our continent was once the theatre of mankind’s darkest hour. It is difficult to believe that in living memory, people could become so consumed by hate – by anti-Semitism, by homophobia, by xenophobia and other murderous prejudices – that the gas chambers and crematoria became a piece of the European landscape as surely as the galleries and universities and concert halls which had marked out the European civilisation for hundreds of years. It is thanks to men and women who were totally committed to fighting fascism, people like Alan Turing, that the horrors of the Holocaust and of total war are part of Europe’s history and not Europe’s present.

So on behalf of the British government, and all those who live freely thanks to Alan’s work I am very proud to say: we’re sorry, you deserved so much better.

The apology grew out of an online petition initiated by John Graham-Cumming (also known for writing the Geek Atlas travel guide). Britain has a long tradition of citizens being able to petition the government, which is now supported by an e-petitions website. The petition asking for an apology to Alan Turing is currently the fourth-most signed petition with 31,349 signatures (all of whom must be British citizens).

Some news coverage:

The Queen’s iPod

Friday, April 3rd, 2009

On his recent visit to England, President Obama presented the Queen with an iPod loaded with showtunes. Although one might question the diplomatic and musical judgment behind such a gift, it also raises some interesting questions about copyright law and computer security.

The EFF has an interesting article about the copyright issues: iPods, First Sale, President Obama, and the Queen of England, Fred von Lohmann, 2 April 2009. It starts,

President Obama reportedly gave an iPod, loaded with 40 show tunes, to England’s Queen Elizabeth II as a gift. Did he violate the law when he did so?

You know your copyright laws are broken when there is no easy answer to this question.

The other question this raises is how effective of a malware vector this is when the Queen attaches the iPod to her PC (okay, the Queen probably runs ubuntu). I don’t know if there are any known vulnerabilities in the iPod/iTunes interface, but its a wide enough interface that it would be very unsurprising if there are ways to get malware from an iPod to a host machine. Perhaps, this is all part of a clever strategy to make heads of less friendly states than the Queen expect to receive electronic gadgets from our President and connect them to their systems.

Safety vs. Ideals?

Wednesday, January 21st, 2009

As for our common defense, we reject as false the choice between our safety and our ideals.

Our founding fathers faced with perils that we can scarcely imagine, drafted a charter to assure the rule of law and the rights of man, a charter expanded by the blood of generations. Those ideals still light the world, and we will not give them up for expedience’s sake.

And so, to all other peoples and governments who are watching today, from the grandest capitals to the small village where my father was born: know that America is a friend of each nation and every man, woman and child who seeks a future of peace and dignity, and we are ready to lead once more.

President Barack Obama, Inaugural Address, 20 January 2009