This is a multi-part message in MIME format

--_----------=_MCPart_1741000653
Content-Type: text/plain; charset="utf-8"; format="fixed" Content-Transfer-Encoding: quoted-printable

** CRYPTO-GRAM
APRIL 15=2C 2025
------------------------------------------------------------

by Bruce Schneier
Fellow and Lecturer=2C Harvard Kennedy School
schneier@schneier.com
https://www.schneier.com

A free monthly newsletter providing summaries=2C analyses=2C insights=2C a=
nd commentaries on security: computer and otherwise.

For back issues=2C or to subscribe=2C visit Crypto-Gram's web page [https= ://www.schneier.com/crypto-gram/].

Read this issue on the web [https://www.schneier.com/crypto-gram/archives= /2025/0415.html]

These same essays and news items appear in the Schneier on Security [http= s://www.schneier.com/] blog=2C along with a lively and intelligent comment=
section. An RSS feed is available.

** *** ***** ******* *********** *************


** IN THIS ISSUE:
------------------------------------------------------------

1. Improvements in Brute Force Attacks
2. Is Security Human Factors Research Skewed Towards Western Ideas an=
d Habits?
3. Critical GitHub Attack
4. NCSC Releases Post-Quantum Cryptography Timeline
5. My Writings Are in the LibGen AI Training Corpus
6. More Countries are Demanding Backdoors to Encrypted Apps
7. Report on Paragon Spyware
8. AI Data Poisoning
9. A Taxonomy of Adversarial Machine Learning Attacks and Mitigations
10. AIs as Trusted Third Parties
11. The Signal Chat Leak and the NSA
12. Cell Phone OPSEC for Border Crossings
13. Rational Astrologies and Security
14. Web 3.0 Requires Data Integrity
15. Troy Hunt Gets Phished
16. DIRNSA Fired
17. Arguing Against CALEA
18. How to Leak to a Journalist
19. Reimagining Democracy
20. AI Vulnerability Finding
21. China Sort of Admits to Being Behind Volt Typhoon
22. Upcoming Speaking Engagements

** *** ***** ******* *********** *************


** IMPROVEMENTS IN BRUTE FORCE ATTACKS ------------------------------------------------------------

[2025.03.17] [https://www.schneier.com/blog/archives/2025/03/improvement= s-in-brute-force-attacks.html] New paper: =E2=80=9CGPU Assisted Brute Forc=
e Cryptanalysis of GPRS=2C GSM=2C RFID=2C and TETRA: Brute Force Cryptanal= ysis of KASUMI=2C SPECK=2C and TEA3 [https://tosc.iacr.org/index.php/ToSC= /article/view/12078/11919].=E2=80=9D

Abstract: Key lengths in symmetric cryptography are determined with resp=

ect to the brute force attacks with current technology. While nowadays at=
least 128-bit keys are recommended=2C there are many standards and real-w= orld applications that use shorter keys. In order to estimate the actual t= hreat imposed by using those short keys=2C precise estimates for attacks a=
re crucial.

In this work we provide optimized implementations of several widely used=

algorithms on GPUs=2C leading to interesting insights on the cost of brut=
e force attacks on several real-word applications.

In particular=2C we optimize KASUMI (used in GPRS/GSM)=2CSPECK (used in=

RFID communication)=2C andTEA3 (used in TETRA). Our best optimizations al=
low us to try 2_35.72_=2C 2_36.72_=2C and 2_34.71_ keys per second on a si= ngle RTX 4090 GPU. Those results improve upon previous results significant= ly=2C e.g. our KASUMI implementation is more than 15 times faster than the=
optimizations given in the CRYPTO=E2=80=9924 paper [ACC+24] improving th=
e main results of that paper by the same factor.

With these optimizations=2C in order to break GPRS/GSM=2C RFID=2C and TE=

TRA communications in a year=2C one needs around 11.22 billion=2C and 1.36=
million RTX 4090GPUs=2C respectively.

For KASUMI=2C the time-memory trade-off attacks of [ACC+24] can be perf=

ormed with142 RTX 4090 GPUs instead of 2400 RTX 3090 GPUs or=2C when the s=
ame amount of GPUs are used=2C their table creation time can be reduced to=
20.6 days from 348 days=2Ccrucial improvements for real world cryptanalyt=
ic tasks.

Attacks always get better; they never get worse. None of these is practica=
l yet=2C and they might never be. But there are certainly more optimizatio=
ns to come.

EDITED TO ADD (4/14): One of the paper=E2=80=99s authors responds [https:= //www.schneier.com/blog/archives/2025/03/improvements-in-brute-force-attac= ks.html/#comment-444072].

** *** ***** ******* *********** *************


** IS SECURITY HUMAN FACTORS RESEARCH SKEWED TOWARDS WESTERN IDEAS AND HAB= ITS?
------------------------------------------------------------

[2025.03.18] [https://www.schneier.com/blog/archives/2025/03/is-security= -human-factors-research-skewed-towards-western-ideas-and-habits.html] Real=
ly interesting research: =E2=80=9CHow WEIRD is Usable Privacy and Security=
Research? [https://www.usenix.org/conference/usenixsecurity24/presentati= on/hasegawa]=E2=80=9D by Ayako A. Hasegawa Daisuke Inoue=2C and Mitsuaki=
Akiyama:

Abstract: In human factor fields such as human-computer interaction (HCI=

) and psychology=2C researchers have been concerned that participants most=
ly come from WEIRD (Western=2C Educated=2C Industrialized=2C Rich=2C and D= emocratic) countries. This WEIRD skew may hinder understanding of diverse=
populations and their cultural differences. The usable privacy and securi=
ty (UPS) field has inherited many research methodologies from research on=
human factor fields. We conducted a literature review to understand the e= xtent to which participant samples in UPS papers were from WEIRD countries=
and the characteristics of the methodologies and research topics in each=
user study recruiting Western or non-Western participants. We found that=
the skew toward WEIRD countries in UPS is greater than that in HCI. Geogr= aphic and linguistic barriers in the study methods and recruitment methods=
may cause researchers to conduct user studies locally. In addition=2C man=
y papers did not report participant demographics=2C which could hinder the=
replication of the reported studies=2C leading to low reproducibility. To=
improve geographic diversity=2C we provide the suggestions including faci= litate replication studies=2C address geographic and linguistic issues of=
study/recruitment methods=2C and facilitate research on the topics for no= n-WEIRD populations.

The moral may be that human factors and usability needs to be localized.

** *** ***** ******* *********** *************


** CRITICAL GITHUB ATTACK ------------------------------------------------------------

[2025.03.20] [https://www.schneier.com/blog/archives/2025/03/critical-gi= thub-attack.html] This is serious [https://www.infoworld.com/article/3849= 245/github-suffers-a-cascading-supply-chain-attack-compromising-ci-cd-secr= ets.html]:

A sophisticated cascading supply chain attack has compromised multiple G=

itHub Actions=2C exposing critical CI/CD secrets across tens of thousands=
of repositories. The attack=2C which originally targeted the widely used=
=E2=80=9Ctj-actions/changed-files=E2=80=9D utility=2C is now believed to=
have originated from an earlier breach of the =E2=80=9Creviewdog/action-s= etup@v1=E2=80=9D GitHub Action=2C according to a report.

[...]

CISA confirmed the vulnerability has been patched in version 46.0.1.

Given that the utility is used by more than 23=2C000 GitHub repositories=

=2C the scale of potential impact has raised significant alarm throughout=
the developer community.

** *** ***** ******* *********** *************


** NCSC RELEASES POST-QUANTUM CRYPTOGRAPHY TIMELINE ------------------------------------------------------------

[2025.03.21] [https://www.schneier.com/blog/archives/2025/03/ncsc-releas= es-post-quantum-cryptography-timeline.html] The UK=E2=80=99s National Comp= uter Security Center (part of GCHQ) released [https://www.ncsc.gov.uk/new= s/pqc-migration-roadmap-unveiled] a timeline [https://www.ncsc.gov.uk/blo= g-post/setting-direction-uk-migration-to-pqc] -- also see their blog post=
[https://www.ncsc.gov.uk/guidance/pqc-migration-timelines] -- for migrat=
ion to quantum-computer-resistant cryptography.

It even made _The Guardian_ [https://www.theguardian.com/technology/2025/= mar/20/uk-cybersecurity-agency-quantum-hackers].

** *** ***** ******* *********** *************


** MY WRITINGS ARE IN THE LIBGEN AI TRAINING CORPUS ------------------------------------------------------------

[2025.03.21] [https://www.schneier.com/blog/archives/2025/03/my-writings= -are-in-the-libgen-ai-training-corpus.html] The _Atlantic_ has a search to=
ol [https://www.theatlantic.com/technology/archive/2025/03/search-libgen-= data-set/682094/] that allows you to search for specific works in the =E2= =80=9CLibGen=E2=80=9D database of copyrighted works that Meta used to trai=
n its AI models. (The rest of the article is behind a paywall=2C but not t=
he search tool.)

It=E2=80=99s impossible to know exactly which parts of LibGen Meta used=

to train its AI=2C and which parts it might have decided to exclude; this=
snapshot was taken in January 2025=2C after Meta is known to have accesse=
d the database=2C so some titles here would not have been available to dow= nload.

Still...interesting.

Searching my name yields 199 results: all of my books in different version= s=2C plus a bunch of shorter items.

** *** ***** ******* *********** *************


** MORE COUNTRIES ARE DEMANDING BACKDOORS TO ENCRYPTED APPS ------------------------------------------------------------

[2025.03.24] [https://www.schneier.com/blog/archives/2025/03/more-countr= ies-are-demanding-back-doors-to-encrypted-apps.html] Last month=2C I wrote=
about [https://www.schneier.com/blog/archives/2025/02/uk-is-ordering-app= le-to-break-its-own-encryption.html] the UK forcing Apple to break its Adv= anced Data Protection encryption in iCloud. More recently=2C both Sweden [= https://therecord.media/sweden-seeks-backdoor-access-to-messaging-apps] a=
nd France [https://www.laquadrature.net/en/warondrugslaw/] are contemplat=
ing mandating backdoors. Both initiatives are attempting to scare people [= https://www.schneier.com/blog/archives/2019/12/scaring_people_.html] into=
supporting backdoors=2C which are -- of course -- are terrible idea [htt= ps://www.schneier.com/blog/archives/2015/07/back_doors_wont.html].

Also: =E2=80=9CA Feminist Argument Against Weakening Encryption [https://= www.lightbluetouchpaper.org/2025/02/11/a-feminist-argument-against-weakeni= ng-encryption/#more-56645].=E2=80=9D

EDITED TO ADD (4/14): The French proposal was voted down [https://www.eff= =2Eorg/deeplinks/2025/03/win-encryption-france-rejects-backdoor-mandate].

** *** ***** ******* *********** *************


** REPORT ON PARAGON SPYWARE ------------------------------------------------------------

[2025.03.25] [https://www.schneier.com/blog/archives/2025/03/report-on-p= aragon-spyware.html] Citizen Lab has a new report [https://citizenlab.ca/= 2025/03/a-first-look-at-paragons-proliferating-spyware-operations/] on Par= agon=E2=80=99s spyware:

Key Findings:

* Introducing Paragon Solutions. Paragon Solutions was founded in I=

srael in 2019 and sells spyware called Graphite. The company differentiate=
s itself by claiming it has safeguards to prevent the kinds of spyware abu=
ses that NSO Group and other vendors are notorious for.

* Infrastructure Analysis of Paragon Spyware. Based on a tip from a=

collaborator=2C we mapped out server infrastructure that we attribute to=
Paragon=E2=80=99s Graphite spyware tool. We identified a subset of suspec=
ted Paragon deployments=2C including in Australia=2C Canada=2C Cyprus=2C D= enmark=2C Israel=2C and Singapore.

* Identifying a Possible Canadian Paragon Customer. Our investigati=

on surfaced potential links between Paragon Solutions and the Canadian Ont= ario Provincial Police=2C and found evidence of a growing ecosystem of spy= ware capability among Ontario-based police services.

* Helping WhatsApp Catch a Zero-Click. We shared our analysis of Pa=

ragon=E2=80=99s infrastructure with Meta=2C who told us that the details w=
ere pivotal to their ongoing investigation into Paragon. WhatsApp discover=
ed and mitigated an active Paragon zero-click exploit=2C and later notifie=
d over 90 individuals who it believed were targeted=2C including civil soc= iety members in Italy.

* Android Forensic Analysis: Italian Cluster. We forensically analy=

zed multiple Android phones belonging to Paragon targets in Italy (an ackn= owledged Paragon user) who were notified by WhatsApp. We found clear indic= ations that spyware had been loaded into WhatsApp=2C as well as other apps=
on their devices.

* A Related Case of iPhone Spyware in Italy. We analyzed the iPhone=

of an individual who worked closely with confirmed Android Paragon target=
s. This person received an Apple threat notification in November 2024=2C b=
ut no WhatsApp notification. Our analysis showed an attempt to infect the=
device with novel spyware in June 2024. We shared details with Apple=2C w=
ho confirmed they had patched the attack in iOS 18.

* Other Surveillance Tech Deployed Against The Same Italian Cluster=

=2E We also note 2024 warnings sent by Meta to several individuals in the sa= me organizational cluster=2C including a Paragon victim=2C suggesting the=
need for further scrutiny into other surveillance technology deployed aga= inst these individuals.

** *** ***** ******* *********** *************


** AI DATA POISONING ------------------------------------------------------------

[2025.03.26] [https://www.schneier.com/blog/archives/2025/03/ai-data-poi= soning.html] Cloudflare has a new feature [https://arstechnica.com/ai/202= 5/03/cloudflare-turns-ai-against-itself-with-endless-maze-of-irrelevant-fa= cts/] -- available to free users as well -- that uses AI to generate rando=
m pages to feed to AI web crawlers:

Instead of simply blocking bots=2C Cloudflare=E2=80=99s new system lures=

them into a =E2=80=9Cmaze=E2=80=9D of realistic-looking but irrelevant pa= ges=2C wasting the crawler=E2=80=99s computing resources. The approach is=
a notable shift from the standard block-and-defend strategy used by most=
website protection services. Cloudflare says blocking bots sometimes back= fires because it alerts the crawler=E2=80=99s operators that they=E2=80=99=
ve been detected.

=E2=80=9CWhen we detect unauthorized crawling=2C rather than blocking th=

e request=2C we will link to a series of AI-generated pages that are convi= ncing enough to entice a crawler to traverse them=2C=E2=80=9D writes Cloud= flare. =E2=80=9CBut while real looking=2C this content is not actually the=
content of the site we are protecting=2C so the crawler wastes time and r= esources.=E2=80=9D

The company says the content served to bots is deliberately irrelevant t=

o the website being crawled=2C but it is carefully sourced or generated us=
ing real scientific facts -- such as neutral information about biology=2C=
physics=2C or mathematics -- to avoid spreading misinformation (whether t=
his approach effectively prevents misinformation=2C however=2C remains unp= roven).

It=E2=80=99s basically an AI-generated honeypot. And AI scraping is a grow=
ing problem:

The scale of AI crawling on the web appears substantial=2C according to=

Cloudflare=E2=80=99s data that lines up with anecdotal reports we=E2=80=
=99ve heard from sources. The company says that AI crawlers generate more=
than 50 billion requests to their network daily=2C amounting to nearly 1=
percent of all web traffic they process. Many of these crawlers collect w= ebsite data to train large language models without permission from site ow= ners....

Presumably the crawlers will now have to up both their scraping stealth an=
d their ability to filter out AI-generated content like this. Which means=
the honeypots will have to get better at detecting scrapers and more stea= lthy in their fake content. This arms race is likely to go back and forth=
=2C wasting a lot of energy in the process.

** *** ***** ******* *********** *************


** A TAXONOMY OF ADVERSARIAL MACHINE LEARNING ATTACKS AND MITIGATIONS ------------------------------------------------------------

[2025.03.27] [https://www.schneier.com/blog/archives/2025/03/a-taxonomy-= of-adversarial-machine-learning-attacks-and-mitigations.html] NIST just re= leased [https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-2e2025.pdf] a co= mprehensive taxonomy of adversarial machine learning attacks and counterme= asures.

** *** ***** ******* *********** *************


** AIS AS TRUSTED THIRD PARTIES ------------------------------------------------------------

[2025.03.28] [https://www.schneier.com/blog/archives/2025/03/ais-as-trus= ted-third-parties.html] This is a truly fascinating paper: =E2=80=9CTrust=
ed Machine Learning Models Unlock Private Inference for Problems Currently=
Infeasible with Cryptography [https://arxiv.org/pdf/2501.08970].=E2=80=
=9D The basic idea is that AIs can act as trusted third parties:

Abstract: We often interact with untrusted parties. Prioritization of pr=

ivacy can limit the effectiveness of these interactions=2C as achieving ce= rtain goals necessitates sharing private data. Traditionally=2C addressing=
this challenge has involved either seeking _trusted intermediaries_ or co= nstructing _cryptographic protocols_ that restrict how much data is reveal= ed=2C such as multi-party computations or zero-knowledge proofs. While sig= nificant advances have been made in scaling cryptographic approaches=2C th=
ey remain limited in terms of the size and complexity of applications they=
can be used for. In this paper=2C we argue that capable machine learning=
models can fulfill the role of a trusted third party=2C thus enabling sec=
ure computations for applications that were previously infeasible. In part= icular=2C we describe Trusted Capable Model Environments (TCMEs) as an alt= ernative approach for scaling secure computation=2C where capable machine=
learning model(s) interact under input/output constraints=2C with explici=
t information flow control and explicit statelessness. This approach aims=
to achieve a balance between privacy and computational efficiency=2C enab= ling private inference where classical cryptographic solutions are current=
ly infeasible. We describe a number of use cases that are enabled by TCME=
=2C and show that even some simple classic cryptographic problems can alre=
ady be solved with TCME. Finally=2C we outline current limitations and dis= cuss the path forward in implementing them.

When I was writing _Applied Cryptography_ way back in 1993=2C I talked abo=
ut human trusted third parties (TTPs). This research postulates that somed=
ay AIs could fulfill the role of a human TTP=2C with added benefits like (=
1) being able to audit their processing=2C and (2) being able to delete it=
and erase their knowledge when their work is done. And the possibilities=
are vast.

Here=E2=80=99s a TTP problem. Alice and Bob want to know whose income is g= reater=2C but don=E2=80=99t want to reveal their income to the other. (Ass=
ume that both Alice and Bob want the true answer=2C so neither has an ince= ntive to lie.) A human TTP can solve that easily: Alice and Bob whisper th=
eir income to the TTP=2C who announces the answer. But now the human knows=
the data. There are cryptographic protocols that can solve this. But we c=
an easily imagine more complicated questions that cryptography can=E2=80=
=99t solve. =E2=80=9CWhich of these two novel manuscripts has more sex sce= nes?=E2=80=9D =E2=80=9CWhich of these two business plans is a riskier inve= stment?=E2=80=9D If Alice and Bob can agree on an AI model they both trust=
=2C they can feed the model the data=2C ask the question=2C get the answer=
=2C and then delete the model afterwards. And it=E2=80=99s reasonable for=
Alice and Bob to trust a model with questions like this. They can take th=
e model into their own lab and test it a gazillion times until they are sa= tisfied that it is fair=2C accurate=2C or whatever other properties they w= ant.

The paper contains several examples where an AI TTP provides real value. T=
his is still mostly science fiction today=2C but it=E2=80=99s a fascinatin=
g thought experiment.

** *** ***** ******* *********** *************


** THE SIGNAL CHAT LEAK AND THE NSA ------------------------------------------------------------

[2025.03.31] [https://www.schneier.com/blog/archives/2025/03/the-signal-= chat-leak-and-the-nsa.html] US National Security Advisor Mike Waltz=2C who=
started the now-infamous group chat coordinating a US attack against the=
Yemen-based Houthis on March 15=2C is seemingly now suggesting that the s= ecure messaging service Signal has security vulnerabilities.

"I didn=E2=80=99t see this loser in the group=2C" Waltz told [https://abc= news.go.com/Politics/trump-admins-shifting-explanations-journalist-added-s= ignal-chat/story?id=3D120179649] Fox News about _Atlantic_ editor in chief=
Jeffrey Goldberg=2C whom Waltz invited [https://www.theatlantic.com/poli= tics/archive/2025/03/trump-administration-accidentally-texted-me-its-war-p= lans/682151/] to the chat. "Whether he did it deliberately or it happened=
in some other technical mean=2C is something we=E2=80=99re trying to figu=
re out."

Waltz=E2=80=99s implication that Goldberg may have hacked his way in was f= ollowed by a report [https://www.cbsnews.com/news/nsa-signal-app-vulnerab= ilities-before-houthi-strike-chat/] from CBS News that the US National Sec= urity Agency (NSA) had sent out a bulletin to its employees last month war= ning them about a security "vulnerability" identified in Signal.

The truth=2C however=2C is much more interesting. If Signal has vulnerabil= ities=2C then China=2C Russia=2C and other US adversaries suddenly have a=
new incentive to discover them. At the same time=2C the NSA urgently need=
s to find and fix any vulnerabilities quickly as it can -- and similarly=
=2C ensure that commercial smartphones are free of backdoors -- access poi=
nts that allow people other than a smartphone=E2=80=99s user to bypass the=
usual security authentication methods to access the device=E2=80=99s cont= ents.

That is essential for anyone who wants to keep their communications privat= e=2C which should be all of us.

It=E2=80=99s common knowledge that the NSA=E2=80=99s mission is breaking i=
nto and eavesdropping on other countries=E2=80=99 networks. (During Presid=
ent George W. Bush=E2=80=99s administration=2C the NSA conducted warrantle=
ss taps into domestic communications as well -- surveillance that several=
[https://www.cnn.com/2006/POLITICS/08/17/domesticspying.lawsuit/] distri=
ct courts ruled [https://www.nytimes.com/2010/04/01/us/01nsa.html] to be=
illegal before those decisions were later overturned [https://edition.cn= n.com/2007/POLITICS/07/06/court.domestic.spying/index.html] by appeals cou= rts. To this day=2C many legal experts maintain [https://scholarship.law.= wm.edu/cgi/viewcontent.cgi?article=3D1135&context=3Dwmborj] that the progr=
am violated federal privacy protections.) But the organization has a secon= dary=2C complementary responsibility: to protect US communications from ot= hers who want to spy on them. That is to say: While one part of the NSA is=
listening into foreign communications=2C another part is stopping foreign=
ers from doing the same to Americans.

Those missions never contradicted during the Cold War=2C when allied and e= nemy communications were wholly separate. Today=2C though=2C everyone uses=
the same computers=2C the same software=2C and the same networks. That cr= eates a tension.

When the NSA discovers a technological vulnerability in a service such as=
Signal (or buys one on the thriving clandestine vulnerability market)=2C=
does it exploit it in secret=2C or reveal it so that it can be fixed? Sin=
ce at least 2014=2C a US government interagency "equities" process [https= ://www.congress.gov/crs-product/R44827] has been used to decide whether it=
is in the national interest to take advantage of a particular security fl= aw=2C or to fix it. The trade-offs are often complicated and hard.

Waltz -- along with Vice President J.D. Vance=2C Defense Secretary Pete He= gseth=2C and the other officials in the Signal group -- have just made the=
trade-offs much tougher to resolve. Signal is both widely available and w= idely used. Smaller governments that can=E2=80=99t afford their own milita= ry-grade encryption use it. Journalists=2C human rights workers=2C persecu=
ted minorities=2C dissidents=2C corporate executives=2C and criminals arou=
nd the world use it. Many of these populations are of great interest to th=
e NSA.

At the same time=2C as we have now discovered=2C the app is being used for=
operational US military traffic. So=2C what does the NSA do if it finds a=
security flaw in Signal?

Previously=2C it might have preferred to keep the flaw quiet and use it to=
listen to adversaries. Now=2C if the agency does that=2C it risks someone=
else finding the same vulnerability and using it against the US governmen=
t. And if it was later disclosed that the NSA could have fixed the problem=
and didn=E2=80=99t=2C then the results might be catastrophic for the agen=
cy.

Smartphones present a similar trade-off. The biggest risk of eavesdropping=
on a Signal conversation comes from the individual phones that the app is=
running on. While it=E2=80=99s largely unclear whether the US officials i= nvolved had downloaded the app onto personal or government-issued phones -=
- although Witkoff suggested on X that the program was on his "personal de= vices [https://x.com/SteveWitkoff/status/1904886084879720683]" -- smartph=
ones are consumer devices=2C not at all suitable for classified US governm=
ent conversations. An entire industry of spyware companies sells capabilit=
ies to remotely hack smartphones for any country willing to pay. More capa=
ble countries have more sophisticated operations. Just last year=2C attack=
s that were later attributed to China attempted [https://www.cnn.com/2024= /10/25/politics/chinese-hackers-targeted-trump-and-vances-phone-data/index= =2Ehtml] to access both President Donald Trump and Vance=E2=80=99s smartphon= es. Previously=2C the FBI -- as well as law enforcement agencies in other=
countries [https://foreignpolicy.com/2025/02/25/apple-united-kingdom-adp= -back-door-less-safe/] -- have pressured both Apple and Google to add "bac= kdoors" in their phones to more easily facilitate court-authorized eavesdr= opping.

These backdoors would create=2C of course=2C another vulnerability to be e= xploited. A separate attack from China last year accessed [https://www.re= uters.com/technology/cybersecurity/china-affiliated-actors-compromised-net= works-multiple-telecom-companies-us-says-2024-11-13/] a similar capability=
built into US telecommunications networks.

The vulnerabilities equities have swung against weakened smartphone securi=
ty and toward protecting the devices that senior government officials now=
use to discuss military secrets. That also means that they have swung aga= inst the US government hoarding Signal vulnerabilities -- and toward full=
disclosure.

This is plausibly good news for Americans who want to talk among themselve=
s without having anyone=2C government or otherwise=2C listen in. We don=E2= =80=99t know what pressure the Trump administration is using to make intel= ligence services fall into line=2C but it isn=E2=80=99t crazy to worry [h= ttps://www.theguardian.com/us-news/2024/apr/16/house-fisa-government-surve= illance-senate] that the NSA might again start monitoring domestic communi= cations.

Because of the Signal chat leak=2C it=E2=80=99s less likely that they=E2= =80=99ll use vulnerabilities in Signal to do that. Equally=2C bad actors s=
uch as drug cartels may also feel safer using Signal. Their security again=
st the US government lies in the fact that the US government shares their=
vulnerabilities. No one wants their secrets exposed.

I have long advocated for a "defense dominant" cybersecurity strategy. As=
long as smartphones are in the pocket of every government official=2C pol=
ice officer=2C judge=2C CEO=2C and nuclear power plant operator -- and now=
that they are being used for what the White House now calls calls "sensi= tive [https://apnews.com/article/trump-signal-classified-information-308e= 7a81d70d6233c06a1f7330ae3004]=2C" if not outright classified conversations=
among cabinet members -- we need them to be as secure as possible. And th=
at means no government-mandated backdoors.

We may find out more about how officials -- including the vice president o=
f the United States -- came to be using Signal on what seem to be consumer= -grade smartphones=2C in a apparent breach of the laws on government recor=
ds [https://foreignpolicy.com/2025/03/25/signalgate-trump-leak-goldberg-y= emen-questions/#:~:text=3D%E2%80%9CUsing%20Signal%20for=2CSignal%2C%E2%80%= 9D%20Moss%20said.]. It=E2=80=99s unlikely that they really thought through=
the consequences of their actions.

Nonetheless=2C those consequences are real. Other governments=2C possibly=
including US allies=2C will now have much more incentive to break Signal= =E2=80=99s security than they did in the past=2C and more incentive to hac=
k US government smartphones than they did before March 24.

For just the same reason=2C the US government has urgent incentives to pro= tect them.

_This essay was originally published in Foreign Policy [https://foreignpo= licy.com/2025/03/28/signal-chat-leak-trump-technology-security-houthis-gro= up-defense-nsa/]._

** *** ***** ******* *********** *************


** CELL PHONE OPSEC FOR BORDER CROSSINGS ------------------------------------------------------------

[2025.04.01] [https://www.schneier.com/blog/archives/2025/04/cell-phone-= opsec-for-border-crossings.html] I have heard stories of more aggressive i= nterrogation of electronic devices at US border crossings. I know a lot ab=
out securing computers=2C but very little about securing phones.

Are there easy ways to delete data -- files=2C photos=2C etc. -- on phones=
so it can=E2=80=99t be recovered? Does resetting a phone to factory defau=
lts erase data=2C or is it still recoverable? That is=2C does the reset er=
ase the old encryption key=2C or just sever the password that access that=
key? When the phone is rebooted=2C are deleted files still available?

We need answers for both iPhones and Android phones. And it=E2=80=99s not=
just the US; the world is going to become a more dangerous place to oppos=
e state power.

** *** ***** ******* *********** *************


** RATIONAL ASTROLOGIES AND SECURITY ------------------------------------------------------------

[2025.04.02] [https://www.schneier.com/blog/archives/2025/04/rational-as= trologies-and-security.html] John Kelsey and I wrote a short paper for the=
Rossfest Festschrift [https://www.cl.cam.ac.uk/events/rossfest/]: =E2=80= =9CRational Astrologies and Security [https://www.schneier.com/academic/a= rchives/2025/03/rational-astrologies-and-security.html]=E2=80=9C:

There is another non-security way that designers can spend their securit=

y budget: on making their own lives easier. Many of these fall into the ca= tegory of what has been called rational astrology. First identified by Ran=
dy Steve Waldman [Wal12]=2C the term refers to something people treat as=
though it works=2C generally for social or institutional reasons=2C even=
when there=E2=80=99s little evidence that it works -- and sometimes despi=
te substantial evidence that it does not.

[...]

Both security theater and rational astrologies may seem irrational=2C bu=

t they are rational from the perspective of the people making the decision=
s about security. Security theater is often driven by information asymmetr=
y: people who don=E2=80=99t understand security can be reassured with cosm= etic or psychological measures=2C and sometimes that reassurance is import= ant. It can be better understood by considering the many non-security purp= oses of a security system. A monitoring bracelet system that pairs new mot= hers and their babies may be security theater=2C considering the incredibl=
y rare instances of baby snatching from hospitals. But it makes sense as a=
security system designed to alleviate fears of new mothers [Sch07].

Rational astrologies in security result from two considerations. The fir=

st is the principal-agent problem: The incentives of the individual or org= anization making the security decision are not always aligned with the inc= entives of the users of that system. The user=E2=80=99s well-being may not=
weigh as heavily on the developer=E2=80=99s mind as the difficulty of con= vincing his boss to take a chance by ignoring an outdated security rule or=
trying some new technology.

The second consideration that can lead to a rational astrology is where=

there is a social or institutional need for a solution to a problem for w= hich there is actually not a particularly good solution. The organization=
needs to reassure regulators=2C customers=2C or perhaps even a judge and=
jury that =E2=80=9Cthey did all that could be done=E2=80=9D to avoid some=
problem -- even if =E2=80=9Call that could be done=E2=80=9D wasn=E2=80=99=
t very much.

** *** ***** ******* *********** *************


** WEB 3.0 REQUIRES DATA INTEGRITY ------------------------------------------------------------

[2025.04.03] [https://www.schneier.com/blog/archives/2025/04/web-3-0-req= uires-data-integrity.html] If you=E2=80=99ve ever taken a computer securit=
y class=2C you=E2=80=99ve probably learned about the three legs of compute=
r security -- confidentiality=2C integrity=2C and availability -- known as=
the CIA triad [https://www.nist.gov/image/cia-triad]. When we talk about=
a system being secure=2C that=E2=80=99s what we=E2=80=99re referring to.=
All are important=2C but to different degrees in different contexts. In a=
world populated by artificial intelligence (AI) systems and artificial in= telligent agents=2C integrity will be paramount.

What is data integrity? It=E2=80=99s ensuring that no one can modify data=
-- that=E2=80=99s the security angle -- but it=E2=80=99s much more than t= hat. It encompasses accuracy=2C completeness=2C and quality of data -- all=
over both time and space. It=E2=80=99s preventing accidental data loss; t=
he =E2=80=9Cundo=E2=80=9D button is a primitive integrity measure. It=E2= =80=99s also making sure that data is accurate when it=E2=80=99s collected=
-- that it comes from a trustworthy source=2C that nothing important is m= issing=2C and that it doesn=E2=80=99t change as it moves from format to fo= rmat. The ability to restart your computer is another integrity measure.

The CIA triad has evolved with the Internet. The first iteration of the We=
b -- Web 1.0 of the 1990s and early 2000s -- prioritized availability. Thi=
s era saw organizations and individuals rush to digitize their content=2C=
creating what has become an unprecedented repository of human knowledge.=
Organizations worldwide established their digital presence=2C leading to=
massive digitization projects where quantity took precedence over quality=
=2E The emphasis on making information available overshadowed other concerns= =2E

As Web technologies matured=2C the focus shifted to protecting the vast am= ounts of data flowing through online systems. This is Web 2.0: the Interne=
t of today. Interactive features and user-generated content transformed th=
e Web from a read-only medium to a participatory platform. The increase in=
personal data=2C and the emergence of interactive platforms for e-commerc= e=2C social media=2C and online everything demanded both data protection a=
nd user privacy. Confidentiality became paramount.

We stand at the threshold of a new Web paradigm: Web 3.0. This is a distri= buted=2C decentralized=2C intelligent Web. Peer-to-peer social-networking=
systems promise to break the tech monopolies=E2=80=99 control on how we i= nteract with each other. Tim Berners-Lee=E2=80=99s open W3C protocol=2C So= lid=2C represents a fundamental shift in how we think about data ownership=
and control. A future filled with AI agents requires verifiable=2C trustw= orthy personal data and computation. In this world=2C data integrity takes=
center stage.

For example=2C the 5G communications revolution isn=E2=80=99t just about f= aster access to videos; it=E2=80=99s about Internet-connected things talki=
ng to other Internet-connected things without our intervention. Without da=
ta integrity=2C for example=2C there=E2=80=99s no real-time car-to-car com= munications about road movements and conditions. There=E2=80=99s no drone=
swarm coordination=2C smart power grid=2C or reliable mesh networking. An=
d there=E2=80=99s no way to securely empower AI agents.

In particular=2C AI systems require robust integrity controls because of h=
ow they process data. This means technical controls to ensure data is accu= rate=2C that its meaning is preserved as it is processed=2C that it produc=
es reliable results=2C and that humans can reliably alter it when it=E2=80= =99s wrong. Just as a scientific instrument must be calibrated to measure=
reality accurately=2C AI systems need integrity controls that preserve th=
e connection between their data and ground truth.

This goes beyond preventing data tampering. It means building systems that=
maintain verifiable chains of trust between their inputs=2C processing=2C=
and outputs=2C so humans can understand and validate what the AI is doing=
=2E AI systems need clean=2C consistent=2C and verifiable control processes=
to learn and make decisions effectively. Without this foundation of verif= iable truth=2C AI systems risk becoming a series of opaque boxes.

Recent history provides many sobering examples of integrity failures that=
naturally undermine public trust in AI systems. Machine-learning (ML) mod=
els trained without thought on expansive datasets have produced predictabl=
y biased results in hiring systems. Autonomous vehicles with incorrect dat=
a have made incorrect -- and fatal -- decisions. Medical diagnosis systems=
have given flawed recommendations without being able to explain themselve=
s. A lack of integrity controls undermines AI systems and harms people who=
depend on them.

They also highlight how AI integrity failures can manifest at multiple lev=
els of system operation. At the training level=2C data may be subtly corru= pted or biased even before model development begins. At the model level=2C=
mathematical foundations and training processes can introduce new integri=
ty issues even with clean data. During execution=2C environmental changes=
and runtime modifications can corrupt previously valid models. And at the=
output level=2C the challenge of verifying AI-generated content and track=
ing it through system chains creates new integrity concerns. Each level co= mpounds the challenges of the ones before it=2C ultimately manifesting in=
human costs=2C such as reinforced biases and diminished agency.

Think of it like protecting a house. You don=E2=80=99t just lock a door; y=
ou also use safe concrete foundations=2C sturdy framing=2C a durable roof=
=2C secure double-pane windows=2C and maybe motion-sensor cameras. Similar= ly=2C we need digital security at every layer to ensure the whole system c=
an be trusted.

This layered approach to understanding security becomes increasingly criti=
cal as AI systems grow in complexity and autonomy=2C particularly with lar=
ge language models (LLMs) and deep-learning systems making high-stakes dec= isions. We need to verify the integrity of each layer when building and de= ploying digital systems that impact human lives and societal outcomes.

At the foundation level=2C bits are stored in computer hardware. This repr= esents the most basic encoding of our data=2C model weights=2C and computa= tional instructions. The next layer up is the file system architecture: th=
e way those binary sequences are organized into structured files and direc= tories that a computer can efficiently access and process. In AI systems=
=2C this includes how we store and organize training data=2C model checkpo= ints=2C and hyperparameter configurations.

On top of that are the application layers -- the programs and frameworks=
=2C such as PyTorch and TensorFlow=2C that allow us to train models=2C pro= cess data=2C and generate outputs. This layer handles the complex mathemat=
ics of neural networks=2C gradient descent=2C and other ML operations.

Finally=2C at the user-interface level=2C we have visualization and intera= ction systems -- what humans actually see and engage with. For AI systems=
=2C this could be everything from confidence scores and prediction probabi= lities to generated text and images or autonomous robot movements.

Why does this layered perspective matter? Vulnerabilities and integrity is= sues can manifest at any level=2C so understanding these layers helps secu= rity experts and AI researchers perform comprehensive threat modeling. Thi=
s enables the implementation of defense-in-depth strategies -- from crypto= graphic verification of training data to robust model architectures to int= erpretable outputs. This multi-layered security approach becomes especiall=
y crucial as AI systems take on more autonomous decision-making roles in c= ritical domains such as healthcare=2C finance=2C and public safety. We mus=
t ensure integrity and reliability at every level of the stack.

The risks of deploying AI without proper integrity control measures are se= vere and often underappreciated. When AI systems operate without sufficien=
t security measures to handle corrupted or manipulated data=2C they can pr= oduce subtly flawed outputs that appear valid on the surface. The failures=
can cascade through interconnected systems=2C amplifying errors and biase=
s. Without proper integrity controls=2C an AI system might train on pollut=
ed data=2C make decisions based on misleading assumptions=2C or have outpu=
ts altered without detection. The results of this can range from degraded=
performance to catastrophic failures.

We see four areas where integrity is paramount in this Web 3.0 world. The=
first is granular access=2C which allows users and organizations to maint=
ain precise control over who can access and modify what information and fo=
r what purposes. The second is authentication -- much more nuanced than th=
e simple =E2=80=9CWho are you?=E2=80=9D authentication mechanisms of today=
-- which ensures that data access is properly verified and authorized at=
every step. The third is transparent data ownership=2C which allows data=
owners to know when and how their data is used and creates an auditable t= rail of data providence. Finally=2C the fourth is access standardization:=
common interfaces and protocols that enable consistent data access while=
maintaining security.

Luckily=2C we=E2=80=99re not starting from scratch. There are open W3C pro= tocols that address some of this: decentralized identifiers [https://www.= w3.org/TR/did-1.0/] for verifiable digital identity=2C the verifiable cred= entials data model [https://www.w3.org/TR/vc-data-model-2.0/] for express=
ing digital credentials=2C ActivityPub [https://www.w3.org/TR/activitypub=
/] for decentralized social networking (that=E2=80=99s what Mastodon uses)=
=2C Solid [https://solidproject.org/] for distributed data storage and re= trieval=2C and WebAuthn [https://www.w3.org/TR/webauthn-2/] for strong au= thentication standards. By providing standardized ways to verify data prov= enance and maintain data integrity throughout its lifecycle=2C Web 3.0 cre= ates the trusted environment that AI systems require to operate reliably.=
This architectural leap for integrity control in the hands of users helps=
ensure that data remains trustworthy from generation and collection throu=
gh processing and storage.

Integrity is essential to trust=2C on both technical and human levels. Loo= king forward=2C integrity controls will fundamentally shape AI development=
by moving from optional features to core architectural requirements=2C mu=
ch as SSL certificates evolved from a banking luxury to a baseline expecta= tion for any Web service.

Web 3.0 protocols can build integrity controls into their foundation=2C cr= eating a more reliable infrastructure for AI systems. Today=2C we take ava= ilability for granted; anything less than 100% uptime for critical website=
s is intolerable. In the future=2C we will need the same assurances for in= tegrity. Success will require following practical guidelines for maintaini=
ng data integrity throughout the AI lifecycle -- from data collection thro=
ugh model training and finally to deployment=2C use=2C and evolution. Thes=
e guidelines will address not just technical controls but also governance=
structures and human oversight=2C similar to how privacy policies evolved=
from legal boilerplate into comprehensive frameworks for data stewardship=
=2E Common standards and protocols=2C developed through industry collaborati= on and regulatory frameworks=2C will ensure consistent integrity controls=
across different AI systems and applications.

Just as the HTTPS protocol created a foundation for trusted e-commerce=2C=
it=E2=80=99s time for new integrity-focused standards to enable the trust=
ed AI services of tomorrow.

_This essay was written with Davi Ottenheimer=2C and originally appeared i=
n Communications of the ACM [https://dl.acm.org/doi/10.1145/3723438]._

** *** ***** ******* *********** *************


** TROY HUNT GETS PHISHED ------------------------------------------------------------

[2025.04.04] [https://www.schneier.com/blog/archives/2025/04/troy-hunt-g= ets-phished.html] In case you need proof that _anyone_=2C even someone who=
does cybersecurity for a living=2C can fall for a phishing attack=2C Troy=
Hunt has a long=2C iterative story [https://www.troyhunt.com/a-sneaky-ph= ish-just-grabbed-my-mailchimp-mailing-list/] on his webpage about how he g=
ot phished. Worth reading.

EDITED TO ADD (4/14): Commentary from Adam Shostack [https://shostack.org= /blog/learning-from-troy-hunts-sneaky-phish/] and Cory Doctorow [https://= pluralistic.net/2025/04/05/troy-hunt/#teach-a-man-to-phish].

** *** ***** ******* *********** *************


** DIRNSA FIRED
------------------------------------------------------------

[2025.04.07] [https://www.schneier.com/blog/archives/2025/04/dirnsa-fire= d.html] In =E2=80=9CSecrets and Lies [https://www.schneier.com/books/secr= ets-and-lies/]=E2=80=9D (2000)=2C I wrote:

It is poor civic hygiene to install technologies that could someday faci=

litate a police state.

It=E2=80=99s something a bunch of us were saying at the time=2C in referen=
ce to the vast NSA=E2=80=99s surveillance capabilities.

I have been thinking of that quote a lot as I read news [https://www.nyti= mes.com/2025/04/05/us/politics/nsa-director-haugh-trump-loomer.html] stori=
es [https://www.washingtonpost.com/national-security/2025/04/03/nsa-direc= tor-fired-tim-haugh/] of [https://apnews.com/article/trump-national-secur= ity-agency-tim-haugh-ec08b455e2c1112f5c6bb1881fad73e2] President Trump fir=
ing the Director of the National Security Agency. General Timothy Haugh.

A couple of weeks ago=2C I wrote [https://foreignpolicy.com/2025/03/28/si= gnal-chat-leak-trump-technology-security-houthis-group-defense-nsa/]:

We don=E2=80=99t know what pressure the Trump administration is using to=

make intelligence services fall into line=2C but it isn=E2=80=99t crazy t=
o worry [https://www.theguardian.com/us-news/2024/apr/16/house-fisa-gover= nment-surveillance-senate] that the NSA might again start monitoring domes=
tic communications.

The NSA already [https://www.eff.org/nsa-spying] spies [https://www.aclu= =2Eorg/news/national-security/five-things-to-know-about-nsa-mass-surveillanc= e-and-the-coming-fight-in-congress] on [https://epic.org/documents/in-re-= epic-nsa-telephone-records-surveillance/] Americans [https://foreignpolic= y.com/2016/09/07/every-move-you-make-obama-nsa-security-surveillance-spyin= g-intelligence-snowden/] in a variety of ways [https://www.eff.org/nsa-sp= ying/timeline]. But that=E2=80=99s always been a sideline to its main miss= ion: spying on the rest of the world. Once Trump replaces Haugh with a loy= alist=2C the NSA=E2=80=99s vast surveillance apparatus can be refocused do= mestically.

Giving that agency all those powers in the 1990s=2C in the 2000s after the=
terrorist attacks of 9/11=2C and in the 2010s was always a mistake. I fea=
r that we are about to learn how big a mistake it was.

Here=E2=80=99s PGP creator Phil Zimmerman in 1996=2C spelling it out [htt= ps://philzimmermann.com/EN/testimony/index.html] even more clearly:

The Clinton Administration seems to be attempting to deploy and entrench=

a communications infrastructure that would deny the citizenry the ability=
to protect its privacy. This is unsettling because in a democracy=2C it i=
s possible for bad people to occasionally get elected -- sometimes very ba=
d people. Normally=2C a well-functioning democracy has ways to remove thes=
e people from power. But the wrong technology infrastructure could allow s=
uch a future government to watch every move anyone makes to oppose it. It=
could very well be the last government we ever elect.

When making public policy decisions about new technologies for the gover=

nment=2C I think one should ask oneself which technologies would best stre= ngthen the hand of a police state. Then=2C do not allow the government to=
deploy those technologies. This is simply a matter of good civic hygiene.

** *** ***** ******* *********** *************


** ARGUING AGAINST CALEA ------------------------------------------------------------

[2025.04.08] [https://www.schneier.com/blog/archives/2025/04/arguing-aga= inst-calea.html] At a Congressional hearing [https://oversight.house.gov/= hearing/salt-typhoon-securing-americas-telecommunications-from-state-spons= ored-cyber-attacks/] earlier this week=2C Matt Blaze made the point [http= s://oversight.house.gov/wp-content/uploads/2025/04/Blaze-Written-Testimony= =2Epdf] that CALEA=2C the 1994 law that forces telecoms to make phone calls=
wiretappable=2C is outdated in today=E2=80=99s threat environment and sho=
uld be rethought:

In other words=2C while the legally-mandated CALEA capability requiremen=

ts have changed little over the last three decades=2C the infrastructure t=
hat must implement and protect it has changed radically. This has greatly=
expanded the =E2=80=9Cattack surface=E2=80=9D that must be defended to pr= event unauthorized wiretaps=2C especially at scale. The job of the illegal=
eavesdropper has gotten significantly easier=2C with many more options an=
d opportunities for them to exploit. Compromising our telecommunications i= nfrastructure is now little different from performing any other kind of co= mputer intrusion or data breach=2C a well-known and endemic cybersecurity=
problem. To put it bluntly=2C something like Salt Typhoon was inevitable=
=2C and will likely happen again unless significant changes are made.

This is the access that the Chinese threat actor Salt Typhoon used [https= ://techcrunch.com/2024/10/07/the-30-year-old-internet-backdoor-law-that-ca= me-back-to-bite/] to spy on Americans:

The Wall Street Journal [https://www.wsj.com/tech/cybersecurity/u-s-wir=

etap-systems-targeted-in-china-linked-hack-327fc63b] first reported Friday=
that a Chinese government hacking group dubbed Salt Typhoon broke into th=
ree of the largest U.S. internet providers=2C including AT&T=2C Lumen (for= merly CenturyLink)=2C and Verizon=2C to access systems they use for facili= tating customer data to law enforcement and governments. The hacks reporte=
dly may have resulted in the =E2=80=9Cvast collection of internet traffic= =E2=80=9D; from the telecom and internet giants. CNN [https://www.cnn.com= /2024/10/05/politics/chinese-hackers-us-telecoms/] and The Washington Post=
[https://www.washingtonpost.com/national-security/2024/10/06/salt-typhoo= n-china-espionage-telecom/] also confirmed the intrusions and that the U.S=
=2E government=E2=80=99s investigation is in its early stages.

** *** ***** ******* *********** *************


** HOW TO LEAK TO A JOURNALIST ------------------------------------------------------------

[2025.04.09] [https://www.schneier.com/blog/archives/2025/04/how-to-leak= -to-a-journalist.html] Neiman Lab has some good advice [https://www.niema= nlab.org/2025/04/how-to-leak-to-a-journalist/] on how to leak a story to a=
journalist.

** *** ***** ******* *********** *************


** REIMAGINING DEMOCRACY ------------------------------------------------------------

[2025.04.10] [https://www.schneier.com/blog/archives/2025/04/reimagining= -democracy-2.html] Imagine that all of us -- all of society -- have landed=
on some alien planet and need to form a government: clean slate. We do no=
t have any legacy systems from the United States or any other country. We=
do not have any special or unique interests to perturb our thinking. How=
would we govern ourselves? It is unlikely that we would use the systems w=
e have today. Modern representative democracy was the best form of governm=
ent that eighteenth-century technology could invent. The twenty-first cent=
ury is very different: scientifically=2C technically=2C and philosophicall=
y. For example=2C eighteenth-century democracy was designed under the assu= mption that travel and communications were both hard.

Indeed=2C the very idea of representative government was a hack to get aro=
und technological limitations. Voting is easier now. Does it still make se=
nse for all of us living in the same place to organize every few years and=
choose one of us to go to a single big room far away and make laws in our=
name? Representative districts are organized around geography because tha=
t was the only way that made sense two hundred-plus years ago. But we do n=
ot need to do it that way anymore. We could organize representation by age=
: one representative for the thirty-year-olds=2C another for the forty-yea= r-olds=2C and so on. We could organize representation randomly: by birthda= y=2C perhaps. We can organize in any way we want. American citizens curren=
tly elect people to federal posts for terms ranging from two to six years.=
Would ten years be better for some posts? Would ten days be better for ot= hers? There are lots of possibilities. Maybe we can make more use of direc=
t democracy by way of plebiscites. Certainly we do not want all of us=2C i= ndividually=2C to vote on every amendment to every bill=2C but what is the=
optimal balance between votes made in our name and ballot initiatives tha=
t we all vote on?

For the past three years=2C I have organized a series of annual two-day wo= rkshops to discuss these and other such questions.^1 For each event=2C I b= rought together fifty people from around the world: political scientists=
=2C economists=2C law professors=2C experts in artificial intelligence=2C=
activists=2C government types=2C historians=2C science-fiction writers=2C=
and more. We did not come up with any answers to our questions -- and I w= ould have been surprised if we had -- but several themes emerged from the=
event. Misinformation and propaganda was a theme=2C of course=2C and the=
inability to engage in rational policy discussions when we cannot agree o=
n facts. The deleterious effects of optimizing a political system for econ= omic outcomes was another theme. Given the ability to start over=2C would=
anyone design a system of government for the near-term financial interest=
of the wealthiest few? Another theme was capitalism and how it is or is n=
ot intertwined with democracy. While the modern market economy made a lot=
of sense in the industrial age=2C it is starting to fray in the informati=
on age. What comes after capitalism=2C and how will it affect the way we g= overn ourselves?

Many participants examined the effects of technology=2C especially artific=
ial intelligence (AI). We looked at whether -- and when -- we might be com= fortable ceding power to an AI system. Sometimes deciding is easy. I am ha=
ppy for an AI system to figure out the optimal timing of traffic lights to=
ensure the smoothest flow of cars through my city. When will we be able t=
o say the same thing about the setting of interest rates? Or taxation? How=
would we feel about an AI device in our pocket that voted in our name=2C=
thousands of times per day=2C based on preferences that it inferred from=
our actions? Or how would we feel if an AI system could determine optimal=
policy solutions that balanced every voter=E2=80=99s preferences: Would i=
t still make sense to have a legislature and representatives? Possibly we=
should vote directly for ideas and goals instead=2C and then leave the de= tails to the computers.

These conversations became more pointed in the second and third years of o=
ur workshop=2C after generative AI exploded onto the internet. Large langu=
age models are poised to write laws=2C enforce both laws and regulations=
=2C act as lawyers and judges=2C and plan political strategy. How this cap= acity will compare to human expertise and capability is still unclear=2C b=
ut the technology is changing quickly and dramatically. We will not have A=
I legislators anytime soon=2C but just as today we accept that all politic=
al speeches are professionally written by speechwriters=2C will we accept=
that future political speeches will all be written by AI devices? Will le= gislators accept AI-written legislation=2C especially when that legislatio=
n includes a level of detail that human-based legislation generally does n=
ot? And if so=2C how will that change affect the balance of power between=
the legislature and the administrative state? Most interestingly=2C what=
happens when the AI tools we use to both write and enforce laws start to=
suggest policy options that are beyond human understanding? Will we accep=
t them=2C because they work? Or will we reject a system of governance wher=
e humans are only nominally in charge?

Scale was another theme of the workshops. The size of modern governments r= eflects the technology at the time of their founding. European countries a=
nd the early American states are a particular size because that was a gove= rnable size in the eighteenth and nineteenth centuries. Larger governments=
-- those of the United States as a whole and of the European Union -- ref= lect a world where travel and communications are easier. Today=2C though=
=2C the problems we have are either local=2C at the scale of cities and to= wns=2C or global. Do we really have need for a political unit the size of=
France or Virginia? Or is it a mixture of scales that we really need=2C o=
ne that moves effectively between the local and the global?

As to other forms of democracy=2C we discussed one from history and anothe=
r made possible by today=E2=80=99s technology. Sortition is a system of ch= oosing political officials randomly. We use it today when we pick juries=
=2C but both the ancient Greeks and some cities in Renaissance Italy used=
it to select major political officials. Today=2C several countries -- lar= gely in Europe -- are using the process to decide policy on complex issues=
=2E We might randomly choose a few hundred people=2C representative of the p= opulation=2C to spend a few weeks being briefed by experts=2C debating the=
issues=2C and then deciding on environmental regulations=2C or a budget=
=2C or pretty much anything.

=E2=80=9CLiquid democracy=E2=80=9D is a way of doing away with elections a= ltogether. The idea is that everyone has a vote and can assign it to anyon=
e they choose. A representative collects the proxies assigned to him or he=
r and can either vote directly on the issues or assign all the proxies to=
someone else. Perhaps proxies could be divided: this person for economic=
matters=2C another for health matters=2C a third for national defense=2C=
and so on. In the purer forms of this system=2C people might transfer the=
ir votes to someone else at any time. There would be no more election days=
: vote counts might change every day.

And then=2C there is the question of participation and=2C more generally=
=2C whose interests are taken into account. Early democracies were really=
not democracies at all; they limited participation by gender=2C race=2C a=
nd land ownership. These days=2C to achieve a more comprehensive electorat=
e we could lower the voting age. But=2C of course=2C even children too you=
ng to vote have rights=2C and in some cases so do other species. Should fu= ture generations be given a =E2=80=9Cvoice=2C=E2=80=9D whatever that means=
? What about nonhumans=2C or whole ecosystems? Should everyone have the sa=
me volume and type of voice? Right now=2C in the United States=2C the very=
wealthy have much more influence than others do. Should we encode that su= periority explicitly? Perhaps younger people should have a more powerful v=
ote than everyone else. Or maybe older people should.

In the workshops=2C those questions led to others about the limits of demo= cracy. All democracies have boundaries limiting what the majority can deci=
de. We are not allowed to vote _Common Knowledge_ out of existence=2C for=
example=2C but can generally regulate speech to some degree. We cannot vo= te=2C in an election=2C to jail someone=2C but we can craft laws that make=
a particular action illegal. We all have the right to certain things that=
cannot be taken away from us. In the community of our future=2C what shou=
ld be our rights as individuals? What should be the rights of society=2C s= uperseding those of individuals?

Personally=2C I was most interested=2C at each of the three workshops=2C i=
n how political systems fail. As a security technologist=2C I study how co= mplex systems are subverted -- _hacked_=2C in my parlance -- for the benef=
it of a few at the expense of the many. Think of tax loopholes=2C or trick=
s to avoid government regulation. These hacks are common today=2C and AI t= ools will make them easier to find -- and even to design -- in the future.=
I would want any government system to be resistant to trickery. Or=2C to=
put it another way: I want the interests of each individual to align with=
the interests of the group at every level. We have never had a system of=
government with this property=2C but -- in a time of existential risks su=
ch as climate change -- it is important that we develop one.

Would this new system of government even be called =E2=80=9Cdemocracy=E2= =80=9D? I truly do not know.

Such speculation is not practical=2C of course=2C but still is valuable. O=
ur workshops did not produce final answers and were not intended to do so.=
Our discourse was filled with suggestions about how to patch our politica=
l system where it is fraying. People regularly debate changes to the US El= ectoral College=2C or the process of determining voting districts=2C or th=
e setting of term limits. But those are incremental changes. It is difficu=
lt to find people who are thinking more radically: looking beyond the hori=
zon -- not at what is possible today but at what may be possible eventuall=
y. Thinking incrementally is critically important=2C but it is also myopic=
=2E It represents a hill-climbing strategy of continuous but quite limited i= mprovements. We also need to think about discontinuous changes that we can=
not easily get to from here; otherwise=2C we may be forever stuck at local=
maxima. And while true innovation in politics is a lot harder than innova= tion in technology=2C especially without a violent revolution forcing chan=
ges on us=2C it is something that we as a species are going to have to get=
good at=2C one way or another.

Our workshop will reconvene for a fourth meeting in December 2025.

* NOTE

1. The First International Workshop on Reimagining Democracy (IWORD)=
was held December 7 -- 8=2C 2022. The Second IWORD was held December 12 -=
- 13=2C 2023. Both took place at the Harvard Kennedy School. The sponsors=
were the Ford Foundation=2C the Knight Foundation=2C and the Ash and Belf=
er Centers of the Kennedy School. See Schneier=2C =E2=80=9CRecreating Demo= cracy=E2=80=9D [http://www.schneier.com/blog/archives/2022/12/reimagining= -democracy.html] and Schneier=2C =E2=80=9CSecond Interdisciplinary Worksho= p.=E2=80=9D [http://www.schneier.com/blog/archives/2024/01/second-interdi= sciplinary-workshop-on-reimagining-democracy.html]

_This essay was originally published in Common Knowledge [https://read.du= keupress.edu/common-knowledge/article-abstract/30/3/354/398268/Reimagining= -Democracy]._

** *** ***** ******* *********** *************


** AI VULNERABILITY FINDING ------------------------------------------------------------

[2025.04.11] [https://www.schneier.com/blog/archives/2025/04/ai-vulnerab= ility-finding.html] Microsoft is reporting [https://www.microsoft.com/en-= us/security/blog/2025/03/31/analyzing-open-source-bootloaders-finding-vuln= erabilities-faster-with-ai/] that its AI systems are able to find new vuln= erabilities [https://www.bleepingcomputer.com/news/security/microsoft-use= s-ai-to-find-flaws-in-grub2-u-boot-barebox-bootloaders/] in source code:

Microsoft discovered eleven vulnerabilities in GRUB2=2C including intege=

r and buffer overflows in filesystem parsers=2C command flaws=2C and a sid= e-channel in cryptographic comparison.

Additionally=2C 9 buffer overflows in parsing SquashFS=2C EXT4=2C CramFS=

=2C JFFS2=2C and symlinks were discovered in U-Boot and Barebox=2C which r= equire physical access to exploit.

The newly discovered flaws impact devices relying on UEFI Secure Boot=2C=

and if the right conditions are met=2C attackers can bypass security prot= ections to execute arbitrary code on the device.

Nothing major here. These aren=E2=80=99t exploitable out of the box. But t=
hat an AI system can do this at all is impressive=2C and I expect their ca= pabilities to continue to improve.

** *** ***** ******* *********** *************


** CHINA SORT OF ADMITS TO BEING BEHIND VOLT TYPHOON ------------------------------------------------------------

[2025.04.14] [https://www.schneier.com/blog/archives/2025/04/china-sort-= of-admits-to-being-behind-volt-typhoon.html] _The Wall Street Journal_ has=
the story [https://www.wsj.com/politics/national-security/in-secret-meet= ing-china-acknowledged-role-in-u-s-infrastructure-hacks-c5ab37cb?st=3DUfFB= Th&reflink=3Darticle_copyURL_share]:

Chinese officials acknowledged in a secret December meeting that Beijing=

was behind a widespread series of alarming cyberattacks on U.S. infrastru= cture=2C according to people familiar with the matter=2C underscoring how=
hostilities between the two superpowers are continuing to escalate.

The Chinese delegation linked years of intrusions into computer networks=

at U.S. ports=2C water utilities=2C airports and other targets=2C to incr= easing U.S. policy support for Taiwan=2C the people=2C who declined to be=
named=2C said.

The admission wasn=E2=80=99t explicit:

The Chinese official=E2=80=99s remarks at the December meeting were indi=

rect and somewhat ambiguous=2C but most of the American delegation in the=
room interpreted it as a tacit admission and a warning to the U.S. about=
Taiwan=2C a former U.S. official familiar with the meeting said.

No surprise.

** *** ***** ******* *********** *************


** UPCOMING SPEAKING ENGAGEMENTS ------------------------------------------------------------

[2025.04.14] [https://www.schneier.com/blog/archives/2025/04/upcoming-sp= eaking-engagements-45.html] This is a current list of where and when I am=
scheduled to speak:

* I=E2=80=99m giving an online talk on AI and trust for the Weizenbau=
m Institute [https://plamadiso.weizenbaum-institut.de/events-2025/] on Ap=
ril 24=2C 2025 at 2:00 PM CEST (8:00 AM ET).

The list is maintained on this page [https://www.schneier.com/events/].

** *** ***** ******* *********** *************

Since 1998=2C CRYPTO-GRAM has been a free monthly newsletter providing sum= maries=2C analyses=2C insights=2C and commentaries on security technology.=
To subscribe=2C or to read back issues=2C see Crypto-Gram's web page [ht= tps://www.schneier.com/crypto-gram/].

You can also read these articles on my blog=2C Schneier on Security [http= s://www.schneier.com].

Please feel free to forward CRYPTO-GRAM=2C in whole or in part=2C to colle= agues and friends who will find it valuable. Permission is also granted to=
reprint CRYPTO-GRAM=2C as long as it is reprinted in its entirety.

Bruce Schneier is an internationally renowned security technologist=2C cal=
led a security guru by the _Economist_. He is the author of over one dozen=
books -- including his latest=2C _A Hacker=E2=80=99s Mind_ [https://www.= schneier.com/books/a-hackers-mind/] -- as well as hundreds of articles=2C=
essays=2C and academic papers. His newsletter and blog are read by over 2= 50=2C000 people. Schneier is a fellow at the Berkman Klein Center for Inte= rnet & Society at Harvard University; a Lecturer in Public Policy at the H= arvard Kennedy School; a board member of the Electronic Frontier Foundatio= n=2C AccessNow=2C and the Tor Project; and an Advisory Board Member of the=
Electronic Privacy Information Center and VerifiedVoting.org. He is the C= hief of Security Architecture at Inrupt=2C Inc.

Copyright (c) 2025 by Bruce Schneier.

** *** ***** ******* *********** *************

Mailing list hosting graciously provided by MailChimp [https://mailchimp.= com/]. Sent without web bugs or link tracking.

This email was sent to: cryptogram@toolazy.synchro.net

_You are receiving this email because you subscribed to the Crypto-Gram ne= wsletter._

Unsubscribe from this list: https://schneier.us18.list-manage.com/unsubscr= ibe?u=3Df99e2b5ca82502f48675978be&id=3D22184111ab&t=3Db&e=3D70f249ec14&c=3D4= cd42e8a8c

Update subscription preferences: https://schneier.us18.list-manage.com/pro= file?u=3Df99e2b5ca82502f48675978be&id=3D22184111ab&e=3D70f249ec14&c=3D4cd42e= 8a8c

Bruce Schneier
Harvard Kennedy School
1 Brattle Square
Cambridge=2C MA 02138
USA
--_----------=_MCPart_1741000653
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html><html lang=3D"en"><head><meta charset=3D"UTF-8"><title>Cryp= to-Gram=2C April 15=2C 2025</title></head><body>
<div class=3D"preview-text" style=3D"display:none !important;mso-hide:all;= font-size:1px;line-height:1px;max-height:0px;max-width:0px;opacity:0;overf= low:hidden;">A monthly newsletter about cybersecurity and related topics.<= /div>
<h1 style=3D"font-size:140%">Crypto-Gram <br>
<span style=3D"display:block;padding-top:.5em;font-size:80%">April 15=2C 2= 025</span></h1>


<p>by Bruce Schneier
<br>Fellow and Lecturer=2C Harvard Kennedy School
<br>schneier@schneier.com
<br><a href=3D"https://www.schneier.com">https://www.schneier.com</a>


<p>A free monthly newsletter providing summaries=2C analyses=2C insights=
=2C and commentaries on security: computer and otherwise.</p>

<p>For back issues=2C or to subscribe=2C visit <a href=3D"https://www.schn= eier.com/crypto-gram/">Crypto-Gram's web page</a>.</p>

<p><a href=3D"https://www.schneier.com/crypto-gram/archives/2025/0415.html= ">Read this issue on the web</a></p>

<p>These same essays and news items appear in the <a href=3D"https://www.s= chneier.com/">Schneier on Security</a> blog=2C along with a lively and int= elligent comment section. An RSS feed is available.</p>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"toc"><a name=3D"toc">I=
n this issue:</a></h2>

<p><em>If these links don't work in your email client=2C try <a href=3D"ht= tps://www.schneier.com/crypto-gram/archives/2025/0415.html">reading this i= ssue of Crypto-Gram on the web.</a></em></p>




<li><a href=3D"#cg1">Improvements in Brute Force Attacks</a></li>
<li><a href=3D"#cg2">Is Security Human Factors Research Skewed Towards Wes= tern Ideas and Habits?</a></li>
<li><a href=3D"#cg3">Critical GitHub Attack</a></li>
<li><a href=3D"#cg4">NCSC Releases Post-Quantum Cryptography Timeline</a><=

<li><a href=3D"#cg5">My Writings Are in the LibGen AI Training Corpus</a><=

<li><a href=3D"#cg6">More Countries are Demanding Backdoors to Encrypted A= pps</a></li>
<li><a href=3D"#cg7">Report on Paragon Spyware</a></li>
<li><a href=3D"#cg8">AI Data Poisoning</a></li>
<li><a href=3D"#cg9">A Taxonomy of Adversarial Machine Learning Attacks an=
d Mitigations</a></li>
<li><a href=3D"#cg10">AIs as Trusted Third Parties</a></li>
<li><a href=3D"#cg11">The Signal Chat Leak and the NSA</a></li>
<li><a href=3D"#cg12">Cell Phone OPSEC for Border Crossings</a></li>
<li><a href=3D"#cg13">Rational Astrologies and Security</a></li>
<li><a href=3D"#cg14">Web 3.0 Requires Data Integrity</a></li>
<li><a href=3D"#cg15">Troy Hunt Gets Phished</a></li>
<li><a href=3D"#cg16">DIRNSA Fired</a></li>
<li><a href=3D"#cg17">Arguing Against CALEA</a></li>
<li><a href=3D"#cg18">How to Leak to a Journalist</a></li>
<li><a href=3D"#cg19">Reimagining Democracy</a></li>
<li><a href=3D"#cg20">AI Vulnerability Finding</a></li>
<li><a href=3D"#cg21">China Sort of Admits to Being Behind Volt Typhoon</a= ></li>
<li><a href=3D"#cg22">Upcoming Speaking Engagements</a></li>
</ol>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg1"><a name=3D"cg1">I= mprovements in Brute Force Attacks</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/03/improvements-= in-brute-force-attacks.html"><strong>[2025.03.17]</strong></a> New paper:=
=E2=80=9C<a href=3D"https://tosc.iacr.org/index.php/ToSC/article/view/120= 78/11919">GPU Assisted Brute Force Cryptanalysis of GPRS=2C GSM=2C RFID=2C=
and TETRA: Brute Force Cryptanalysis of KASUMI=2C SPECK=2C and TEA3</a>.= =E2=80=9D</p>

<blockquote><p><b>Abstract:</b> Key lengths in symmetric cryptography are=
determined with respect to the brute force attacks with current technolog=
y. While nowadays at least 128-bit keys are recommended=2C there are many=
standards and real-world applications that use shorter keys. In order to=
estimate the actual threat imposed by using those short keys=2C precise e= stimates for attacks are crucial.</p>

<p>In this work we provide optimized implementations of several widely use=
d algorithms on GPUs=2C leading to interesting insights on the cost of bru=
te force attacks on several real-word applications.</p>

<p>In particular=2C we optimize KASUMI (used in GPRS/GSM)=2CSPECK (used in=
RFID communication)=2C andTEA3 (used in TETRA). Our best optimizations al=
low us to try 2<i>35.72</i>=2C 2<i>36.72</i>=2C and 2<i>34.71</i> keys per=
second on a single RTX 4090 GPU. Those results improve upon previous resu=
lts significantly=2C e.g. our KASUMI implementation is more than 15 times=
faster than the optimizations given in the CRYPTO=E2=80=9924 paper [ACC+=
24] improving the main results of that paper by the same factor.</p>

<p>With these optimizations=2C in order to break GPRS/GSM=2C RFID=2C and T= ETRA communications in a year=2C one needs around 11.22 billion=2C and 1.3=
6 million RTX 4090GPUs=2C respectively.</p>

<p>For KASUMI=2C the time-memory trade-off attacks of [ACC+24] can be per= formed with142 RTX 4090 GPUs instead of 2400 RTX 3090 GPUs or=2C when the=
same amount of GPUs are used=2C their table creation time can be reduced=
to 20.6 days from 348 days=2Ccrucial improvements for real world cryptana= lytic tasks.</p></blockquote>

<p>Attacks always get better; they never get worse. None of these is pract= ical yet=2C and they might never be. But there are certainly more optimiza= tions to come.</p>

<p>EDITED TO ADD (4/14): One of the paper=E2=80=99s authors <a href=3D"htt= ps://www.schneier.com/blog/archives/2025/03/improvements-in-brute-force-at= tacks.html/#comment-444072">responds</a>.</p>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg2"><a name=3D"cg2">I=
s Security Human Factors Research Skewed Towards Western Ideas and Habits?= </a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/03/is-security-h= uman-factors-research-skewed-towards-western-ideas-and-habits.html"><stron= g>[2025.03.18]</strong></a> Really interesting research: =E2=80=9C<a href= =3D"https://www.usenix.org/conference/usenixsecurity24/presentation/hasega= wa">How WEIRD is Usable Privacy and Security Research?</a>=E2=80=9D by Ay=
ako A. Hasegawa Daisuke Inoue=2C and Mitsuaki Akiyama:</p>

<blockquote><p><b>Abstract</b>: In human factor fields such as human-compu=
ter interaction (HCI) and psychology=2C researchers have been concerned th=
at participants mostly come from WEIRD (Western=2C Educated=2C Industriali= zed=2C Rich=2C and Democratic) countries. This WEIRD skew may hinder under= standing of diverse populations and their cultural differences. The usable=
privacy and security (UPS) field has inherited many research methodologie=
s from research on human factor fields. We conducted a literature review t=
o understand the extent to which participant samples in UPS papers were fr=
om WEIRD countries and the characteristics of the methodologies and resear=
ch topics in each user study recruiting Western or non-Western participant=
s. We found that the skew toward WEIRD countries in UPS is greater than th=
at in HCI. Geographic and linguistic barriers in the study methods and rec= ruitment methods may cause researchers to conduct user studies locally. In=
addition=2C many papers did not report participant demographics=2C which=
could hinder the replication of the reported studies=2C leading to low re= producibility. To improve geographic diversity=2C we provide the suggestio=
ns including facilitate replication studies=2C address geographic and ling= uistic issues of study/recruitment methods=2C and facilitate research on t=
he topics for non-WEIRD populations.</p></blockquote>

<p>The moral may be that human factors and usability needs to be localized= =2E</p>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg3"><a name=3D"cg3">C= ritical GitHub Attack</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/03/critical-gith= ub-attack.html"><strong>[2025.03.20]</strong></a> This is <a href=3D"http= s://www.infoworld.com/article/3849245/github-suffers-a-cascading-supply-ch= ain-attack-compromising-ci-cd-secrets.html">serious</a>:</p>

<blockquote><p>A sophisticated cascading supply chain attack has compromis=
ed multiple GitHub Actions=2C exposing critical CI/CD secrets across tens=
of thousands of repositories. The attack=2C which originally targeted the=
widely used =E2=80=9Ctj-actions/changed-files=E2=80=9D utility=2C is now=
believed to have originated from an earlier breach of the =E2=80=9Creview= dog/action-setup@v1=E2=80=9D GitHub Action=2C according to a report.</p>

<p>[...]</p>

<p>CISA confirmed the vulnerability has been patched in version 46.0.1.</p=


<p>Given that the utility is used by more than 23=2C000 GitHub repositorie= s=2C the scale of potential impact has raised significant alarm throughout=
the developer community.</p></blockquote>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg4"><a name=3D"cg4">N=
CSC Releases Post-Quantum Cryptography Timeline</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/03/ncsc-releases= -post-quantum-cryptography-timeline.html"><strong>[2025.03.21]</strong></=

The UK=E2=80=99s National Computer Security Center (part of GCHQ) <a hr=

ef=3D"https://www.ncsc.gov.uk/news/pqc-migration-roadmap-unveiled">release= d</a> a <a href=3D"https://www.ncsc.gov.uk/blog-post/setting-direction-uk-= migration-to-pqc">timeline</a> -- also see their <a href=3D"https://www.nc= sc.gov.uk/guidance/pqc-migration-timelines">blog post</a> -- for migration=
to quantum-computer-resistant cryptography.</p>

<p>It even made <a href=3D"https://www.theguardian.com/technology/2025/mar= /20/uk-cybersecurity-agency-quantum-hackers"><i>The Guardian</i></a>.</p>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg5"><a name=3D"cg5">M=
y Writings Are in the LibGen AI Training Corpus</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/03/my-writings-a= re-in-the-libgen-ai-training-corpus.html"><strong>[2025.03.21]</strong></=

The <i>Atlantic</i> has a <a href=3D"https://www.theatlantic.com/techno=

logy/archive/2025/03/search-libgen-data-set/682094/">search tool</a> that=
allows you to search for specific works in the =E2=80=9CLibGen=E2=80=9D d= atabase of copyrighted works that Meta used to train its AI models. (The r=
est of the article is behind a paywall=2C but not the search tool.)</p>

<blockquote><p>It=E2=80=99s impossible to know exactly which parts of LibG=
en Meta used to train its AI=2C and which parts it might have decided to e= xclude; this snapshot was taken in January 2025=2C after Meta is known to=
have accessed the database=2C so some titles here would not have been ava= ilable to download.</p></blockquote>

<p>Still...interesting.</p>

<p>Searching my name yields 199 results: all of my books in different vers= ions=2C plus a bunch of shorter items.</p>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg6"><a name=3D"cg6">M=
ore Countries are Demanding Backdoors to Encrypted Apps</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/03/more-countrie= s-are-demanding-back-doors-to-encrypted-apps.html"><strong>[2025.03.24]</= strong></a> Last month=2C I <a href=3D"https://www.schneier.com/blog/archi= ves/2025/02/uk-is-ordering-apple-to-break-its-own-encryption.html">wrote a= bout</a> the UK forcing Apple to break its Advanced Data Protection encryp= tion in iCloud. More recently=2C both <a href=3D"https://therecord.media/s= weden-seeks-backdoor-access-to-messaging-apps">Sweden</a> and <a href=3D"h= ttps://www.laquadrature.net/en/warondrugslaw/">France</a> are contemplatin=
g mandating backdoors. Both initiatives are attempting to <a href=3D"https= ://www.schneier.com/blog/archives/2019/12/scaring_people_.html">scare peop= le</a> into supporting backdoors=2C which are -- of course -- are <a href= =3D"https://www.schneier.com/blog/archives/2015/07/back_doors_wont.html">t= errible idea</a>.</p>

<p>Also: =E2=80=9C<a href=3D"https://www.lightbluetouchpaper.org/2025/02/1= 1/a-feminist-argument-against-weakening-encryption/#more-56645">A Feminist=
Argument Against Weakening Encryption</a>.=E2=80=9D</p>

<p>EDITED TO ADD (4/14): The French proposal was <a href=3D"https://www.ef= f.org/deeplinks/2025/03/win-encryption-france-rejects-backdoor-mandate">vo=
ted down</a>.</p>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg7"><a name=3D"cg7">R= eport on Paragon Spyware</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/03/report-on-par= agon-spyware.html"><strong>[2025.03.25]</strong></a> Citizen Lab has a <a=
href=3D"https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferat= ing-spyware-operations/">new report</a> on Paragon=E2=80=99s spyware:</p>

<blockquote><p><strong>Key Findings:</strong></p>



<li><strong>Introducing Paragon Solutions.</strong> Paragon Solutions=
was founded in Israel in 2019 and sells spyware called Graphite. The comp=
any differentiates itself by claiming it has safeguards to prevent the kin=
ds of spyware abuses that NSO Group and other vendors are notorious for.</=


<li><strong>Infrastructure Analysis of Paragon Spyware.</strong> Based=
on a tip from a collaborator=2C we mapped out server infrastructure that=
we attribute to Paragon=E2=80=99s Graphite spyware tool. We identified a=
subset of suspected Paragon deployments=2C including in Australia=2C Cana= da=2C Cyprus=2C Denmark=2C Israel=2C and Singapore.</li>

<li><strong>Identifying a Possible Canadian Paragon Customer.</strong>=
Our investigation surfaced potential links between Paragon Solutions and=
the Canadian Ontario Provincial Police=2C and found evidence of a growing=
ecosystem of spyware capability among Ontario-based police services.</li>

<li><strong>Helping WhatsApp Catch a Zero-Click.</strong> We shared ou=
r analysis of Paragon=E2=80=99s infrastructure with Meta=2C who told us th=
at the details were pivotal to their ongoing investigation into Paragon. W= hatsApp discovered and mitigated an active Paragon zero-click exploit=2C a=
nd later notified over 90 individuals who it believed were targeted=2C inc= luding civil society members in Italy.</li>

<li><strong>Android Forensic Analysis: Italian Cluster.</strong> We fo= rensically analyzed multiple Android phones belonging to Paragon targets i=
n Italy (an acknowledged Paragon user) who were notified by WhatsApp. We f= ound clear indications that spyware had been loaded into WhatsApp=2C as we=
ll as other apps on their devices.</li>

<li><strong>A Related Case of iPhone Spyware in Italy.</strong> We ana= lyzed the iPhone of an individual who worked closely with confirmed Androi=
d Paragon targets. This person received an Apple threat notification in No= vember 2024=2C but no WhatsApp notification. Our analysis showed an attemp=
t to infect the device with novel spyware in June 2024. We shared details=
with Apple=2C who confirmed they had patched the attack in iOS 18.</li>

<li><strong>Other Surveillance Tech Deployed Against The Same Italian=
Cluster.</strong> We also note 2024 warnings sent by Meta to several indi= viduals in the same organizational cluster=2C including a Paragon victim=
=2C suggesting the need for further scrutiny into other surveillance techn= ology deployed against these individuals.</li>
</ul>
</blockquote>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg8"><a name=3D"cg8">A=
I Data Poisoning</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/03/ai-data-poiso= ning.html"><strong>[2025.03.26]</strong></a> Cloudflare has a <a href=3D"= https://arstechnica.com/ai/2025/03/cloudflare-turns-ai-against-itself-with= -endless-maze-of-irrelevant-facts/">new feature</a> -- available to free u= sers as well -- that uses AI to generate random pages to feed to AI web cr= awlers:</p>

<blockquote><p>Instead of simply blocking bots=2C Cloudflare=E2=80=99s new=
system lures them into a =E2=80=9Cmaze=E2=80=9D of realistic-looking but=
irrelevant pages=2C wasting the crawler=E2=80=99s computing resources. Th=
e approach is a notable shift from the standard block-and-defend strategy=
used by most website protection services. Cloudflare says blocking bots s= ometimes backfires because it alerts the crawler=E2=80=99s operators that=
they=E2=80=99ve been detected.</p>

<p>=E2=80=9CWhen we detect unauthorized crawling=2C rather than blocking t=
he request=2C we will link to a series of AI-generated pages that are conv= incing enough to entice a crawler to traverse them=2C=E2=80=9D writes Clou= dflare. =E2=80=9CBut while real looking=2C this content is not actually th=
e content of the site we are protecting=2C so the crawler wastes time and=
resources.=E2=80=9D</p>

<p>The company says the content served to bots is deliberately irrelevant=
to the website being crawled=2C but it is carefully sourced or generated=
using real scientific facts -- such as neutral information about biology=
=2C physics=2C or mathematics -- to avoid spreading misinformation (whethe=
r this approach effectively prevents misinformation=2C however=2C remains=
unproven).</p></blockquote>

<p>It=E2=80=99s basically an AI-generated honeypot. And AI scraping is a g= rowing problem:</p>

<blockquote><p>The scale of AI crawling on the web appears substantial=2C=
according to Cloudflare=E2=80=99s data that lines up with anecdotal repor=
ts we=E2=80=99ve heard from sources. The company says that AI crawlers gen= erate more than 50 billion requests to their network daily=2C amounting to=
nearly 1 percent of all web traffic they process. Many of these crawlers=
collect website data to train large language models without permission fr=
om site owners....</p></blockquote>

<p>Presumably the crawlers will now have to up both their scraping stealth=
and their ability to filter out AI-generated content like this. Which mea=
ns the honeypots will have to get better at detecting scrapers and more st= ealthy in their fake content. This arms race is likely to go back and fort= h=2C wasting a lot of energy in the process.</p>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg9"><a name=3D"cg9">A=
Taxonomy of Adversarial Machine Learning Attacks and Mitigations</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/03/a-taxonomy-of= -adversarial-machine-learning-attacks-and-mitigations.html"><strong>[2025= =2E03.27]</strong></a> NIST <a href=3D"https://nvlpubs.nist.gov/nistpubs/ai/= NIST.AI.100-2e2025.pdf">just released</a> a comprehensive taxonomy of adve= rsarial machine learning attacks and countermeasures.</p>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg10"><a name=3D"cg10"= >AIs as Trusted Third Parties</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/03/ais-as-truste= d-third-parties.html"><strong>[2025.03.28]</strong></a> This is a truly f= ascinating paper: =E2=80=9C<a href=3D"https://arxiv.org/pdf/2501.08970">T= rusted Machine Learning Models Unlock Private Inference for Problems Curre= ntly Infeasible with Cryptography</a>.=E2=80=9D The basic idea is that AIs=
can act as trusted third parties:</p>

<blockquote><p><b>Abstract:</b> We often interact with untrusted parties.=
Prioritization of privacy can limit the effectiveness of these interactio= ns=2C as achieving certain goals necessitates sharing private data. Tradit= ionally=2C addressing this challenge has involved either seeking <em>trust=
ed intermediaries</em> or constructing <em>cryptographic protocols</em> th=
at restrict how much data is revealed=2C such as multi-party computations=
or zero-knowledge proofs. While significant advances have been made in sc= aling cryptographic approaches=2C they remain limited in terms of the size=
and complexity of applications they can be used for. In this paper=2C we=
argue that capable machine learning models can fulfill the role of a trus=
ted third party=2C thus enabling secure computations for applications that=
were previously infeasible. In particular=2C we describe Trusted Capable=
Model Environments (TCMEs) as an alternative approach for scaling secure=
computation=2C where capable machine learning model(s) interact under inp= ut/output constraints=2C with explicit information flow control and explic=
it statelessness. This approach aims to achieve a balance between privacy=
and computational efficiency=2C enabling private inference where classica=
l cryptographic solutions are currently infeasible. We describe a number o=
f use cases that are enabled by TCME=2C and show that even some simple cla= ssic cryptographic problems can already be solved with TCME. Finally=2C we=
outline current limitations and discuss the path forward in implementing=
them.</p></blockquote>

<p>When I was writing <i>Applied Cryptography</i> way back in 1993=2C I ta= lked about human trusted third parties (TTPs). This research postulates th=
at someday AIs could fulfill the role of a human TTP=2C with added benefit=
s like (1) being able to audit their processing=2C and (2) being able to d= elete it and erase their knowledge when their work is done. And the possib= ilities are vast.</p>

<p>Here=E2=80=99s a TTP problem. Alice and Bob want to know whose income i=
s greater=2C but don=E2=80=99t want to reveal their income to the other. (= Assume that both Alice and Bob want the true answer=2C so neither has an i= ncentive to lie.) A human TTP can solve that easily: Alice and Bob whisper=
their income to the TTP=2C who announces the answer. But now the human kn=
ows the data. There are cryptographic protocols that can solve this. But w=
e can easily imagine more complicated questions that cryptography can=E2= =80=99t solve. =E2=80=9CWhich of these two novel manuscripts has more sex=
scenes?=E2=80=9D =E2=80=9CWhich of these two business plans is a riskier=
investment?=E2=80=9D If Alice and Bob can agree on an AI model they both=
trust=2C they can feed the model the data=2C ask the question=2C get the=
answer=2C and then delete the model afterwards. And it=E2=80=99s reasonab=
le for Alice and Bob to trust a model with questions like this. They can t=
ake the model into their own lab and test it a gazillion times until they=
are satisfied that it is fair=2C accurate=2C or whatever other properties=
they want.</p>

<p>The paper contains several examples where an AI TTP provides real value=
=2E This is still mostly science fiction today=2C but it=E2=80=99s a fascina= ting thought experiment.</p>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg11"><a name=3D"cg11"= >The Signal Chat Leak and the NSA</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/03/the-signal-ch= at-leak-and-the-nsa.html"><strong>[2025.03.31]</strong></a> US National S= ecurity Advisor Mike Waltz=2C who started the now-infamous group chat coor= dinating a US attack against the Yemen-based Houthis on March 15=2C is see= mingly now suggesting that the secure messaging service Signal has securit=
y vulnerabilities.</p>

<p>&quot;I didn=E2=80=99t see this loser in the group=2C&quot; Waltz <a hr= ef=3D"https://abcnews.go.com/Politics/trump-admins-shifting-explanations-j= ournalist-added-signal-chat/story?id=3D120179649">told</a> Fox News about=
<em>Atlantic</em> editor in chief Jeffrey Goldberg=2C whom Waltz <a href= =3D"https://www.theatlantic.com/politics/archive/2025/03/trump-administrat= ion-accidentally-texted-me-its-war-plans/682151/">invited</a> to the chat.=
&quot;Whether he did it deliberately or it happened in some other technic=
al mean=2C is something we=E2=80=99re trying to figure out.&quot;</p>

<p>Waltz=E2=80=99s implication that Goldberg may have hacked his way in wa=
s followed by a <a href=3D"https://www.cbsnews.com/news/nsa-signal-app-vul= nerabilities-before-houthi-strike-chat/">report</a> from CBS News that the=
US National Security Agency (NSA) had sent out a bulletin to its employee=
s last month warning them about a security &quot;vulnerability&quot; ident= ified in Signal.</p>

<p>The truth=2C however=2C is much more interesting. If Signal has vulnera= bilities=2C then China=2C Russia=2C and other US adversaries suddenly have=
a new incentive to discover them. At the same time=2C the NSA urgently ne=
eds to find and fix any vulnerabilities quickly as it can -- and similarly=
=2C ensure that commercial smartphones are free of backdoors -- access poi=
nts that allow people other than a smartphone=E2=80=99s user to bypass the=
usual security authentication methods to access the device=E2=80=99s cont= ents.</p>

<p>That is essential for anyone who wants to keep their communications pri= vate=2C which should be all of us.</p>

<p><span>It=E2=80=99s common knowledge</span> that the NSA=E2=80=99s missi=
on is breaking into and eavesdropping on other countries=E2=80=99 networks=
=2E (During President George W. Bush=E2=80=99s administration=2C the NSA con= ducted warrantless taps into domestic communications as well -- surveillan=
ce that <a href=3D"https://www.cnn.com/2006/POLITICS/08/17/domesticspying.= lawsuit/">several</a> district courts <a href=3D"https://www.nytimes.com/2= 010/04/01/us/01nsa.html">ruled</a> to be illegal before those decisions we=
re later <a href=3D"https://edition.cnn.com/2007/POLITICS/07/06/court.dome= stic.spying/index.html">overturned</a> by appeals courts. To this day=2C m=
any legal experts <a href=3D"https://scholarship.law.wm.edu/cgi/viewconten= t.cgi?article=3D1135&context=3Dwmborj">maintain</a> that the program viola=
ted federal privacy protections.) But the organization has a secondary=2C=
complementary responsibility: to protect US communications from others wh=
o want to spy on them. That is to say: While one part of the NSA is listen=
ing into foreign communications=2C another part is stopping foreigners fro=
m doing the same to Americans.</p>

<p>Those missions never contradicted during the Cold War=2C when allied an=
d enemy communications were wholly separate. Today=2C though=2C everyone u=
ses the same computers=2C the same software=2C and the same networks. That=
creates a tension.</p>

<p>When the NSA discovers a technological vulnerability in a service such=
as Signal (or buys one on the thriving clandestine vulnerability market)=
=2C does it exploit it in secret=2C or reveal it so that it can be fixed?=
Since at least 2014=2C a US government interagency <a href=3D"https://www= =2Econgress.gov/crs-product/R44827">&quot;equities&quot; process</a> has bee=
n used to decide whether it is in the national interest to take advantage=
of a particular security flaw=2C or to fix it. The trade-offs are often c= omplicated and hard.</p>

<p>Waltz -- along with Vice President J.D. Vance=2C Defense Secretary Pete=
Hegseth=2C and the other officials in the Signal group -- have just made=
the trade-offs much tougher to resolve. Signal is both widely available a=
nd widely used. Smaller governments that can=E2=80=99t afford their own mi= litary-grade encryption use it. Journalists=2C human rights workers=2C per= secuted minorities=2C dissidents=2C corporate executives=2C and criminals=
around the world use it. Many of these populations are of great interest=
to the NSA.</p>

<p>At the same time=2C as we have now discovered=2C the app is being used=
for operational US military traffic. So=2C what does the NSA do if it fin=
ds a security flaw in Signal?</p>

<p>Previously=2C it might have preferred to keep the flaw quiet and use it=
to listen to adversaries. Now=2C if the agency does that=2C it risks some=
one else finding the same vulnerability and using it against the US govern= ment. And if it was later disclosed that the NSA could have fixed the prob=
lem and didn=E2=80=99t=2C then the results might be catastrophic for the a= gency.</p>

<p>Smartphones present a similar trade-off. The biggest risk of eavesdropp=
ing on a Signal conversation comes from the individual phones that the app=
is running on. While it=E2=80=99s largely unclear whether the US official=
s involved had downloaded the app onto personal or government-issued phone=
s -- although Witkoff suggested on X that the program was on his &quot;<a=
href=3D"https://x.com/SteveWitkoff/status/1904886084879720683">personal d= evices</a>&quot; -- smartphones are consumer devices=2C not at all suitabl=
e for classified US government conversations. An entire industry of spywar=
e companies sells capabilities to remotely hack smartphones for any countr=
y willing to pay. More capable countries have more sophisticated operation=
s. Just last year=2C attacks that were later attributed to China <a href= =3D"https://www.cnn.com/2024/10/25/politics/chinese-hackers-targeted-trump= -and-vances-phone-data/index.html">attempted</a> to access both President=
Donald Trump and Vance=E2=80=99s smartphones. Previously=2C the FBI -- as=
well as <a href=3D"https://foreignpolicy.com/2025/02/25/apple-united-king= dom-adp-back-door-less-safe/">law enforcement agencies in other countries<=

-- have pressured both Apple and Google to add &quot;backdoors&quot; i=

n their phones to more easily facilitate court-authorized eavesdropping.</=


<p>These backdoors would create=2C of course=2C another vulnerability to b=
e exploited. A separate attack from China last year <a href=3D"https://www= =2Ereuters.com/technology/cybersecurity/china-affiliated-actors-compromised-= networks-multiple-telecom-companies-us-says-2024-11-13/">accessed</a> a si= milar capability built into US telecommunications networks.</p>

<p>The vulnerabilities equities have swung against weakened smartphone sec= urity and toward protecting the devices that senior government officials n=
ow use to discuss military secrets. That also means that they have swung a= gainst the US government hoarding Signal vulnerabilities -- and toward ful=
l disclosure.</p>

<p><span>This is plausibly</span> good news for Americans who want to talk=
among themselves without having anyone=2C government or otherwise=2C list=
en in. We don=E2=80=99t know what pressure the Trump administration is usi=
ng to make intelligence services fall into line=2C but it isn=E2=80=99t cr=
azy to <a href=3D"https://www.theguardian.com/us-news/2024/apr/16/house-fi= sa-government-surveillance-senate">worry</a> that the NSA might again star=
t monitoring domestic communications.</p>

<p>Because of the Signal chat leak=2C it=E2=80=99s less likely that they= =E2=80=99ll use vulnerabilities in Signal to do that. Equally=2C bad actor=
s such as drug cartels may also feel safer using Signal. Their security ag= ainst the US government lies in the fact that the US government shares the=
ir vulnerabilities. No one wants their secrets exposed.</p>

<p>I have long advocated for a &quot;defense dominant&quot; cybersecurity=
strategy. As long as smartphones are in the pocket of every government of= ficial=2C police officer=2C judge=2C CEO=2C and nuclear power plant operat=
or -- and now that they are being used for what the White House now calls=
calls &quot;<a href=3D"https://apnews.com/article/trump-signal-classifie= d-information-308e7a81d70d6233c06a1f7330ae3004">sensitive</a>=2C&quot; if=
not outright classified conversations among cabinet members -- we need th=
em to be as secure as possible. And that means no government-mandated back= doors.</p>

<p>We may find out more about how officials -- including the vice presiden=
t of the United States -- came to be using Signal on what seem to be consu= mer-grade smartphones=2C in a apparent<a href=3D"https://foreignpolicy.com= /2025/03/25/signalgate-trump-leak-goldberg-yemen-questions/#:~:text=3D%E2%= 80%9CUsing%20Signal%20for=2CSignal%2C%E2%80%9D%20Moss%20said."> breach of=
the laws on government records</a>. It=E2=80=99s unlikely that they reall=
y thought through the consequences of their actions.</p>

<p>Nonetheless=2C those consequences are real. Other governments=2C possib=
ly including US allies=2C will now have much more incentive to break Signa= l=E2=80=99s security than they did in the past=2C and more incentive to ha=
ck US government smartphones than they did before March 24.</p>

<p>For just the same reason=2C the US government has urgent incentives to=
protect them.</p>

<p><em>This essay was originally published in <a href=3D"https://foreignpo= licy.com/2025/03/28/signal-chat-leak-trump-technology-security-houthis-gro= up-defense-nsa/">Foreign Policy</a>.</em></p>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg12"><a name=3D"cg12"= >Cell Phone OPSEC for Border Crossings</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/04/cell-phone-op= sec-for-border-crossings.html"><strong>[2025.04.01]</strong></a> I have h=
eard stories of more aggressive interrogation of electronic devices at US=
border crossings. I know a lot about securing computers=2C but very littl=
e about securing phones.</p>

<p>Are there easy ways to delete data -- files=2C photos=2C etc. -- on pho=
nes so it can=E2=80=99t be recovered? Does resetting a phone to factory de= faults erase data=2C or is it still recoverable? That is=2C does the reset=
erase the old encryption key=2C or just sever the password that access th=
at key? When the phone is rebooted=2C are deleted files still available?</=


<p>We need answers for both iPhones and Android phones. And it=E2=80=99s n=
ot just the US; the world is going to become a more dangerous place to opp=
ose state power.</p>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg13"><a name=3D"cg13"= >Rational Astrologies and Security</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/04/rational-astr= ologies-and-security.html"><strong>[2025.04.02]</strong></a> John Kelsey=
and I wrote a short paper for the <a href=3D"https://www.cl.cam.ac.uk/eve= nts/rossfest/">Rossfest Festschrift</a>: =E2=80=9C<a href=3D"https://www.s= chneier.com/academic/archives/2025/03/rational-astrologies-and-security.ht= ml">Rational Astrologies and Security</a>=E2=80=9C:</p>

<blockquote><p>There is another non-security way that designers can spend=
their security budget: on making their own lives easier. Many of these fa=
ll into the category of what has been called rational astrology. First ide= ntified by Randy Steve Waldman [Wal12]=2C the term refers to something pe=
ople treat as though it works=2C generally for social or institutional rea= sons=2C even when there=E2=80=99s little evidence that it works -- and som= etimes despite substantial evidence that it does not.</p>

<p>[...]</p>

<p>Both security theater and rational astrologies may seem irrational=2C b=
ut they are rational from the perspective of the people making the decisio=
ns about security. Security theater is often driven by information asymmet=
ry: people who don=E2=80=99t understand security can be reassured with cos= metic or psychological measures=2C and sometimes that reassurance is impor= tant. It can be better understood by considering the many non-security pur= poses of a security system. A monitoring bracelet system that pairs new mo= thers and their babies may be security theater=2C considering the incredib=
ly rare instances of baby snatching from hospitals. But it makes sense as=
a security system designed to alleviate fears of new mothers [Sch07].</p=


<p>Rational astrologies in security result from two considerations. The fi=
rst is the principal-agent problem: The incentives of the individual or or= ganization making the security decision are not always aligned with the in= centives of the users of that system. The user=E2=80=99s well-being may no=
t weigh as heavily on the developer=E2=80=99s mind as the difficulty of co= nvincing his boss to take a chance by ignoring an outdated security rule o=
r trying some new technology.</p>

<p>The second consideration that can lead to a rational astrology is where=
there is a social or institutional need for a solution to a problem for w= hich there is actually not a particularly good solution. The organization=
needs to reassure regulators=2C customers=2C or perhaps even a judge and=
jury that =E2=80=9Cthey did all that could be done=E2=80=9D to avoid some=
problem -- even if =E2=80=9Call that could be done=E2=80=9D wasn=E2=80=99=
t very much.</p></blockquote>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg14"><a name=3D"cg14"= >Web 3.0 Requires Data Integrity</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/04/web-3-0-requi= res-data-integrity.html"><strong>[2025.04.03]</strong></a> If you=E2=80=
=99ve ever taken a computer security class=2C you=E2=80=99ve probably lear=
ned about the three legs of computer security -- confidentiality=2C integr= ity=2C and availability -- known as the <a href=3D"https://www.nist.gov/im= age/cia-triad">CIA triad</a>. When we talk about a system being secure=2C=
that=E2=80=99s what we=E2=80=99re referring to. All are important=2C but=
to different degrees in different contexts. In a world populated by artif= icial intelligence (AI) systems and artificial intelligent agents=2C integ= rity will be paramount.</p>

<p>What is data integrity? It=E2=80=99s ensuring that no one can modify da=
ta -- that=E2=80=99s the security angle -- but it=E2=80=99s much more than=
that. It encompasses accuracy=2C completeness=2C and quality of data -- a=
ll over both time and space. It=E2=80=99s preventing accidental data loss;=
the =E2=80=9Cundo=E2=80=9D button is a primitive integrity measure. It=E2= =80=99s also making sure that data is accurate when it=E2=80=99s collected=
-- that it comes from a trustworthy source=2C that nothing important is m= issing=2C and that it doesn=E2=80=99t change as it moves from format to fo= rmat. The ability to restart your computer is another integrity measure.</=


<p>The CIA triad has evolved with the Internet. The first iteration of the=
Web -- Web 1.0 of the 1990s and early 2000s -- prioritized availability.=
This era saw organizations and individuals rush to digitize their content=
=2C creating what has become an unprecedented repository of human knowledg=
e. Organizations worldwide established their digital presence=2C leading t=
o massive digitization projects where quantity took precedence over qualit=
y. The emphasis on making information available overshadowed other concern= s.</p>

<p>As Web technologies matured=2C the focus shifted to protecting the vast=
amounts of data flowing through online systems. This is Web 2.0: the Inte= rnet of today. Interactive features and user-generated content transformed=
the Web from a read-only medium to a participatory platform. The increase=
in personal data=2C and the emergence of interactive platforms for e-comm= erce=2C social media=2C and online everything demanded both data protectio=
n and user privacy. Confidentiality became paramount.</p>

<p>We stand at the threshold of a new Web paradigm: Web 3.0. This is a dis= tributed=2C decentralized=2C intelligent Web. Peer-to-peer social-networki=
ng systems promise to break the tech monopolies=E2=80=99 control on how we=
interact with each other. Tim Berners-Lee=E2=80=99s open W3C protocol=2C=
Solid=2C represents a fundamental shift in how we think about data owners=
hip and control. A future filled with AI agents requires verifiable=2C tru= stworthy personal data and computation. In this world=2C data integrity ta=
kes center stage.</p>

<p>For example=2C the 5G communications revolution isn=E2=80=99t just abou=
t faster access to videos; it=E2=80=99s about Internet-connected things ta= lking to other Internet-connected things without our intervention. Without=
data integrity=2C for example=2C there=E2=80=99s no real-time car-to-car=
communications about road movements and conditions. There=E2=80=99s no dr=
one swarm coordination=2C smart power grid=2C or reliable mesh networking.=
And there=E2=80=99s no way to securely empower AI agents.</p>

<p>In particular=2C AI systems require robust integrity controls because o=
f how they process data. This means technical controls to ensure data is a= ccurate=2C that its meaning is preserved as it is processed=2C that it pro= duces reliable results=2C and that humans can reliably alter it when it=E2= =80=99s wrong. Just as a scientific instrument must be calibrated to measu=
re reality accurately=2C AI systems need integrity controls that preserve=
the connection between their data and ground truth.</p>

<p>This goes beyond preventing data tampering. It means building systems t=
hat maintain verifiable chains of trust between their inputs=2C processing=
=2C and outputs=2C so humans can understand and validate what the AI is do= ing. AI systems need clean=2C consistent=2C and verifiable control process=
es to learn and make decisions effectively. Without this foundation of ver= ifiable truth=2C AI systems risk becoming a series of opaque boxes.</p>

<p>Recent history provides many sobering examples of integrity failures th=
at naturally undermine public trust in AI systems. Machine-learning (ML) m= odels trained without thought on expansive datasets have produced predicta=
bly biased results in hiring systems. Autonomous vehicles with incorrect d=
ata have made incorrect -- and fatal -- decisions. Medical diagnosis syste=
ms have given flawed recommendations without being able to explain themsel= ves. A lack of integrity controls undermines AI systems and harms people w=
ho depend on them.</p>

<p>They also highlight how AI integrity failures can manifest at multiple=
levels of system operation. At the training level=2C data may be subtly c= orrupted or biased even before model development begins. At the model leve= l=2C mathematical foundations and training processes can introduce new int= egrity issues even with clean data. During execution=2C environmental chan=
ges and runtime modifications can corrupt previously valid models. And at=
the output level=2C the challenge of verifying AI-generated content and t= racking it through system chains creates new integrity concerns. Each leve=
l compounds the challenges of the ones before it=2C ultimately manifesting=
in human costs=2C such as reinforced biases and diminished agency.</p>

<p>Think of it like protecting a house. You don=E2=80=99t just lock a door=
; you also use safe concrete foundations=2C sturdy framing=2C a durable ro= of=2C secure double-pane windows=2C and maybe motion-sensor cameras. Simil= arly=2C we need digital security at every layer to ensure the whole system=
can be trusted.</p>

<p>This layered approach to understanding security becomes increasingly cr= itical as AI systems grow in complexity and autonomy=2C particularly with=
large language models (LLMs) and deep-learning systems making high-stakes=
decisions. We need to verify the integrity of each layer when building an=
d deploying digital systems that impact human lives and societal outcomes.=


<p>At the foundation level=2C bits are stored in computer hardware. This r= epresents the most basic encoding of our data=2C model weights=2C and comp= utational instructions. The next layer up is the file system architecture:=
the way those binary sequences are organized into structured files and di= rectories that a computer can efficiently access and process. In AI system= s=2C this includes how we store and organize training data=2C model checkp= oints=2C and hyperparameter configurations.</p>

<p>On top of that are the application layers -- the programs and framework= s=2C such as PyTorch and TensorFlow=2C that allow us to train models=2C pr= ocess data=2C and generate outputs. This layer handles the complex mathema= tics of neural networks=2C gradient descent=2C and other ML operations.</p=


<p>Finally=2C at the user-interface level=2C we have visualization and int= eraction systems -- what humans actually see and engage with. For AI syste= ms=2C this could be everything from confidence scores and prediction proba= bilities to generated text and images or autonomous robot movements.</p>

<p>Why does this layered perspective matter? Vulnerabilities and integrity=
issues can manifest at any level=2C so understanding these layers helps s= ecurity experts and AI researchers perform comprehensive threat modeling.=
This enables the implementation of defense-in-depth strategies -- from cr= yptographic verification of training data to robust model architectures to=
interpretable outputs. This multi-layered security approach becomes espec= ially crucial as AI systems take on more autonomous decision-making roles=
in critical domains such as healthcare=2C finance=2C and public safety. W=
e must ensure integrity and reliability at every level of the stack.</p>

<p>The risks of deploying AI without proper integrity control measures are=
severe and often underappreciated. When AI systems operate without suffic= ient security measures to handle corrupted or manipulated data=2C they can=
produce subtly flawed outputs that appear valid on the surface. The failu=
res can cascade through interconnected systems=2C amplifying errors and bi= ases. Without proper integrity controls=2C an AI system might train on pol= luted data=2C make decisions based on misleading assumptions=2C or have ou= tputs altered without detection. The results of this can range from degrad=
ed performance to catastrophic failures.</p>

<p>We see four areas where integrity is paramount in this Web 3.0 world. T=
he first is granular access=2C which allows users and organizations to mai= ntain precise control over who can access and modify what information and=
for what purposes. The second is authentication -- much more nuanced than=
the simple =E2=80=9CWho are you?=E2=80=9D authentication mechanisms of to=
day -- which ensures that data access is properly verified and authorized=
at every step. The third is transparent data ownership=2C which allows da=
ta owners to know when and how their data is used and creates an auditable=
trail of data providence. Finally=2C the fourth is access standardization=
: common interfaces and protocols that enable consistent data access while=
maintaining security.</p>

<p>Luckily=2C we=E2=80=99re not starting from scratch. There are open W3C=
protocols that address some of this: <a href=3D"https://www.w3.org/TR/did= -1.0/">decentralized identifiers</a> for verifiable digital identity=2C th=
e <a href=3D"https://www.w3.org/TR/vc-data-model-2.0/">verifiable credenti=
als data model</a> for expressing digital credentials=2C <a href=3D"https:= //www.w3.org/TR/activitypub/">ActivityPub</a> for decentralized social net= working (that=E2=80=99s what Mastodon uses)=2C <a href=3D"https://solidpro= ject.org/">Solid</a> for distributed data storage and retrieval=2C and <a=
href=3D"https://www.w3.org/TR/webauthn-2/">WebAuthn</a> for strong authen= tication standards. By providing standardized ways to verify data provenan=
ce and maintain data integrity throughout its lifecycle=2C Web 3.0 creates=
the trusted environment that AI systems require to operate reliably. This=
architectural leap for integrity control in the hands of users helps ensu=
re that data remains trustworthy from generation and collection through pr= ocessing and storage.</p>

<p>Integrity is essential to trust=2C on both technical and human levels.=
Looking forward=2C integrity controls will fundamentally shape AI develop= ment by moving from optional features to core architectural requirements=
=2C much as SSL certificates evolved from a banking luxury to a baseline e= xpectation for any Web service.</p>

<p>Web 3.0 protocols can build integrity controls into their foundation=2C=
creating a more reliable infrastructure for AI systems. Today=2C we take=
availability for granted; anything less than 100% uptime for critical web= sites is intolerable. In the future=2C we will need the same assurances fo=
r integrity. Success will require following practical guidelines for maint= aining data integrity throughout the AI lifecycle -- from data collection=
through model training and finally to deployment=2C use=2C and evolution.=
These guidelines will address not just technical controls but also govern= ance structures and human oversight=2C similar to how privacy policies evo= lved from legal boilerplate into comprehensive frameworks for data steward= ship. Common standards and protocols=2C developed through industry collabo= ration and regulatory frameworks=2C will ensure consistent integrity contr=
ols across different AI systems and applications.</p>

<p>Just as the HTTPS protocol created a foundation for trusted e-commerce=
=2C it=E2=80=99s time for new integrity-focused standards to enable the tr= usted AI services of tomorrow.</p>

<p><em>This essay was written with Davi Ottenheimer=2C and originally appe= ared in <a href=3D"https://dl.acm.org/doi/10.1145/3723438">Communications=
of the ACM</a>.</em></p>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg15"><a name=3D"cg15"= >Troy Hunt Gets Phished</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/04/troy-hunt-get= s-phished.html"><strong>[2025.04.04]</strong></a> In case you need proof=
that <i>anyone</i>=2C even someone who does cybersecurity for a living=2C=
can fall for a phishing attack=2C Troy Hunt has a long=2C iterative <a hr= ef=3D"https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-ma= iling-list/">story</a> on his webpage about how he got phished. Worth read= ing.</p>

<p>EDITED TO ADD (4/14): Commentary from <a href=3D"https://shostack.org/b= log/learning-from-troy-hunts-sneaky-phish/">Adam Shostack</a> and <a href= =3D"https://pluralistic.net/2025/04/05/troy-hunt/#teach-a-man-to-phish">Co=
ry Doctorow</a>.</p>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg16"><a name=3D"cg16"= >DIRNSA Fired</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/04/dirnsa-fired.= html"><strong>[2025.04.07]</strong></a> In =E2=80=9C<a href=3D"https://ww= w.schneier.com/books/secrets-and-lies/">Secrets and Lies</a>=E2=80=9D (200= 0)=2C I wrote:</p>

<blockquote><p>It is poor civic hygiene to install technologies that could=
someday facilitate a police state.</p></blockquote>

<p>It=E2=80=99s something a bunch of us were saying at the time=2C in refe= rence to the vast NSA=E2=80=99s surveillance capabilities.</p>

<p>I have been thinking of that quote a lot as I read <a href=3D"https://w= ww.nytimes.com/2025/04/05/us/politics/nsa-director-haugh-trump-loomer.html= ">news</a> <a href=3D"https://www.washingtonpost.com/national-security/202= 5/04/03/nsa-director-fired-tim-haugh/">stories</a> <a href=3D"https://apne= ws.com/article/trump-national-security-agency-tim-haugh-ec08b455e2c1112f5c= 6bb1881fad73e2">of</a> President Trump firing the Director of the National=
Security Agency. General Timothy Haugh.</p>

<p>A couple of weeks ago=2C I <a href=3D"https://foreignpolicy.com/2025/03= /28/signal-chat-leak-trump-technology-security-houthis-group-defense-nsa/"= >wrote</a>:</p>

<blockquote><p>We don=E2=80=99t know what pressure the Trump administratio=
n is using to make intelligence services fall into line=2C but it isn=E2= =80=99t crazy to <a href=3D"https://www.theguardian.com/us-news/2024/apr/1= 6/house-fisa-government-surveillance-senate">worry</a> that the NSA might=
again start monitoring domestic communications.</p></blockquote>

<p>The NSA <a href=3D"https://www.eff.org/nsa-spying">already</a> <a href= =3D"https://www.aclu.org/news/national-security/five-things-to-know-about-= nsa-mass-surveillance-and-the-coming-fight-in-congress">spies</a> <a href= =3D"https://epic.org/documents/in-re-epic-nsa-telephone-records-surveillan= ce/">on</a> <a href=3D"https://foreignpolicy.com/2016/09/07/every-move-you= -make-obama-nsa-security-surveillance-spying-intelligence-snowden/">Americ= ans</a> in a <a href=3D"https://www.eff.org/nsa-spying/timeline">variety o=
f ways</a>. But that=E2=80=99s always been a sideline to its main mission:=
spying on the rest of the world. Once Trump replaces Haugh with a loyalis= t=2C the NSA=E2=80=99s vast surveillance apparatus can be refocused domest= ically.</p>

<p>Giving that agency all those powers in the 1990s=2C in the 2000s after=
the terrorist attacks of 9/11=2C and in the 2010s was always a mistake. I=
fear that we are about to learn how big a mistake it was.</p>

<p>Here=E2=80=99s PGP creator Phil Zimmerman in 1996=2C <a href=3D"https:/= /philzimmermann.com/EN/testimony/index.html">spelling it out</a> even more=
clearly:</p>

<blockquote><p>The Clinton Administration seems to be attempting to deploy=
and entrench a communications infrastructure that would deny the citizenr=
y the ability to protect its privacy. This is unsettling because in a demo= cracy=2C it is possible for bad people to occasionally get elected -- some= times very bad people. Normally=2C a well-functioning democracy has ways t=
o remove these people from power. But the wrong technology infrastructure=
could allow such a future government to watch every move anyone makes to=
oppose it. It could very well be the last government we ever elect.</p>

<p>When making public policy decisions about new technologies for the gove= rnment=2C I think one should ask oneself which technologies would best str= engthen the hand of a police state. Then=2C do not allow the government to=
deploy those technologies. This is simply a matter of good civic hygiene.= </p></blockquote>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg17"><a name=3D"cg17"= >Arguing Against CALEA</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/04/arguing-again= st-calea.html"><strong>[2025.04.08]</strong></a> At a Congressional <a hr= ef=3D"https://oversight.house.gov/hearing/salt-typhoon-securing-americas-t= elecommunications-from-state-sponsored-cyber-attacks/">hearing</a> earlier=
this week=2C Matt Blaze <a href=3D"https://oversight.house.gov/wp-content= /uploads/2025/04/Blaze-Written-Testimony.pdf">made the point</a> that CALE= A=2C the 1994 law that forces telecoms to make phone calls wiretappable=2C=
is outdated in today=E2=80=99s threat environment and should be rethought= :</p>

<blockquote><p>In other words=2C while the legally-mandated CALEA capabili=
ty requirements have changed little over the last three decades=2C the inf= rastructure that must implement and protect it has changed radically. This=
has greatly expanded the =E2=80=9Cattack surface=E2=80=9D that must be de= fended to prevent unauthorized wiretaps=2C especially at scale. The job of=
the illegal eavesdropper has gotten significantly easier=2C with many mor=
e options and opportunities for them to exploit. Compromising our telecomm= unications infrastructure is now little different from performing any othe=
r kind of computer intrusion or data breach=2C a well-known and endemic cy= bersecurity problem. To put it bluntly=2C something like Salt Typhoon was=
inevitable=2C and will likely happen again unless significant changes are=
made.</p></blockquote>

<p>This is the access that the Chinese threat actor Salt Typhoon <a href= =3D"https://techcrunch.com/2024/10/07/the-30-year-old-internet-backdoor-la= w-that-came-back-to-bite/">used</a> to spy on Americans:</p>

<blockquote><p><a href=3D"https://www.wsj.com/tech/cybersecurity/u-s-wiret= ap-systems-targeted-in-china-linked-hack-327fc63b">The Wall Street Journal=
</a> first reported Friday that a Chinese government hacking group dubbed=
Salt Typhoon broke into three of the largest U.S. internet providers=2C i= ncluding AT&T=2C Lumen (formerly CenturyLink)=2C and Verizon=2C to access=
systems they use for facilitating customer data to law enforcement and go= vernments. The hacks reportedly may have resulted in the =E2=80=9Cvast col= lection of internet traffic=E2=80=9D; from the telecom and internet giants=
=2E <a href=3D"https://www.cnn.com/2024/10/05/politics/chinese-hackers-us-te= lecoms/">CNN</a> and <a href=3D"https://www.washingtonpost.com/national-se= curity/2024/10/06/salt-typhoon-china-espionage-telecom/">The Washington Po= st</a> also confirmed the intrusions and that the U.S. government=E2=80=99=
s investigation is in its early stages.</p></blockquote>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg18"><a name=3D"cg18"= >How to Leak to a Journalist</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/04/how-to-leak-t= o-a-journalist.html"><strong>[2025.04.09]</strong></a> Neiman Lab has som=
e <a href=3D"https://www.niemanlab.org/2025/04/how-to-leak-to-a-journalist= /">good advice</a> on how to leak a story to a journalist.</p>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg19"><a name=3D"cg19"= >Reimagining Democracy</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/04/reimagining-d= emocracy-2.html"><strong>[2025.04.10]</strong></a> Imagine that all of us=
-- all of society -- have landed on some alien planet and need to form a=
government: clean slate. We do not have any legacy systems from the Unite=
d States or any other country. We do not have any special or unique intere=
sts to perturb our thinking. How would we govern ourselves? It is unlikely=
that we would use the systems we have today. Modern representative democr=
acy was the best form of government that eighteenth-century technology cou=
ld invent. The twenty-first century is very different: scientifically=2C t= echnically=2C and philosophically. For example=2C eighteenth-century democ= racy was designed under the assumption that travel and communications were=
both hard.</p>

<p>Indeed=2C the very idea of representative government was a hack to get=
around technological limitations. Voting is easier now. Does it still mak=
e sense for all of us living in the same place to organize every few years=
and choose one of us to go to a single big room far away and make laws in=
our name? Representative districts are organized around geography because=
that was the only way that made sense two hundred-plus years ago. But we=
do not need to do it that way anymore. We could organize representation b=
y age: one representative for the thirty-year-olds=2C another for the fort= y-year-olds=2C and so on. We could organize representation randomly: by bi= rthday=2C perhaps. We can organize in any way we want. American citizens c= urrently elect people to federal posts for terms ranging from two to six y= ears. Would ten years be better for some posts? Would ten days be better f=
or others? There are lots of possibilities. Maybe we can make more use of=
direct democracy by way of plebiscites. Certainly we do not want all of u= s=2C individually=2C to vote on every amendment to every bill=2C but what=
is the optimal balance between votes made in our name and ballot initiati=
ves that we all vote on?</p>

<p>For the past three years=2C I have organized a series of annual two-day=
workshops to discuss these and other such questions.¹ For each=
event=2C I brought together fifty people from around the world: political=
scientists=2C economists=2C law professors=2C experts in artificial intel= ligence=2C activists=2C government types=2C historians=2C science-fiction=
writers=2C and more. We did not come up with any answers to our questions=
-- and I would have been surprised if we had -- but several themes emerge=
d from the event. Misinformation and propaganda was a theme=2C of course=
=2C and the inability to engage in rational policy discussions when we can=
not agree on facts. The deleterious effects of optimizing a political syst=
em for economic outcomes was another theme. Given the ability to start ove= r=2C would anyone design a system of government for the near-term financia=
l interest of the wealthiest few? Another theme was capitalism and how it=
is or is not intertwined with democracy. While the modern market economy=
made a lot of sense in the industrial age=2C it is starting to fray in th=
e information age. What comes after capitalism=2C and how will it affect t=
he way we govern ourselves?</p>

<p>Many participants examined the effects of technology=2C especially arti= ficial intelligence (AI). We looked at whether -- and when -- we might be=
comfortable ceding power to an AI system. Sometimes deciding is easy. I a=
m happy for an AI system to figure out the optimal timing of traffic light=
s to ensure the smoothest flow of cars through my city. When will we be ab=
le to say the same thing about the setting of interest rates? Or taxation?=
How would we feel about an AI device in our pocket that voted in our name=
=2C thousands of times per day=2C based on preferences that it inferred fr=
om our actions? Or how would we feel if an AI system could determine optim=
al policy solutions that balanced every voter=E2=80=99s preferences: Would=
it still make sense to have a legislature and representatives? Possibly w=
e should vote directly for ideas and goals instead=2C and then leave the d= etails to the computers.</p>

<p>These conversations became more pointed in the second and third years o=
f our workshop=2C after generative AI exploded onto the internet. Large la= nguage models are poised to write laws=2C enforce both laws and regulation= s=2C act as lawyers and judges=2C and plan political strategy. How this ca= pacity will compare to human expertise and capability is still unclear=2C=
but the technology is changing quickly and dramatically. We will not have=
AI legislators anytime soon=2C but just as today we accept that all polit= ical speeches are professionally written by speechwriters=2C will we accep=
t that future political speeches will all be written by AI devices? Will l= egislators accept AI-written legislation=2C especially when that legislati=
on includes a level of detail that human-based legislation generally does=
not? And if so=2C how will that change affect the balance of power betwee=
n the legislature and the administrative state? Most interestingly=2C what=
happens when the AI tools we use to both write and enforce laws start to=
suggest policy options that are beyond human understanding? Will we accep=
t them=2C because they work? Or will we reject a system of governance wher=
e humans are only nominally in charge?</p>

<p>Scale was another theme of the workshops. The size of modern government=
s reflects the technology at the time of their founding. European countrie=
s and the early American states are a particular size because that was a g= overnable size in the eighteenth and nineteenth centuries. Larger governme=
nts -- those of the United States as a whole and of the European Union --=
reflect a world where travel and communications are easier. Today=2C thou= gh=2C the problems we have are either local=2C at the scale of cities and=
towns=2C or global. Do we really have need for a political unit the size=
of France or Virginia? Or is it a mixture of scales that we really need=
=2C one that moves effectively between the local and the global?</p>

<p>As to other forms of democracy=2C we discussed one from history and ano= ther made possible by today=E2=80=99s technology. Sortition is a system of=
choosing political officials randomly. We use it today when we pick jurie= s=2C but both the ancient Greeks and some cities in Renaissance Italy used=
it to select major political officials. Today=2C several countries -- lar= gely in Europe -- are using the process to decide policy on complex issues=
=2E We might randomly choose a few hundred people=2C representative of the p= opulation=2C to spend a few weeks being briefed by experts=2C debating the=
issues=2C and then deciding on environmental regulations=2C or a budget=
=2C or pretty much anything.</p>

<p>=E2=80=9CLiquid democracy=E2=80=9D is a way of doing away with election=
s altogether. The idea is that everyone has a vote and can assign it to an= yone they choose. A representative collects the proxies assigned to him or=
her and can either vote directly on the issues or assign all the proxies=
to someone else. Perhaps proxies could be divided: this person for econom=
ic matters=2C another for health matters=2C a third for national defense=
=2C and so on. In the purer forms of this system=2C people might transfer=
their votes to someone else at any time. There would be no more election=
days: vote counts might change every day.</p>

<p>And then=2C there is the question of participation and=2C more generall= y=2C whose interests are taken into account. Early democracies were really=
not democracies at all; they limited participation by gender=2C race=2C a=
nd land ownership. These days=2C to achieve a more comprehensive electorat=
e we could lower the voting age. But=2C of course=2C even children too you=
ng to vote have rights=2C and in some cases so do other species. Should fu= ture generations be given a =E2=80=9Cvoice=2C=E2=80=9D whatever that means=
? What about nonhumans=2C or whole ecosystems? Should everyone have the sa=
me volume and type of voice? Right now=2C in the United States=2C the very=
wealthy have much more influence than others do. Should we encode that su= periority explicitly? Perhaps younger people should have a more powerful v=
ote than everyone else. Or maybe older people should.</p>

<p>In the workshops=2C those questions led to others about the limits of d= emocracy. All democracies have boundaries limiting what the majority can d= ecide. We are not allowed to vote <em>Common Knowledge</em> out of existen= ce=2C for example=2C but can generally regulate speech to some degree. We=
cannot vote=2C in an election=2C to jail someone=2C but we can craft laws=
that make a particular action illegal. We all have the right to certain t= hings that cannot be taken away from us. In the community of our future=2C=
what should be our rights as individuals? What should be the rights of so= ciety=2C superseding those of individuals?</p>

<p>Personally=2C I was most interested=2C at each of the three workshops=
=2C in how political systems fail. As a security technologist=2C I study h=
ow complex systems are subverted -- <em>hacked</em>=2C in my parlance -- f=
or the benefit of a few at the expense of the many. Think of tax loopholes=
=2C or tricks to avoid government regulation. These hacks are common today=
=2C and AI tools will make them easier to find -- and even to design -- in=
the future. I would want any government system to be resistant to tricker=
y. Or=2C to put it another way: I want the interests of each individual to=
align with the interests of the group at every level. We have never had a=
system of government with this property=2C but -- in a time of existentia=
l risks such as climate change -- it is important that we develop one.</p>

<p>Would this new system of government even be called =E2=80=9Cdemocracy= =E2=80=9D? I truly do not know.</p>

<p>Such speculation is not practical=2C of course=2C but still is valuable=
=2E Our workshops did not produce final answers and were not intended to do=
so. Our discourse was filled with suggestions about how to patch our poli= tical system where it is fraying. People regularly debate changes to the U=
S Electoral College=2C or the process of determining voting districts=2C o=
r the setting of term limits. But those are incremental changes. It is dif= ficult to find people who are thinking more radically: looking beyond the=
horizon -- not at what is possible today but at what may be possible even= tually. Thinking incrementally is critically important=2C but it is also m= yopic. It represents a hill-climbing strategy of continuous but quite limi=
ted improvements. We also need to think about discontinuous changes that w=
e cannot easily get to from here; otherwise=2C we may be forever stuck at=
local maxima. And while true innovation in politics is a lot harder than=
innovation in technology=2C especially without a violent revolution forci=
ng changes on us=2C it is something that we as a species are going to have=
to get good at=2C one way or another.</p>

<p>Our workshop will reconvene for a fourth meeting in December 2025.</p>

<h3 style=3D"font-size:110%;font-weight:bold">Note</h3>



<li>The First International Workshop on Reimagining Democracy (IWORD) was=
held December 7 -- 8=2C 2022. The Second IWORD was held December 12 -- 13=
=2C 2023. Both took place at the Harvard Kennedy School. The sponsors were=
the Ford Foundation=2C the Knight Foundation=2C and the Ash and Belfer Ce= nters of the Kennedy School. See <a href=3D"http://www.schneier.com/blog/a= rchives/2022/12/reimagining-democracy.html">Schneier=2C =E2=80=9CRecreatin=
g Democracy=E2=80=9D</a> and <a href=3D"http://www.schneier.com/blog/archi= ves/2024/01/second-interdisciplinary-workshop-on-reimagining-democracy.htm= l">Schneier=2C =E2=80=9CSecond Interdisciplinary Workshop.=E2=80=9D</a></l=

</ol>

<p><em>This essay was originally published in <a href=3D"https://read.duke= upress.edu/common-knowledge/article-abstract/30/3/354/398268/Reimagining-D= emocracy">Common Knowledge</a>.</em></p>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg20"><a name=3D"cg20"=

AI Vulnerability Finding</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/04/ai-vulnerabil= ity-finding.html"><strong>[2025.04.11]</strong></a> Microsoft is <a href= =3D"https://www.microsoft.com/en-us/security/blog/2025/03/31/analyzing-ope= n-source-bootloaders-finding-vulnerabilities-faster-with-ai/">reporting</a=

that its AI systems are able to find <a href=3D"https://www.bleepingcomp=

uter.com/news/security/microsoft-uses-ai-to-find-flaws-in-grub2-u-boot-bar= ebox-bootloaders/">new vulnerabilities</a> in source code:</p>

<blockquote><p>Microsoft discovered eleven vulnerabilities in GRUB2=2C inc= luding integer and buffer overflows in filesystem parsers=2C command flaws=
=2C and a side-channel in cryptographic comparison.</p>

<p>Additionally=2C 9 buffer overflows in parsing SquashFS=2C EXT4=2C CramF= S=2C JFFS2=2C and symlinks were discovered in U-Boot and Barebox=2C which=
require physical access to exploit.</p>

<p>The newly discovered flaws impact devices relying on UEFI Secure Boot=
=2C and if the right conditions are met=2C attackers can bypass security p= rotections to execute arbitrary code on the device.</p></blockquote>

<p>Nothing major here. These aren=E2=80=99t exploitable out of the box. Bu=
t that an AI system can do this at all is impressive=2C and I expect their=
capabilities to continue to improve.</p>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg21"><a name=3D"cg21"= >China Sort of Admits to Being Behind Volt Typhoon</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/04/china-sort-of= -admits-to-being-behind-volt-typhoon.html"><strong>[2025.04.14]</strong><=

<i>The Wall Street Journal</i> has the <a href=3D"https://www.wsj.com/=

politics/national-security/in-secret-meeting-china-acknowledged-role-in-u-= s-infrastructure-hacks-c5ab37cb?st=3DUfFBTh&reflink=3Darticle_copyURL_shar= e">story</a>:</p>

<blockquote><p>Chinese officials acknowledged in a secret December meeting=
that Beijing was behind a widespread series of alarming cyberattacks on U= =2ES. infrastructure=2C according to people familiar with the matter=2C unde= rscoring how hostilities between the two superpowers are continuing to esc= alate.</p>

<p>The Chinese delegation linked years of intrusions into computer network=
s at U.S. ports=2C water utilities=2C airports and other targets=2C to inc= reasing U.S. policy support for Taiwan=2C the people=2C who declined to be=
named=2C said.</p></blockquote>

<p>The admission wasn=E2=80=99t explicit:</p>

<blockquote><p>The Chinese official=E2=80=99s remarks at the December meet=
ing were indirect and somewhat ambiguous=2C but most of the American deleg= ation in the room interpreted it as a tacit admission and a warning to the=
U.S. about Taiwan=2C a former U.S. official familiar with the meeting sai= d.</p></blockquote>

<p>No surprise.</p>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=


<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg22"><a name=3D"cg22"= >Upcoming Speaking Engagements</a></h2>

<p><a href=3D"https://www.schneier.com/blog/archives/2025/04/upcoming-spea= king-engagements-45.html"><strong>[2025.04.14]</strong></a> This is a cur=
rent list of where and when I am scheduled to speak:</p>



<li>I=E2=80=99m giving an online talk on AI and trust for the <a href= =3D"https://plamadiso.weizenbaum-institut.de/events-2025/">Weizenbaum Inst= itute</a> on April 24=2C 2025 at 2:00 PM CEST (8:00 AM ET).</li>
</ul>

<p>The list is maintained on <a href=3D"https://www.schneier.com/events/">= this page</a>.</p>

<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=




<p>Since 1998=2C CRYPTO-GRAM has been a free monthly newsletter providing=
summaries=2C analyses=2C insights=2C and commentaries on security technol= ogy. To subscribe=2C or to read back issues=2C see <a href=3D"https://www.= schneier.com/crypto-gram/">Crypto-Gram's web page</a>.</p>

<p>You can also read these articles on my blog=2C <a href=3D"https://www.s= chneier.com">Schneier on Security</a>.</p>

<p>Please feel free to forward CRYPTO-GRAM=2C in whole or in part=2C to co= lleagues and friends who will find it valuable. Permission is also granted=
to reprint CRYPTO-GRAM=2C as long as it is reprinted in its entirety.</p>

<p><span style=3D"font-style: italic">Bruce Schneier is an internationally=
renowned security technologist=2C called a security guru by the <cite sty= le=3D"font-style:normal">Economist</cite>. He is the author of over one do=
zen books -- including his latest=2C <a href=3D"https://www.schneier.com/b= ooks/a-hackers-mind/"><cite style=3D"font-style:normal">A Hacker=E2=80=99s=
Mind</cite></a> -- as well as hundreds of articles=2C essays=2C and acade=
mic papers. His newsletter and blog are read by over 250=2C000 people. Sch= neier is a fellow at the Berkman Klein Center for Internet & Society at Ha= rvard University; a Lecturer in Public Policy at the Harvard Kennedy Schoo=
l; a board member of the Electronic Frontier Foundation=2C AccessNow=2C an=
d the Tor Project; and an Advisory Board Member of the Electronic Privacy=
Information Center and VerifiedVoting.org. He is the Chief of Security Ar= chitecture at Inrupt=2C Inc.</span></p>

<p>Copyright &copy; 2025 by Bruce Schneier.</p>


<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=

<p>Mailing list hosting graciously provided by <a href=3D"https://mailchim= p.com/">MailChimp</a>. Sent without web bugs or link tracking.</p>
<p>This email was sent to: cryptogram@toolazy.synchro.net
<br><em>You are receiving this email because you subscribed to the Crypto-= Gram newsletter.</em></p>

<p><a style=3D"display:inline-block" href=3D"https://schneier.us18.list-ma= nage.com/unsubscribe?u=3Df99e2b5ca82502f48675978be&id=3D22184111ab&t=3Db&e= =3D70f249ec14&c=3D4cd42e8a8c">unsubscribe from this list</a>&nbsp;&nbsp;&nbs= p;&nbsp;<a style=3D"display:inline-block" href=3D"https://schneier.us18.li= st-manage.com/profile?u=3Df99e2b5ca82502f48675978be&id=3D22184111ab&e=3D70f249ec14&c=3D4cd42e8a8c">update subscription preferences</a>
<br>Bruce Schneier &middot; Harvard Kennedy School &middot; 1 Brattle Squa=
re &middot; Cambridge=2C MA 02138 &middot; USA</p>


</body></html>
--_----------=_MCPart_1741000653--