Lavabit Suit As a Precedent?

“The government’s citation of the Lavabit case, and their description of its outcome, is disturbingly disingenuous,” Levison wrote on Facebook. “The language used [in the footnote] is incredibly misleading, as it insinuates a precedent unsupported by the appellate court’s ruling…. This verbiage suggests the seizure of third party encryption keys was found lawful by the appellate court, which is wholly unsupported by the appellate court’s opinion.”

NIST 800-53 Rev 5

NIST intends to roll out revision 5 of the 800-53 standard (FISMA) in 2016.  They want your feedback.  If you (like I) have to endure the implementation of these controls, give them your feedback.  Help your fellow practitioners.

Some interesting elements from the Pre-Draft Call for Comments:

  • Addition of Keywords
  • Addition of hyperlinks to related documents

I really think these are good additions to the standard and hope the body goes forward with their inclusion.

Pre-Encryption Access?

Steve Blank has speculated that the NSA has corrupted the Intel/Microsoft microcode update process.  Microsoft has already admitted they have been compelled by the US government to build a back door in to their chat service.  The chat service is encrypted, but not for the NSA.  Steve Blank believes the revelation that the NSA has “pre-encryption stage access to email on Outlook.com, including Hotmail” means they have a back door farther down in the stack.  He postulates the NSA can inject their own code in to the encrypted Intel microcode update packages.

If someone had speculated this sort of thing a year ago I would have labeled them a conspiracy loony and asked them to take off their tinfoil hat.  Now, I’m not so sure.