The long-form piece I have been writing for nine months is finally out. The argument: the commercial security infrastructure and the state-level surveillance infrastructure are, in many places, the same infrastructure.
Three days after the Optic Nerve story. The data-residency advice we have been giving for nine months is only as good as the weakest jurisdiction the data transits. Plus Mt. Gox's bankruptcy filing, briefly.
The year retrospective. 2013 has been the largest single year of structural change in the threat landscape since 2011 — and where 2011 was about specific failures, 2013 has been about the trust chain itself.
Four days after the BULLRUN disclosure. The $250-million-a-year programme to defeat commercial encryption, the Edgehill GCHQ equivalent, and the confirmation of what Niels Ferguson and Dan Shumow had been suggesting about Dual_EC_DRBG since 2007.
Three months since the first Snowden story. Manning sentenced on Wednesday, identified as Chelsea on Thursday. The engagement implications I have been adapting through June and July are now stable enough to write down in summary.
Sixteen days after the Tempora disclosure. GCHQ has been running, with NSA cooperation, full-content interception of approximately two hundred fibre-optic cables landing in the UK. The capability is operational.
The Verizon FISA order is the kind of disclosure I have been writing about as theoretical for two years. PRISM is the kind I have been writing about as theoretical for ten. The trust-the-platform default is not defensible after this week.