Over the last month, on our New Republic: Security States newsfeed, we rolled out a series designed to explain why fairly allocating the costs of software deficiencies between software makers and users is so critical to addressing the growing problem of vulnerability-ridden code---and how such a regime will require questioning some of our deep-seated beliefs about the very nature of software security. Below is a consolidation of the five-part series in full.
Latest in Security States
Does holding software providers accountable for the insecurity of their code amount to going nuclear on the industry---the equivalent of pushing the big red button? I argue that this is the way critics see it, in the fifth and final installment of our Security States cyberliability series. Meanwhile proponents see liability as a far subtler weapon, along the lines of a many-levered machine. The distinction is a crucial one, one that suggests the two sides are talking past each other.
If you believe software providers should be held more accountable for insecure code or coding practices, you might be tempted to point an accusing finger at the contract law framework that courts use to parse software license agreements. The problem is a little bigger than contract law, I argue, in the latest installment of our Security States cyberliability series.
We're a long ways way off from a trial in United States v. Mohammed et. al.
That's the essence of my Security States piece, which went up today. It begins:
So when will the 9/11 case go to trial, anyway? I have observed the Guantanamo proceedings for a while now, and hear the question a lot—from supporters and critics of the military prosecution of Khalid Sheikh Mohammed and four accused co-conspirators.
As part of our work on a chapter for an upcoming book on Madisonian thought and contemporary public policy, Ben and I wrote this piece for Security States about James Madison's vacillations on executive power and security issues---first as Founder, then as opposition leader, and then as President. Lawfare readers might remember that last year, we wrote a book chapter entitled "
What do software users have in common with Mary Mallon, better known today as Typhoid Mary? A lot---and that's why we shouldn't be leaving the quality of code in the hands of the market. Confused? Connect the rest of the dots over at Security States, where we've just published the latest installment in our series on what it would take to hold software makers liable for the insecurity of their products.
Over at The New Republic’s Security States blog, I have a new essay up entitled, “Courts Influence National Security Without Doing a Single Thing.” It begins:
Over at TNR's Security States, Matt and I have a new piece about international calls to ban autonomous weapon systems. It begins like this:
Via the New Republic's Security States blog, I have a new essay up on last week's Ninth Circuit decision in Hamad, and how it's part of the larger pattern of judicial hostility to damages suits in counterterrorism cases--not on the merits, but on an ever-increasing range of non-substantiv
What does the government's demand for Lavabit's encryption keys have to do with its justification for its bulk data collection under FISA Section 215? Basic logic. I dub that logic the "sieve theory" of government data filtration, in my latest piece over at the New Republic: Security States (a note to the mathematically inclined: this has nothing to do with sifted sets of integers).