<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>national security policy &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/national-security-policy/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Wed, 25 Jun 2025 16:03:13 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>White House Bans WhatsApp</title>
		<link>https://noise.getoto.net/2025/06/26/white-house-bans-whatsapp/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 26 Jun 2025 11:00:49 +0000</pubDate>
				<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[Meta]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[whatsapp]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70412</guid>

					<description><![CDATA[Reuters is reporting that the White House has banned WhatsApp on all employee devices:
The notice said the &#8220;Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of ...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Hearing on the Federal Government and AI</title>
		<link>https://noise.getoto.net/2025/06/06/hearing-on-the-federal-government-and-ai/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 06 Jun 2025 17:43:00 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[Schneier news]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[video]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70325</guid>

					<description><![CDATA[On Thursday I testified before the House Committee on Oversight and Government Reform at a hearing titled &#8220;The Federal Government in the Age of Artificial Intelligence.&#8221;
The other speakers mostly talked about how cool AI was&#8212;and somet...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>US as a Surveillance State</title>
		<link>https://noise.getoto.net/2025/05/01/us-as-a-surveillance-state/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 01 May 2025 16:02:50 +0000</pubDate>
				<category><![CDATA[data collection]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[Privacy]]></category>
		<category><![CDATA[surveillance]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70195</guid>

					<description><![CDATA[Two essays were just published on DOGE&#8217;s data collection and aggregation, and how it ends with a modern surveillance state.
It&#8217;s good to see this finally being talked about.
EDITED TO ADD (5/3): Here&#8217;s a free link to that first essay.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>CVE Program Almost Unfunded</title>
		<link>https://noise.getoto.net/2025/04/16/cve-program-almost-unfunded/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 16 Apr 2025 15:19:30 +0000</pubDate>
				<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[DHS]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70138</guid>

					<description><![CDATA[<p>Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to <a href="https://www.csoonline.com/article/3963190/cve-program-faces-swift-end-after-dhs-fails-to-renew-contract-leaving-security-flaw-tracking-in-limbo.html">be cancelled</a>, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute.</p>
<p>This is a big deal. The CVE program is one of those pieces of common infrastructure that everyone benefits from. Losing it will bring us back to a world where there’s no single way to talk about vulnerabilities. It’s kind of crazy to think that the US government might damage its own security in this way—but I suppose no crazier than any of the other ways the US is working against its own interests right now...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Arguing Against CALEA</title>
		<link>https://noise.getoto.net/2025/04/08/arguing-against-calea/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 08 Apr 2025 11:08:13 +0000</pubDate>
				<category><![CDATA[CALEA]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[eavesdropping]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[Telecom]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70097</guid>

					<description><![CDATA[<p>At a Congressional <a href="https://oversight.house.gov/hearing/salt-typhoon-securing-americas-telecommunications-from-state-sponsored-cyber-attacks/">hearing</a> earlier this week, Matt Blaze <a href="https://oversight.house.gov/wp-content/uploads/2025/04/Blaze-Written-Testimony.pdf">made the point</a> that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought:</p>
<blockquote><p>In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that must implement and protect it has changed radically. This has greatly expanded the “attack surface” that must be defended to prevent unauthorized wiretaps, especially at scale. The job of the illegal eavesdropper has gotten significantly easier, with many more options and opportunities for them to exploit. Compromising our telecommunications infrastructure is now little different from performing any other kind of computer intrusion or data breach, a well-known and endemic cybersecurity problem. To put it bluntly, something like Salt Typhoon was inevitable, and will likely happen again unless significant changes are made...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>DIRNSA Fired</title>
		<link>https://noise.getoto.net/2025/04/07/dirnsa-fired/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 07 Apr 2025 11:03:36 +0000</pubDate>
				<category><![CDATA[national security policy]]></category>
		<category><![CDATA[NSA]]></category>
		<category><![CDATA[Privacy]]></category>
		<category><![CDATA[surveillance]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70093</guid>

					<description><![CDATA[<p>In “<a href="https://www.schneier.com/books/secrets-and-lies/">Secrets and Lies</a>” (2000), I wrote:</p>
<blockquote><p>It is poor civic hygiene to install technologies that could someday facilitate a police state.</p></blockquote>
<p>It’s something a bunch of us were saying at the time, in reference to the vast NSA’s surveillance capabilities.</p>
<p>I have been thinking of that quote a lot as I read <a href="https://www.nytimes.com/2025/04/05/us/politics/nsa-director-haugh-trump-loomer.html">news</a> <a href="https://www.washingtonpost.com/national-security/2025/04/03/nsa-director-fired-tim-haugh/">stories</a> <a href="https://apnews.com/article/trump-national-security-agency-tim-haugh-ec08b455e2c1112f5c6bb1881fad73e2">of</a> President Trump firing the Director of the National Security Agency. General Timothy Haugh.</p>
<p>A couple of weeks ago, I <a href="https://foreignpolicy.com/2025/03/28/signal-chat-leak-trump-technology-security-houthis-group-defense-nsa/">wrote</a>:</p>
<blockquote><p>We don’t know what pressure the Trump administration is using to make intelligence services fall into line, but it isn’t crazy to ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>DOGE as a National Cyberattack</title>
		<link>https://noise.getoto.net/2025/02/13/doge-as-a-national-cyberattack/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 13 Feb 2025 12:03:26 +0000</pubDate>
				<category><![CDATA[breaches]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69910</guid>

					<description><![CDATA[<p>In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the implications for national security are profound.</p>
<p>First, it was reported that people associated with the newly created Department of Government Efficiency (DOGE) had <a href="https://bsky.app/profile/wyden.senate.gov/post/3lh5ejpwncc23">accessed</a> <a href="https://www.nytimes.com/2025/02/01/us/politics/elon-musk-doge-federal-payments-system.html">the</a> <a href="https://nymag.com/intelligencer/article/elon-musk-doge-treasury-access-federal-payments.html">US</a> <a href="https://therecord.media/union-groups-sue-treasury-over-giving-doge-access-to-data">Treasury</a> computer system, giving them the ability to collect data on and potentially control the department’s roughly ...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>US Treasury Department Sanctions Chinese Company Over Cyberattacks</title>
		<link>https://noise.getoto.net/2025/01/07/us-treasury-department-sanctions-chinese-company-over-cyberattacks/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 07 Jan 2025 12:00:42 +0000</pubDate>
				<category><![CDATA[china]]></category>
		<category><![CDATA[cyberattack]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69764</guid>

					<description><![CDATA[From the Washington Post:
The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>The Scale of Geoblocking by Nation</title>
		<link>https://noise.getoto.net/2024/11/22/the-scale-of-geoblocking-by-nation/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 22 Nov 2024 12:06:07 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[Cuba]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[Privacy]]></category>
		<category><![CDATA[surveillance]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69614</guid>

					<description><![CDATA[<p>Interesting <a href="https://www.lawfaremedia.org/article/how-geoblocking-limits-digital-access-in-sanctioned-states">analysis</a>:</p>
<blockquote><p>We introduce and explore a little-known threat to digital equality and freedom­websites geoblocking users in response to political risks from sanctions. U.S. policy prioritizes internet freedom and access to information in repressive regimes. Clarifying distinctions between free and paid websites, allowing trunk cables to repressive states, enforcing transparency in geoblocking, and removing ambiguity about sanctions compliance are concrete steps the U.S. can take to ensure it does not undermine its own aims.</p></blockquote>
<p>The paper: “...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>NIST Releases First Post-Quantum Encryption Algorithms</title>
		<link>https://noise.getoto.net/2024/08/15/nist-releases-first-post-quantum-encryption-algorithms/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 15 Aug 2024 15:37:42 +0000</pubDate>
				<category><![CDATA[Cryptography]]></category>
		<category><![CDATA[encryption]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[nist]]></category>
		<category><![CDATA[quantum computing]]></category>
		<category><![CDATA[security standards]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69264</guid>

					<description><![CDATA[<p>From the <a href="https://www.govinfo.gov/content/pkg/FR-2024-08-14/pdf/2024-17956.pdf">Federal Register</a>:</p>
<blockquote><p>After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+.</p></blockquote>
<p>These algorithms are part of three NIST standards that have been finalized:</p>
<ul>
<li>FIPS 203: <a href="https://csrc.nist.gov/pubs/fips/203/final">Module-Lattice-Based Key-Encapsulation Mechanism Standard</a></li>
<li>FIPS 204: <a href="https://csrc.nist.gov/pubs/fips/204/final">Module-Lattice-Based Digital Signature Standard</a></li>
<li>FIPS 205: <a href="https://csrc.nist.gov/pubs/fips/203/final">Stateless Hash-Based Digital Signature Standard...</a></li></ul>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Problems with Georgia’s Voter Registration Portal</title>
		<link>https://noise.getoto.net/2024/08/07/problems-with-georgias-voter-registration-portal/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 07 Aug 2024 11:10:00 +0000</pubDate>
				<category><![CDATA[fraud]]></category>
		<category><![CDATA[Georgia]]></category>
		<category><![CDATA[identification]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[voting]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69231</guid>

					<description><![CDATA[<p>It’s possible to <a href="https://www.propublica.org/article/georgia-voter-registration-cancellation-portal-mtg-raffensperger">cancel</a> other people’s voter registrations:</p>
<blockquote><p>On Friday, four days after Georgia Democrats <a href="https://x.com/GASenateDems/status/1817949715234717988">began warning</a> that bad actors could abuse the state’s new online portal for canceling voter registrations, the Secretary of State’s Office acknowledged to ProPublica that it had identified multiple such attempts…</p>
<p>…the portal suffered at least two security glitches that briefly exposed voters’ dates of birth, the last four digits of their Social Security numbers and their full driver’s license numbers—the exact information needed to cancel others’ voter registrations...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>On the CSRB’s Non-Investigation of the SolarWinds Attack</title>
		<link>https://noise.getoto.net/2024/07/08/on-the-csrbs-non-investigation-of-the-solarwinds-attack/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 08 Jul 2024 17:59:33 +0000</pubDate>
				<category><![CDATA[cyberattack]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[DHS]]></category>
		<category><![CDATA[microsoft]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[russia]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69131</guid>

					<description><![CDATA[ProPublica has a long investigative article on how the Cyber Safety Review Board failed to investigate the SolarWinds attack, and specifically Microsoft&#8217;s culpability, even though they were directed by President Biden to do so.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>James Bamford on Section 702 Extension</title>
		<link>https://noise.getoto.net/2024/06/28/james-bamford-on-section-702-extension/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 28 Jun 2024 11:04:54 +0000</pubDate>
				<category><![CDATA[fisa]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[NSA]]></category>
		<category><![CDATA[Privacy]]></category>
		<category><![CDATA[surveillance]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69104</guid>

					<description><![CDATA[Longtime NSA-watcher James Bamford has a long article on the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA).
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>The US Is Banning Kaspersky</title>
		<link>https://noise.getoto.net/2024/06/26/the-us-is-banning-kaspersky/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 26 Jun 2024 11:06:26 +0000</pubDate>
				<category><![CDATA[antivirus]]></category>
		<category><![CDATA[cyberespionage]]></category>
		<category><![CDATA[espionage]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69100</guid>

					<description><![CDATA[<p><a href="https://www.wired.com/story/us-bans-kaspersky-software/?redirectURL=https%3A%2F%2Fwww.wired.com%2Fstory%2Fus-bans-kaspersky-software%2F">This move</a> has been coming for a long time.</p>
<blockquote><p>The Biden administration on Thursday said it’s <a>banning the company</a> from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates to existing customers through September 29. The ban—­the first such action under authorities given to the Commerce Department in 2019­—follows <a href="https://www.wired.com/story/wired-awake-140917/">years of warnings</a> from the US intelligence community about Kaspersky being a national security threat because Moscow could allegedly commandeer its all-seeing antivirus software to spy on its customers...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Espionage with a Drone</title>
		<link>https://noise.getoto.net/2024/06/06/espionage-with-a-drone/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 06 Jun 2024 15:51:54 +0000</pubDate>
				<category><![CDATA[drones]]></category>
		<category><![CDATA[espionage]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[photos]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68999</guid>

					<description><![CDATA[The US is using a World War II law that bans aircraft photography of military installations to charge someone with doing the same thing with a drone.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Microsoft and Security Incentives</title>
		<link>https://noise.getoto.net/2024/04/23/microsoft-and-security-incentives/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 23 Apr 2024 11:09:31 +0000</pubDate>
				<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[incentives]]></category>
		<category><![CDATA[microsoft]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68826</guid>

					<description><![CDATA[<p>Former senior White House cyber policy director A. J. Grotto <a href="https://www.theregister.com/AMP/2024/04/21/microsoft_national_security_risk/">talks about the economic incentives</a> for companies to improve their security—in particular, Microsoft:</p>
<blockquote><p>Grotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best.</p>
<p>[…]</p>
<p>“The government needs to focus on encouraging and catalyzing competition,” Grotto said. He believes it also needs to publicly scrutinize Microsoft and make sure everyone knows when it messes up...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Backdoor in XZ Utils That Almost Happened</title>
		<link>https://noise.getoto.net/2024/04/11/backdoor-in-xz-utils-that-almost-happened/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 11 Apr 2024 11:01:51 +0000</pubDate>
				<category><![CDATA[backdoors]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[economics of security]]></category>
		<category><![CDATA[essays]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[infrastructure]]></category>
		<category><![CDATA[linux]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[open source]]></category>
		<category><![CDATA[Social Engineering]]></category>
		<category><![CDATA[ssh]]></category>
		<category><![CDATA[supply chain]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68771</guid>

					<description><![CDATA[<p>Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the <a href="https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/">story of the attack</a> and its <a href="https://www.nytimes.com/2024/04/03/technology/prevent-cyberattack-linux.html">discovery</a>: The security of the global Internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers. It’s an untenable situation, and one that is being exploited by malicious actors. Yet precious little is being done to remedy it...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>OpenAI Is Not Training on Your Dropbox Documents—Today</title>
		<link>https://noise.getoto.net/2023/12/19/openai-is-not-training-on-your-dropbox-documents-today/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 19 Dec 2023 12:09:13 +0000</pubDate>
				<category><![CDATA[artificial intelligence]]></category>
		<category><![CDATA[data collection]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[trust]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68211</guid>

					<description><![CDATA[<p>There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents.</p>
<p>Here’s <a href="https://www.cnbc.com/2023/12/13/how-to-stop-dropbox-from-sharing-your-personal-files-with-openai.html">CNBC</a>. Here’s <a href="https://boingboing.net/2023/12/14/dropbox-is-sharing-users-files-with-openai-heres-how-to-opt-out.html">Boing Boing</a>. Some articles are <a href="https://arstechnica.com/information-technology/2023/12/dropbox-spooks-users-by-sending-data-to-openai-for-ai-search-features/">more nuanced</a>, but there’s still a <a href="https://www.computing.co.uk/news/4157118/dropbox-backlash-openai-sharing">lot</a> <a href="https://www.thestack.technology/dropbox-openai-ai-toggle-werner-privacy/">of</a> <a href="https://tech.co/news/stop-dropbox-sharing-data-openai">confusion</a>.</p>
<p>It seems not to be true. Dropbox isn’t sharing all of your documents with OpenAI. But here’s the problem: we don’t trust OpenAI. We don’t trust tech corporations. And—to be fair—corporations in general. We have no reason to.</p>
<p>Simon Willison <a href="https://twitter.com/simonw/status/1735086765814542802">nails</a> it in a tweet:</p>
<blockquote><p>“OpenAI are training on every piece of data they see, even when they say they aren’t” is the new “Facebook are showing you ads based on overhearing everything you say through your phone’s microphone.”...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Spying through Push Notifications</title>
		<link>https://noise.getoto.net/2023/12/07/spying-through-push-notifications/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 07 Dec 2023 12:02:07 +0000</pubDate>
				<category><![CDATA[metadata]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[Privacy]]></category>
		<category><![CDATA[spyware]]></category>
		<category><![CDATA[surveillance]]></category>
		<category><![CDATA[transparency]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68174</guid>

					<description><![CDATA[<p>When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them—either for their own reasons or in response to government demands.</p>
<p>Sen. Wyden is trying to <a href="https://www.reuters.com/technology/cybersecurity/governments-spying-apple-google-users-through-push-notifications-us-senator-2023-12-06/">get to the bottom of this</a>:</p>
<blockquote><p>In a statement, Apple said that Wyden’s letter gave them the opening they needed to share more details with the public about how governments monitored push notifications.</p>
<p>“In this case, the federal government prohibited us from sharing any information,” the company said in a statement. “Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.”...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>EPA Won’t Force Water Utilities to Audit Their Cybersecurity</title>
		<link>https://noise.getoto.net/2023/10/24/epa-wont-force-water-utilities-to-audit-their-cybersecurity/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 24 Oct 2023 11:02:03 +0000</pubDate>
				<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[infrastructure]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[utilities]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67980</guid>

					<description><![CDATA[<p>The industry <a href="https://www.engadget.com/the-epa-wont-force-water-utilities-to-inspect-their-cyber-defenses-232301497.html">pushed back</a>:</p>
<blockquote><p>Despite the EPA’s willingness to provide training and technical support to help states and public water system organizations implement cybersecurity surveys, the move garnered opposition from both GOP state attorneys and trade groups.</p>
<p>Republican state attorneys that were against the new proposed policies said that the call for new inspections could overwhelm state regulators. The attorney generals of Arkansas, Iowa and <a href="https://www.courtlistener.com/docket/67221180/state-of-missouri-v-epa/">Missouri</a> all sued the EPA—claiming the agency had no authority to set these requirements. This led to the EPA’s proposal being ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 42/328 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-08 19:10:53 by W3 Total Cache
-->