Ross J. Anderson
Ross John Anderson, FRS, FREng is a researcher and industry consultant in security engineering. He is Professor of Security Engineering at the Computer Laboratory, University of Cambridge where he is part of the University's security group. Anderson was educated at the High School of Glasgow. In 1978, he graduated with a Bachelor of Arts in mathematics and natural science from Trinity College and subsequently received a qualification in computer engineering. Anderson worked in the avionics and banking industry before moving back to the University of Cambridge in 1992, to work on his doctorate under the supervision of Roger Needham and start his career as an academic researcher, he received his PhD in 1995, became a lecturer in the same year. Anderson's research interests are in security, cryptology and technology policy. In cryptography, he designed with Eli Biham the BEAR, LION and Tiger cryptographic primitives, co-wrote with Biham and Lars Knudsen the block cipher Serpent, one of the finalists in the Advanced Encryption Standard competition.
He has discovered weaknesses in the FISH cipher and designed the stream cipher Pike. In 1998, Anderson founded the Foundation for Information Policy Research, a think tank and lobbying group on information-technology policy. Anderson is a founder of the UK-Crypto mailing list and the economics of security research domain, he is well-known among Cambridge academics as an outspoken defender of academic freedoms, intellectual property and other matters of university politics. He is engaged in the ″Campaign for Cambridge Freedoms″ and has been an elected member of Cambridge University Council since 2002. In January 2004, the student newspaper Varsity declared Anderson to be Cambridge University's "most powerful person". In 2002, he became an outspoken critic of trusted computing proposals, in particular Microsoft's Palladium operating system vision. Anderson's TCPA FAQ has been characterised by IBM TC researcher David R. Safford as "full of technical errors" and of "presenting speculation as fact."For years Anderson has been arguing that by their nature large databases will never be free of abuse by breaches of security.
He has said. This is sometimes known as Anderson's Rule. Anderson is the author of Security Engineering, published by Wiley in 2001, he was the editor of Computer and Communications Security Reviews. After the vast Global surveillance disclosure leaked by Edward Snowden beginning in June 2013 Anderson suggested one way to begin stamping out the British state's unaccountable involvement in this NSA spying scandal is to end the domestic secret services. Anderson: “Were I a legislator, I would abolish MI5." Anderson notes the only way this kind of systemic data collection has been made possible was through the business models of private industry. The value of information-driven web companies such as Facebook and Google is built around their ability to gather vast tracts of data, it was something. Anderson is a critic of smart meters, writing that there are various privacy and energy security concerns. Anderson was elected a Fellow of the Royal Society in 2009, his nomination reads: Anderson was elected a Fellow of the Royal Academy of Engineering in 2009
EMV is a payment method based upon a technical standard for smart payment cards and for payment terminals and automated teller machines that can accept them. EMV cards are smart cards that store their data on integrated circuits in addition to magnetic stripes; these include cards that must be physically inserted into a reader, as well as contactless cards that can be read over a short distance using near-field communication technology. Payment cards that comply with the EMV standard are called Chip and PIN or Chip and Signature cards, depending on the authentication methods employed by the card issuer. There are standards based on ISO/IEC 7816 for contact cards, standards based on ISO/IEC 14443 for contactless cards. EMV stood for "Europay and Visa", the three companies that created the standard; the standard is now managed by a consortium of financial companies. The most known chips of the EMV standard are VIS – Visa Mastercard chip – Mastercard AEIPS – American Express UICS – China Union Pay J Smart – JCB D-PAS – Discover/Diners Club International.
Rupay – NPCIVisa and Mastercard have developed standards for using EMV cards in devices to support card not present transactions over the telephone and Internet. Mastercard has the Chip Authentication Program for secure e-commerce, its implementation supports a number of modes. Visa has the Dynamic Passcode Authentication scheme, their implementation of CAP using different default values. In February 2010, computer scientists from Cambridge University demonstrated that an implementation of EMV PIN entry is vulnerable to a man-in-the-middle attack but only implementations where the PIN was validated offline were vulnerable; until the introduction of Chip & PIN, all face-to-face credit or debit card transactions involved the use of a magnetic stripe or mechanical imprint to read and record account data, a signature for purposes of identity verification. The customer hands their card to the cashier at the point of sale who passes the card through a magnetic reader or makes an imprint from the raised text of the card.
In the former case, the system prints a slip for the customer to sign. In the case of a mechanical imprint, the transaction details are filled in, a list of stolen numbers is consulted, the customer signs the imprinted slip. In both cases the cashier must verify that the customer's signature matches that on the back of the card to authenticate the transaction. Using the signature on the card as a verification method has a number of security flaws, the most obvious being the relative ease with which cards may go missing before their legitimate owners can sign them. Another involves the erasure and replacement of legitimate signature, yet another involves the forgery of the correct signature on the card. More technology has become available on the black market for both reading and writing the magnetic stripes, making cards easy to clone and use without the owner's knowledge; the first standard for smart payment cards was the Carte Bancaire M4 from Bull-CP8 deployed in France in 1986, followed by the B4B0' deployed in 1989.
Geldkarte in Germany predates EMV. EMV was designed to allow terminals to be backwardly compatible with these standards. France has since migrated all its card and terminal infrastructure to EMV. EMV stood for Europay and Visa, the three companies that created the standard; the standard is now managed by EMVCo, a consortium with control split among Visa, Mastercard, JCB, American Express, China UnionPay, Discover. The EMV standard was written in 1993 and 1994. JCB joined the consortium in February 2009, China UnionPay in May 2013, Discover in September 2013. There are two major benefits to moving to smart-card-based credit card payment systems: improved security, the possibility for finer control of "offline" credit-card transaction approvals. One of the original goals of EMV was to provide for multiple applications on a card: for a credit and debit card application or an e-purse. With current processing regulations in the United States, new issue debit cards contain two applications — a card association application, a common debit application.
The common debit application ID is somewhat of a misnomer as each "common" debit application uses the resident card association application. EMV chip card transactions improve security against fraud compared to magnetic stripe card transactions that rely on the holder's signature and visual inspection of the card to check for features such as hologram; the use of a PIN and cryptographic algorithms such as Triple DES, RSA and SHA provide authentication of the card to the processing terminal and the card issuer's host system. The processing time is comparable to online transactions, in which communications delay accounts for the majority of the time, while cryptographic operations at the terminal take comparatively little time; the supposed increased protection from fraud has allowed banks and credit card issuers to push through a "liability shift", such that merchants are now liable for any fraud that results from transactions on systems that are not EMV-capable. Although not the only possible method, the majority of implementations of EMV cards and terminals confirm the identity of the cardholder by requiring the entry of a personal identification number rather than signing a paper receipt.
Whether or not PIN authentication takes pl
Privacy is the ability of an individual or group to seclude themselves, or information about themselves, thereby express themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share common themes; when something is private to a person, it means that something is inherently special or sensitive to them. The domain of privacy overlaps with security, which can include the concepts of appropriate use, as well as protection of information. Privacy may take the form of bodily integrity; the right not to be subjected to unsanctioned invasions of privacy by the government, corporations or individuals is part of many countries' privacy laws, in some cases, constitutions. All countries have laws. An example of this would be law concerning taxation, which requires the sharing of information about personal income or earnings. In some countries individual privacy may conflict with freedom of speech laws and some laws may require public disclosure of information which would be considered private in other countries and cultures.
This was a major concern in the United States, with the Supreme Court passage of Citizens United. Privacy may be voluntarily sacrificed in exchange for perceived benefits and often with specific dangers and losses, although this is a strategic view of human relationships. For example, people may be ready to reveal their name, if that allows them to promote trust by others and thus build meaningful social relations. Research shows that people are more willing to voluntarily sacrifice privacy if the data gatherer is seen to be transparent as to what information is gathered and how it is used. In the business world, a person may volunteer personal details in order to gamble on winning a prize. A person may disclose personal information as part of being an executive for a publicly traded company in the USA pursuant to federal securities law. Personal information, voluntarily shared but subsequently stolen or misused can lead to identity theft; the concept of universal individual privacy is a modern construct associated with Western culture and North American in particular, remained unknown in some cultures until recent times.
According to some researchers, this concept sets Anglo-American culture apart from Western European cultures such as French or Italian. Most cultures, recognize the ability of individuals to withhold certain parts of their personal information from wider society—closing the door to one's home, for example; the distinction or overlap between secrecy and privacy is ontologically subtle, why the word "privacy" is an example of an untranslatable lexeme, many languages do not have a specific word for "privacy". Such languages either use a complex description to translate the term or borrow from English "privacy"; the distinction hinges on the discreteness of interests of parties, which can have emic variation depending on cultural mores of individualism and the negotiation between individual and group rights. The difference is sometimes expressed humorously. A broad multicultural literary tradition going to the beginnings of recorded history discusses the concept of privacy. One way of categorizing all concepts of privacy is by considering all discussions as one of these concepts: the right to be let alone the option to limit the access others have to one's personal information secrecy, or the option to conceal any information from others control over others' use of information about oneself states of privacy personhood and autonomy self-identity and personal growth protection of intimate relationships In 1890 the United States jurists Samuel D. Warren and Louis Brandeis wrote The Right to Privacy, an article in which they argued for the "right to be let alone", using that phrase as a definition of privacy.
There is extensive commentary over the meaning of being "let alone", among other ways, it has been interpreted to mean the right of a person to choose seclusion from the attention of others if they wish to do so, the right to be immune from scrutiny or being observed in private settings, such as one's own home. Although this early vague legal concept did not describe privacy in a way that made it easy to design broad legal protections of privacy, it strengthened the notion of privacy rights for individuals and began a legacy of discussion on those rights. Limited access refers to a person's ability to participate in society without having other individuals and organizations collect information about them. Various theorists have imagined privacy as a system for limiting access to one's personal information. Edwin Lawrence Godkin wrote in the late 19th century that "nothing is better worthy of legal protection than private life, or, in other words, the right of every man to keep his affairs to himself, to decide for himself to what extent they shall be the subject of public observation and discussion."
Adopting an approach similar to the one presented by Ruth Gavison 9 years earlier, Sissela Bok said that privacy is "the condition of being protected from unwanted access by others—either physical access, personal information, or attention." Control over one's personal information is the concept that "privacy is the claim of individuals, groups, or institutions to determine for themselves when, to what extent information about them is communicated to others." Charles Fried said that
Tor (anonymity network)
Tor is free and open-source software for enabling anonymous communication. The name is derived from an acronym for the original software project name "The Onion Router". Tor directs Internet traffic through a free, volunteer overlay network consisting of more than seven thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity to the user: this includes "visits to Web sites, online posts, instant messages, other communication forms". Tor's intended use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored. If someone is attempting to maintain their anatomy online using tor, than it is crucial that everything be done within that browser. For example, if an action is done in chrome, safari, or other types of browsers. So stick to the Tor browser for complete autonomy from any overly intrusive government.
Tor does not prevent an online service from determining. Tor does not hide the fact that someone is using Tor; some websites restrict allowances through Tor. For example, the MediaWiki TorBlock extension automatically restricts edits made through Tor, although Wikipedia allows some limited editing in exceptional circumstances. Onion routing is implemented by encryption in the application layer of a communication protocol stack, nested like the layers of an onion. Tor encrypts the data, including the next node destination IP address, multiple times and sends it through a virtual circuit comprising successive, random-selection Tor relays; each relay decrypts a layer of encryption to reveal the next relay in the circuit to pass the remaining encrypted data on to it. The final relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing or knowing the source IP address; because the routing of the communication was concealed at every hop in the Tor circuit, this method eliminates any single point at which the communicating peers can be determined through network surveillance that relies upon knowing its source and destination.
An adversary may try to de-anonymize the user by some means. One way this may be achieved is by exploiting vulnerable software on the user's computer; the NSA had a technique that targets a vulnerability – which they codenamed "EgotisticalGiraffe" – in an outdated Firefox browser version at one time bundled with the Tor package and, in general, targets Tor users for close monitoring under its XKeyscore program. Attacks against Tor are an active area of academic research, welcomed by the Tor Project itself; the bulk of the funding for Tor's development has come from the federal government of the United States through the Office of Naval Research and DARPA. The core principle of Tor, "onion routing", was developed in the mid-1990s by United States Naval Research Laboratory employees, mathematician Paul Syverson, computer scientists Michael G. Reed and David Goldschlag, with the purpose of protecting U. S. intelligence communications online. Onion routing was further developed by DARPA in 1997; the alpha version of Tor, developed by Syverson and computer scientists Roger Dingledine and Nick Mathewson and called The Onion Routing project, or Tor project, launched on 20 September 2002.
The first public release occurred a year later. On 13 August 2004, Syverson and Mathewson presented "Tor: The Second-Generation Onion Router" at the 13th USENIX Security Symposium. In 2004, the Naval Research Laboratory released the code for Tor under a free license, the Electronic Frontier Foundation began funding Dingledine and Mathewson to continue its development. In December 2006, Dingledine and five others founded The Tor Project, a Massachusetts-based 501 research-education nonprofit organization responsible for maintaining Tor; the EFF acted as The Tor Project's fiscal sponsor in its early years, early financial supporters of The Tor Project included the U. S. International Broadcasting Bureau, Human Rights Watch, the University of Cambridge and Netherlands-based Stichting NLnet. From this period onward, the majority of funding sources came from the U. S. government. In November 2014 there was speculation in the aftermath of Operation Onymous that a Tor weakness had been exploited. A BBC source cited a "technical breakthrough" that allowed the tracking of the physical locations of servers.
In November 2015 court documents on the matter, besides generating serious concerns about security research ethics and the right of not being unreasonably searched guaranteed by the US Fourth Amendment, may link the law enforcement operation with an attack on Tor earlier in the year. In December 2015, The Tor Project announced that it had hired Shari Steele as its new executive director. Steele had led the Electronic Frontier Foundation for 15 years, in 2004 spearheaded EFF's decision to fund Tor's early development. One of her key stated aims is to make Tor more user-friendly in order to bring wider access to anonymous web browsing. In July 2016 the complete board of the Tor Project resigned, announced a new board, made up of Matt Blaze, Cindy Cohn, Gabriella Coleman, Linus Nordberg, Megan Price, Bruce Schneier. Tor enables its users to surf the Internet and send instant messages anonymously, is used by a wide variety of people for both licit and illicit purposes. Tor has, for example, been used by criminal enterprises, hacktivism groups, law enforcement agencies at cross purposes, sometimes simultaneously.
Virtual International Authority File
The Virtual International Authority File is an international authority file. It is a joint project of several national libraries and operated by the Online Computer Library Center. Discussion about having a common international authority started in the late 1990s. After a series of failed attempts to come up with a unique common authority file, the new idea was to link existing national authorities; this would present all the benefits of a common file without requiring a large investment of time and expense in the process. The project was initiated by the US Library of Congress, the German National Library and the OCLC on August 6, 2003; the Bibliothèque nationale de France joined the project on October 5, 2007. The project transitioned to being a service of the OCLC on April 4, 2012; the aim is to link the national authority files to a single virtual authority file. In this file, identical records from the different data sets are linked together. A VIAF record receives a standard data number, contains the primary "see" and "see also" records from the original records, refers to the original authority records.
The data are available for research and data exchange and sharing. Reciprocal updating uses the Open Archives Initiative Protocol for Metadata Harvesting protocol; the file numbers are being added to Wikipedia biographical articles and are incorporated into Wikidata. VIAF's clustering algorithm is run every month; as more data are added from participating libraries, clusters of authority records may coalesce or split, leading to some fluctuation in the VIAF identifier of certain authority records. Authority control Faceted Application of Subject Terminology Integrated Authority File International Standard Authority Data Number International Standard Name Identifier Wikipedia's authority control template for articles Official website VIAF at OCLC
Internet censorship is the control or suppression of what can be accessed, published, or viewed on the Internet enacted by regulators, or on their own initiative. Individuals and organizations may engage in self-censorship for moral, religious, or business reasons, to conform to societal norms, due to intimidation, or out of fear of legal or other consequences; the extent of Internet censorship varies on a country-to-country basis. While most democratic countries have moderate Internet censorship, other countries go as far as to limit the access of information such as news and suppress discussion among citizens. Internet censorship occurs in response to or in anticipation of events such as elections and riots. An example is the increased censorship due to the events of the Arab Spring. Other areas of censorship include copyrights, defamation and obscene material. Government agencies have various tools to implement restrictions but supporters of internet freedom are trying to overcome such barriers and filters.
Access to restricted sites was blocked by tracing and blocking DNS requests but companies like Cloudflare and Google are shifting DNS to TLS layer and making it difficult to intercept. Support for and opposition to Internet censorship varies. In a 2012 Internet Society survey 71% of respondents agreed that "censorship should exist in some form on the Internet". In the same survey 83% agreed that "access to the Internet should be considered a basic human right" and 86% agreed that "freedom of expression should be guaranteed on the Internet". Perception of internet censorship in the US is based on the First Amendment and the right for expansive free speech and access to content without regard to the consequences. According to GlobalWebIndex, over 400 million people use virtual private networks to circumvent censorship or for increased user privacy. Many of the challenges associated with Internet censorship are similar to those for offline censorship of more traditional media such as newspapers, books, radio and film.
One difference is that national borders are more permeable online: residents of a country that bans certain information can find it on websites hosted outside the country. Thus censors must work to prevent access to information though they lack physical or legal control over the websites themselves; this in turn requires the use of technical censorship methods that are unique to the Internet, such as site blocking and content filtering. Views about the feasibility and effectiveness of Internet censorship have evolved in parallel with the development of the Internet and censorship technologies: A 1993 Time Magazine article quotes computer scientist John Gilmore, one of the founders of the Electronic Frontier Foundation, as saying "The Net interprets censorship as damage and routes around it." In November 2007, "Father of the Internet" Vint Cerf stated that he sees government control of the Internet failing because the Web is entirely owned. A report of research conducted in 2007 and published in 2009 by the Berkman Center for Internet & Society at Harvard University stated that: "We are confident that the tool developers will for the most part keep ahead of the governments' blocking efforts", but that "...we believe that less than two percent of all filtered Internet users use circumvention tools".
In contrast, a 2011 report by researchers at the Oxford Internet Institute published by UNESCO concludes "... the control of information on the Internet and Web is feasible, technological advances do not therefore guarantee greater freedom of speech." Dr Shashi Tharoor in quarterly lecture series programme organized by a think tank based in India, Centre for Public Policy Research stated that "avenues of expressing our views and opinions having amplified multifold via digital media, freedom of expression comes immense responsibility"Blocking and filtering can be based on static blacklists or be determined more dynamically based on a real-time examination of the information being exchanged. Blacklists may be produced manually or automatically and are not available to non-customers of the blocking software. Blocking or filtering can be done at a centralized national level, at a decentralized sub-national level, or at an institutional level, for example in libraries, universities or Internet cafes.
Blocking and filtering may vary within a country across different ISPs. Countries may filter sensitive content on an ongoing basis and/or introduce temporary filtering during key time periods such as elections. In some cases the censoring authorities may surreptitiously block content to mislead the public into believing that censorship has not been applied; this is achieved by returning a fake "Not Found" error message when an attempt is made to access a blocked website. Unless the censor has total control over all Internet-connected computers, such as in North Korea, or Cuba, total censorship of information is difficult or impossible to achieve due to the underlying distributed technology of the Internet. Pseudonymity and data havens protect free speech using technologies that guarantee material cannot be removed and prevents the identification of authors. Technologically savvy users can find ways to access blocked content. Blocking remains an effective means of limiting access to sensitive information for most users when censors, such as those in China, are able to devote significant resources to building and maintaining a comprehensive censorship system.
The term "splinternet" is sometimes used to describe the effects of national firewalls. The verb "rivercrab" colloquially refers to censorship of
University of Cambridge
The University of Cambridge is a collegiate public research university in Cambridge, United Kingdom. Founded in 1209 and granted a Royal Charter by King Henry III in 1231, Cambridge is the second-oldest university in the English-speaking world and the world's fourth-oldest surviving university; the university grew out of an association of scholars who left the University of Oxford after a dispute with the townspeople. The two'ancient universities' share many common features and are referred to jointly as'Oxbridge'; the history and influence of the University of Cambridge has made it one of the most prestigious universities in the world. Cambridge is formed from a variety of institutions which include 31 constituent Colleges and over 100 academic departments organised into six schools. Cambridge University Press, a department of the university, is the world's oldest publishing house and the second-largest university press in the world; the university operates eight cultural and scientific museums, including the Fitzwilliam Museum, as well as a botanic garden.
Cambridge's libraries hold a total of around 15 million books, eight million of which are in Cambridge University Library, a legal deposit library. In the fiscal year ending 31 July 2018, the university had a total income of £1.965 billion, of which £515.5 million was from research grants and contracts. In the financial year ending 2017, the central university and colleges had combined net assets of around £11.8 billion, the largest of any university in the country. However, the true extent of Cambridge's wealth is much higher as many colleges hold their historic main sites, which date as far back as the 13th century, at depreceated valuations. Furthermore, many of the wealthiest colleges do not account for “heritage assets” such as works of art, libraries or artefacts, whose value many college accounts describe as “immaterial”; the university is linked with the development of the high-tech business cluster known as'Silicon Fen'. It is a member of numerous associations and forms part of the'golden triangle' of English universities and Cambridge University Health Partners, an academic health science centre.
As of 2018, Cambridge is the top-ranked university in the United Kingdom according to all major league tables. As of September 2017, Cambridge is ranked the world's second best university by the Times Higher Education World University Rankings, is ranked 3rd worldwide by Academic Ranking of World Universities, 6th by QS, 7th by US News. According to the Times Higher Education ranking, no other institution in the world ranks in the top 10 for as many subjects; the university has educated many notable alumni, including eminent mathematicians, politicians, philosophers, writers and foreign Heads of State. As of March 2019, 118 Nobel Laureates, 11 Fields Medalists, 7 Turing Award winners and 15 British Prime Ministers have been affiliated with Cambridge as students, faculty or research staff. By the late 12th century, the Cambridge area had a scholarly and ecclesiastical reputation, due to monks from the nearby bishopric church of Ely. However, it was an incident at Oxford, most to have led to the establishment of the university: two Oxford scholars were hanged by the town authorities for the death of a woman, without consulting the ecclesiastical authorities, who would take precedence in such a case, but were at that time in conflict with King John.
The University of Oxford went into suspension in protest, most scholars moved to cities such as Paris and Cambridge. After the University of Oxford reformed several years enough scholars remained in Cambridge to form the nucleus of the new university. In order to claim precedence, it is common for Cambridge to trace its founding to the 1231 charter from King Henry III granting it the right to discipline its own members and an exemption from some taxes. A bull in 1233 from Pope Gregory IX gave graduates from Cambridge the right to teach "everywhere in Christendom". After Cambridge was described as a studium generale in a letter from Pope Nicholas IV in 1290, confirmed as such in a bull by Pope John XXII in 1318, it became common for researchers from other European medieval universities to visit Cambridge to study or to give lecture courses; the colleges at the University of Cambridge were an incidental feature of the system. No college is as old as the university itself; the colleges were endowed fellowships of scholars.
There were institutions without endowments, called hostels. The hostels were absorbed by the colleges over the centuries, but they have left some traces, such as the name of Garret Hostel Lane. Hugh Balsham, Bishop of Ely, founded Peterhouse, Cambridge's first college, in 1284. Many colleges were founded during the 14th and 15th centuries, but colleges continued to be established until modern times, although there was a gap of 204 years between the founding of Sidney Sussex in 1596 and that of Downing in 1800; the most established college is Robinson, built in the late 1970s. However, Homerton College only achieved full university college status in March 2010, making it the newest full college. In medieval times, many colleges were founded so that their members would pray for the souls of the founders, were associated with chapels or abbeys; the colleges' focus changed in 1536 with the Dissolution of the Monasteries. King Henry VIII ordered the university to disband its Faculty of Canon Law and to stop teaching "scholastic philosophy".
In response, colleges changed