Steven Murdoch

Actual actual reality: nobody cares about his secrets. (Also, I would be hard-pressed to find that wrench for $5.)

“$5 Wrench Attacks: When Cryptocurrency Crime Get Physical”, a post on Bentham’s Gaze by Marilyne Ordekian discussing when XKCD comics become reality – www.benthamsgaze.org/2025/07/22/5...

I am recruiting mental-health experts (clinical psychologists and psychiatrists) for an in-person workshop in London to discuss a mobile app for mental health care. Participants will receive £500+expenses for their time. If you might be interested please email s.murdoch@ucl.ac.uk

A Privacy Framework for Research Using Social Media Data Social media data enables researchers to understand current events and human behavior with unprecedented ease and scale. Yet, researchers often violate user privacy when they access, process, and stor...

On our new paper published at IEEE Security and Privacy – “A Privacy Framework for Research Using Social Media Data”, a summary by Kyle Beadle. www.benthamsgaze.org/2025/05/15/a...

If it needs to interoperate with Signal I would think it would be easier to modify Signal to include the new audit-friendly protocol than add audit to Signal. A lot of what Signal includes (P2P key verification, PFS, post-compromise security, deniable) are contrary to the goal of universal logging.

The major selling points of these companies is self-hosting the key management server, and sometimes even more of the infrastructure. This would need to be part of the product offering too.

I can see the idea but that’s a hard market to get into. You’d need a security cleared technical sales team, FIPS certifications, etc. it would be a major departure for the company culture. These companies also often value having ex- military/intelligence staff. I can see conflicts there.

‎Armour Mobile ‎Armour Mobile provides secure voice calls, video calls, 1-1 and group messaging, voice and video conference calls, file attachments, message burn and sent/ received/read message status. Protecting bu...

In terms of UX I think that’s achievable, e.g. the UK app in this space looks pretty much like WhatsApp. For ecosystem, indeed that’s a problem because government requirements are anti-requirements for pretty much everyone else. apps.apple.com/gb/app/armou...

It’s just a bizarre situation. When I was looking into MIKEY-SAKKE I found a whole ecosystem of government messengers with NATO security certifications and clearances. The protocol is (for better or worse) very amenable to centralised logging. And yet they picked a hacked-up Signal.

Nationwide offers the only service I’m aware of that backs up their advice with a guarantee. I don’t know how it works but I suspect that if AI is involved, there’s human verification of decisions. www.nationwide.co.uk/help/fraud-a...

13.7. The AI-generated content and information is provided for general information purposes only and is not intended to constitute or substitute legal or other professional advice of any kind whatsoever. The AI-generated content and information is not intended or implied to be a substitute for professional advice. 13.8. You are encouraged to confirm any information obtained from or through Silver with other sources and review all information provided. Please do not disregard professional advice or delay seeking advice because of something you have read on our website or in the AI-generated content and information. 13.9. We make no representations about the suitability, reliability, timeliness, comprehensiveness, and accuracy of the AI-generated content and information, and other content produced by Silver.

AI-based scam checkers are gaining popularity but I would be cautious in following their advice unless the company is willing to stand behind it. For example, Metro Bank makes bold claims but the fine print absolves them of any responsibility for errors. www.metrobankonline.co.uk/ways-to-bank...

I have an open PhD position at @sec.cs.ucl.ac.uk on applying traffic-analysis resistance techniques to protect industrial control systems. Full funding is available for home-fee status students (deadline 15 April). www.ucl.ac.uk/security-cri...

And I’d add that Telegram’s janky cryptography doesn’t achieve anything normal encryption can’t provide. Signal uses some interesting constructions but did so to offer better security (and largely succeeded).

I'd view the consultation as an opportunity to revisit how electronic evidence should be handled, and disclosure is obviously a critical part of that. Flipping the presumption is just a mechanism to impose disclosure requirements on a party that is reluctant to do so.

You raise a good point. In my experience, the presumption is rarely explicitly mentioned in disputes. And it's not entirely clear whether PACE s69 would worked out better (the Post Office included PACE s69 statements even when they were not needed).

Secret London tribunal to hear appeal in Apple vs government battle over encryption | Computer Weekly The decision by home secretary Yvette Cooper to issue a Technical Capability Notice requiring Apple to give UK law enforcement and intelligence services “backdoor” access to data stored by Apple’s cus...

Whisper it, the showdown over Apple encryption is THIS WEEK ⏱️

🤐 A secret tribunal will hear the appeal against the government’s order to carve a backdoor into Apple’s encrypted services.

🛑 Our cybersecurity and privacy shouldn’t be decided in the shadows.

www.computerweekly.com/news/3666203...

YouTube video by VesselFinder Container ship SOLONG collision with anchored Oil Tanker STENA IMMACULATE off the UK coast

I found this video showing the tracking information. The Solong was heading directly towards the tanker for hours before the collision. I’ve no idea what could have caused such a failure. youtu.be/Ex6OpRiuflA?...

Until now, the UK government recommended that individuals at high risk, like legal professionals, enable Apple Advanced Data Protection (ADP). Apple disabled ADP following government pressure, and now the NCSC quietly deleted their guidance recommending ADP.

Thanks, that looks like it. The IPT web page makes no mention of that, but maybe they are focused on what members of the public could bring to them.

The article refers to the Investigatory Powers Tribunal, but I can’t see any description of how this falls into the type of complaints the IPT handles. Can anyone more qualified work out what’s actually going on?

I remember hearing similar objections when Signal implemented disappearing messages. I’m glad the pragmatists won, correctly (IMO) arguing that the feature is to encourage good hygiene rather than enforce security against a malicious communication partner.

Dear Apple: add “Disappearing Messages” to iMessage right now This is a cryptography blog and I always feel the need to apologize for any post that isn’t “straight cryptography.” I’m actually getting a little tired of apologizing for i…

So here’s a simple request to Apple. Apple iMessage needs to enable “disappearing messages.” And they need to do it soon. blog.cryptographyengineering.com/2025/03/01/d...

This could be followed up by a judicial review, for example arguing that there was a violation of human rights. The existence of this would be public knowledge but not necessarily all the evidence presented.

Investigatory Powers (Amendment) Bill: Strengthening the Notice Review Process

In case you are curious about the legal route, it is described here. It would not necessarily be public, so I can’t say whether it has happened. www.gov.uk/government/p...

Apple pulls data protection tool after UK government security row Customers' photos and documents stored online will no longer be protected by end to end encryption.

🚨 APPLE WITHDRAWS ENCRYPTION TECH FROM UK 🚨

The Home Office’s actions have deprived millions of Britons from accessing a security feature.

UK citizens will be at higher risk of their personal data and family photos falling into the hands of criminals and predators ‼️

www.bbc.co.uk/news/article...

Keep our Apple data encrypted It is reported that the Home Office has ordered Apple to build a backdoor into its encrypted services so that they can get hold of content that any Apple user has upload to the cloud. Encryption keeps...

Encryption IS online safety 💡

Keeping data secure is key when hackers are skilled at unpicking accounts.

So why does the UK government want to make us unsafe by ordering a backdoor to Apple encrypted services?

✍️ Sign to save encryption this #SaferInternetDay.

you.38degrees.org.uk/petitions/ke...

We are looking to appoint to one or more posts in IP/IT Law, as Associate Professor or Lecturer in Law. Applications from colleagues who can also teach in other subject areas, including French Law, are most welcome. The closing date for applications is 28 February 2025. Interviews will likely take place in the week(s) commencing 05 and 12 May 2025. About you Successful candidates will be expected to engage in world leading research, and to contribute to the Faculty’s development and advancement of both intellectual property and information technology law and policy, and other areas of law falling within their subject matter expertise. It is also expected that the post-holders will contribute to all aspects of the academic life of the Faculty and University. The Faculty has a particular interest in recruiting scholars with research interests in copyright law, platform regulation, enforcement with and through technology, and the intersection of emerging technologies with other IP rights such as designs. UCL Laws faces growing demand for teaching and engagement on IP and IT issues from other parts of the university, as well as in executive education, and we particularly welcome applicants with interest and experience of teaching contested legal topics to technologists, creatives and other non-lawyers. Reflecting the broad strength of the Faculty, we welcome scholars from a wide array of approaches to these issues — socio-legal, comparative, doctrinal, empirical, historical and/or theoretical and interdisciplinary approaches. Applicants should, however, pay particular attention to how their work illustrates their capacity for depth and rigour in a fast-moving field prone to superficial analysis.

Now hiring in law & tech @ucllaws.bsky.social!
Lecturer/Assoc Prof in IP & IT law: intersection of platform reg, emerging tech, copyright/designs.

Join me @bernardkeenan.bsky.social Orla Lynskey @alinatrapova.bsky.social Ilanah Fhima, Matt Fisher, Robin Jacob & friends
www.ucl.ac.uk/work-at-ucl/...

That doesn’t seem unreasonable to handle, but as with spell checkers it doesn’t need to be 100% accurate to be useful. There would still be a feature where you could say “accept” and ignore the supposed error.

Why is it still possible to write a date where the day of the week doesn’t match the day of the month? This doesn’t need AI; a regular expression would do. I want a big red underline if I ever write “Thursday 5 February”. Has someone patented this and spoiled it for everyone?

Cover of Electronic Civil Disobedience and Other Unpopular Ideas by Critical Art Ensemble.

Thinking about this classic recently, which is available free here:

monoskop.org/images/d/df/...

We had a good discussion on what might characterise legitimate protest and touched on what the law might say. Despite what politicans sometimes claim, what is illegal in the physical world is illegal online. However the electronic equivalent to legal protest is often illegal, and that’s a problem.