An interview on Edge discusses the last thirty years of progress (of lack of it) in information security, from the early beginnings, through the crypto wars and crime moving online, to the economics of security.
My latest Computerphile video is on problems with the Internet of things. This explains the growing costs of software security maintenance as software gets into consumer durables such as cars. How will we patch car software for thirty years, when we can't even patch phones for three? There's also an earlier talk on The Internet of Bad Things that I gave in Prague in 2015.
In 2016 I won the top UK award in computing, the Lovelace medal; the videos are here. The British Computer Society, which awards the medal, also did biograhical interviews which are here and here.
Is it practical to build a truly distributed payment system? – my keynote talk at CCS 2016 – explores how we can do mobile payments offline in less developed countries.
Chip & PIN Fraud Explained looks at new ways of doing card fraud, including the No-PIN and preplay attacks. This follows on from an earlier Newsnight piece in which we showed how the No-PIN attack works. In The Banking Code, we demonstrated that relay attacks on EMV are practical. There's also a Black Hat talk on how smartcard payment systems fail. Other talks on payments generally include How bitcoin works, which explains cryptocurrency, while Bitcoin problems points out some of its downsides and limitations. Earlier, a keynote from Indocrypt in 2012 surveyed the crypto around payments and the underlying economics.
A 2015 policy keynote discusses what happens to medical ethics, and research ethics more generally, in a world of cloud-based medical records and pervasive genomics. There's also a short talk I gave on medical privacy in 2013, at the launch of medconfidential.org, and a 2013 talk given at the Technion on Safety and privacy of health systems in the age of biodata. This in turn followed my getting a Brandeis Award for patient privacy in 2012.
The Golden Key: FBI vs Apple iPhone was done for Computerphile in the run-up to the UK's 2015 election where David Cameron wanted to grab control of crypto keys. Could We Ban Encryption? was done after he won the election, in the run-up to the Investigatory Powers Bill arriving in parliament. The coalition government from 2010–5 gave us better outcomes: at Scrambling for Safety in 2012 I talked about the vanishing distinction between content and traffic data. This campaign led to the defeat of the coalition's Communications Data Bill.
Should a prudent cryptographer believe all the quantum claims? is a video of a 2015 talk I gave in Darmstadt, at a joint conference of computer scientists and physicists, explaining why I don't believe security proofs based on quantum entanglement – and the angry response from the physicists! The video I showed during the talk, of Yves Couder's bouncing-droplet experiments, can be found here. An earlier talk in Warwick is here in parts 1, 2, 3, 4 and 5.
How can we recover from protocol failure? is an invited talk I gave at the Technion in 2013, where I started to discuss the security economics of protocol evolution.
My Logan Symposium talk explores how journalists can protect their sources and themselves; it was followed by a panel discussion. There was a session on this and related topics at the 2013 Crypto Festival; my talk starts at 23 minutes and runs to 45, after a talk by Annie Machon on protecting whistleblowers and journalists, and the panel discussion starts at 1 hour 12.
A talk on How does software change engineering? at the Royal Academy of Engineering in 2012 gives a big-picture view.
The Resilience of the Internet Infrastructure describes some work we did for the European Commission in 2011 on how large-scale attacks on the Internet infrastructure might be carried about, and how they might be prevented.
Three videos on privacy made by Action on Rights for Children – part of a campaign that led to the Contactpoint children's database being abolished in 2010; and a short video on the Blair government's other efforts to extend surveillance powers via ID cards and computerised medical records. And in this talk I discuss why computer science academics nowadays seem to be always opposing the establishment, unlike those of our parents' generation.
There's a talk on the Bring your own device movement and its implications for employers.
The oldest video has some predictions about IoT that I made at the World Economic Forum in November 2008, with a call for engineers and economists to learn a bit about each others' ways of thinking.