I will describe how to use programming-language techniques to enforce information-flow policies, which are a natural, high-level way of specifying how programs may manipulate confidential data. One challenge is to verify information-flow policies in low-level (assembly or bytecode) programs. Doing so is desirable for security because it creates the possibilities of removing the compiler from the trusted computing base and verifying mobile code. A second challenge is to enforce information-flow policies in distributed systems without the need for a universally trusted computing platform. I will show how both of these problems can be addressed by compiler techniques.