Monday, December 17, 2012

Please see the TRUST in the News blog

Rather than having two blogs about TRUST, we've decided to focus on one blog. Please see TRUST in the News.

Thursday, May 03, 2012

"California Chosen as Home for Computing Institute"

The May 1, 2012 NY Times article "California Chosen as Home for Computing Institute" covers the $60 million theoretical computing center to be hosted at UC Berkeley. UCB College of Engineering Dean and TRUST PI S. Shankar Sastry is quoted elsewhere as saying that the goal of the institute will be to "bring into the educational mainstream, the role of computing and theory of computational science."

Saturday, April 07, 2012

New Mac malware epidemic exploits weaknesses in Apple ecosystem

For Mac owners, the nightmare scenario finally arrived. A piece of malware called Flashback, which has been in existence and steadily evolving for at least seven months, has infected more than 600,000 Macs worldwide, based on forensic analysis by a Russian antivirus company.

What makes this outbreak especially disturbing is that the owners of infected Macs didn’t have to fall for social engineering, give away their administrative password, or do anything stupid. All they had to do was visit a web page using a Mac that had a current version of Java installed.

Although Apple owners have been told for years that Macs don't get viruses. that's known to be untrue. Furthermore, Apple's casual approach to security updates makes them debatably more vulnerable. The Java flaw was reported in January and patched in February by Oracle. Apple's version of Java didn't get a patch until early April.

Security expert Brian Krebs points out that this behavior by Apple is lamentably typical:

Apple maintains its own version of Java, and as with this release, it has typically fallen unacceptably far behind Oracle in patching critical flaws in this heavily-targeted and cross-platform application. In 2009, I examined Apple’s patch delays on Java and found that the company patched Java flaws on average about six months after official releases were made available by then-Java maintainer Sun. The current custodian of Java – Oracle Corp. – first issued an update to plug this flaw and others back on Feb. 17. I suppose Apple’s performance on this front has improved, but its lackadaisical (and often plain puzzling) response to patching dangerous security holes perpetuates the harmful myth that Mac users don’t need to be concerned about malware attacks.

For complete article, see ZDNet.

Monday, January 31, 2011

DHS: $40M To Research Next Big Thing in Cyber Security

The U.S. Department of Homeland Security announced a call for proposals this week in a $40 million program to encourage research and development in a wide range of topics related to cyber security. In a Broad Agency Announcement (BAA) dated January 26th, the DHS said it was soliciting papers and proposals centered on 14 different areas, including topics in software assurance, enterprise security metrics, usable security, as well as challenges arising from insider threats.

The Federal government has moved in recent ears to attract top security talent, while organization's like In-Q-Tel, the CIA's venture firm, have funded new, innovative ideas. But, as in the private sector, an overabundance of security products hasn't improved the security position of government networks.

Concurrently, spending on IT security continues to be criticized for waste of resources and a poor track record concerning learning from security incidents, e.g., the Wikileaks issue showcased the startling lack of security with sensitive data. The new DHS Proposal aims to address those issues as well.

See article in threatpost.

Friday, May 07, 2010

Discarded Copiers Hold Sensitive Data on Hard Drives

SANS Newsbites tells of a CBS news investigation that had found that the hard drives of four digital copy machines purchased second-hand contained vast amounts of personally identifiable information, including police files on domestic violence and sex crimes, copies of pay stubs and checks and sensitive medical information like test results, prescriptions and diagnoses. This would be a major coup for those in the identity theft business.
"You're talking about potentially ruining someone's life," said Ira Winkler, former analyst for the National Security Agency, "where they could suffer serious social repercussions."

While some manufacturers say they offer security or encryption packages on their products, evidence keeps piling up in warehouses that many businesses are not willing to pay for such protection and the average American is oblivious to the dangers posed by digital copiers.

For full story, see CBS Evening News.

Tuesday, April 13, 2010

Please do not change your password

Mark Pothier's Boston Globe article, Please do not change your password," covers a paper by Microsoft Researcher Cormac Herley, "So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users," from the 2009 New Security Paradigms Workshop. Herley argues "that user's rejection of the security advice they receive is entirely rational from an economic perspective." Herley discusses "password rules," "teaching users to recognized phishing sites by reading URLs" and "certificate errors". Users obviously choose bad passwords, but does password aging actually help? There was some discussion on TechRepublic and Slashdot.

Friday, March 12, 2010

"Privacy Protection Needed as Smart Grid Arrives"

A press release from UC Berkeley's Law School, "Privacy Protection Needed as Smart Grid Arrives" points out privacy concerns with PG&E's Smart Meter project. In particular:

"Smart meters being installed now in California will collect 750 to 3,000 data points a month per household. This detailed energy usage data can indicate whether someone is at home or out, entertaining guests, or using particular appliances."

See "PG&E customer refuses to take smart meter, locks up old meter" for some of the controversy surrounding privacy and the accuracy of the meters.

Wednesday, February 24, 2010

Judge Hears Arguments on Google Book Settlement

Federal judge Denny Chin heard more than four hours of testimony in a packed courtroom this week about the hotly contested class-action lawsuit filed against Google.

Supporters of a deal that would allow Google to create an extensive digital library and bookstore included the president of the National Federation of the Blind, a librarian at the University of Michigan, and a lawyer for Sony Electronics stated that the agreement would make millions of hard-to-find books available to an enormous audience.

A much larger group of opponents cited many concerns related to competition, privacy, violation of copyright and abuse of class-action processes. Law Professor at the University of California, Berkeley, Pamela Samuelson says that her academic colleagues would prefer to have their books available via open access, and also supported open access to orphan works. She said "the authors Guild has not fairly represented academic authors."
“We think orphan works is a public policy issue to be decided by Congress,” she said. She mentioned that she had asked for “meaningful constraints” on pricing subscriptions. And, while not responding directly to University of Michigan Librarian Courant, she offered a contrasting perspective: “for plaintiffs, books are commodities. For academics, books are a slow form of social dialog."

See more in The New York Times and a February 12th presentation , "How Fair is the Google Book Search Settlement" by Berkeley law professor Pamela Samuelson.

Friday, February 19, 2010

Adobe Download Manager Installing Software Without Consent

Slashdot is running an article about a problem in the Adobe Download Manager (ADM) found by Researcher Aviv Raff. The net effect of the problem is that a user can be tricked into downloading and installing software without actual consent.

In a related article in PCMAG.COM, Raff's list of the following software can be downloaded and installed for users that have ADM installed by merely following a link to Adobe's site, including Adobe Flash 10, Adobe Reader 9.3, Adobe Reader 8.2, Google Toolbar6.3, McAfee Security Scan Plus and a half dozen more.

The ADM FAQ explains that ADM is installed when needed and removed when the system reboots. However, this ignores the fact that Adobe downloads don't tyically require a reboot and users might go a long time between them.

Raff also announced that he had found a remote code execution bug in ADM, increasing the danger of remote compromise by an order of magnitude or two.

See more at Security Watch.

Thursday, February 18, 2010

NY Times: "Critics Say Google Invades Privacy With New Service"

TRUST faculty member Deirdre Mulligan is quoted in the Feburary 12, 2010 NY Times article Critics Say Google Invades Privacy With New Service. The article discusses privacy issues in Google's Buzz product where users may unintentionally publicly share the names of their contacts. Apparently, Google has made it difficult to make the contacts list private. Professor Mulligan is quoted as saying “You want to have a simple rollback mechanism, so once things are not what you expected them to be, you can get out quickly and not have to play a game of Whack-a-Mole.”

Friday, January 15, 2010

US preps cyber outfit to protect national electric grid

The Department of Energy has said it would spend $8.5 million to create a National Energy Sector Cyber Organization that would help protect the nation's electric power grid, incorporating smart grid technology.

The intent is to create an independent national energy sector cyber security organization that would accelerate research, development and deployment priorities, including policies and protocols, according to the DOE.

DOE Acting Assistant Secretary Patricia Hoffman states:
"The scope and nature of security threats and their potential impact on our national security require the ability to act quickly to protect the bulk power system and to protect sensitive information from public disclosure. At the same time, we must continue to build long-term programs that improve information sharing and awareness between the public and private energy sector.

"The electric system is not the Internet. It is a carefully tended and balanced system that is critical to the Nation and the people. We must continue to strive towards an electric system that can survive an intentional cyber assault with no loss of critical functions," she said.

See complete article at NETWORK WORLD.

Tuesday, September 15, 2009

Nonprofit for collecting info on SCADA & PCS security incidents

The Risks Digest has an item that refers to Stephanie Neil's article in "Managing Automation", 12 Sep 2009 that discusses the, "a newly formed non-profit group that provides public access to its Repository of Industrial Security Incidents (RISI)". This group is targeted towards SCADA and process control security incidents.

Thursday, September 10, 2009

How much are you worth on the black market?

Slashdot reports a new tool being developed by Symantec intended to raise consumer awareness about cybercrime. By answering a few questions about personal Internet use, the tool calculates your net worth on the black market calculations in three areas: how much your online assets are worth, how much your online identity would sell for on the black market, and your risk of becoming a victim of identity theft.

Norton's Online Risk Calculator is not intended to promote software or instill fear but to raise awareness about cybercrime, according to Marian Merritt, Internet security advocate for Symantec. Merritt pointed out that cybercrime is now larger than the international drug trade. Nearly 10 million people have reported identity theft in United States in the past 12 months and one in four households have already been victimized, she said.

Cybercrime is well reported in the IT space, but the message doesn't often reach the general public, according to Merritt. "You turn on the news and they are talking about capturing drug dealers going across the border, but they rarely show a hacker in handcuffs," she said.

See more in IT WORLD.

Sunday, August 16, 2009

NIST Releases Security Standards for Federal Systems

The National Institute of Standards and Technology (NIST) released Special Publication 800-53, titled Recommended Security Controls for Federal Information Systems and Organizations. This document addresses information security standards and guidelines, including minimum requirements for federal information systems. Released as part of NIST’s statutory responsibilities under the Federal Information Security Management Act (FISMA), this publication is geared toward information system and information security professionals who develop, implement, operate, manage, or assess/monitor federal information systems.

Thursday, July 23, 2009

Adobe Vulnerability Targeted in Drive-by Attacks

eWEEK.COM is running a story about a new zero-day vulnerability affecting Adobe's Flash Player software that is being exploited by attackers via drive-by downloads.

Adobe first warned about the vulnerability July 21, then issued an updated advisory the next night. The issue affects current versions of Flash Player on Windows, Mac and Linux platforms.

According to the U.S. Computer Emergency Response Team (US-CERT), an attacker can trigger an overflow by luring a user into opening a malicious Flash (SWF) file that is either hosted or embedded on a Web page or contained in a PDF file. Then the attacker could either trigger a system crash or take full control of a vulnerable system.
“There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows,” according to a post on the Adobe Product Security Incident Response Team blog. “We are in the process of developing a fix for the issue, and expect to provide an update for Flash Player v9 and v10 for Windows, Macintosh, and Linux by July 30, 2009(the date for Flash Player v9 and v10 for Solaris is still pending). We expect to provide an update for Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh, and UNIX by July 31, 2009.”
“At the moment there (are) a low number of malicious sites serving the exploit, but we confirmed that the links have been injected in legitimate Websites to create a drive-by attack, as expected,” according to SANS Internet Storm Center.

See full article at eWEEK.COM.

Tuesday, July 07, 2009

Google Book Search Settlement Inquiry Announced

ISEDB's article "Google Book Search Settlement Inquiry Announced" includes a link to Pam Samuelson's talk Reflections on the Google Book Search Settlement. See also her 4/17/09 guest blog "Legally Speaking: The Dead Souls of the Google Booksearch Settlement", where she says:

"In the short run, the Google Book Search settlement will unquestionably bring about greater access to books collected by major research libraries over the years. But it is very worrisome that this agreement, which was negotiated in secret by Google and a few lawyers working for the Authors Guild and AAP (who will, by the way, get up to $45.5 million in fees for their work on the settlement—more than all of the authors combined!), will create two complementary monopolies with exclusive rights over a research corpus of this magnitude. Monopolies are prone to engage in many abuses."

"The Book Search agreement is not really a settlement of a dispute over whether scanning books to index them is fair use. It is a major restructuring of the book industry’s future without meaningful government oversight. The market for digitized orphan books could be competitive, but will not be if this settlement is approved as is."

Professor Samuelson points out that "nothing in the settlement agreement speaks about privacy interests of users" and that this is very different than how libraries operate.

Tuesday, May 26, 2009

Announcement: 2nd Annual Privacy Law Scholar Conference, June 4-5 2009

The 2nd Annual Privacy Law Scholars Conference (PLSC) will be held at the Claremont Resort in Berkeley, CA, on June 4-5. PLSC is an academic paper workshop, and there are no panels of boring talking heads. Instead, we have two days of intense discussion about privacy issues.

If you have students who are interested in working in the privacy field, I strongly encourage you to pass on info about the event. It's free, and about 100 privacy academics (predominately law, but also econ and some computer science, including Peter Neumann, Chris Soghoian, and Jeff Jonas, the inventor of NORA) participate, as well as 50 leading legal practitioners. It's a wonderful opportunity to network, share ideas,etc.

Schedule and information

The password to all papers is plsc2009.

Send email to choofnagle at if you would like to participate.

Thursday, May 14, 2009

Mathematical Advances Strengthen IT Security

ACM TechNews is running an article about a new cryptography approach based on the mathematical theory of elliptic curves, a leading candidate to replace the widely used RSA public key security system.

Elliptic curves are equasions with two variables, e.g., x and y, including terms where both x and y are raised to powers of two or more. The possibilities for elliptic curves and other modern mathematical techniques were discussed at a recent workshop organized by the European Science Foundation (ESF).
“The impact of the elliptic curve method for integer factorisation (developed by my PhD advisor Hendrik Lenstra) has played a role in introducing elliptic curves to cryptographers, albeit for attacking the underlying problem on which RSA is based (the difficulty of factoring integers),” said David Kohel, convenor of the ESF workshop, from the Institut de Mathematiques de Luminy in Marseille, France.

Kohel describes the advantage of elliptic curve cryptography as its immunity to the specialized attacks that have degraded the strength of RSA (smaller keys can be used to provide the same levels of protection).
"In general, the cryptographer has the benefit over the cryptanalyst (the person attacking the cryptosystem) as he or she can select the key size for any desired level of security, provided everyone has the same base of knowledge of best attacks on the underlying cryptosystem," he says.

See details in European Science Foundation.

Tuesday, April 28, 2009

Chinese Hackers Targeting NYPD Computers

Slashdot prints an article about a network of mystery hackers, mostly based in China, making 70,000 attempts a day to break into the NYPD's sytem, according to Commissioner Raymond Kelly. He said he suspects that his department is being targeted by foreign hackers because it has beefed up operations in the international arena since the 9/11 attacks.
"We are constantly studying events worldwide and assessing their implications for New York," said Kelly, adding that the NYPD now has officers stationed in Abu Dhabi, Jordan, Great Britain, France, Spain, Canada and the Dominican Republic.
Kelly also said senior police officers have been attending lectures by foreign affairs and terrorism experts. The Commissioner's surprising revelations closely followed a Canadian report exposing a China-based electronic spy network that has invaded at least 1295 computers in 103 countries.

Dubbed "GhostNet", the group of hackers have targeted embassies, foreign ministries and the Dalai Lama's offices in India, Brussels, London and New York.

Toronto University's 10-month study suggests that the GhostNet is linked to Chinese government espionage agencies, which Chinese government officials deny.

See complete article in the New York Daily News.

Wednesday, April 22, 2009

Most electronic voting isn't secure, CIA expert says

The Risks Digest points to an article about a CIA agent testifying before the Election Assistance Commission. His position is that electronic votes are not secure and can be altered and further, are being altered already in some locales.

The CIA agent, a cybersecurity expert, suggested that Venezuelan President Hugo Chavez and his allies fixed a 2004 election recount, a pronouncement that could further agitate U.S. relations with the Latin leader.

In a presentation that could provide foreboding lessons for the United States, where electronic voting is becoming preeminent, Steve Stigall summarized what he described as attempts to use computers to undermine democratic elections in developing nations. Stigall told the Election Assistance Commission that computerized electoral systems can be manipulated at five stages, from altering voter registration lists to posting results.
"You heard the old adage 'follow the money,' " Stigall said, according to a transcript of his hour-long presentation that McClatchy obtained. "I follow the vote. And wherever the vote becomes an electron and touches a computer, that's an opportunity for a malicious actor potentially to . . . make bad things happen."

Stigall said that some countries had taken extraordinary steps that improved security. For example, he said internet systems that encrypt vote results so they're unrecognizable during transmission "greatly complicates malicious corruption."

After reviewing the agent's remarks, director of election reform for the citizens' lobby 'Common Cause, Susannah Goodman says they showed
"we can no longer ignore the fact that all of these risks are present right here at home . . . and must secure our election system by requiring every voter to have his or her vote recorded on a paper ballot."

See complete article in McClatchy Newspapers.

Monday, January 26, 2009

Obama Sides With Bush In Spy Case

Slashdot picked up a story in Wired about the Obama administration siding with the Bush administration when it urged a federal judge to set aside a ruling in a closely watched case examining whether a U.S. president may bypass Congress and establish warrantless wiretapping programs designed to spy on American citizens.

With just hours left in office, President George W. Bush asked U.S. District Judge Vaughn Walker late Monday to stay enforcement of a Jan.5 ruling admitting key evidence into the case. On Thursday, the Obama administration said in its filing with the court
"The Government's position remains that this case should be stayed"
marking the first time it was clear that the new president was in agreement with the Bush administration's reasoning in this case.

The legal hubbub concerns Walker's decision to admit a classified document as evidence that allegedly shows that two American lawyers for a now-defunct Saudi charity were electronically eavesdropped on without warrants in 2004.

The Obama administration is in agreement with the previous administration in its legal defense of July legislation that immunizes the nation's telecommunications companies from lawsuits accusing them of complicity in Bush's eavesdropping program, according to testimony last week by incoming Attorney General Eric Holder.

A separate case requiring a decision on the constitutionality of the immunity legislation (which Obama voted for as a U.S. Senator from Illinois) brought by the Electronic Frontier Foundation is pending before Judge Walker.

See details in Wired.

Wednesday, January 21, 2009

Privacy Groups Want Strong Security Measures for Electronic Health Records

SANS Institute summarizes an article about US privacy rights and civil liberties advocacy groups writing legislators and asking them to ensure that any adoption of electronic health records include substantial security measures. Such letters from the American Civil Liberties Union, the National Association of Social Workers and Patient Privacy rights request that patients have control over how their medical records are used and that they be protected from organizations that share and sell medical information.
"We all want to innovate and improve health care, but without privacy our system will crash as any system with a persistent and chronic virus will," Patient Privacy Rights executive director Ashley Katz said at a Capitol Hill briefing.
Chairman of Senate Health, Education, Labor and Pensions, Edward Kennedy and ranking member Michael Enzi submitted a bill in the 110th Congress and have worked with Judiciary Chairman Patrick Leahy to beef up its privacy provisions. However, Senate Small Business ranking member Olympia Snowe does not believe the measure went far enough, and together with Rep. Edward Markey, D-Mass., and Rep. Lloyd Doggett, D-Texas, offered letters of support for the privacy groups' call to action.
"Without robust safeguards, the health IT systems we are planning for today could turn the dream of integrated, seamless electronic health networks into a nightmare for consumers," Markey said in a statement.

For complete article, see nextgov.

Tuesday, January 13, 2009

CWE/SANS TOP 25 Most Dangerous Programming Errors

Yesterday, the SysAdmin, Audit, Network, Security (SANS) Institute announced that in Washington D.C., experts from more than 30 U.S. and international cyber security organizations jointly released a list of the 25 most dangerous programming errors that bring about security bugs permitting cyber espionage and cyber crime. The project is a significant component of an overall national security initiative.

The impact of such errors is extensive, where just two errors led to more than 1.5 million web site security breaches in 2008. Those breaches then cascaded onto the computers of people who visited those websites.

The people and organizations that provided input to the project are among the most respected security experts, coming from an extensive range of leading organizations such as Symantec, Microsoft, DHS's National Cyber Security Division, and NSA's Information Assurance Division to the Japaneses IPA, to the University of California at Davis and Purdue University.

Remarkably, all the experts quickly came to agreement, despite some intense discussion.
"There appears to be broad agreement on the programming errors," says SANS Director, Mason Brown, "Now it is time to fix them. First we need to make sure every programmer knows how to write code that is free of the Top 25 errors, and then we need to make sure every programming team has processes in place to find, fix, or avoid these problems and has the tools needed to verify their code is as free of these errors as automated tools can verify."

See complete Announcement in SANS.

Thursday, January 08, 2009

State Secrets Defense Rejected in Wiretapping Case

Slashdot references a report in Ars Technica of a federal judge ruling that a lawsuit filed by an Islamic charity alleging illegal wiretapping by the National Security Agency may proceed.

The case, Al Haramain v. Bush, stands out in that unlike the Electronic Frontier's more widely publicized suits agains the NSA and cooperating telecoms, the plaintiffs here know that the directors of the charity were specifically subjected to warrantless surveillance, thanks to a government faux pas that put a classified memo in the hands of the charity's lawyers.

Judge Vaughn Walker, who has been handling a raft of suits concerning the NSA's super-secret Stellar Wind program decided that the charity could seek to show they'd been spied upon using public evidence.
"Without a doubt," he wrote, plaintiffs have alleged enough to plead 'aggrieved persons' status so as to proceed to the next step in proceedings."
The Justice Department repeatedly tried to try to block the suit by invoking national security concerns. At one point, Walker described the government's argument "without merit" and characterized another argument as "circular".

See complete report at Ars Technica.

Wednesday, December 24, 2008

Congress in the Cyber-Crosshairs

ACM TechNews points out the cover story of National Journal about what it will take to keep the next invader out of Congressional computers.

Two years ago, 15 House panels and members' offices were invaded by malware whose nature suggest the intrusions originated in China. One target, the office of House Representative Frank Wolf (R-Va) argued before the House that the fear of admitting vulnerability might be a reason underlying U.S. intelligence and national security's reluctance ro publicize the breaches sooner.
"I strongly believe that the appropriate officials, including those from the Department of Homeland Security and the FBI, should brief all members of Congress in a closed session regarding threats from China and other countries against the security of House technology, including our computers, BlackBerry devices, and phones," he said.
While it appears that there is little interest from members of Congress in discussing cyber vulnerabilities, it is likely because they have little understanding of them. Former director the DHS' Cyber Security Division Amit Yoran says
"As a member of Congress, you have so many issues competing for your attention and, historically, cyber-security hasn't been one that's won out. It's not an issue that is particularly well tracked by their constituents."
In a recent study prepared by the Center for Strategic and International Studies concluded for President-elect Barack Obama that Congress is unsuited for managing executive-branch cybersecurity due to the inconsistency and fragmentation of its oversight. The study group recommended that Obama take charge of cybersecurity and establish a new office for cyberspace in the Executive Office of the President that would collaborate closely with the National Security Council, "managing the many aspects of securing our national networks while protecting privacy and civil liberties."

See complete article at National Journal Magazine.

Monday, December 08, 2008

U.S. Is Losing Global Cyberwar, Commission Says

ACM TechNews summarizes an article in Business Week about how ill prepared the United States is for the challenges of 21st century cybersecurity. This woeful conclusion comes from a new report issued by the U.S. Commission on Cybersecurity.
The damage from cyber attack is real," states the cybersecurity group's report, referring to intrusions last year at the departments of Defense, State, Homeland Security, and Commerce as well as at NASA and the Natoinal Defense University in 2007.
The report calls for the creation of a Center for Cybersecurity Operations that would act as a regulator of computer security in both the public and private sectors.
"We're playing a giant game of chess now and we're losing badly," says commission member Tom Kellermann, a former World Bank security official who now is vice-president of Security Awareness at Core Security.

See full story in BusinessWeek.

Friday, December 05, 2008

Who Protects the Internet?

Slashdot calls attention to an interview with General Kevin Chilton , U.S. STRATCOM commander and the head of all military cyberwarefare appearing in TechCrunch, a technical weblog that profiles and reviews Internet products and companies.

The interview brings to light the critical question: Is the internet actually protected? Who protects us?
"Basically no one", says Jonathan Zittrain, American law professor, researcher and author. "At most, a number of loose confederations of computer scientists and engineers who seek to devise better protocols and practices — unincorporated groups like the Internet Engineering Task Force and the North American Network Operators Group. But the fact remains that no one really owns security online, which leads to gated communities with firewalls — a highly unreliable and wasteful way to try to assure security."

See more in TechCrunch.

Wednesday, December 03, 2008

You're Leaving a Digital Trail. What About Privacy?

ACM TechNews picked up an article published in The New York Times on how new technologies and the Internet's incursion into every aspect of life is creating what is coming to be called 'collective intelligence'.

While collective intelligence offers powerful capabilities, such as improving the efficiency of advertising or giving community groups new organizational capabilities, it is clear to all that, if misused, collective intelligence tools could create an Orwellian future on an unprecedented scale. Collective intelligence could be used by insurance companies, for example, to covertly identify people suffering from a particular disease and then deny them insurance coverage. Or the government or law enforcement could identify members of a protest group by monitoring social networks.
“There are so many uses for this technology — from marketing to war fighting — that I can’t imagine it not pervading our lives in just the next few years,” says Steve Steinberg, a computer scientist who works for an investment firm in New York.
Steinberg argues in a well-known Web posting that there were significant chances it would be misused, "This is one of the most significant technology trends I have seen in years; it may also be one of the most pernicious.”

See more in The New York Times.

Monday, November 24, 2008

Obama Administration to Inherit Tough Cybersecurity Challenges

ACM TechNews remarks on the status of the initiatives launched in the current administration and what U.S. President-elect Barack Obama will need to take on to improve cybersecurity. Many of the current initiatives are still works in progress, including the Homeland Security Presidential Directive-12 (HSPD-12) which aspires to improve the security of government facilities and computer networks by requiring federal agencies to issue new smart card identity credentials to all employees and contractors by the end of October. Meeting that goal is at least two years away however.

The need is critical for the Obama administration to stop tying federal cybersecurity responses so closely to the post-9/11 war against terror, says analyst at Gartner Inc., John Pescatore.
"The terrorist attacks of 2001 sent the Bush administration in the wrong direction" on the cybersecurity front, Pescatore said. There's been too much of tendency to view cyberthreats in the same light as physical terrorism threats and to respond to them in the same manner. In the process, some of the more immediate threats to government data and networks have been somewhat overlooked, he said
See full story in COMPUTERWORLD.

Friday, November 21, 2008

Minnesota Senate Race Could Hinge on Scanning Machine Mistakes

ACM TechNews notes that according to an article in cnet news, the U.S. Senate race in Minnesota is yet undecided and that a hand recount could reveal that several thousand votes were mistakenly rejected by optical-scan voting machines. The outcome of the Senate race may depend on whether scanning machines made mistakes two weeks ago when tabulating ballots. Republican Senator Norm Coleman holds only a 200 vote lead over his opponent, Democrat Al Franken. With Coleman's lead being under a margin of 0.5 percent of the more than 2.9 million votes cast in the race on November 4th, the state automatically starts a hand recount of every ballot.

Director of governmental affairs for the Minnesota secretary of state's office Beth Fraser says the optical scanning machines used to read paper ballots could have mistakenly rejected enough ballots to affect the outcome of the race.

Although the optical scanning machines may have rejected some crucial votes, Fraser said the machines are still the best option for counting votes.
"It speeds up the counting but gives us the paper ballots to count on, so the results are fully auditable," she said.

See entire article in cnet news.