Year: 2009
-
A Modest Proposal: Three-Strikes for Print
Yesterday the French parliament adopted a proposal to create a “three-strikes” system that would kick people off the Internet if they are accused of copyright infringement three times. This is such a good idea that it should be applied to other media as well. Here is my modest proposal to extend three-strikes to the medium…
-
Recovery Act Spending: Getting to the Bottom Line
Under most circumstances, government spending is slow and deliberate—a key fact that helps reduce the chances of waste and fraud. But the recently passed Recovery Act is a special case: spending the money quickly is understood to be essential to the success of the Act. We all know that shoppers in a hurry tend to…
-
Breathalyzer Source Code Secrecy Endangers Minnesota Drunk Driving Convictions
The Minnesota Supreme Court ruled recently that defendants accused of drunk driving in the state are entitled to have their experts inspect the source code for the software in the Intoxilyzer breath-testing machines used by police to gauge the defendants’ blood alcohol levels. The defendants argued, successfully, that they were entitled to examine and challenge…
-
Sunlight on NASED ITA Reports
Short version: we now have gobs of voting system ITA reports, publicly available and hosted by the NSF ACCURATE e-voting center. As I explain below, ITA’s were the Independent Testing Authority laboratories that tested voting systems for many years. Long version: Before the Election Assistance Commission (EAC) took over the testing and certification of voting…
-
Usable security irony
I visited Usable Security (the web page for the 2007 Usability Security workshop) today to look up a reference, except the link I followed was actually the SSL version of the page. Guess what? Secure Connection Failed usablesecurity.org uses an invalid security certificate. The certificate expired on 12/29/08 12:21 AM. (Error code: sec_error_expired_certificate) This could…
-
Acceptance rates at security conferences
How competitive are security research conferences? Several people have been tracking this information. Mihai Christodorescu has a nice chart of acceptance and submission rates over time. The most recent data point we have is the 2009 Usenix Security Symposium, which accepted 26 of 176 submissions (a 14.8% acceptance ratio, consistent with recent years). Acceptance rates…
-
Chinese Internet Censorship: See It For Yourself
You probably know already that the Chinese government censors Internet traffic. But you might not have known that you can experience this censorship yourself. Here’s how: (1) Open up another browser window or tab, so you can browse without losing this page. (2) In the other window, browse to baidu.com. This is a search engine…
-
Stimulus transparency and the states
Yesterday, I testified at a field hearing of the U.S. House Committee on Oversight and Government Reform. The hearing title was The American Recovery and Reinvestment Act of 2009: The Role of State and Local Governments. My written testimony addressed plans to put stimulus data on the Internet, primarily at Recovery.gov. There have been promising…
-
FBI's Spyware Program
Note: I worked for the Department of Justice’s Computer Crime and Intellectual Property Section (CCIPS) from 2001 to 2005. The documents discussed below mention a memo written by somebody at CCIPS during the time I worked there, but absolutely everything I say below reflects only my personal thoughts and impressions about the documents released to…
-
On open source vs. disclosed source voting systems
Sometimes, working on voting seems like running on a treadmill. Old disagreements need to be argued again and again. As long as I’ve been speaking in public about voting, I’ve discussed the need for voting systems’ source code to be published, as in a book, to create transparency into how the systems operate. Or, put…