Month: October 2018

  • The Third Workshop on Technology and Consumer Protection

    Arvind Narayanan and I are pleased to announce that the Workshop on Technology and Consumer Protection (ConPro ’19) will return for a third year! The workshop will once again be co-located with the IEEE Symposium on Security and Privacy, occurring in May 2019. ConPro is a forum for a diverse range of computer science research…

  • Ten ways to make voting machines cheat with plausible deniability

    Summary:  Voting machines can be hacked; risk-limiting audits of paper ballots can detect incorrect outcomes, whether from hacked voting machines or programming inaccuracies; recounts of paper ballots can correct those outcomes; but some methods for producing paper ballots are more auditable and recountable than others. A now-standard principle of computer-counted public elections is, use a voter-verified…

  • User Perceptions of Smart Home Internet of Things (IoT) Privacy

    by Noah Apthorpe This post summarizes a research paper, authored by Serena Zheng, Noah Apthorpe, Marshini Chetty, and Nick Feamster from Princeton University, which is available here. The paper will be presented at the ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW) on November 6, 2018. Smart home Internet of Things (IoT) devices…

  • An unverifiability principle for voting machines

    In my last three articles I described the ES&S ExpressVote, the Dominion ImageCast Evolution, and the Dominion ImageCast X (in its DRE+VVPAT configuration).  There’s something they all have in common: they all violate a certain principle of voter verifiability. Any voting machine whose physical hardware can print votes onto the ballot after the last time…

  • Continuous-roll VVPAT under glass: an idea whose time has passed

    States and counties should not adopt DRE+VVPAT voting machines such as the Dominion ImageCast X and the ES&S ExpressVote.  Here’s why. Touchscreen voting machines (direct-recording electronic, DRE) cannot be trusted to count votes, because (like any voting computer) a hacker may have installed fraudulent software that steals votes from one candidate and gives them to…

  • CITP to Launch Tech Policy Clinic; Hiring Clinic Lead

    We’re excited to announce the CITP technology policy clinic, a first-of-its-kind interdisciplinary project to engage students and scholars directly in the policy process. The clinic will be supported by a generous alumni gift. The technology policy clinic will adapt the law school clinic model to involve scholars at all levels in real-world policy activities related…

  • Design flaw in Dominion ImageCast Evolution voting machine

    The Dominion ImageCast Evolution looks like a pretty good voting machine, but it has a serious design flaw: after you mark your ballot, after you review your ballot, the voting machine can print more votes on it!.  Fortunately, this design flaw has been patented by a rival company, ES&S, which sued to prevent Dominion from selling…

  • Disaster Information Flows: A Privacy Disaster?

    By Madelyn R. Sanfilippo and Yan Shvartzshnaider Last week, the test of the Presidential Alert system, which many objected to on partisan grounds, brought the Wireless Emergency Alert system (WEA) into renewed public scrutiny. WEA, which distributes mobile push notifications about various emergencies, crises, natural disasters, and amber alerts based on geographic relevance, became operational…

  • Building Respectful Products using Crypto: Lea Kissner at CITP

    How can we build respect into products and systems? What role does cryptography play in respectful design? Speaking today at CITP is Lea Kissner (@LeaKissner), global lead of Privacy Technology at Google. Lea has spent the last 11 years designing and building security and privacy for Google projects from the grittiest layers of infrastructure to…