Year: 2022
-
How NOT to Assess an E-voting System
by Vanessa Teague, an Australian computer scientist, cryptographer, and security/privacy expert. (Part 2 of a 5-part series starting here) Australian elections are known for the secret ballot and a long history of being peaceful, transparent and well run. So it may surprise you to learn that the Australian state of New South Wales (NSW) is…
-
How to Assess an E-voting System
Part 1 of a 5-part series If I can shop and bank online, why can’t I vote online? David Jefferson explained in 2011 why internet voting is so difficult to make secure, I summarized again in 2021 why internet voting is still inherently insecure, and many other experts have explained it too. Still, several…
-
Most top websites are not following best practices in their password policies
By Kevin Lee, Sten Sjöberg, and Arvind Narayanan Compromised passwords have consistently been the number one cause of data breaches by far, yet passwords remain the most common means of authentication on the web. To help, the information security research community has established best practices for helping users create stronger passwords. These include: Block weak…
-
Dcentral vs. Consensus: Are institutions “frens” or enemies of crypto?
As a part of an ethnographic study on blockchain organizations, I recently attended two major conferences – Dcentral Con and Consensus – held back-to-back in Austin, Texas during a blistering heatwave. My collaborator, Johannes Lenhard, and I had conducted a handful of interviews with angel investors, founders, and venture capitalists, but we’d yet to conduct…
-
A PDF File Is Not Paper, So PDF Ballots Cannot Be Verified
A new paper by Henry Herrington, a computer science undergraduate at Princeton University, demonstrates that a hacked PDF ballot can display one set of votes to the voter, but different votes after it’s emailed – or uploaded – to election officials doing the counting. For overseas voters or voters with disabilities, many states provide “Remote Accessible Vote…
-
ES&S Uses Undergraduate Project to Lobby New York Legislature on Risky Voting Machines
The New York State Legislature is considering a bill that would ban all-in-one voting machines. That is, voting machines that can both print votes on a ballot and scan and count votes from a ballot – all in the same paper path. This is an important safeguard because such machines, if they are hacked by…
-
Will Web3 Follow in the Footsteps of the AI Hype Cycle?
For many, the global financial crisis of 2008 marked a turning point for trust in established institutions. It is unsurprising that during this same historical time period, Bitcoin, a decentralized cryptocurrency that aspired to operate independent from state manipulation, began gaining traction. Since the birth of Bitcoin, other decentralized technologies have been introduced that enable…
-
A Multi-pronged Strategy for Securing Internet Routing
By Henry Birge-Lee, Nick Feamster, Mihir Kshirsagar, Prateek Mittal, Jennifer Rexford The Federal Communications Commission (FCC) is conducting an inquiry into how it can help protect against security vulnerabilities in the internet routing infrastructure. A number of large communication companies have weighed in on the approach the FCC should take. CITP’s Tech Policy Clinic convened…
-
How the National AI Research Resource can steward the datasets it hosts
Last week I participated on a panel about the National AI Research Resource (NAIRR), a proposed computing and data resource for academic AI researchers. The NAIRR’s goal is to subsidize the spiraling costs of many types of AI research that have put them out of reach of most academic groups. My comments on the panel…