Category: Privacy & Security
-
Toward Trustworthy Machine Learning: An Example in Defending against Adversarial Patch Attacks (2)
By Chong Xiang and Prateek Mittal In our previous post, we discussed adversarial patch attacks and presented our first defense algorithm PatchGuard. The PatchGuard framework (small receptive field + secure aggregation) has become the most popular defense strategy over the past year, subsuming a long list of defense instances (Clipped BagNet, De-randomized Smoothing, BagCert, Randomized…
-
Toward Trustworthy Machine Learning: An Example in Defending against Adversarial Patch Attacks
By Chong Xiang and Prateek Mittal Thanks to the stunning advancement of Machine Learning (ML) technologies, ML models are increasingly being used in critical societal contexts — such as in the courtroom, where judges look to ML models to determine whether a defendant is a flight risk, and in autonomous driving, where driverless vehicles are…
-
Switzerland’s E-voting: The Threat Model
Part 5 of a 5-part series starting here Switzerland commissioned independent expert reviews of the E-voting system built by Swiss Post. One of those experts concluded, “as imperfect as the current system might be when judged against a nonexistent ideal, the current system generally appears to achieve its stated goals, under the corresponding assumptions…
-
What the Assessments Say About the Swiss E-voting System
(Part 4 of a 5-part series starting here) In 2021 the Swiss government commissioned several in-depth technical studies of the Swiss Post E-voting system, by independent experts from academia and private consulting firms. They sought to assess, does the protocol as documented guarantee the security called for by Swiss law (the “ordinance on electronic voting”,…
-
How the Swiss Post E-voting system addresses client-side vulnerabilities
(Part 3 of a 5-part series starting here) In Part 1, I described how Switzerland decided to assess the security and accuracy of its e-voting system. Swiss Post is the “vendor” developing the system, the Swiss cantons are the “customer” deploying it in their elections, and the Swiss Parliament and Federal Chancellery are the “regulators,” …
-
How NOT to Assess an E-voting System
by Vanessa Teague, an Australian computer scientist, cryptographer, and security/privacy expert. (Part 2 of a 5-part series starting here) Australian elections are known for the secret ballot and a long history of being peaceful, transparent and well run. So it may surprise you to learn that the Australian state of New South Wales (NSW) is…
-
How to Assess an E-voting System
Part 1 of a 5-part series If I can shop and bank online, why can’t I vote online? David Jefferson explained in 2011 why internet voting is so difficult to make secure, I summarized again in 2021 why internet voting is still inherently insecure, and many other experts have explained it too. Still, several…
-
Most top websites are not following best practices in their password policies
By Kevin Lee, Sten Sjöberg, and Arvind Narayanan Compromised passwords have consistently been the number one cause of data breaches by far, yet passwords remain the most common means of authentication on the web. To help, the information security research community has established best practices for helping users create stronger passwords. These include: Block weak…
-
Dcentral vs. Consensus: Are institutions “frens” or enemies of crypto?
As a part of an ethnographic study on blockchain organizations, I recently attended two major conferences – Dcentral Con and Consensus – held back-to-back in Austin, Texas during a blistering heatwave. My collaborator, Johannes Lenhard, and I had conducted a handful of interviews with angel investors, founders, and venture capitalists, but we’d yet to conduct…
-
Phone number recycling creates serious security and privacy risks to millions of people
By Kevin Lee and Arvind Narayanan 35 million phone numbers are disconnected every year in the U.S., according to the Federal Communications Commission. Most of these numbers are not disconnected forever; after a while, carriers reassign them to new subscribers. Through the years, these new subscribers have sometimes reported receiving calls and messages meant for…
-
New Research on Privacy and Security Risks of Remote Learning Software
This post and the paper is jointly authored by Shaanan Cohney, Ross Teixeira, Anne Kohlbrenner, Arvind Narayanan, Mihir Kshirsagar, Yan Shvartzshnaider, and Madelyn Sanfilippo. It emerged from a case study at CITP’s tech policy clinic. As universities rely on remote educational technology to facilitate the rapid shift to online learning, they expose themselves to new…
-
NJ agrees No Internet voting in July, vague about November
A formal settlement agreement has been submitted to the NJ Superior Court regarding online ballot access in the 2020 elections. On May 4, 2020, New Jersey’s Division of Elections was caught trying to adopt vote-by-Internet on the stealth, even though the law forbids it. That is, not only is Internet voting inherently insecurable, there’s a…