Tinkering in Clouds

secrecy, privacy, friends, research, policy, education

Ed Felten just announced a cool workshop at Princeton January 14-15, called "Computing in the Cloud".

The agenda for our workshop on the social and policy implications of "Computing in the Cloud" is now available, along with information about how to register (for free). We have a great lineup of speakers, with panels on "Possession and ownership of data", "Security and risk in the cloud", "Civics in the cloud", and "What?s next". The workshop is organized by the Center for InfoTech Policy at Princeton, and sponsored by Microsoft.

It appears to be the first big event for Princeton's new Center for Information Technology Policy, directed by Ed Felten and David Robinson.

Ohio EVEREST Reports Released

elections, certification/testing, hacks, news, secrecy, privacy, problems, friends, research, policy, usability, legal

Here is a statement that the PIs on our team released:

On December 14th, 2007, Ohio Secretary of State Jennifer Brunner released the results of a comprehensive review of her state?s electronic voting technology. The study, called Project EVEREST, examined electronic voting systems ? touch-screen and optical scan ? from Elections Systems and Software (ES&S), Hart InterCivic, and Premier Election Systems (formerly Diebold). As part of that study, three teams of security researchers, based at Pennsylvania State University (State College, PA), the University of Pennsylvania (Philadelphia, PA), and WebWise Security, Inc. (Santa Barbara, CA), conducted the security reviews. The reviews began in September, 2007 and concluded on December 7, 2007 with the delivery of the final report. The teams had access to voting machines and software source code from the three vendors, and performed source code analysis and security penetration testing with the aim of identifying security problems that might affect the integrity of elections that use the equipment.

Our report is an extensive technical analysis of the security of these voting systems as they are used under real-world election conditions. All of our findings are detailed in this public report. A confidential unredacted version of the report provides specific references to the vendors? proprietary source code, but offers no substantive additional technical insights. The public report can be downloaded from:

http://www.sos.state.oh.us/

Our study identified exploitable security weaknesses in all three vendors? systems. Many of these vulnerabilities represent practical threats to the integrity of elections as they are conducted in Ohio.

While some of the technical weaknesses we identified can be mitigated with improved procedural safeguards, others are more systemic. These structural flaws are more more difficult to correct, and reliably correcting them will require re-engineering and redesign of the equipment and software itself.

The security failures themselves affected the entirety of the election process. We found vulnerabilities in different vendor systems that would, for example, allow voters and poll-workers to place multiple votes, to infect the precinct with virus software, or to corrupt previously cast votes?sometimes irrevocably. Further problems persist at the election headquarters, where election software running on commodity Microsoft Windows 2000 or XP machines could be compromised by viruses arriving from precincts, or by an attacker with seconds at the controller terminal. These latter security failures could expose precinct or county-wide ballots and tallies to widespread manipulation.

Two characteristics of the all of the vendor systems emerged from our analysis bear further comment. First, the systems exhibited a near universal lack of effective protections against insiders. Unmonitored poll-workers and election officials can frequently exploit security failures to circumvent protections or misuse software features to manipulate voting equipment, vote counts, and audit information. Second, there was a pervasive lack of quality in the implementation (coding and manufacturing) of these systems. Failures were present in almost every device and software module we investigated. Such problems may lead to serious stability issues, and are the source of many security issues.

Our review concludes that the vendor systems lack basic technical protections necessary to guarantee a trustworthy election. Thus, we strongly believe that the integrity of the election relies almost entirely on the physical procedures used to carry out the election. We further conclude that some weaknesses are of a depth and magnitude that formulating reliable and workable procedural safeguards will be a very difficult task.

The review teams at Pennsylvania State University: Kevin Butler, William Enck, Harri Hursti, Steve McLaughlin and Patrick Traynor at the Pennsylvania State University. At the University of Pennsylvania: Adam Aviv, Pavol Černý, Sandy Clark, Eric Cronin, Gaurav Shah, and Micah Sherr. At WebWise Security, Inc: Richard Kemmerer, Davide Balzarotti, Greg Banks, Marco Cova, Viktoria Felmetsger, William Robertson, and Fredrik Valeur. Elections legal and procedural consultants: Joseph Lorenzo Hall and Laura Quilter.

  • Patrick McDaniel, Principal Investigator and Team Leader?Pennsylvania State University
  • Matt Blaze, Team Leader?University of Pennsylvania
  • Giovanni Vigna, Team Leader?WebWise Security, Inc.

An Open Government Salvo in 8 Shots

system, elections, open source, secrecy, privacy, politics, friends, research, policy, legal

OG (Open Government) gang sign It's rare that I get to sit in a room with 30 heavyweights -- including O'Reilly, Lessig and Malamud -- and talk about the one thing that interests me most: government transparency.

Regular readers of this space -- you are brave souls -- know that my thesis covers transparent public policy mechanisms in our increasingly digitized and networked democracy (using e-voting as a critical case). This past Friday and Saturday at O'Reilly Media in Sebastopol, I sat down with 29 other like-minded government transparency geeks to think about what Open Government and Open Government Data should look like. We completed a draft request for comments on a set of principles for Open Government Data. In short:

Government data shall be considered open if it is made public in a way that is: complete, primary, timely, accessible, machine processable, non-discriminatory, non-proprietary and license-free. Compliance must be reviewable.

Each of these eight principles has two levels of granularity: a single sentence defining each principle and an extensive discussion about the nitty gritty of each principle. See those definitions here at Carl's site: "RFC: 8 Principles of Open Government Data"

All of us shared a desire to catalyze the production, dissemination and manipulation of rich data streams from government sources. From my perspective, I'd like to find ways to convince government entities to do things in ways that allow for copious downstream reuse without impacting other notions of efficiency, privacy, security and privilege (e.g., deliberative and attorney/client information). The tough nut to crack in many cases are types of proprietary restrictions including intellectual property protections and contract-related terms. It would seem like a good place for regulation; that is, while FOIA and its state equivalents go a long way, we need to craft a legislative structure that will make it crystal clear that agencies are obligated to provide streams of certain kinds of data and that businesses must relinquish, in certain cases, vague claims of trade secrecy placed on information submitted to government agencies.

OuijaVote 2008!

elections, news, wtf?, berkeley, policy

This is a pretty clever piece of art... Keats took Ken Goldberg's networked Ouija Board and turned it into a collective consciousness voting booth.

http://www.insidebayarea.com/bayarealiving/ci_7616412

My sixth sense: I see dead people, voting

BY Angela Hill

[...] San Francisco conceptual artist Jonathon Keats has a much better system for your voting pleasure and has developed a prototype voting booth, currently on display at the Berkeley Art Museum.

Welcome to OuijaVote 2008! It's where the dead come alive and help us choose our government officials, because heaven knows our nation's going to hell in a handbasket on its own.

Yes it's OuijaVote, as in Ouija Board, the well-known Parker Bros. board game with letters and numbers on which is placed a small triangular thingy called a planchette, on which your fingertips do the walking and spell out subconscious or supernatural messages.

Only in this case, the planchette is replaced by a computer mouse, and the whole thing would be networked ? assuming there were hundreds of thousands of OuijaVote machines across the country. The information would then be transmitted to a central Ouija board, probably in Arlington, Va., or maybe at Sylvia Browne's house, where all the votes would get averaged in front of impartial, yet tangible, observers and ? ta da! ? we'd have our president! [...]

The great thing about voting by Ouija, he says, is that it appeals to absolutely any way that anyone might approach the voting process.

"For those who see voting as an act of the collective consciousness, there's no better way to channel that," he said. "Then you have some voters who would like to see the Founding Fathers still running the country. And then there's an argument to be made that this is all absurd ? I wouldn't make that argument, but for those who would, this might be a way for them to get back into what they see as the absurdity of the democratic process." [...]

New music...

music, berkeley, San Francisco, photos, friends, iSchool

On Sundays I try to get around to updating my XMLified concert list... and today I did. When I do this, I tend to stumble upon new interesting music. Some things I've stumbled on lately:

crop of katy perry stylized pic from her site Katy Perry: Katy is a very neat, clever and dynamic vocalist with great skin. She has a digital EP that's out now on iTunes and it has two notable songs you can hear from her homepage: UR So Gay (the title track of her EP) and Use Your Love (which is a heavy-rockin' psuedo-cover of "Your Love" by Outfield... which you've probably heard as the refrain goes, "I don't wanna lose your love... tonight"). Her website is a fabulous flash-disaster of sorts. Check it out... her voice is very rich, deep and I would be shocked if she didn't put on a kick-butt live show. BTW, she's playing new year's eve with the Moving Units (who rock) at the Mezzanine in SF.

Film School: These guys are headlining a show I'll definitely be at because A Place to Bury Strangers (the loudest band in NYC... from Brooklyn) is playing before them. They have a dreamy feel to them with some well-placed distortion and a very big big sound. Plenty of extended sounds and good slow determined movement music... I just got there latest Hideout from eMusic and it's good and growing on me fast.

young rebz, high jump champion mixtape cover Young Rebz: I saw this guy's mixtape, High Jump Champion, via the blog STRIVIN'. This guy can seriously rap and he's coming from straight outta Richmond, CA. Almost every song on his 26-song mixtape is at least four stars in my book with plenty of five-star gems in there. He also has a bunch of youtube videos up where he just raps into a webcam. Classic grassroots hip-hop. Also, check out his Anti-Hyphy song which gives some particularly interesting insight, from his perspective, into the backlash against the Hyphy movement and the movement's limitations.

Von Iva: Meg, Dan and I (iSchool reprazent!) saw the last song by SF's Von Iva when they played Friday here at UC Berkeley. I felt bad because there was no one there... it was a bit nippy and close to the end of the semester, so no mystery there. Especially kind of sad considering the two or three times I've seen them in SF, the place was packed and everyone was dancing. I picked up their latest disc, Our Own Island, at the show and it's definitely worth your time. Check out their tunes on their website.

UPDATE [2007-12-03T11:39:56]: If you like finding new music... go the random route. David Molnar has created a Facebook App called RandomSong that quite literally serves you up random songs from Amazon. You can spend hours with that thing...

Contact / Help. (cc) 2020 by Joseph Hall. blog software / hosting.
Design & icons by N.Design Studio. Skin by Tender Feelings / Evo Factory.
And a few words about the structure of the eye . Everyone " retina ". Especially often we hear it buy clomid online in the phrase " retinal detachment ." So what is the retina ? This - the front edge of the brain, the most distant from the brain part of the visual analyzer. The retina receives light first , processes and transforms light energy into irritation - a signal that encodes all the information about what the eye sees . The retina is very complex and in their structure and function . Its structure resembles the structure of the cerebral cortex. The shell of the retina is very thin - about 0.14 mm.