March 20, 2018

Archives for 2003

Abusable Technologies Awareness Center

That’s the name of a new group blog on cyber-security, at, to which I’ll be contributing. There are nineteen contributors, including some of the most prominent researchers in the field. I’m excited to be associated with such an eminent group, and I have high hopes for ATAC.

Freedom to Tinker will continue as always. Any of my ATAC postings that seem relevant to Freedom to Tinker readers will be linked to or duplicated here. But if you’re interested in cybersecurity, you should read ATAC so you can hear from the other panelists.

Devil in the Details

There’s been a lot of discussion lately about compulsory license schemes for music. I’ve said before that I’m skeptical about their practicality. One reason for my skepticism is a concern about the measurement problem, and especially about the technical details of how measurement would be done.

To split up the revenue pool, compulsory license schemes all measure something – some proxy for consumer demand – and then give each copyright owner a share of the pie determined by the measured value. Most proposals require measuring how often a song is downloaded, or how often it is played.

Most compulsory license advocates tell us what they want to measure, but as far as I know, nobody has gone into any detail about how they would do the measurement. And based on the thinking I have done on the “how” question, there doesn’t seem to be an easy answer.

So here is my challenge to compulsory enthusiasts: tell us, in technical detail, how you propose to do the measurements. You don’t have to give us working code, but do tell us which programs you would write or modify, and what specifically they would look for. Tell us how you would cope with backward compatibility, and the diverse formats in which people download and store music. Tell us how you would deal with non-PC platforms such as Macs, Linux boxes, and iPods, as well as non-traditional network setups such as public WiFi access points.

The devil is in the details; so show us the details of your plan.

Voting Machine Vendors To Do … What?

In today’s Washington Post, Jonathan Krim reports on a new effort by the e-voting machine vendors to do … something or other. The article, which is titled “Voting-Machine Makers to Fight Security Criticism”, doesn’t quite say what they’re planning to do. The following two paragraphs come the closest to revealing their plans:

Electronic-voting-machine companies announced yesterday that they are banding together to counter mounting concerns about whether their machines are secure enough to withstand tampering by hackers.

The leading voting-machine companies, which argue that their systems are safe, have yet to put forward any proposals on addressing the concerns. But under the umbrella leadership of the Information Technology Association of America, the industry hopes to foster conversation that includes security experts, academics, local elections officials, and the National Institute of Standards and Technology, the federal agency overseeing technical standards.

In other words, although they “have yet to put forward any proposals”, they hope to have some conversations with people. Amusingly, the chairman of the ITAA calls this “an inflection point in the history of voting in this country.”

You’ve really gotta wonder how a non-story like this got onto page 2 of a major newspaper.