December 28, 2024

Archives for 2003

E-Voting Victory (Probably)

Santa Clara County, California, located in the heart of Silicon Valley, has decided that their new electronic voting machines must offer voter-checkable audit records. An AP story at the New York Times reports that the vendor, Sequoia Voting Systems, will add paper receipt printers to their machines to accomodate the county.

This looks like a victory for the campaign by computer scientists against e-voting systems that don’t offer such paper records. Now we’ll see what we can do here in Mercer County, New Jersey.

UPDATE (7:30 PM): Kim Alexander at the California Voter Foundation offers a more detailed (and nuanced) description of Santa Clara County’s decision. (Thanks to Jim Tyre for the pointer.)

Another Attempted Suppression of Security Research

Researchers at Cambridge University published information on a flaw in banks’ procedures that rogue bank employees may have been using to learn the PINs from many customers’ ATM cards. It has always been easy to forge ATM cards, so knowing the PIN allows criminals to steal money easily from customers’ accounts. Now some banks are apparently trying to suppress the research.

Kuro5hin has the details.

The interesting twist here is that the banks sometimes bring legal actions against customers who they accuse of overdrawing their accounts by making excessive ATM withdrawals. The customers’ defense is often that they didn’t make the withdrawals. The banks argue that their security mechanisms prevent fraud, so if the withdrawals were made, it must have been the customers who made them. Because of this, the security of the banks’ systems and procedures are a central issue in such cases, and the availability of evidence on such issues is important to ensure that the accused customers can mount a proper defense.

"Accidental Privacy Spills"

Don’t miss James Grimmelmann’s essay of that title over at LawMeme. The essay tells the story of how an email that journalist Laurie Garrett sent to a few friends leaked out gradually onto the Internet, and reflects on the implications of this kind of leak.

Free Storage

Dan Gillmor’s Sunday column points out that hard-disk data storage now costs less than one dollar per gigabyte. Thanks to Moore’s law, the cost of storage is asymptotically approaching zero. It’s interesting to stop and think about what happens as storage becomes essentially free.

Traditionally, storing data has been expensive, so we spent time sorting through our stored data to see what we could discard. We only kept something if we really needed it.

If storage is nearly free, though, the traditional cost equation inverts – it becomes much cheaper to keep information than to worry about whether to delete it. Why go to the trouble and expense to sort through your old stuff, when instead you can just keep it forever?

If storage is free, then the only reason to delete a record is because it might embarrass you, or because it might put you in a bad legal position somehow. In such a world, the very fact that you deleted something would arouse suspicion.

The same logic applies to information that you’re not recording now. If it’s free to store information, then you might as well record it, just in case it turns out to be useful. Even if you’re not sure how it might be useful, the cheap and easy course will be to record everything. You don’t have to be a conspiracy theorist to see why it might occasionally be useful to store, say, photographs of everybody you meet, or a continuous video recording of the street outside your house.

All of this has serious implications for privacy. People will avoid excessive recording of their own activities, but the temptation to record others, just in case the recording might be useful, will be strong. If cost is no longer a barrier to surveillance by our neighbors, some new barrier has to arise. What will it be?

Another Palladium Article

The Chronicle of Higher Education offers a disappointing article on Microsoft’s Palladium. Like many Palladium articles, this one seems to look for conflict and disagreement rather than an explanation of what is really at stake.

We hear about fair use, which in my view is not the main problem posed by Palladium. And we hear that Palladium will “[deter] 98 to 99 percent of all hackers,” which can’t be right – even Microsoft marketing people don’t make such extravagant claims.

For what it’s worth, I get the lead quote: “If Palladium is adopted, and if other technology vendors exploit it fully to restrict access to copyrighted works, education and research will suffer.” When I said this, I was trying to make the point that the main harms that might arise from Palladium would come not from Microsoft but from what other vendors might do with Palladium’s features. But the article spins it as an anti-Microsoft comment.

This is good motivation to spend more time working on that “Understanding Palladium” article….