April 16, 2014

avatar

Which States have the Highest Risk of an E-Voting Meltdown?

This post is joint work by Joshua Kroll, Ian Davey, Alex Halderman, and Ed Felten.

Computer scientists, including us, have long been skeptical of electronic voting systems. E-voting systems are computers, with all of the attendant problems. If something goes wrong, can the problem be detected? Can it be fixed? Some e-voting systems are much riskier than others.

As the 2012 Presidential election approaches, we decided to evaluate the risk of a “meltdown scenario” in which problems with electronic voting equipment cause a state to cast the deciding electoral college vote that would flip the election winner from one candidate to the other. We’re interested in the risk of these technological problems, weighted by the relative voting power of each voter. So for example, here in New Jersey we use direct-recording electronic voting machines that have been found by a court to be inadequate, but with Obama polling at +14% it’s not likely that a snafu with these machines could change the entire state’s outcome. But in swing states that poll closer to even, like Virginia (where your voting machines can be modified to play Pac-Man), an electronic voting mix-up could have a much bigger impact. So, which states have the greatest risk of an e-voting meltdown affecting the result of the 2012 Presidential election?

[Read more...]

avatar

Goodbye, Stanford. Hello, Princeton!

[Editor's note: The Center for Information Technology Policy (CITP) is delighted to welcome Arvind Narayanan as an Assistant Professor in Computer Science, and an affiliated faculty member in CITP. Narayanan is a leading researcher in digital privacy, data anonymization, and technology policy. His work has been widely published, and includes a paper with CITP co-authors Ed Felten and Joseph Calandrino. In addition to his core technical research, Professor Narayanan will be engaged in active public policy topics through projects such as DoNotTrack.us, and is sought as an expert in the increasingly complex domain of privacy and technology. He was recently profiled on Wired.com as the "World's Most Wired Computer Scientist."]

I’ve had a wonderful first month at Princeton as an assistant professor in Computer Science and CITP. Let me take a quick moment to introduce myself.

I’m a computer scientist by training; I study information privacy and security, and in the last few years have developed a strong side-interest in tech policy. I did my Ph.D. at UT Austin and more recently I was a post-doctoral researcher at Stanford and a Junior Affiliate Fellow at the Stanford Law School Center for Internet and Society.

[Read more...]

avatar

Is Spotify the Celestial Jukebox for Music?

In 1994, law professor Paul Goldstein popularized the term “celestial jukebox” to refer to his vision of a networked database of consumable on-demand media. In the face of copyright law that was ill-suited to the rapid rate of technological change, he described a system in which consumers would pay-per-play rather than purchasing and owning individual works. In his book Copyright’s Highway, he predicted that, “the pace of technological development is so fast and the forces of market demand so strong that the celestial jukebox, however configured, will be in place sometime early in the twenty-first century.”

The explosion of broadband and mobile internet access has made that viable, and countless startups have taken a stab at implementing the vision. One of the biggest challenges for these companies has been compiling a library of licensed works that is comprehensive enough to attract a critical mass of users. In the music market, the pay-per-play model has generally given way to monthly subscription or ad-based models. I’ve been a casual user of Last.fm and Pandora, but my listening habits haven’t been fundamentally altered. That changed last week when I finally decided to try Spotify. Spotify may be the first real contender for a mainstream “celestial jukebox” of music. But is that a good thing?

[Read more...]

avatar

Accountable Algorithms: An Example

I wrote yesterday about accountable algorithms. When I say that a public algorithm is “accountable” I mean that the output produced by a particular execution of the algorithm can be verified as correct after the fact by a skeptical member of the public. Today I want to work through an example.
[Read more...]

avatar

Accountable Algorithms

Ethan Zuckerman had an interesting reaction to his first experience with the TSA Pre-Check program, which lets frequent flyers go through a much shorter and less elaborate procedure at airport security checkpoints. Ethan’s concerns about unfairness are worth pondering, but I want to focus here on his call for more openness about the algorithm that selects people for enhanced search.

Public processes often involve algorithms, and the public has an interest in the openness of these processes. Today I want to expand on what we mean when we talk about this kind of openness. In my next post, I’ll work through a specific example, taken from airport security, and show how we can improve the public accountability of that algorithm.
[Read more...]

avatar

Privacy Threat Model for Mobile

Evaluating privacy vulnerabilities in the mobile space can be a difficult and ad hoc process for developers, publishers, regulators, and researchers. This is due, in significant part, to the absence of a well-developed and widely accepted privacy threat model. With 1 million UDIDs posted on the Internet this past week, there is an urgent need for such a model to identify privacy vulnerabilities, assess compliance, scope potential solutions, and drive disclosure. This is not to say that there aren’t a number of excellent resources that provide lists of normative best practices for mobile app development. Several such resources come readily to mind: the EFF’s Mobile Bill of Rights, Future of Privacy Forum’s Best Practices for Mobile App Developers, and Via Forensics’ 42 Best Practices.
[Read more...]

avatar

On the Harvard “Cheating” Scandal

The news that Harvard is investigating more than 100 students on charges of unauthorized collaboration on a take-home exam has, predictably, led many commentators to chime in. No matter who you are, a story like this is likely to trigger one of your hot buttons, whether it’s the declining moral standards of kids these days, the moral core of elite educational institutions, the inherent injustice of top-down rulemaking, or whatever. Not to mention that the course was “Introduction to Congress.” [Read more...]