July 29, 2016

Andrew Appel

avatar

Internet Voting? Really?

Recently I gave a TEDx talk—I spoke at the local Princeton University TEDx event.  My topic was voting: America’s voting systems in the 19th and 20th century, and should we vote using the Internet?  You can see the talk here:

 

Internet Voting? Really?

 

avatar

Internet Voting, Utah GOP Primary Election

Utah’s Republican presidential primary was conducted today by Internet.  If you have your voter-registration PIN, or even if you don’t, visit https://ivotingcenter.gop and you will learn something about Internet voting!

avatar

Apple/FBI: Freedom of speech vs. compulsion to sign

This week I signed the Electronic Frontier Foundation’s amicus (friend-of-the-court) brief in the Apple/FBI  iPhone-unlocking lawsuit.  Many prominent computer scientists and cryptographers signed: Josh Aas, Hal Abelson, Judy Anderson, Andrew Appel, Tom Ball (the Google one, not the Microsoft one), Boaz Barak, Brian Behlendorf, Rich Belgard, Dan Bernstein, Matt Bishop, Josh Bloch, Fred Brooks, Mark Davis, Jeff Dean, Peter Deutsch, David Dill, Les Earnest, Brendan Eich, David Farber, Joan Feigenbaum, Michael Fischer, Bryan Ford, Matt Franklin, Matt Green, Alex Halderman, Martin Hellman, Nadia Heninger, Miguel de Icaza, Tanja Lange, Ed Lazowska, George Ledin, Patrick McDaniel, David Patterson, Vern Paxson, Thomas Ristenpart, Ron Rivest, Phillip Rogaway, Greg Rose, Guido van Rossum, Tom Shrimpton, Barbara Simons, Gene Spafford, Dan Wallach, Nickolai Zeldovich, Yan Zhu, Phil Zimmerman. (See also the EFF’s blog post.)

The technical and legal argument is based on the First Amendment: (1) Computer programs are a form of speech; (2) the Government cannot compel you to “say” something any more than it can prohibit you from expressing something.  Also, (3) digital signatures are a form of signature; (4) the government cannot compel or coerce you to sign a statement that you don’t believe, a statement that is inconsistent with your values.  Each of these four statements has ample precedent in Federal law.  Combined together, (1) and (2) mean that Apple cannot be compelled to write a specific computer program.  (3) and (4) mean that even if the FBI wrote the program (instead of forcing Apple to write it), Apple could not be compelled to sign it with its secret signing key.  The brief argues,

By compelling Apple to write and then digitally sign new code, the Order forces Apple to first write a message to the government’s specifications, and then adopt, verify and endorse that message as its own, despite its strong disagreement with that message. The Court’s Order is thus akin to the government dictating a letter endorsing its preferred position and forcing Apple to transcribe it and sign its unique and forgery-proof name at the bottom.

[Read more…]

avatar

Freedom to Tinker on the Radio

Today on the Canadian Broadcasting Corporation’s CBC Radio show, “The Current”, a 20-minute segment about the freedom to tinker:

“Arrested, for tinkering.  Young Ahmed Mohamed likes to take things apart, cross wires, experiment… and put things back together again. It’s the kind of hobby that once led to companies like…say, Apple and Microsoft. But is a security-centric culture interfering with the freedom to tinker?”

Radio host Piya Chattopadhyay interviews three panelists:

  • Lindy Wilkins, community technologist and the co-founder of Make Friends, a monthly meet-up of makers and community organizers in Toronto,
  • Alexandra Samuel, independent technology researcher in Vancouver who is working on a book about Tinkering and education for kids,
  • Andrew Appel, Professor of Computer Science at Princeton University and blogger at Freedom-to-Tinker.

When I was Ahmed’s age, back in 1973, I read this really cool article in Scientific American’s Amateur Scientist column, about how to use TTL integrated circuit components to make, for example, a clock.  So I went to Radio Shack to buy the parts, I learned how to use a soldering iron, and I built a clock.

Didn’t get arrested.  Was that because I was white, because I went to a school where the teachers had some sense, because it was before 9/11 and mass school shootings, or all of the above?

avatar

A clear line between offense and defense

The New York Times, in an editorial today entitled “Arms Control for a Cyberage“, writes,

The problem is that unlike conventional weapons, with cyberweapons “there’s no clear line between offense and defense,” as President Obama noted this month in an interview with Re/code, a technology news publication. Defense in cyberwarfare consists of pre-emptively locating the enemy’s weakness, which means getting into its networks.

This is simply wrong.
[Read more…]

avatar

Ed Felten elected to National Academy

The National Academy of Engineering announced today that Edward W. Felten, professor of computer science and public affairs, and director, Center for Information Technology Policy, Princeton University, Princeton, N.J., has been elected to the National Academy “For contributions to security of computer systems, and for impact on public policy.”

From the NAE’s announcement:

Election to the National Academy of Engineering is among the highest professional distinctions accorded to an engineer.  Academymembership honors those who have made outstanding contributions to “engineering research, practice, or education, including, where appropriate, significant contributions to the engineering literature,” and to the “pioneering of new and developing fields of technology, making major advancements in traditional fields of engineering, or developing/implementing innovative approaches to engineering education.”

avatar

Oral arguments in NJ voting-machines lawsuit appeal

The appellate hearing (oral argument) of the New Jersey voting-machines lawsuit (Gusciora v. Christie) has been rescheduled to March 5, 2013 in Trenton, NJ.

To learn what this is all about, and why you should attend, click here.

To recheck the location, time of day, and date of the hearing before you go down to Trenton, check this very post for updates.

Note new time!

Time:  10:00 a.m. 11:30 a.m., March 5, 2013  (but arrive significantly earlier, because it takes some time to get through security).

Place:  8th Floor, N. Wing, Hughes Justice Complex, Trenton, NJ.   Specifically,  Part E: Judges Messano, Ostrer and Lihotz.

Transportation:  If anyone from the Princeton area is interested in carpooling, send me mail.

avatar

Voting machine lawsuit, oral arguments, venue change

For those who were considering attending the oral arguments December 4th of the appeal of the Gusciora lawsuit about New Jersey’s voting machines–which I encourage you to do–the location has been changed from Jersey City to Trenton.

Location: 8th Floor, N. Wing, Hughes Justice Complex, Trenton, NJ.

Date/time: December 4th, 2012, 10:00 a.m.

Postponed until a date yet to be determined [note added 11/29/12].

avatar

NJ Lt. Governor invites voters to submit invalid ballots

On November 3rd, the Lieutenant Governor of New Jersey issued a directive, well covered in the media, permitting storm-displaced New Jersey voters to vote by e-mail.  The voter is to call or e-mail the county clerk to request an absentee ballot by e-mail or fax, then the voter returns the ballot by e-mail or fax:

“The voter must transmit the signed waiver of secrecy along with the voted ballot by fax or e-mail for receipt by the applicable county board of election no later than November 6, 2012 at 8 p.m.”

We see already one problem:  The loss of the secret ballot.  At many times in the 20th century, NJ political machines put such intense pressure on voters that the secret ballot was an important protection.  In 2012 it’s in the news that some corporations are pressuring their employees to vote in certain ways.  The secret ballot is still critical to the functioning of democracy.

But there’s a much bigger problem with the Lt. Gov. Kim Guadagno’s directive:  If voters and county clerks follow her instructions, their votes will be invalid.
[Read more…]

avatar

Oral Arguments 12/4 in NJ Voting-Machine Lawsuit

Note new date and time!

This election day, New Jersey voters will vote–if electricity is restored and if they can get to the polls after the hurricane–on a model of voting machine that I have personally demonstrated how to hack.  My hack is simple: prepare fraudulent vote-stealing software on a memory chip, make thousands of copies of the chip, and install the fraudulent chip on as many actual voting machines as possible before an election.

What I demonstrated for the NJ trial court in 2009 was how the fraudulent software moves votes from one candidate’s tally to the other, and how to install the memory chip into the voting machine.  In the courtroom I removed and replaced the supposedly tamper-evident seals, without leaving evidence of tampering.  In real life, voting machines are left unattended and unguarded at polling sites (schools, churches, firehouses) for days before each election.  Anyone can master the simple tool (razor blades) for peeling away the adhesive seals, and the simple tool (screwdriver) for installing the fraudulent chip.
[Read more…]