Research and commentary on digital technologies in public life
Several writers on Slashdot and in blogland have applauded IEEE’s new position on the Digital Millennium Copyright Act. (IEEE is a professional society for electrical engineers.)
It’s good to see that IEEE is finally waking up to this issue. Other professional societies, including ACM and CRA, have been on top of it for a long time; but we can use all the help we can get.
Let’s see if IEEE backs off from the rest of its expansionist approach to intellectual property policy.
Many computer scientists (including me) have endorsed a statement opposing the use of electronic voting machines that don’t provide a voter-verifiable audit trail.
What this means is that the voter should get some concrete indication, other than just a message on a computer screen, that his or her vote has been recorded correctly. There are many ways to do this. For example, a computerized voting system might offer a convenient user interface for selecting candidates, and then print out a paper ballot that the voter can inspect and drop into a ballot box. The paper ballots then provide an auditable record of the votes that were cast.
The alternative strategy, of building a voting machine as a sealed electronic “black box,” is risky. Without an independent check on the workings of the technology, there is no practical way to ensure that the technology is functioning correctly. Misrecording of votes, whether due to malice or to a technological snafu, is too difficult to detect without an auditable record.
Unfortunately, many localities are moving ahead with purchases of the risky voting machines. Computer scientists have mobilized to try to stop this in several places, most recently in the heart of silicon valley, Santa Clara County, California.
It is tempting, in light of the imprecision and rancor we saw in Florida’s 2000 election, to look to technology to make voting processes error-free. If we knew how to make highly trustworthy technology, a closed, high-tech system might be the answer. But we don’t know how to do that – we’re not even close. Some e-voting vendors won’t even let the public know how their technology works, claiming that their design is proprietary and public scrutiny isn’t needed.
All the black box voting systems can provide today is the illusion of certainty, and that’s not enough. Every voting technology will make errors. I would much prefer a system whose errors and drawbacks are out in the open for all to see.
===
If you’re a computer scientist, you can endorse the statement here. Thanks to Stanford professor David Dill for orchestrating this effort.
A new anti-terrorism bill criminalizes some uses of encryption:
Sec. 2801. Unlawful use of encryption
(a) Any person who, during the commission of a felony under Federal law, knowingly and willfully encrypts any incriminating communication or information relating to that felony –
(1) in the case of a first offense under this section, shall be imprisoned not more than 5 years, fined under this title, or both; and (2) in the case of a second or subsequent offense under this section, shall be imprisoned not more than 10 years, fined under this title, or both.
(b) The terms ‘encrypt’ and ‘encryption’ refer to the scrambling (and descrambling) of wire communications, electronic communications, or electronically stored information, using mathematical formulas or algorithms in order to preserve the confidentiality, integrity, or authenticity of, and prevent unauthorized recipients from accessing or altering, such communications or information.
Declan McCullagh at news.com is alarmed, but Orin Kerr at The Volokh Conspiracy says this provision is “all bark and no bite.”
As far as I know, nobody has remarked on a strange aspect of the proposal: it criminalizes all forms of encryption, even those that do not conceal information. Encryption is used to conceal information, but it is also used to ensure the integrity or authenticity of information by providing a way to detect tampering with information. So if I send you an email message, I can use crypto to keep the message secret from eavesdroppers, or to give you a way to verify that the message really came from me, or both. The proposal would criminalize all of these possibilities – note the definition of “encryption” as including data scrambling “”to preserve the confidentiality, integrity, or authenticity of, and prevent unauthorized recipients from accessing or altering … information.”
I can understand the public policy argument for criminalizing the use of crypto to conceal evidence of a crime. (There are also strong public policy arguments against doing this, but that’s another topic.) But where is the public policy argument for criminalizing other uses of crypto? If a criminal puts his digital signature on an incriminating message, or if he uses crypto to ensure the integrity of his incriminating records, where’s the harm?
The Computer and Communications Industry Association, a trade group, has filed a lengthy antitrust complaint against Microsoft with European authorities. The complaint centers on allegedly anticompetitive aspects of Windows XP. Here is an AP story; here is CCIA’s summary of the complaint.
According to CCIA, they are accusing Microsoft of:
Bundling multiple Microsoft products with the Windows [XP] operating system;
Biasing the user interface and operation of Windows XP and the products bundled with Windows to advantage Microsoft’s own software and services;
Imposing Microsoft proprietary technologies, protocols, and formats;
Employing abusive licensing and other exclusionary practices vis-a-vis PC OEMs to foreclose the PC OEM distribution channel to competing products; and
Refusing to disclose the document formats for the programs in Microsoft’s Office suite of personal productivity applications.
Brian McWilliams, who perpetrated the terrorist website hoax I wrote about yesterday, has now posted his response, including a quasi-apology.
[Link credit: Politech]
