May 18, 2024

Posts Comments

Rebecca Mercuri on the Florida Voting Fiasco

September 13, 2002 by

Rebecca Mercuri writes, in the RISKS Forum:

Well, Florida’s done it again.

Tuesday’s Florida primary election marked its first large-scale roll-out of tens of thousands of brand-new voting machines that were promised to resolve the problems of the 2000 Presidential election. Instead, from the very moment the polls were supposed to open, problems emerged throughout the state, especially in counties that had spent millions of dollars to purchase touchscreen electronic balloting devices.

Mercuri goes on to discuss the problems in detail. She is perhaps the leading independent expert on voting technology, and is well worth reading if you’re interested in that topic.

Voting poses a particularly difficult information security problem, because so much is at stake, and because the requirements are so difficult. (For example, the secret ballot is a particularly troublesome requirement.) My sense is that we are still far from having an all-electronic system that deserves our trust.

[Link credit: Dan Gillmor]

Filed Under: Privacy & Security Tagged With:

Lessig, DRM, and Palladium

September 13, 2002 by

As I noted yesterday, Lessig’s Red Herring piece on Palladium has generated a lot of interesting talk among techno-law-bloggers. (See e.g. Copyfight, Ernie the Attorney, Lessig, and Frank Field.)

This is all interesting, but it’s very speculative. As Bruce Schneier points out, in the best technical perspective on Palladium I’ve seen, we really know very little about how Palladium will actually work. When it comes to security, the devil is in the details; and we know only the barest outline of how Palladium will work.

Even if we did know the technical details of Palladium, it is far from obvious what effect it would have on the everyday practice of computing. My own view is that Palladium will make less difference than people expect. It won’t do much to prevent viruses and network attacks, since it doesn’t address the vulnerabilities that those attacks usually exploit.

More to the point, even if we assume that Palladium is totally bulletproof, I doubt that it will enable the kind of pervasive DRM that some people seem to want – at least, it won’t do so without making the PC essentially useless for ordinary computing tasks. (I plan to elaborate on this argument in a future posting.) A pervasive-DRM “computer” will be more like a CD player than like a computer.

Real computers are so useful that people will insist on having them, and the market will continue to provide them. Most likely it will provide them by pressuring software vendors into not using any draconian features of Palladium.

Filed Under: Uncategorized Tagged With:

Lessig on Microsoft and DRM

September 12, 2002 by

Larry Lessig has a provocative piece in Red Herring on Microsoft’s plans regarding DRM and Palladium. Lessig says that Palladium is not as bad as some people say, and that Palladium may in fact benefit consumers (at least compared to the alternatives).

This piece has provoked some really interesting discussion over on Copyfight, Ernie the Attorney (read the comments on Ernie’s site too), and Lessig’s blog.

There is enough material here for a dozen postings. Unfortunately I don’t have time to write any of them today. Tune in tomorrow.

Filed Under: Uncategorized Tagged With: ,

China Stops Blocking Google

September 12, 2002 by

AP reports that China is no longer blocking Google. (Ben Edelman’s site at Harvard confirms this.)

Filed Under: Uncategorized Tagged With:

Reed: LaGrande Another 432?

September 11, 2002 by

David Reed has an interesting perspective on Intel’s LaGrande proposal.

Reed likens LaGrande to the Intel 432 processor. Few non-techies have heard of the 432, but in the processor-design community the 432 is a legendary failure. As Reed says, the 432 was “Intel’s attempt to create an ‘object oriented’ processor that would embed all the great ideas of object oriented computing in a revolutionary new architecture.”

The 432 died because it tried to build into hardware ideas that were still under development. Of all the parts of a computer system, the hardware is the most expensive to change, and the most difficult. It follows that you only want to put a particular function in hardware if you know that that function is necessary, and you know exactly how to do it. Because if you decide a year later that you want to do it differently, you’re out of luck. Hardware is much harder to change than software.

The Japanese “Fifth Generation” project from the 80’s is another example of a disaster caused by committing too early to a speculative design approach. Fifth Generation was going to reorganize the computing world around logic-based programming. This seemed like a good idea at first, but when it became evident that the right answer lay elsewhere, it was too late to reorient the project.

Reed has a good point, but I think he goes too far. The 432 and the Fifth Generation were both radical departures from existing practice; they wanted to tear up and redesign the whole processor. LaGrande seems much less ambitious. But Reed is right on target in saying that building security features into processor hardware is a risky engineering decision.

Filed Under: Uncategorized Tagged With: ,