Benlog

Thoughts on Technology & People

  • Old Man Sarkozy

    Sarkozy, France’s new President, was hailed, upon arriving into Le Palais de L’Elysee (the French White House), as the first French President born after World War II, the one who would bring a sense of youth and innovation back into French Politics. Because I think France can use a bit of a shift away from…

  • 10 Years

    I read Richard Stallman’s The Right to Read in 1997, when I was an undergrad at MIT. If you haven’t read it, go read it, now. It’s classic Stallman: clear, crisp, and chilling. At the time, I thought “okay, I’m a free software developer, and Richard is brilliant, but this seems a bit over the…

  • Privacy Quote of the Day

    Facebook just launched a targeted advertising platform. Suddenly, all that data you entered about yourself will be used to target advertising to you. Were you expecting it? This is worse than Gmail, because when gmail launched, they told you upfront that they were using your mail content to target ads. You could make the conscious…

  • Web Cookies Explained

    The StopBadware Project and the Berkman Center (disclaimer: I’m affiliated with both) just announced the winner of the “Cookie Crumbles” video contest to help explain web cookies to the world: Clayton Miller. Here’s his video: It is 99% correct, and for a 1.5 minute film, that’s quite impressive. Good video to share with friends and…

  • BeamAuth at Computer and Communications Security 2007

    I presented BeamAuth at CCS 2007 near Washington, DC, last week. I’ve posted the slides, and I’m trying out Slideshare so you can quickly check it out. Feedback is always welcome!

  • Open(Social) Will Win ; and now Privacy?

    If you’re hooked into the social networking world, you know about Facebook and the Facebook platform, which lets developers create all sorts of applications that make use of your Facebook social network in interesting ways. Flixster, for example, lets you share and compare your movie tastes with your existing Facebook friends. No need to reconnect…

  • Bullet-Proofing the Front Door and Leaving the Back Door Open

    Vote By Mail in California While we’re struggling to secure voting machines, a number of States are deploying “Vote By Mail Permanently!” Here’s a picture on a bus in the San Francisco Bay Area. What a nightmare. I suspect that, for some election officials, the appeal of vote-by-mail is a bit like a magnified version…

  • The State of Badware

    I’m an advisor to Harvard Law’s Berkman Center, where I work specifically with StopBadware, a group of talented folks who are helping to identify and report on software that does bad stuff to your computer. Malware, spyware, adware, badware, whatever you want to call it, the issue is control and notice: do you control your…

  • Of Park Benches, Cardboard Boxes, Armored Cars and Voting

    The Swiss have implemented quantum cryptography to transfer votes to a central tallying authority. This is pretty cool, and I applaud the Swiss for trying new technologies to improve election security. However, marketing this as “unbreakable encryption” is troubling. I can’t help but see this as a version of Gene Spafford’s warning writ large: SSL…

  • Security Theater and Transparency

    [With apologies to my grandmothers, some of the most insightful people I’ve known.] When you want to build a publicly accountable secure system, must you build to the lowest common denominator? The key example is, of course, voting. It’s clear that you have to build the user interface to the lowest common denominator: given minimal…

  • The Password Anti-Pattern and the Login Redirection Anti-Pattern

    A few weeks ago, I wrote about about how web sites that manage your data should be more open in order to better protect you. Not so surprisingly, I’m not the only one thinking about this issue. Jeremy Keith has a fantastic detailed write-up regarding what he calls the “password anti-pattern.” It gets at the…

  • Support Creative Commons

    Creative Commons is an organization that helps individuals share and remix their songs, videos, writings, etc. under appropriate licenses. Need a picture for a blog posting? Search Flickr, Google, Yahoo, all of which now have Creative Commons search options. With a CC license, you know ahead of time which rights you have. Don’t forget to…

  • Health Records and Me

    This summer, I joined the faculty at Children’s Hospital Informatics Program. My work is focused on security and privacy of health data. One of the projects I’m contributing to was just announced in the press: Dossia was established by major U.S. employers Applied Materials, BP America Inc., Cardinal Health, Intel Corporation, Pitney Bowes Inc. and…

  • Protecting Data by Being More Open

    In the last few weeks, friends of mine — savvy friends of mine — have been hit by sites that ask for your gmail, yahoo, or hotmail password just so they can “check to see if your friends are using the site!” Quechup, the so-called “social network that’s sweeping the globe” is accomplishing that grand…

  • Lies, Damn Lies, and Statistics

    The “surge” is working. That is, if you count the number of deaths in the “right” way: a body found with a gunshot to the front of the head is classified as an ordinary crime, while a body with a gunshot to the back of the head is attributed to sectarian violence. Bill Maher mentioned…

  • DRM is about control more than anti-piracy

    I’m a big fan of Apple. However, they just announced a new offering that, although small in scope, seems to be a big departure from their usual approach, and it worries me. They announced that, for an extra 99 cents, you can take a song and turn it into a ringtone for the Apple iPhone.…

  • The Insanity of Phone Authentication “Security Processes”

    For the second time in a month, a vendor says to me, on the phone: I’m sorry, sir, but that account is under your wife’s name, and only she can cancel the account. What was particularly annoying about this call (with Verizon, oh how much I loathe them), is that my wife had granted me…

  • Windows Genuine Advantage: Guilty until Proven Innocent

    In cryptographic protocols, we talk about “the adversary”, this entity that’s trying to screw up the security goals of your protocol. Applied security folks also talk about adversaries, though they talk more often about “threats” and “threat models.” In any case, there’s some dark, shadowy, evil figure fighting against you. In a well architectured system,…

  • Crime and Useful Punishment

    My wife and I were discussing Michael Vick, the Atlanta Falcons Quarterback who is admitting he set up dog fights and killed some dogs by drowning and hanging. The people defending Vick are a bit out of line, in my opinion, especially those claiming that “dogfighting is just a sport.” Uhuh, right. The guy committed…

  • Are you Kidding Me?

    Republicans in California are trying to split the electoral votes proportionally in time for the 2008 elections. They say it’s “more fair.” Are you kidding me? Seriously? Is this the level of lying that we’re dealing with now? Obviously, it’s only fair if all states do this. If only “blue states” do this, or if…

  • Electronic Voting Technology, 2007

    I’m at EVT 2007, the USENIX/ACCURATE workshop on voting technology. I had to miss the first session because I flew in on the red-eye, so I missed three talks that described attacks on Nedap, Diebold, and Hart. I hear they were quite interesting. Design I The second session (the first I attended), started with Rice…

  • Paths of Causality

    It turns out, there is a gene that predisposes to left-handedness. Fascinating stuff. But this is the kind of article where you wish you could ask more questions: Australian research published last year found left-handed people can think quicker when carrying out tasks such as playing computer games or playing sport. interesting! And French researchers…

  • Way to Go, Secretary Bowen.

    In 2004, I appeared on a panel at Harvard alongside Debra Bowen, who was then a California State Senator. I found her to be extremely sharp, and particularly insightful about voting issues at a time when most of the public debate was thoroughly confused (it’s gotten a little bit better since). Ms. Bowen has since…

  • The Web is the Platform, Part 2

    So the iPhone is selling like crazy and web 2.0 developers are jumping on the bandwagon with iphone hacking sessions, an IRC channel, a mailing list, and some really neat tricks to squeeze unexpected features out of the Safari web browser. Apple has set up developer tech talks to fuel the movement. There’s also a…

  • The Three Laws of Computer Ethics

    Julie Amero is a substitute teacher who faces the possibility of jail time because the classroom computer displayed pornographic popups to teenage kids. Though she tried to stop it, she was somehow blamed by an incompetent and overreaching school administration. Thankfully, she recently obtained a new trial. I hope this one is a bit less…

  • The Apple Effect

    On June 29th, the day the iPhone launched, I posted the following to a private mailing list: I suspect there’ll also be an ipod/DRM effect. Once the ipod got super hot, you had folks demanding that Apple “make it compatible with other music stores.” What a riot it was to see even the ex-head of…

  • What Happens Before You Mail It?

    The No-Vote-By-Mail blog cites me again, and in so doing points me to a a note by King County in Washington about how they are ensuring that vote-by-mail preserves ballot secrecy. Okay, let’s say I believe everything they say. The ballot is double-enveloped, there are no traces of who the voter is on the ballot,…

  • Making Sure You’re Human

    I’ve had a bit too much weird spam lately, so I’ve added a CAPTCHA system where, if you want to post a comment, you have to recognize and type in two deformed words to prove you’re not a robot. I found this specific system, reCAPTCHA on Lessig’s Blog. Here’s how they describe themselves: reCAPTCHA asks…

  • Facebook Platform: bad login practices, OpenID doesn’t work

    Facebook launched a platform that lets third-party developers add Facebook applications. This is visionary, and it’s very very cool (though I’m not sure it’s the revolution everyone is talking about.) The problem, of course, is authentication. Take a look at the Zoho Facebook application. Zoho is a separate company. They have their own accounts. So…

  • Advertising = Democracy?

    A few days ago, the Google Healthcare blog carried an entry that criticized Michael Moore’s latest film, Sicko, for not providing a balanced view of the health care world. The reaction in the blogosphere was clearly negative, with folks wondering if Google was shilling for pharmaceutical companies. I haven’t seen the movie, so I won’t…