Voter Databases Must Be Secured, Report Says
CNet (02/17/06) McCullagh, Declan
States are scrambling to comply with federal requirements that voter
records be stored in central databases, but a 60-page report ACM released
on Thursday warns that the databases could be vulnerable to fraud, and that
states must do more to shore up security, reliability, and privacy.
"Nobody's done this kind of analysis," says former ACM President Barbara
Simons. "We're not out to criticize anyone. We're out to try to provide
information." Simons, co-chair of the ACM Committee on Guidelines for
Implementation of Voter Registration Databases, notes the committee's
report highlights numerous security applications familiar to computer
scientists, but likely unknown to many election officials. In accordance
with the Help America Vote Act, which requires election officials to create
statewide voter registration databases, 28 states have hired outside
contractors to provide their election databases, and 21 have opted to
develop their own. While requiring "adequate technological security," the
legislation does not require encryption or any other specific method.
Without sufficient security provisions, hackers could remove eligible
voters or insert fraudulent names into the database. ACM is also concerned
about privacy, noting that many states allow the sale of voter registration
databases for both political and commercial purposes. The National
Association of Secretaries of State reports that just 24 states had been
expected to comply with the federal deadline of Jan. 1, 2006, though most
of the rest will likely have created their databases by the fall elections.
The complete ACM report, entitled Statewide Databases of Registered Voters:
A Study Of Accuracy, Privacy, Usability, Security, and Reliability Issues,
is available at
http://www.acm.org/usacm/VRD/
Click Here to View Full Article
to the top
Outsourcing Is Climbing Skills Ladder
New York Times (02/16/06) P. C1; Lohr, Steve
The National Academies are expected to present a report finding that an
increasing number of corporations are outsourcing basic research to
countries with surging economies and solid education systems, such as India
and China. Polling 200 international companies, the survey found that 38
percent expect to implement significant changes in the global distribution
of research and development. While labor costs and tax structures have
some influence on the decision to outsource, most companies report that it
is more out of the desire to draw from the best talent in the world and
form partnerships with universities in developing markets. Study author
and Georgia Tech management professor Marie Thursby said that the results
of the study are clear. "You have to have an environment that fosters the
development of a high-quality workforce and productive collaboration
between corporations and universities if America wants to maintain a
competitive advantage in research and development." Many technology
executives agree with IBM's Nicholas Donofrio that technology companies
will go wherever the talent is. While domestic stagnation is not an
automatic result of outsourcing, more companies intend to cut their
research and development workforce in the United States and Europe than
plan to raise employment. With research and development occupying a small
portion of most companies' budgets, the number of jobs affected by this
trend is not huge, though executives warn that it is a symptom of the
larger problem of an educational system in decline. Also picking up on
this trend have been university administrators, such as A. Richard Newton,
dean of the college of engineering at the University of California,
Berkeley. Newton is trying to forge partnerships with foreign universities
that result in the establishment of satellite schools connected with
Berkeley, making it "the intellectual hub of the planet."
Click Here to View Full Article
- Web Link May Require Free Registration
to the top
Questions Still Abound Over GPL 3
eWeek (02/15/06) Galli, Peter
This week's Open Source Business Conference in San Francisco saw continued
debate about the GPL 3 draft concerning its treatment of DRM, licensing
requirements, and the openness of source code. At a panel session
discussing the license, questions arose about whether patent rights move
downstream for companies engaged in cross-licensing agreements, as Intel's
McCoy Smith noted that GPL 2 is unclear about patent licenses and rights.
The Software Freedom Center's Richard Fontana notes that in addition to
spelling out the interpretations that the Free Software Foundation (FSF)
has made about GPL 2, the update also addresses issues that were not around
when the license was last updated in 1991, such as DRM. The update also
takes a closer look at software patents, formalizing the patent grant
implications of GPL 2. On the subject of source code requirements, Fontana
argues that Linux head Linus Torvalds has been off base in his criticism,
owing largely to his philosophical differences with the FSF. Torvalds
opposes the provision that requires disclosure of private keys, an issue
which Fontana says is a matter for the legislators. While Fontana says the
definition of a derivative work has not changed, there is still uncertainty
as to whether or not two linked works constitute a derivative and if the
source code must be disclosed. Questions also remain about the
compatibility of GPL 3 with other licenses, such as the Eclipse Public
License (EPL). The Eclipse Foundation's Mike Milinkovich is hoping that
version 3 of the Lesser GPL will prove compatible with the EPL.
Compatibility would "dramatically improve the status quo in our view.
Unfortunately, only time will tell if this will come to pass, as the
revision process for the LGPL has not even started yet," he said.
Click Here to View Full Article
to the top
Plan for EU Technology Body 'Is Wasteful'
Financial Times (02/16/06) P. 3; Boone, Jon
Oxford Chancellor Lord Patten criticized the European Commission's
proposal for a European Institute for Technology (EIT) as wasteful,
claiming that it would draw scarce funding away from existing universities
already operating under constrained budgets. Lord Patten argued instead
that the commission should divert the funds to established institutions to
give them a better chance of competing with MIT. Attributing the budget
shortage to a spike in agricultural spending, Lord Patten said that it is
unlikely that the European Research Council (ERC) will have adequate
funding if the proposed institution is created. The popularity of the ERC
among European universities for its efforts to bolster high-end research
has fueled the skepticism with which many academics view the commission's
proposal. "What we actually need to see is more funding, with the
allocation determined by academic researchers of the high quality work
which is already being done in many fine European universities with
completely inadequate levels of present support," Lord Patten said, echoing
the sentiments of many other European university leaders, as well as the
research advisors to the commission itself. Institute proponents argue
that the EIT will help forge a partnership between academia and industry,
and that it would, in fact, be compatible with the ERC in a combined effort
to boost research and innovation in Europe.
Click Here to View Full Article
- Web Link May Require Paid Subscription
to the top
Fewer Females in Computer Science
Purdue Exponent (02/15/06) Weibel, Kristin
Purdue University's computer science department has implemented a few
changes in order to attract more female students to its program. The
department has created a Recruiting Committee Task Force to combat the
popular stereotype of computer scientists being nerds with pocket
protectors and poor social skills. The university plans to sponsor visits
to high schools in Indiana to discuss the computer science program. The
task force also plans to stress how varied careers are for people who
obtain technical degrees. The department sponsors the Computer Science
Women's Network, which offers programs that allow for networking
opportunities with IT professionals, encourages female students to
participate in Women in Science Programs, and has overhauled its marketing
strategy. The changes come at a time when the number of female
undergraduate students enrolled as computer science majors at Purdue has
fallen 12 percent since the 1990-1991 school year, and Susanne Hambrusch,
head of the computer science department, says the stereotype of computer
scientists does not help. There are only four females in this year's
freshman class of 155 students. Women account for just 6 percent of
undergraduate computer science majors, says Hambrusch.
For information about ACM's Committee on Women in Computing, visit
http://www.acm.org/women
Click Here to View Full Article
- Web Link to Publication Homepage
to the top
USC Research Institute Sees Growth in Corporate
Projects
Los Angeles Times (02/16/06) Hiltzik, Michael
Herb Schorr, director of the University of Southern California's
Information Sciences Institute (ISI), sees his challenge as bridging the
gap between academic research and corporate product development. While the
ISI draws most of its nearly $70 million in funding from federal grants,
Schorr hopes to expand its budget through increased corporate funding that
could ultimately account for as much as one third of the institute's
revenue. The ISI already partners with Chevron in the development of
real-time sensors to link oil-fields with off-site controllers, and has
spawned several commercial companies through its projects, such as the
translation software venture Language Weaver. The late Keith Uncapher
founded the ISI in 1972 while working with the Rand Corporation in an
attempt to secure university funding through Defense Department grants,
which gave the institute a prominent role in the original development of
the Internet. The institute was also the home of Jonathan Postel, the
Internet pioneer who helped create the domain name system. Schorr is
targeting groups such as BBN Technologies and SRI International as
potential revenue sources, despite the trend of declining corporate funding
for basic research and development in favor of more commercial products
that yield short-term revenue increases. The ISI enjoys a loose
relationship with USC, employing 430 staff members who have minimal campus
responsibilities, though it receives no funding from the university. Given
the ISI's academic affiliation, the question remains as to how the
commercial influence will mesh culturally. "Industry fits really well with
academia," said ACM President David Patterson. "But development causes
problems with universities as it becomes more secret and proprietary. And
there's more money for development than for research."
Click Here to View Full Article
to the top
Microsoft Announces Recipient of $1Mln Academic Research
Funding
ITNews (02/17/06)
Microsoft has awarded roughly $1 million in research funding to further
its Virtual Earth application and the Trustworthy Computing curriculum to
23 recipients from around the world. After issuing a request for proposals
(RFP), Microsoft awarded $300,000 to eight recipients who will work on
Virtual Earth, and $750,000 to 15 winners who will advance the Trustworthy
Computing projects. "We invest in innovative research, collaborate with
academia and governments to advance education, cultivate next-generation IT
leaders, and partner to build knowledge economies," said Microsoft's
Sailesh Chutani, director of the External Research and Programs group
within Microsoft Research. The Virtual Earth RFP called for digital
geography research, such as computer vision, ontologies, visualization, and
map user interfaces. Virtual Earth, Microsoft's mapping and local search
application, provides consumers, companies, and independent developers with
mapping, location, and local search services. The Trustworthy Computing
RFP called for new technology pertaining to business integrity, privacy,
reliability, security, and secure software engineering. Microsoft will
also announce in the near future $1.2 million in research funding for the
winners of its Digital Inclusion RFP, which will focus on the application
of technology to health, education, and socioeconomic issues.
Click Here to View Full Article
to the top
Here Comes a Google for Coders
Wired News (02/17/06) Tweney, Dylan
While the promise of open-source software has always been to save
programmers the trouble of reinventing the wheel, the sheer volume of
available code has created a reality where very little sharing actually
takes place. To help programmers navigate the proliferation of available
code, Ken Krugler has developed Krugle, a search engine set to launch next
month to mine open-source vaults such as SourceForge. Krugle estimates
that the service will provide access to 100 million technical pages geared
toward programmers, offering a far more refined search than Google, which
mines roughly 11 billion pages. "This winds up being a window on all the
open-source code in the world," said Krugler, estimating that Krugle will
hold between 3 TB and 5 TB of code by its launch date. Unlike existing
source-code search engines, Krugle will allow programmers to annotate code
and create bookmarks to make retrieval easier. Krugle will also allow
users to parse code and to separate the repository by language. Greg
Olson, who served as an advisor to Krugler, believes that the search engine
will, for the first time, make it practical to reuse source code, noting
that tools such as Google are so cumbersome that most programmers find it
easier to write their own code. Sun's Simon Phipps sees the utility in
Krugle, though he believes that the multitude of open-source licenses could
cause problems for the search engine. Krugle will be freely available to
the public and make money through advertisements, and Krugler is planning
to release a commercial version of the search engine in 2007.
Click Here to View Full Article
to the top
Proposed Law Targets China-Tech Cooperation
CNet (02/16/06) McCullagh, Declan; Broache, Anne
Rep. Christopher Smith (R-N.J.) has authored legislation proposing severe
penalties for U.S. companies that compromise their ethical duty and product
integrity by accommodating "Internet-restricting" policies in China and
other countries. Under Smith's proposal, U.S. companies with China-based
Web sites must relocate those sites, while U.S. corporations offering
search services cannot comply with an Internet-restricting country's
request to filter their results. Furthermore, search engine companies must
provide an Office of Global Internet Freedom with a list of censored terms
"provided by any foreign official of an Internet-restricting country," and
Web sites with U.S. operations must frequently give the same office a list
of content that is deleted or blocked in response to an
Internet-restricting country's request. The bill also deems certain
exports to Internet-restricting nations unlawful through a new set of
federal regulations. Punishments for transgressions could run as high as
$2 million in fines and five years of jail time for executives, depending
on the specific prohibition that is violated, while infractions of the
relocation rule would carry a one-year prison sentence. American
businesses would be ill-served by Smith's bill, which would give companies
based in China a competitive advantage, writes Declan McCullagh. There is
also concern that the proposal is worded too broadly. Smith's bill could
be introduced in Congress as soon as this week, according to politicians at
a House hearing on Wednesday. Reporters Without Borders' Lucie Morillon
expressed hope that the focus on American companies' interaction and
compliance with Internet-censoring foreign governments will spur firms to
regulate themselves, but warned that the failure of self-regulation would
make legislation the only remaining option.
Click Here to View Full Article
to the top
Signaling New Technology for Analogue-Digital
Conversions
IST Results (02/17/06)
The IST-funded Digital Alias-free Signal Processing (DASPTOOL) project
aims to overcome the limitations in conventional digital signal processing
by utilizing the high end of the spectrum. While high frequencies have
historically created false signals through an effect known as aliasing, the
DASPTOOL project employs non-uniform sampling techniques coupled with an
understanding of the signals to be processed in order to access the whole
spectrum. Random non-uniform sampling offers data compression and wideband
operation at only a moderate increase in hardware costs. The project ended
in April 2004, with the researchers having created a model for
second-generation DASP containing an array of sampling models and their
associated simulations. "We have developed a new technology for
second-generation digital alias-free signal processing, complete with the
algorithms, the tools, the simulations, and so on," said project
coordinator Ivars Bilinkis. The project also developed new hardware
modules, a test and measurement system for quality-assurance, and new DASP
signal analyzers with the ability to handle up to 12 times the frequency
ranges as conventional techniques. The researchers implemented the
algorithms and sampling methods with either signal microprocessors or
reconfigurable logic, creating high-frequency devices that consume minimal
power, with potential uses in biomedicine, instrumentation, and data
acquisition on a broad scale. Another result of the project was a
multi-channel data acquisition method that could be used in a variety of
fields, capable of coordinating as many as 100 input signals drawn from a
variety of signal sources.
Click Here to View Full Article
to the top
Calling Cryptographers
Technology Review (02/16/06) Greene, Kate
In his keynote address at this week's RSA Conference in San Jose,
Microsoft Chairman Bill Gates outlined a holistic vision of information
security, comprising a "true ecosystem" where all members of the computing
industry work together to combat cyberattacks. Gates and other conference
speakers argued for a multilayered security approach that, while not
foolproof, would shore up hardware, software, and networks. Claiming that
password protections can be easily compromised by phishing and other
rudimentary schemes, Gates plugged Microsoft's InfoCard digital identity
system as a worthy replacement, though Gates admitted that the move away
from passwords would take at least four years to complete due to the
multitude of vendors that would have to collaborate. RSA Security CEO Art
Coviello outlined his company's community policing program, which would
address security on a global scale. RSA's system could instantly flag an
IP address associated with a fraudulent transaction and notify banks and
other relevant institutions. Sun CEO Scott McNealy spoke about the steps
that his company has made to improve security in server hardware and data
centers, describing the elliptical curve cryptography (ECC) built into
Sun's processors. The security standard, approved by the National Security
Agency, employs a smaller key than conventional cryptography applications,
making it suitable for smaller devices such as cell phones and censors. A
panel of distinguished cryptographers reiterated the call for the creation
and dissemination of new methods, as, aside from Sun's development of ECC,
the industry currently uses only the RSA, and Diffie-Hellman standards of
cryptography, leaving scant recourse in the event that one technique
fails.
Click Here to View Full Article
to the top
UC Santa Cruz Computer Scientist Fights Spam on Two
Fronts
AScribe Newswire (02/15/06)
In an effort to protect minors from email with offensive or adult content,
Utah and Michigan have implemented a "do-not-spam" registry that began as a
student project at the University of California, Santa Cruz, where
researchers have also developed a technique to combat harvesters who scour
the Internet collecting email addresses to expand their spam lists.
Emailers will be fined $1,000 in Utah and $5,000 in Michigan for each
message with adult content that they send to minors with registered email
addresses. The UCSC registry, developed under the guidance of technology
and information management research associate Arthur Keller, was licensed
to Unspam in 2003 for commercial development. Unspam collects less than
one cent per address from companies cross-referencing their mailing lists
with the registry, and splits the proceeds with the State of California.
While registry is a significant step toward online child protection, the
Free Speech Coalition has challenged the constitutionality of the Utah law
in a federal court. Despite the security concerns voiced in a Federal
Trade Commission report, Keller maintains that the registry is impervious
to hackers. Meanwhile, Keller has also helped launch Project Honey Pot,
the initiative targeting email harvesters, providing the first meaningful
enforcement of the CAN-SPAM Act of 2003. Robotic harvesting programs
continuously crawl the Internet, mining for email addresses. Project Honey
Pot distributed more than 250,000 Web sites with spam traps, containing a
disclaimer prohibiting the harvesting of the address, and capturing
information about the robot, enabling subsequent identification in the
event that the email address later receives a spam message. Keller reports
that 30 percent of the messages that Honey Pot receives involve some type
of phishing scam, while the remainder are trying to sell a product.
Click Here to View Full Article
to the top
Cellphone Could Crack RFID Tags, Says
Cryptographer
EE Times (02/14/06) Merritt, Rick
Weizmann Institute computer science professor Adi Shamir says a cell phone
could be used to compromise the most popular brand of RFID tags. The
cryptography expert recently monitored how RFID tags used power as they
were being read using a directional antenna and digital oscilloscope.
Speaking during a panel discussion at the RSA conference in San Jose,
Shamir added that one could determine whether the tag received password
bits that were correct or not. "We can see the point where the chip is
unhappy if a wrong bit is sent and consumes more power from the
environment�to write a note to RAM that it has received a bad bit and to
ignore the rest of the string," noted Shamir. The test was done on the
biggest brand of RFID tags, and it showed that the tags were not protected.
"A cell phone has all the ingredients you need to conduct an attack and
compromise all the RFID tags in the vicinity," said Shamir. He noted that
designers have cut back on security features because of the need to lower
the cost of tags to five cents each, but warned that next-generation tags
will have to shore up the security issue.
Click Here to View Full Article
- Web Link to Publication Homepage
to the top
Computing Congress Offers Role Models and Networks
Fairfax New Zealand (02/15/06) Hinze, Annika
The Computing Women Congress (CWC) is underway at Waikato University in
New Zealand, and female high school students from New Zealand and Austria
are scheduled to present projects Wednesday during a special day for
students. Through CWC, the young women have gained a better understanding
of what it is like to be a computer science student. CWC is in its second
year, organized by Waikato University in an effort to introduce young women
to professionals in academia and the information technology industry. The
event gives women an opportunity to find role models among the many
graduate students, Ph.D. candidates, lecturers, artists, programmers, and
analysts who attend the gathering. The women have an opportunity to get to
know IT professionals, academics, and students and form networks with them,
which could inspire them to pursue a technology-related career. CWC draws
women from New Zealand, Australia, Germany, and the United States to attend
and present courses on topics ranging from the Semantic Web and programming
in Java to computer interfaces for the disabled and online theater
performances.
Click Here to View Full Article
- Web Link May Require Free Registration
to the top
Opposition to ICANN/VeriSign Proposal Grows
InternetNews.com (02/15/06) Kerner, Sean Michael
Eight of the world's largest domain registrars--GoDaddy, Network
Solutions, Tucows, Register.com, BulkRegister, Schlund + Partner, Melbourne
IT, and Intercosmos Media Group--have sent an open letter to ICANN Chairman
Vint Cerf expressing their formal opposition to the revised proposition
with VeriSign for continued control of the Internet registry. The open
letter from the eight domain registrars comes just days ahead of the Feb.
29 deadline for comments about the revisions, which were made to the
original deal between VeriSign and ICANN in October; the registrars also
opposed that deal. In their letter, the group of registrars outlined their
opposition to several of the new terms, including a provision that would
allow VeriSign to raise wholesale costs for .com domains in four of the
next six years. According to the letter, VeriSign could execute the
pricing increases "without cost justification." GoDaddy.com founder and
CEO Bob Parsons commented that .com pricing should be falling, not rising,
as a result of the inherent economies of scale. The other issue that the
eight domain registrars have a problem with is what the letter refers to as
"perpetual management rights." The letter states that "the proposed
revisions would modify the renewal clauses so that the contract is
essentially non-cancelable and ICANN's right to rebid is taken away."
Finally, the eight registrars are concerned about "public accountability"
and confirmation of the $200 million that VeriSign is supposed to be
funneling into in .com infrastructure as stipulated in the new deal.
Click Here to View Full Article
to the top
Invented in India
InformationWeek (02/13/06)No. 1076, P. 47; Ricadela, Aaron
India is emerging as a hub for strategic research and development and a
burgeoning tech-product market. IBM, Oracle, and Microsoft are developing
technologies at their Indian branches, as well as outsourcing ancillary
product and feature development to Indian firms. McKinsey and India's
National Association of Software and Service Companies expect tech and
business-process outsourcing to generate $22 billion for the fiscal year
ending in March, while technology created and sold inside India should
expand from an approximately $4 billion market to a $20 billion market by
2010. India's government also plans to launch 42 "special economic zones"
that offer tax incentives, reduced tariffs on some imports and exports, and
exemptions from certain legal provisions over the next several months;
these and other various measures could ramp up India-based R&D, says
Siddharth Mehta with Orrick, Herrington & Sutcliffe. At the heart of
almost all outsourcing decisions is an essential platform technology that
does not support competitive differentiation, reports Motorola VP of
networks research Ken Zdunek. IBM follows an innovation strategy that
blends product development for global sales with research into
India-specific technology: Developers at IBM's Bangalore software lab
concentrate on company products, while IBM's Delhi lab at the Indian
Institute of Technology develops such things as a system capable of
recognizing spoken Hindi. India-based tech development can yield
intellectual property valuable in other markets where prices are very low
and customer segments are small and rapidly expanding. Companies are also
looking to find success in other emerging nations by developing
technologies that do well in India.
Click Here to View Full Article
to the top
Putting a Face on the First President
Scientific American (02/06) Vol. 294, No. 2, P. 84; Schwartz, Jeffrey H.
To meet the challenge of reconstructing the face and body of George
Washington at the ages of 19, 45, and 57 without the benefit of skeletal
remains, University of Pittsburgh professor and physical anthropologist
Jeffrey Schwartz enlisted Arizona State University's Partnership for
Research in Spatial Modeling (PRISM) to three-dimensionally reproduce the
first U.S. president's visage and form by combining and modifying data
taken from a statue, painted portraits, a life mask, and clothing through
the use of a special computer program. Jean-Antoine Houdon's life mask and
bust of Washington at 53 were first scanned in three dimensions and
compared to assess how accurately the subject was portrayed; then the bust
was compared to a computer scan of a portrait of Washington at 40, which
yielded clues for working back to the younger Washington. Important
information for representations of Washington in his 45- and 19-year-old
incarnations came from his dental history. By establishing the shape of
Washington's jaw at 53, the researchers could restructure the jaws when
they were much younger by digitally adding tooth and bone. This process
began by scanning an actual healthy jaw about Washington's size and
digitally adding it to the 3D scan of the bust; bone and teeth were then
whittled down, after which Washington's own dentures were inserted on top
of the jaw. The team could then add bone to the jaw to reconstruct the
lower facial architecture of the younger versions of Washington. Houdon's
statue provided reference for the president's height, while important
insights about the form of his body were extracted from items of clothing
he wore as well as historical accounts of him being corseted in childhood.
The head was attached to the body through digital "stitching."
Click Here to View Full Article
to the top
A Conversation With Jarod Jenson
Queue (02/06) Vol. 4, No. 1, P. 16; McKusick, Kirk
Aeysis founder and chief systems architect Jarod Jenson concentrates on
performance and scalability issues with applications, and says one of the
most important tasks in his line of work is to consult with developers,
deployers, and system administrators to determine their exact requirements.
"People just have to learn that we don't have to be at odds if we get
involved early in the development process, and if we really try to help
each other understand what we're doing and how we can help each one of
those groups," he explains. Jenson strongly recommends profile providing
tools from DTrace, VTune, and OProfile for isolating performance problems
with little overhead to the system. When isolating problems, Jenson first
determines the site of potential problems, and then begins to hypothesize
causes based on the type of application under examination; after using
profile providers to ascertain the precise problem area, Jenson refines his
theory. He characterizes the biggest problem in performance tuning as the
combination of tools, garbage collection, and lack of knowledge between
developers, deployers, and administrators. The most important
recommendation Jenson makes is for people to keep the allocation of objects
to a minimum, particularly in hot code paths. Achieving scalable
performance expertise within an organization requires the assembly of what
Jenson calls a go-to team by first determining where a problem is and then
consulting with the person with the appropriate background. Jenson says
the go-to team is somewhat akin to a SWAT team, with a generalist in
charge.
Click Here to View Full Article
to the top