What the U.S. Is Doing Wrong With E-Voting
eWeek (07/30/07) Vaas, Lisa
On July 30, the office of California Secretary of State Debra Bowen
released the results of an investigation demonstrating that three major
e-voting systems are vulnerable to exploitation, once again highlighting
the shoddy state of e-voting in the United States. The urgency to address
this situation is growing as the 2008 election season approaches, and other
countries have tackled the problem with better results; Australia's
e-voting effort is arguably the most successful, having embraced an
open-source strategy in which e-voting systems are Linux-based and e-voting
specifications are established by independent election officials and posted
online for anyone to evaluate. The U.S. e-voting infrastructure, in
contrast, is a patchwork of disparate systems that use wireless
communications and flawed off-the-shelf software that is not subject to
testing. The United States is rated by experts such as Australian National
University's Tom Worthington as having the developed world's most poorly
designed e-voting systems, and the reasons for this are political and
administrative in nature. E-voting systems must comply with a muddle of
federal and state election laws, which "does present challenges to election
technology providers because this is not a 'one-size-fits-all' marketplace
where one machine or version of software can be used in any state," remarks
Sequoia Voting Systems executive Michelle Shafer. She adds that the
open-source disclosure of e-voting hardware/software code has the potential
to put election-rigging tools in the hands of wrongdoers, while current
legislative proposals that recommend the open-source approach see no
difference between e-voting system manufacturers and third-party software
producers. "Legally, manufacturers cannot provide source code for these
third-party software programs or provide the names of the programmers
involved in the creation of the third-party software," Shafer explains.
For information about ACM's e-voting activities, visit
http://www.acm.org/usacm
Click Here to View Full Article
to the top
Tech Design's New Philosophy
CNet (08/01/07) Olsen, Stefanie; Fried, Ina
Experts such as MIT Media Lab professor John Maeda contend that the future
challenge of technology design is integrating design within the development
process as a central element rather than as an afterthought; this
philosophy is being embraced by developers and manufacturers of consumer
electronics, home appliances, Web services, and other products, as well as
by academic institutions that produce future designers, software engineers,
and business leaders. Driving this trend is the increased incorporation of
microprocessors into everyday devices, and consumers' simple demand that
the products are functional, visually appealing, and natural to use.
"There's much more of an emphasis now on thinking holistically about the
design experience and how all these media connect," notes Pentagram Design
designer Lisa Strausfield. Nielsen Norman Group partner Don Norman says
three qualities are essential to good design--function, form, and brand
image. Innovative design concepts being explored in an attempt to move
away from long-established, oft-mimicked technologies such as the mouse and
keyboard include multitouch interfaces, which facilitate person-device
interaction by touch and eliminate the mouse/keyboard combination; Apple's
iPhone is a prime example of a multitouch display product. Design experts
anticipate a prevalence of gestural interfaces in home-networked systems,
and expect the next few years to witness a substantial amount of design
innovation focusing on mobile devices and applications as cell phones
expand their capabilities and become even more essential components of
daily life. Motorola executive Jim Wicks says software is driving some of
the biggest cross-platform design breakthroughs, which means that the
digital interface will assume more and more responsibility for operations
previously enabled by shifts in the device's physical configuration. "We
see a lot of advancement in software that will start to merge with
advancement in the physical side of mobile devices, in everything from
color to lighting and information display," he says.
Click Here to View Full Article
to the top
Upcoming SIGGRAPH Technology Conference Celebrates 51
California Artists & Filmmakers
Business Wire (07/31/07)
ACM's SIGGRAPH 2007 Computer Animation Festival and Art Gallery will have
a local flavor. Thirty-five of the 51 filmmakers participating in the
Computer Animation Festival are from California, including San Diego's
Michael McCormick, who will be featured in his work "Paraworld," the fully
3D game cinematic and trailer for Sunflowers/SEK's Paraworld. And 26 of
the 91 artists showcasing their artwork at the SIGGRAPH 2007 Art Gallery:
Global Eyes will be from the state. Also, from Aug. 4-6, 2007, attendees
of Global Eyes will be able to visit the California Institute for
Telecommunications Information Technology (Cal-IT2) and the Center for
Research in Computing and the Arts (CRCA) at the University of California,
San Diego, where there will be Art Gallery performances and site-specific
installations. The SIGGRAPH 2007 Computer Animation Festival and Art
Gallery will take place during the 34th International Conference on
Computer Graphics & Interactive Techniques, which takes place Aug. 5-9 at
the San Diego Convention Center. For more information about ACM SIGGRAPH
2007, or to register, visit
http://www.siggraph.org/s2007/
Click Here to View Full Article
- Web Link May Require Free Registration
to the top
Upheaval at MERL: Mitsubishi Electric Breaks Up Famous
Computer Science Lab
Xconomy (07/31/07) Roush, Wade
Mitsubishi Electric Company of Japan has disbanded and restructured the
Mitsubishi Electric Research Laboratories (MERL) in Cambridge, Mass., says
the lab's former researcher director Joseph Marks. The lab has been home
to some of the world's foremost researchers in computer graphics,
artificial intelligence, user interfaces, and speech recognition. MERL
contributed several papers each year to ACM's SIGGRAPH conference, often
directly competing with Microsoft for the most papers accepted. MERL
research director Joseph Marks was fired in a dispute over the need for
basic research and external collaboration at the company in October, and
several layoffs and resignations among senior scientists followed Marks
leaving the laboratories. In June, MERL underwent an official
reorganization that eliminated the research lab as an independent entity,
Marks says. MERL CEO Richard Waters confirms the restructuring, but says
it was part of a necessary overhaul to MERL's scientific and engineering
staff that included restructuring the two divisions of the lab--the
research lab that focused on long-term research and the advanced technology
development lab that had shorter-term goals. Waters says the
reorganization will make MERL's research better match the needs of
Mitsubishi Electric, and that Mitsubishi Electric management disagreed with
the mix of research projects Marks authorized.
Click Here to View Full Article
to the top
Florida Voting Chief Aims to Block Hackers
Miami Herald (08/01/07) Caputo, Marc
Florida secretary of state Kurt Browning on Monday announced that Diebold
electronic voting machines used in 25 Florida counties are vulnerable to
attack and vote manipulation and has given the manufacturer until Aug. 17
to fix the problem. A study by Florida State University found that a
hacker could use a preprogrammed computer card on Diebold's optical-scan
voting machines to switch votes or to create a "ballot-stuffing attack"
that multiplies votes for a particular candidate or issue. Diebold says it
will fix the problem. A new Florida state law requires all counties to use
voting machines that leave a paper trail by next year, and all but bans
ATM-style touch-screen voting machines. Diebold's Mark Radke says the
software upgrade is not a major enhancement and presents no risk to voters.
However, Diebold made similar assurances in late 2005 after Leon Country
election supervisor Ion Sancho allowed Finnish computer scientists Harri
Hursti access to the voting system to see if it could be compromised.
Hursti determined that someone could change the votes and leave a minimal
trace. Hursti's findings were dismissed by then secretary of state David
Mann and Diebold because they said the study was not conducted in a
real-world election environment. Browning, who was appointed this year by
Gov. Charlie Crist, says that in addition to requiring a software upgrade,
he will ask elections supervisors to develop a uniform security policy to
ensure a chain of custody for election equipment to track who handled
election systems.
Click Here to View Full Article
to the top
Scan this Guy's E-Passport and Watch Your System
Crash
Wired News (08/01/07) Zetter, Kim
RFID expert Lukas Grunwald, who has served as an e-passport consultant to
the German parliament, says security flaws in the electronic passport
system could allow someone to steal and copy the fingerprint image stored
in the biometric e-passport, or create a specially coded chip that will
cause the scanners to crash when they try to read the e-passport. Grunwald
says he successfully sabotaged two passport readers from different vendors
by copying a passport chip and modifying the JPEG2000 image file that
contains the passport photo. The modified image, which contained a
buffer-overrun exploit, caused the readers to crash, indicating that they
could be vulnerable to manipulation, like injecting code that forces the
readers to approve an expired or forged passport. "If you're able to crash
something you are most likely able to exploit it," Grunwald says, adding
that there is no reason to believe that any other e-passport scanners made
by other vendors are any more secure. The International Civil Aviation
Organization, the United Nations organization that created the standards
for e-passports, suggests that issuing countries add an optional layer of
security known as Extended Access Control, which makes readers obtain a
digital certificate from the issuing country before the passport can be
read by the scanners. However, Grunwald says that tactic is also flawed
because the chip does not contain an onboard clock to monitor the digital
certificate's expiration. "It's a basic mistake," Grunwald says. Grunwald
will give a presentation on the e-passport vulnerabilities he discovered at
the annual DefCon hacker conference in Las Vegas.
Click Here to View Full Article
to the top
Securing Cell Phones
Technology Review (08/01/07) Greene, Kate
The recent hack of Apple's iPhone by researchers at a security company
should serve as a warning to all mobile device manufacturers that there is
a growing need for better mobile device security, experts say. Cell-phone
viruses have existed for about a decade, buy many experts believe that
threats to mobile devices could become far more significant and dangerous
over the next few years because of mobile devices' growing computing power,
popularity, and complexity. "I think a large part of this is that cell
phones are becoming miniature computers," says University of California,
Berkeley computer science professor David Wagner, "and as a consequence,
they are starting to inherit some of the same problems that we face with
PCs." While using available security tools such as anitivirus software is
an option, cell phones have their own unique problems. Some security
companies have introduced products for mobile phones, but these solutions
have limited functionality to avoid draining the battery too much, says
NEC's Anand Raghunathan. Problems associated with battery life and
processing power can be avoided in some cases by running security software
on the cell-phone carrier infrastructure, but Raghunathan believes the best
solution for mobile device security is hardware-based security solutions,
such as an extra processor and memory that are hardwired for specific
tasks. Such a system would divide the phone into two environments, one the
user has access to and includes the applications, while the other is
designed to be impenetrable to viruses and malicious software that stores
passwords and other critical information. If a virus were to be downloaded
to a device with this system, it would be unable to access any information,
and if the phone were lost or stolen the carrier could access the secure
environment remotely and shut down the phone.
Click Here to View Full Article
to the top
Stanford Confabs Explore Multi-Core CPUs, Nets
EE Times (07/30/07) Merritt, Rick
In August, Stanford University will host the Hot Chips conference, where
some of the industry's leading developers will display and discuss their
multicore processors. IBM will present three papers on its Power 6,
highlighting how it achieved power efficiency in the dual-core processor
while still pushing the edge in clock speed, a notoriously difficult
challenge according to Hot Chip program committee co-chair and University
of California, Davis, professor Rajeevan Amirtharajah. Other papers
include a description of the power management techniques in Intel's new
45nm Penryn processor family, a look at AMD's first CPU for notebook
computers called Griffin, a description of Sun Microsystems' cache coherent
version of its Niagara2 for multi-socket servers called Victoria Falls, and
another paper from IBM exploring its work on its next-generation mainframe
processor. The companion conference, Hot Interconnects, will explore
research in the on- and off-chip networks that may someday be used by
microprocessors discussed at Hot Chips. Pennsylvania State University
researchers will discuss an on-chip router that improves chip performance
by as much as 30 percent without raising power consumption and latency. A
University of Maryland paper will describe detailed simulations of on-chip
networks structured using a relatively new mesh-of-trees architecture that
connects memory and processor units through a variety of arbitration
schemes. Columbia University researchers will discuss their simulation of
a hybrid electronic/photonic on-chip network, along with their research on
reducing the latency associated with setting up photonic paths and
exploring a new direct memory access model. The most radical idea at Hot
Interconnects may be a new networking approach developed at Stanford called
Ethane. Ethane tries to make networks more secure and easier to manage by
authenticating and identifying every source of traffic on the net.
Click Here to View Full Article
to the top
Senate to Hold Hearing on Security of Voting
Machines
Wired News (07/31/07) Zetter, Kim
The Senate Rules and Administration Committee has scheduled a hearing for
September to discuss findings from Red Team security researchers on voting
machine security. The announcement by Sen. Dianne Feinstein (D-Calif.)
comes a week after the security researchers reported that their efforts to
hack into the voting machines of three top vendors were successful. The
findings should not have been a surprise to Feinstein, who introduced a
bill in 2007 that would require voting machines to produce a paper trail.
Feinstein's bill has not had as much momentum as a measure from Rep. Rush
Holt (D-N.J.), although he had to reintroduce it this year. Holt's bill
was going nowhere just two weeks ago, due to interest group differences
over a paper trail mandate and voter accessibility, but a compromise
appears to have been reached this week. Voting activists initially favored
the use of touch-screen machines with add-on printers, as called for in
Holt's bill, but they now say optical-scan machines that use a durable
full-size paper ballot are needed.
Click Here to View Full Article
to the top
Japanese Revved Up for Car Software Standard
CNet (07/30/07) Lombardi, Candace
Japan plans to pursue a standard operating system for car electronics, and
the initiative could make it easier for automakers, component
manufacturers, and developers to roll out self-parking or self-driving
systems for the various car models. Developers have made much more
progress on self-parking systems so far. Toyota, Nissan, Honda, and
Toshiba are among the major manufacturers that have agreed to participate
in the development project of Japan's economy, trade, and industry
ministry. The standard automotive operating system would enable driving
systems such as fuel injection, brakes, power steering, power windows, and
smart applications to communicate with each other and work together,
regardless of the car model. Although the consortium has not settled on an
automotive operating system, it plans to have a prototype available by
2009. The OSEK operating system is used by a number of automakers and
component developers in Europe.
Click Here to View Full Article
to the top
The Real Transformers
New York Times Magazine (07/29/07) P. 28; Henig, Robin Marantz
Researchers such as former director of MIT's Computer Science and
Artificial Intelligence Laboratory Rodney Brooks and MIT Personal Robotics
Group director Cynthia Breazeal have pushed the envelope of robot
technology in their desire to create artificial intelligence. Their focus
has included sociable robots, which are programmed to learn the way people
learn, by using a core of basic drives and abilities and enhancing them
through the accumulation of physical and social experience. There are two
defining characteristics of sociable robots: They must be sensitive and
responsive to their environment (situated) and in possession of a physical
body (embodied). Brooks set out to create a robot that learns about the
world as human infants do, by starting with some elementary capabilities
and adding to them via sensory input; his concentration was on simple tasks
such as walking on two legs rather than more complex goals such as playing
chess. Breazeal developed Kismet, a robot that communicated emotions
through facial expressions and was programmed with the same motivations as
a six-year-old child--the need for novelty, social interaction, and
rest--along with the behaviors to satisfy those motivations (facial
recognition, searching for brightly colored objects, etc.) and the facial
behaviors to reflect its mood depending on the fulfillment of those drives.
A more advanced robot Breazeal worked on, Leonardo, exhibited signs of
learning about false beliefs through its ability to make inferences about
monitored subjects' actions and intentions. New projects Breazeal is
focusing on include a MIT grad student's work with humanoid robots that
talk and are designed to function as weight-loss coaches, and a University
of Massachusetts roboticist's effort to build toddler-size robots
programmed to interact with museum visitors for the purpose of determining
whether the machines' core social competencies are enough to put people at
ease in interacting with them. MIT professor Sherry Turkle is concerned
that increasingly sociable robots could actually discourage human-to-human
relations because their interaction with people is easier and less
flawed.
Click Here to View Full Article
to the top
What's Next for IT?
Wall Street Journal (07/30/07) P. R6; Donner, Francesca
Forecasts for the future role of the IT department were made by Accenture
CIO Frank Modruson, Aetna CIO Meg McCarthy, and American Express CIO Steve
Squeri. The three CIOs concurred with analysts' assessment that IT
departments are becoming more strategy- and business-focused, with Squeri
commenting that establishing alignment between IT and business through the
cross-department transitioning of staff is crucial. "IT has to understand
the needs of the business and the business must understand what is
necessary from a technology perspective," stated Modruson, while McCarthy
pointed to the importance of constructing a service-oriented architecture.
Modruson explained that the CIO used to fix IT problems, but now is focused
on driving the application of technology to improve business performance;
McCarthy said the most formidable challenge for IT departments will be
continuing the development of an adaptable architecture that supports
seamless compatibility with other organizations, with the CIO's role being
that of educator and collaborative visionary with business partners. "[As
CIOs] we need to understand the business, the technologies that are
evolving and work closely with our business partners to identify
opportunities for the company and our customers to exploit these
technologies to achieve market leadership and competitive advantage," she
attested. A major challenge and priority cited by Squeri is the securing
of the appropriate talent, especially in the face of an aging employee pool
and a shortfall of youthful talent. Looking 10 years ahead, both Modruson
and McCarthy predicted that CIOs will become even more strategy-oriented
and operations increasingly industrialized and outsourced, with McCarthy
also anticipating a dramatic shift in how customers will wish to get
information and interact with the enterprise; Squeri projected that CIOs
will have a deeper involvement with the company's overall business
strategy, with technical architecture becoming a central focus of IT
departments.
Click Here to View Full Article
to the top
Teens Get Kick Out of Code Camp
Columbus Dispatch (OH) (07/25/07) Chordas, Nick
The Ohio Supercomputer Center is hosting the Game Programming and Motion
Capture project as part of its Summer Institute, a two-week program for
talented freshmen and sophomores in high school. During the game project,
participants learn how to control video game characters by altering lines
of code that define how the characters move. The game program was
introduced last summer by Peter Carswell, a systems developer and engineer
at the Ohio Supercomputer Center, and Brian Windsor, a graphics research
specialist for the Advanced Computer Center for the Arts and Design at Ohio
State University. The students learn the challenges and science behind
making video games. "Creating a game is a multidiscipline," says Carswell.
"Computer networking is an important part. There's also software design,
character design, motion and then dynamics." Last year the students were
challenged to make a two-player soccer simulator. This year, the students
were asked to create a more complicated game for multiple players.
Students who participate in the program not only get to develop their
interest in video games, but also see that the act of programming can be
interesting as well. "Sometimes it can be really funny when you mess up
the programming and things go haywire," says 14-year-old participant
Xiaojing Wu. "Even the mistakes are fun."
Click Here to View Full Article
to the top
Picture Your Password
Dark Reading (07/23/07) Higgins, Kelly Jackson
A new study from researchers in Ottawa suggests that it would be easy for
people to use graphical-based passwords in the real world. However, the
research on "click-based" graphical passwords presented last week at a
usability and security conference hosted by Carnegie Mellon University also
indicates that there are some security concerns about the technique and
that people prefer to use text-based passwords. Sonia Chiasson, a Ph.D.
student in computer science at Carleton University in Ottawa, Ontario, says
users often chose the same areas of the graphical representations for
clicking on images, which would make it easier for attackers to guess their
passwords. She believes users did not like graphical-based passwords
simply because they are not used to them. What is more, the study suggests
that graphical-based passwords are easy to remember, but adds they may be
difficult to recall if users have several. The researchers will not allow
users to select predictable click spots in the next phase of the research,
as they study how to improve graphical-based passwords.
Click Here to View Full Article
to the top
RMIT Gets Virtually Creative With Media School
RMIT (Royal Melbourne Institute of Technology) (07/25/07)
The Royal Melbourne Institute of Technology is studying the use of social
collaboration, learning, and digital publishing technologies in distributed
communities of students and teachers with hopes of offering "virtual
mobility" between its campus in Australia and the RMIT International
University Vietnam. The "Digital Publishing and Virtual Mobility in a
Creative Knowledge Network" project will be headed by Dr. Fiona Peterson
and the RMIT University's School of Creative Media. The 18-month project
will focus on students in the Bachelor of Design (Multimedia Systems) and
the Bachelor of Arts (Photography) programs in each country. In addition
to RMIT, Hewlett-Packard will provide funding for the virtual mobility
project. "Students are engaged in the co-production of knowledge relevant
to creative industries through the experience of 'virtual mobility' between
Vietnam and Melbourne," says Peterson. RMIT is using technology to support
international learning in other ways, such as by having students from the
two programs at both campuses respond to a design brief.
Click Here to View Full Article
- Web Link to Publication Homepage
to the top
Supercomputer Makes Near-Instant Movies of California
Quakes
LiveScience (07/30/07) Bryner, Jeanna
Supercomputers at the San Diego Supercomputer Center (SDSC) are being used
to produce animated movies of earthquakes with magnitudes of 3.5 or greater
striking Southern California. SDSC will use the OnDemand supercomputer, a
Dell cluster run by open-source Linux operation software with 256
processors, to analyze data collected from hundreds of sensors measuring
ground motion in the region and create a computer model for rendering a
simulation of an earthquake. Funded by the National Science Foundation,
OnDemand offers a theoretical peak performance of 2.4 teraflops. SDSC
plans to make simulations of earthquakes, which will be 3D animations
digitally overlaid onto the topography of Southern California, available to
the media and public information providers via email within 30 minutes of
the first jolt, and the public will be able to watch the movies from home
computers or on TV. "We're getting good performance that will let us cut
the time to deliver earthquake movies from about 45 to 30 minutes or less,
and every minute is important," says Jeroen Tromp, a computational
seismologist at Caltech who is assisting SDSC. Meanwhile, the Southern
California Earthquake Center in Los Angeles is also using SDSC
supercomputers to simulate a 7.7 magnitude earthquake resulting from the
rupture of the San Andreas Fault.
Click Here to View Full Article
to the top
Semantic Web Helps Protect Public Health
Computerworld (07/27/07) Latamore, Bert
Better safeguards against public health threats are being provided through
new, Semantic Web-based methods for fast analysis of complex data sets from
multiple sources and systems whose schema are disparate and often
non-interoperable. This is the approach of a team led by Parsa Mirhaji,
director of the Center for Biosecurity and Public Health Information
Research at the University of Texas in Houston. Semantic Web technology
assigns a formal meaning to each data element to enable the meaningful
organization of complex data, so that both machines and people interpret
the data in the same way. Mirhaji's team developed a complex analysis
engine called Sapphire (Situational Awareness and Preparedness for Public
Health Incidents using Reasoning Engines) through the employment of
Semantic Web technology. Sapphire's first trial took place two summers ago
when massive numbers of Hurricane Katrina refugees--many of whom were in
poor health--were housed in Houston, raising the risk of disease outbreaks.
Sapphire was able to identify several infections in time for health
officials to curtail their proliferation beyond small initial populations.
Mirhaji says Sapphire has become a valuable tool for analyzing various
public health problems.
Click Here to View Full Article
to the top
Security: A Business Enabler, Not Disabler
Baseline (07/07)No. 74, P. 41; McCormick, John
Purdue University professor Eugene Spafford, recipient of the ACM's
President's Award for his "extensive and continuing record of service to
the computing community, including major companies and government
agencies," says one of the biggest weaknesses in corporate computer centers
are business processes, operating systems, and applications that are
developed and implemented with convenience or cost, rather than security,
in mind. He says it is "just plain wrong" to assume that patches and
add-ons will ensure the security of such products, when in fact security
must be designed into the products from the outset. Spafford explains that
part of this effort involves "having informed, empowered individuals who
have the appropriate training and background to be making decisions about
what goes in, and that those decisions are based on an adequate
understanding of risk." A lack of knowledge about specific risks and the
value of components constitutes a major failing, and Spafford says CIOs
must obtain a comprehensive perspective of resources in need of protection
and their associated risks. Spafford recommends that managers ask
questions concerning whether the proper applications/operations/business
processes are running, who ultimately decides new acquisitions and the
architecture as project momentum builds, and whether risk is properly
integrated in those decisions. He also suggests that people should get in
a mindset that views security as a enabler rather than a disabler.
Spafford is also the chair of ACM's U.S. Public Policy Committee;
http://www.acm.org/usacm
Click Here to View Full Article
to the top
