The Center for Research on Computation and Society continues its
weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, November 19, 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Speaker: Heidi Voskuhl

Title: Machines and Manners: Android Automata and Sentimental Body Techniques in Eighteenth-Century Europe

Abstract: This paper explores the relationships between sentiments and mechanical machinery in the German Enlightenment through an investigation of two android automata that both display women playing a keyboard instrument. I analyze the two women automata’s mechanical motion and musical performance, and the respective clockwork mechanisms that gave rise to it, against the background of corresponding social and cultural contexts of music-making at the time. I demonstrate that the clockwork mechanisms were designed to reproduce mechanically a set of body techniques that were used in eighteenth-century Germany to communicate affects during musical performance from the musician to the audience. Such systematic attempts to cultivate affects were part of larger efforts in this age of “sentimentality” to establish new types of social relationships to create a new social order – civil society – and have it take the place of the traditional estate society. My analysis of these automata’s “mechanics of sentiment” asks, furthermore, how they embodied in this moment of the formation of modern society the fundamental tension residing in the mass production of individuality.

Bio: Heidi Voskuhl is an assistant professor in the Department of the History of Science at Harvard University, where she teaches the history of technology from the early modern to the modern period. She specializes in the history of technology and “robotics” in eighteenth-century continental Europe. Her broader interests include the philosophy of technology and the history of the human-machine relationship. She teaches classes in the history and historiography of technology, the history of engineering and computing, the Enlightenment, and the philosophy and theory of technology and literature. She is working on a book manuscript tentatively titled _The Mechanics of Sentiment: Automata and the Culture of Affect in Eighteenth-Century Europe_. She holds masters degrees in History and Philosophy of Science from Cambridge University (UK) and in Physics from Oldenburg University (Germany), as well as a Ph.D. in Science and Technology Studies from Cornell University.

Watch Video

The Center for Research on Computation and Society continues its
weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, November 12, 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 2nd Floor Lounge Area

Speaker: Stuart Shieber

Title: The Future of Open Access, and How to Stop It

Abstract: Efforts such as the open access policies enacted by the Harvard Faculty of Arts and Sciences and Law School are intended to promote the broadest access to the university’s scholarly writings by retaining rights to distribute scholarly articles according to the principles of “open access”. There are reasonable worries, however, of unintended consequences of a wholesale change of scholarly communications practice along these lines. I will discuss the policies, the dystopian scenarios they sometimes evoke, and how universities can help avoid them.

Watch Video

The Center for Research on Computation and Society continues its
weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, November 5, 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Speaker: Tal Moran

Title: Receipt-Free Universally-Verifiable Voting With Everlasting Privacy

Abstract:
Using cryptographic techniques, it is possible to design a fair voting system whose correct operation can be verified by anyone, while still retaining ballot secrecy. Such voting schemes are called “Universally Verifiable”. If, in addition, the voting scheme prevents vote buying and coercion, we say it is “receipt-free”.

Our scheme is the first receipt-free scheme to give “everlasting privacy” for votes: even a computationally unbounded party does not gain any information about individual votes (other than what can be inferred from the final tally). Following in the footsteps of Chaum and Neff, our protocol ensures that the integrity of an election cannot be compromised even if the computers running it are all corrupt!

The talk won’t assume any previous knowledge of cryptography or computer science — I’ll try to explain the protocols and the intuitions behind them using simple physical metaphors.

This is joint work with Moni Naor

Watch Video

The Center for Research on Computation and Society continues its
weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, October 29, 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Speaker: David Lazer

Title: Life in the network– the coming age of computational social science

Abstract:
An increasing fraction of human interactions are digitally captured. These digital breadcrumbs create enormous opportunities for ground breaking social science. This talk will discuss what some of the potential opportunities are, as well the potential barriers to the emergence of a “computational social science.”

Bio: David Lazer is Associate Professor and Director of the Program on Networked Governance at the Harvard Kennedy School, and has written extensively on networks and technology.

Watch Video

The Center for Research on Computation and Society continues its
weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, October 22, 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Speaker: Chris Soghoian

Title:  Deceptive Phishing Research: Moral Questions and Legal Issues

Abstract:  Researchers are increasingly turning to live, “in the wild” phishing studies of users, who unknowingly participate without giving informed consent. Such studies can expose researchers to a number of unique, and fairly significant legal risks. This talk will introduce four case studies highlighting potential moral pitfalls, steps that researchers have taken to avoid legal problems, and the legal risks that they were unable to avoid. It will then provide a high-level introduction to a few particularly dangerous areas of the law. Finally, it will conclude with a series of best practices that may help researchers to avoid legal troubles.

Bio: Christopher Soghoian is a student fellow at Harvard University’s Berkman Center for Internet and Society and is a PhD candidate at Indiana University’s School of Informatics. His research on airport security and the no-fly lists drew the attention of both the TSA and FBI and later prompted the introduction of secure tamper-proof boarding passes in airports around the country. His work has also been cited in testimony before the United States Senate Committee on the Judiciary and in a report issued by the House Committee for Oversight and Government Reform.

His research is focused on security, privacy, cyber-law and technology policy — particularly with regard to phishing and other deception based attacks. He also writes the “Surveillance State” blog for CNET Networks.

Watch Video

The Center for Research on Computation and Society continues its
weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, October 15, 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Speaker: Ben Adida

Title:  Health Privacy in a Facebook World

Abstract:  While the press raves about the coming revolution of “personalized medicine”, it remains a challenge for an individual to obtain simply a usable copy of their complete medical record. Recently, Microsoft, Google, and the Dossia consortium each launched their own version of Personally Controlled Health Records (PCHRs), technology that enables individuals to take control of their medical record, combining hospital data and personal annotations, and sharing it with family and doctors as they see fit.

It is clear that, as more of this data is made available to users, programmatic interfaces will emerge so that medical devices can connect and upload data and third-party applications can connect to download and interpret data. We are getting close to a “Facebook Platform” for health data.

And the key question is, of course, privacy.

This talk will explore work by the Children’s Hospital Informatics team on exploiting PCHRs to provide services to patients while enforcing and respecting their privacy. Much of this work is in its early stages, and feedback/discussion is welcome.

Bio: Ben Adida is a member of the Faculty at Harvard Medical School and at the Children’s Hospital Informatics Program, as well as a research fellow with the Center for Research on Computation and Society with the Harvard School of Engineering and Applied Sciences. His research is focused on security and privacy of health data, the security of web applications, and the design of secure voting systems.

Watch Video

The Center for Research on Computation and Society continues its
weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, October 8, 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 2nd Floor Lounge Area

Speaker: John Viega

Title: Why Anti-Virus sucks, and how to fix it

Abstract: Anti-virus software (AV) is found on most Windows desktops (well over 90%). Many people are amazed that it is so ubiquitous, because it is so widely reviled. Technical people will often claim that AV “doesn’t work”, and that it “causes stability problems”. And almost everyone will claim that it “slows your machine down”. While there is a lot of truth in the above statement, there are also a lot of misconceptions about how AV works, and why it fails.

In this talk, I’ll give an overview of AV technology, the challenges the industry has faced, and the solutions that the industry has been exploring to address those issues, including virtualization, herd technology, application whitelisting, and reputation systems.

Bio: John Viega is the CEO of Stonewall Software. Previously, he was Vice President, Chief Security Architect at McAfee, where he worked on technical strategy and M+A (SiteAdvisor, Onigma) and ran a large development organization that included SiteAdvisor and McAfee’s core anti-virus and anti-spyware technologies. John was also founder and CTO of Secure Software, which was acquired by Fortify. John advises several security companies, including Fortify.

John is a frequent pundit and speaker in the space. He co-author of five books on security, including Building Secure Software, the OpenSSL book, the Secure Programming Cookbook and the 19 Deadly Sins of Software Security. He has done extensive standards work in the IEEE and IETF, and co-invented GCM, a cryptographic algorithm that NIST has standardized.

Watch Video

The Center for Research on Computation and Society continues its
weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, October 1, 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Speaker: Tyler Moore

Title:  An Empirical Analysis of Phishing Attack and Defense:

Abstract: A key way in which banks mitigate the effects of phishing attacks is to remove the fraudulent websites and abusive domain names hosting them. We have gathered and analyzed empirical data on phishing website removal times and the number of visitors that the websites attract. We find that website removal is part of the answer to phishing, but it is not fast enough to completely mitigate the problem. Phishing-website lifetimes follow a long-tailed lognormal distribution — while many sites are removed quickly, others remain much longer. We have found evidence that one group responsible for half of all phishing, the rock-phish gang, cooperates by pooling hosting resources and by targeting many banks simultaneously. The gang’s architectural innovations have significantly extended their websites’ average lifetime. Using response data obtained from the servers hosting
phishing websites, we also provide a ballpark estimate of the total losses due to phishing.

Phishing-website removal is often subcontracted to specialist companies. We analyze three months of ‘feeds’ of phishing website URLs from multiple sources, including two such companies. We demonstrate that in each case huge numbers of websites may be known to others, but the company with the take-down contract remains unaware, or learns of sites only belatedly. Upon calculating the resultant increase in lifetimes caused by the take-down company’s lack of action, the results categorically demonstrate that significant amounts of money are being put at risk by the failure to share proprietary feeds of URLs.

Bio: Moore’s research interests include the economics of information security, the study of electronic crime, and the development of policy for strengthening security. Moore completed his PhD in Computer Science at the University of Cambridge (UK), supervised by Ross Anderson. His PhD thesis investigated cooperative attack and defense in the design of decentralized wireless networks and through empirical analysis of phishing attacks on the Internet. Moore has co-authored a report for the European Union detailing policy recommendations for overcoming failures in the provision of information security. As an undergraduate, he studied at the University of Tulsa, identifying several vulnerabilities in the public telephone network’s underlying signaling protocols. Moore’s PhD studies were supported by a British Marshall Scholarship and US National Science Foundation Graduate Research Fellowship.

Watch Video

The Center for Research on Computation and Society continues its
weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, September 24, 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Topic: Integrating Technology and Policy

Speaker: Latanya Sweeney

Abstract: In the old days, computer scientists tended to be of the opinion that the goal of computer scientists was to construct machines and the goal of social scientists was to get society to accept them. There is no doubt that traditional approaches to computer science research have revolutionized the world in which we live, but past success using computer science research
methods is not a guarantee for adequately facing new challenges. A key challenge is data privacy and the need for privacy-preserving technology that works within established policy norms. In the absence of computer scientists, privacy problems become ones for policymakers, social scientists, economists, business managers, and information scientists to solve. While each of these have their own methods capable of producing their own brand of solution, none of them have the unique opportunity afforded the computer scientist and engineer who can invent appropriately new technology.

In this talk, we will examine a regulation (HIPAA), a law (VAWA), and jurisprudence (Probable Cause), as related to the use and privacy of personal data, and then introduce technical solutions designed for specific applications that fill the disconnect between technology and policy. The talk ends with a summary of the generalized lessons learned.

Bio:
Latanya Sweeney, PhD is an Associate Professor of Computer Science, Technology and Policy in the School of Computer Science at Carnegie Mellon University. She also founded and serves as the Director of the Data Privacy Lab, which works with real-world stakeholders to solve today’s privacy technology problems. Her work involves creating technologies and related policies with provable guarantees of privacy protection while allowing society to collect and share person-specific information for many worthy purposes. Her work has received awards from numerous organizations, including the American Psychiatric Association, the American Medical Informatics Association, and the Blue Cross Blue Shield Association. The American College of Medical Informatics inducted her as a Fellow in 2006. Dr. Sweeney received her PhD in computer science from the Massachusetts Institute of Technology in 2001. Her undergraduate degree in computer science was from Harvard University where she graduated cum laude. She joined the faculty of Carnegie Mellon as an Assistant Professor in 1998. She is the co-Director of the PhD Program in Computation, Organizations and Society at Carnegie Mellon and she is the Editor-in-Chief of the Journal of Privacy Technology. More information about Dr. Sweeney is available at her website privacy.cs.cmu.edu/people/sweeney/index.html.

Watch Video

The Center for Research on Computation and Society continues its
weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, September 16, 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 221

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, 17 September 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin *221* (usually we will be in MD 119)

The Harvard Center for Research on Computation and Society resumes its weekly lunch seminar on Wednesdays with a meeting for participants to introduce themselves and discuss plans for the year.