CRCS Privacy and Security Lunch Seminar
Date:  Wednesday, 14 May 2008
Time:  12:00pm-1:30 pm
Place: Maxwell Dworkin 319

Title: The Web Browser as a Platform for Building Secure Applications.
Presenter: Ben Adida, Harvard.

The Web browser is the new operating system, and Web sites the new
user applications. This new platform is incomplete: features such as
inter-process communication (cross-domain requests) and durable data
(client-side storage) are still in the design phase. The core
complication is, of course, security. Each feature requires tremendous
design care, lest it unleash a new wave of attacks against hundreds of
millions of users.

In this talk, we cover the highlights of three novel secure web-based
applications, each providing a new security feature without extending
the core browser:

(1) BeamAuth: two-factor authentication with a bookmark,
(2) SessionLock: securing non-SSL sessions against eavesdroppers, and
(3) Helios: building cryptographic voting in a web browser.

We argue that building these enhancements can inform the design of new
browser features, in particular how browsers should become true
security platforms. New security solutions should be implementable in
the web application layer.

Ben Adida is a member of the Faculty at Harvard Medical School and at
the Children’s Hospital Informatics Program, as well as a research
fellow with the Center for Research on Computation and Society with
the Harvard School of Engineering and Applied Sciences. His work
focuses on security and privacy of health data, in particular in the
context of personally-controlled health records delivered over the
web.

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, 7 May 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Topic: Copyright, Technology, and Access to the Law: Old Problems and New
Solutions

Speaker: James Grimmelmann

Abstract:
“All persons are presumed to know the law,” goes the maxim, but that
presumption only makes sense if in fact the law is readily available
for all persons to learn. Today, one the largest threats to
accessible law comes from a surprising source: copyright. Publishers
claim copyright in their selection, arrangement, and annotations of
laws; private authors of model codes go them one better and claim
copyright in the text of the laws themselves. In so doing, they frame
the issue in terms of intellectual property’s classic tradeoff:
incentives for creation versus public access to the results. And
they’re not wrong, either: historically, exclusive rights have been an
important component in creating legal publishing institutions. Today,
however, we can and should go further. Just as the Internet has
helped solve other problems of information production by providing
near-costless distribution and catalyzing large-scale collaboration,
it’s also opening up new possibilities for making the law accessible.

This talk will:
* Discuss some recent cases of copyright claims to “the law.”
* Put them in the historical context of legal publishing technology.
* Explain why computers and the Internet shift the proper balance
towards more open access.
* Suggest some tentative heuristics for thinking about legal
copyrights.

James Grimmelmann is Associate Professor at New York Law School and a member of its Institute for Information Law and Policy. He received his J.D. from Yale Law School, where he was Editor-in-Chief of LawMeme and a member of the Yale Law Journal. Prior to law school, he received an A.B. in computer science from Harvard College and worked as a programmer for Microsoft. He has served as a Resident Fellow of the Information Society Project at Yale, as a legal intern for Creative Commons and the Electronic Frontier Foundation, and as a law clerk to the Honorable Maryanne Trump Barry of the United States Court of Appeals for the Third Circuit.

He studies how the law governing the creation and use of computer software affects the distribution of wealth, power, and freedom in society. As a lawyer and technologist, he aims to help these two groups speak intelligibly to each other. He writes on such topics as intellectual property, virtual worlds, search engines, electronic commerce, online privacy, and the use of software as a regulator. Recent publications include The Structure of Search Engine Law, 93 Iowa L. Rev. 1 (2007), Virtual Borders, First Monday (Feb. 2006), and Regulation by Software, 114 Yale L.J. 1719 (2005). In 2007, he was named one of Interview Magazine’s “New Pop A-List: 50 To Watch (Age 30 or Under).”

He has been blogging since 2000 at the Laboratorium (http://laboratorium.net/). His home page is at http://james.grimmelmann.net/.

(more…)

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, 30 April 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Topic: Digital Natives and Privacy: Recorded, always and forever?
Speaker: Miriam Simun, Berkman Center for Internet & Society

As Digital Natives navigate their lives–both online and off–they
leave behind multitude of digital tracks. Young people today are
growing up with an unprecedented amount of data being recorded and
collected about them. Movements are captured by security cameras in
the street, locations are easily tracked via the GPS on cell phones,
and youth themselves are sharing details of their private lives with
friends, strangers, and service providers through a number of web and
mobile technologies. As young people grown up digital, they are
blurring the boundaries public and private. Do Digital Natives have a
fundamentally different approach to privacy? How does both the
physical and online environment impact the ways in which young people
think about privacy? What are the implications of growing up in a
society where everything is recorded? What are the benefits and
concerns raised with the emerging “culture of sharing”? How can
education, technical and legal architecture begin to address these
issues?

Miriam Simun is the research coordinator on the Digital Natives project
at the Berkman Center for Internet & Society at Harvard Law School.
Her research interests include emerging social practices with digital
media, the role of technical architecture in new modes of social
interaction, and gender online. Prior to joining Berkman, Miriam
conducted research on the social effects of Mp3 player use in urban
spaces, and the impact of community leadership programs serving at-risk
youth. She holds a BSc in Sociology with a concentration in
Information Communication Technologies from the London School of
Economics.

(more…)

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, 23 April 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Topic: Spatial Computing and the Challenge of Engineered Emergence
Speaker: Jacob Beal, MIT

Spatial Computing and the Challenge of Engineered Emergence

As the density of computing devices in our environment increases, it
becomes reasonable to think of them in aggregate as a “spatial
computer”—a collection of devices that fill a space, where the
difficulty of moving information between devices is strongly dependent
on the distance between them. Programming a spatial computer using
conventional methods is difficult due to its scale and
decentralization, but in biology we find many examples, like flocking
birds and developing embryos, where local interactions produce robust
global behaviors. We aim to solve spatial computing problems by
establishing engineering control over such emergent behaviors,
following a two-part strategy. First, application design can be
decoupled from networking details by programming the space, rather
than the network. We have created a language, Proto, takes global
programs for a continuous space abstraction and compiles them to local
programs that cause a network of devices to approximate the specified
global behavior. Second, we are building a library of Proto programs
which capture emergent phenomena as components that can be hooked
together to produce predictable behavior. Together, these allow us to
solve many problems in sensor networks and distributed robotics using
only a few dozen lines of code.

Bio:
Jacob Beal is a postdoctoral associate in the Computer Science and
Artificial Intelligence Laboratory at MIT, where he recently completed
his Ph.D. under Prof. Gerald Jay Sussman. His research interests
center on the engineering of robust adaptive systems, with a focus on
problems of system integration for human-level intelligence and on
problems of modelling and control for spatially-distributed networks
like sensor networks, robotic swarms, and cells during morphogenesis.

(more…)

CRCS Privacy and Security Lunch Seminar
Date:  Wednesday, 16 April 2008
Time:  12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Topic: Accountable Anonymity
Speaker: Apu Kapadia (PhD UIUC 2005)

IMPORTANT NOTE:  If anyone would like to meet with Apu outside
of the talk on 4/16, please contact Evie (etaylor@seas.harvard.edu)
and we will set up a meeting.

ABSTRACT:
Anonymizing networks such as Tor allow users to access Internet
services privately using a series of routers to hide the client’s IP
address from the server. Tor’s success, however, has been limited by
users employing this anonymity for abusive purposes, such as defacing
Wikipedia. Website administrators rely on IP-address blocking for
disabling access to misbehaving users, but this method is not
practical if the abuser routes through Tor. As a result,
administrators block all Tor exit nodes, denying anonymous access to
honest and dishonest users alike. A few bad apples spoil the fun for
everybody.

To address this problem, we present a low-overhead credential system
called Nymble to provide “anonymous blacklisting.” With Nymble, (1)
honest users remain anonymous; (2) a server can complain and blacklist
an anonymous user to recognize future connections from that user; and
(3) users are aware of their blacklist status and can thus choose to
remain anonymous by not accessing the service. As a result of these
properties, our system is agnostic to servers’ varying definitions of
misbehavior—servers can blacklist any user, for whatever reason, and
users need not worry about a reduction in privacy from such
blacklisting.

BIOGRAPHY:
Apu Kapadia received his Ph.D. in Computer Science from the University
of Illinois at Urbana-Champaign (UIUC) in October 2005. For his
dissertation research on trustworthy communication, Apu received a
four-year High-Performance Computer Science Fellowship from the
Department of Energy.  Following his doctorate, Apu joined Dartmouth
College as a Post-Doctoral Research Fellow with the Institute for
Security Technology Studies (ISTS). He is interested in topics related
to systems security and privacy. He is particularly interested in
accountable anonymity, privacy-enhancing technologies such as
anonymizing networks, usable models and policy languages for privacy,
and applied cryptography.

http://www.cs.dartmouth.edu/~akapadia/

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, 9 April 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 319
Speaker: Simson Garfinkel

1. IRBs and Security Research: Myths, Facts and Mission Creep

Having decided to focus attention on the “weak link” of human
fallibility, a growing number of security researchers are discovering
the US Government’s regulations that govern human subject research.
This talk discusses those regulations, their application to research
on security and usability, and presents strategies for negotiating the
Institutional Review Board (IRB) approval process. It argues that a
strict interpretation of regulations has the potential to stymie
security research.

2. Cell Phones and Privacy: What’s the current state of Law and Technology

Cell phone privacy has gone far beyond the occasional eavesdropping.
Today cell phones are being used as location wireless tracking devices
for criminals, delivery services, and even children. Meanwhile the
cellphone itself, crammed with personal information, has become an
important platform for exploitation and computer forensics.

Simson L. Garfinkel is a fellow at the Center for Research on
Computation and Society and an Associate Professor at the Naval
Postgraduate School in Monterey, CA. In addition to his academic work,
Garfinkel has written for several national magazines and papers,
authored or co-authored 14 books, and is a founder of Sandstorm
Enterprises, a computer security firm that develops advanced computer
forensic tools used by businesses and governments to audit their
systems. Talk #1 is based his paper for the Usability, Psychology &
Security workshop on April 15, 2008 in San Francisco.
_________________________________________

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, 2 April 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Topic: Virtualization and Security

Speaker: Ophir Rachman, VMware, Inc.

Ophir will describe various directions where security and virtualization may
meet currently or in the near future (for good and for bad) and will provide
overview of opportunities and challenges.

Ophir Rachman is an R&D director for security products at VMware and is
responsible for mapping the virtualization technology into the security
space. Ophir finished his Ph.D. studies in the Technion, Israel, focusing on
distributed computing and specifically snapshot algorithms in shared memory
distributed environments. Ophir was one of the pioneers in the host based
intrusion prevention space and in 1998 founded a startup focusing on system
call interception and api’s hooking targeting monitoring and deflecting
security threats from within the host operating system. This startup (later
known as Entercept) was acquired by McAfee in 2003 and the basic technology
is embedded today in McAfee’s host protection product line.

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, 12 March 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 319

Topic: Patterns of Innovation and Collaboration in an Online Programming Contest

Speaker: Ned Gulley

Abstract:

Programming contests have become a regular feature of geek culture.
These contests may bring all the participants to one location, or they
may be mediated by the Net, but they tend to share a common format:
given a specific problem and working alone, you have a limited amount
of time to write better code than anyone else. This kind of contest is
a good measure of the talent of isolated individuals, but not of the
collective talent of the entire group. What if there were a contest
that more accurately modeled the way ideas really move through the
world? Suppose, once an idea had been put forward by one person, it
could immediately be freely adopted and modified by anyone else, even
as the contest continued? The winning entry for this kind of contest
would be an amalgamated effort by many people, people who were
simultaneously competing and collaborating. This approach is more like
the messy, organic way in which much software, particularly open
source software, actually gets built. Presumably, then, an open source
programming contest might show us something about how innovation works
in the real world. For several years, we have been running exactly
this kind of contest using the MATLAB programming language, and the
results have given us a fascinating quantitative perspective on the
dynamics of innovation and reward in collaborative programming. This
talk will treat some of the patterns of collaboration that we have
seen in our contest.

Bio:

Ned Gulley works at The MathWorks, Inc. as part of the team that makes
MATLAB. Ned joined the company in 1991 and has led the development of
the Fuzzy Logic Toolbox and the MATLAB IDE team. Since 2001, he has
been leading the MATLAB Central web community team. These days he’s
particularly in the overlap between technical and social computing.

Prior to The MathWorks, Ned was an aerospace engineer working on
flight control research and simulation at NASA Ames Research Center in
Mountain View, California. Ned holds a BSE in Mechanical and Aerospace
Engineering from Princeton University and an MSE in Aeronautical and
Astronautical Engineering from Stanford University.

Resources

MATLAB Central: http://www.mathworks.com/matlabcentral/
The MATLAB Programming Contest: http://www.mathworks.com/contest/overview.html
“In Praise of Tweaking”, a paper on the contest:
http://www.starchamber.com/gulley/pubs/tweaking/tweaking.html
Ned’s Blog: http://www.starchamber.com/
_______________________________________________
Crcs-privsec mailing list
Crcs-privsec@seas.harvard.edu
https://lists.deas.harvard.edu/mailman/listinfo/crcs-privsec

Speaker: Catherine Candee

Location: Maxwell Dworkin G125

Time: March 17, 2008, 5-6:30pm

Title: Whose knowledge is it? UC takes on IP

Abstract:

The commercialization of scholarly publishing has stimulated a crisis that threatens to compromise the very mission of our universities. The crisis reduces access to scholarly materials and limits the dissemination of scholarship. In its search for an economically sustainable means of disseminating the fruits of research, teaching, and learning, the University of California has become host to some of the most successful alternative publishing initiatives in the nation. But in 2007, when faculties at all 10 UC campuses launched an initiative similar to Harvard’s FAS resolution-an effort to reshape the management of their copyrights-the effort foundered on issues of implementation. I will discuss lessons learned from the UC experience, the issues at the heart of the open access movement, and what’s at stake for our research universities.

About Catherine

Since May 2000, Catherine Candee has been leading Strategic Publishing Initiatives at the University of California. Until very recently, she directed the publishing group at the California Digital Library (CDL) where she launched the eScholarship Program to provide alternative publication services for the UC community. In 2001, she forged a partnership with UC Press Director Lynne Withey, developing innovative publishing ventures that combined the unique talents and abilities of the Press and the CDL. Today the eScholarship Repository, a full-spectrum publishing platform, is home to more than 20,000 scholarly works, reflecting the output of the 200+ UC departments who publish with UC’s eScholarship Services. More than 2,000 UC Press monographs have been digitally published using XTF, an open source text publishing infrastructure developed at the CDL, and a digital critical edition of Mark Twain’s works was launched in October to wide acclaim.

On November 1, Catherine assumed an expanded leadership role supporting scholarly communication at UC. She is responsible for leveraging the capacity of UC-wide educational publishing and broadcast services, represented by the CDL and its eScholarship program, the Continuing Education of the Bar, the Language Learning Consortium, the Office of Scholarly Communication, University of California Press, UC College Prep Online, and UCTV, as part of the university’s effort to forge a sustainable scholarly publishing system.