CITP

Food and discussion begin at 12:30 pm. Open to current Princeton faculty, staff, and students. Open to members of the public by invitation only. Please contact Laura Cummings-Abdo at lcumming (@princeton.edu) if you are interested in attending a particular lunch.

Users may not install security-related software updates which can open up their device to exploitation by attackers. Yet, we know little about why users avoid updates in the first place or how to convince users to apply security-related patches. Given that malware and cyber-attacks are on the rise, filling this gap in our knowledge is a crucial part of helping users to keep their systems secure. In this talk, I outline the user barriers to software updates that we uncovered in a formative study of 125 users’ software updating practices. I then describe the design and evaluation of a low-fidelity, minimally intrusive, information-rich, user-centric, software updating prototype created to address issues identified in the formative study. Our findings suggest that updates are disruptive, provide insufficient information to convince users to apply updates, and that the updating process is confusing for most. Our studies also suggest that the broken user experience around updating is the major factor contributing to users avoiding software updates. Based on our findings, I make recommendations for increasing the chances of users adopting updates by fixing issues in the current user experience with the overall goal of enhancing security. I also outline directions for future work in this space.

Marshini Chetty is an Assistant Professor in the College of Information Studies at the University of Maryland specializing in human computer interaction and ubiquitous computing. Her research focuses on making the Internet more efficient, affordable, and secure from the user perspective via user studies and the design, implementation, and evaluation of end-user facing technologies. Her work is funded by the National Science Foundation, the Department of Defense, and a Google Faculty Research Award and she regularly publishes in top tier human computer interaction venues such as CHI and Ubicomp. Marshini holds a Ph.D. in Human-Centered Computing from Georgia Institute of Technology, USA and a Masters and Bachelors in Computer Science from University of Cape Town, South Africa.

Food and discussion begin at 12:30 pm. Open to current Princeton faculty, staff, and students. Open to members of the public by invitation only. Please contact Laura Cummings-Abdo at lcumming (@princeton.edu) if you are interested in attending a particular lunch.

Politically motivated adversaries change the way one thinks of attacks on the Internet. Unlike conventional online adversaries, who are motivated by economic gain, politically motivated adversaries are motivated to gain and control access to information and are willing to expend time and money to achieve their goals. In this talk, Gill will discuss research that characterizes the level of sophistication of targeted malware attacks and techniques to fingerprint specific instances of filtering technology used to violate human rights.

Gill will discuss her team’s study of targeted malware attacks faced by civil society organizations which characterizes malicious e-mails received by 10 civil society organizations over a period of 4 years. Gill and her team found that the technical sophistication of malware observed is fairly low, with more effort placed on socially engineering the e-mail content. Based on this observation, they developed the Targeted Threat Index (TTI), a metric which incorporates both social engineering and technical sophistication when assessing the risk of malware threats. They demonstrate that this metric is more effective than simple technical sophistication for identifying malware threats with the highest potential to successfully compromise victims.

Gill’s talk will also present methods they have developed to identify and confirm the use of specific filtering technologies around the world. The first method leverages a combination of network scanning and in-country network measurements. Using this method they are able to confirm the use of two different filtering products in four different countries. The second method uses the fact that filtering products use common templates when generating block pages to enable a retrospective look at product usage. They applied this technique on five years of data from the OpenNet Initiative and are able to identify installations of products that were missed in prior (manual) analysis of the data.

Phillipa Gill is an assistant professor in the Computer Science Department at Stony Brook University. She received her Ph.D. in Computer Science from the University of Toronto in 2012, and her B.Sc. and M.Sc. degrees in Computer Science from the University of Calgary in 2006 and 2008, respectively. Her work focuses on many aspects of computer networking and security with a focus on designing novel network measurement techniques to understand online information controls, network interference, and interdomain routing. She currently leads the ICLab project which is working to develop a network measurement platform specifically for online information controls. She has received the NSF CAREER award, Google Faculty Research Award and best paper awards at the ACM Internet Measurement Conference (characterizing online aggregators), and Passive and Active Measurement Conference (characterizing interconnectivity of large content providers).

Food and discussion begin at 12:30 pm. Open to current Princeton faculty, staff, and students. Open to members of the public by invitation only. Please contact Laura Cummings-Abdo at lcumming (@princeton.edu) if you are interested in attending a particular lunch.

We are increasingly depending on cloud-based services in our daily activities, and inevitably a lot of our sensitive and valuable data is transported through or stored in the cloud. There have been many incidents where the security of user data was compromised because of malicious or vulnerable client-side applications and cloud servers.

Our research aims to develop a data protection approach that can be widely adopted by the average end-users, and a key challenge we need to overcome is user acceptance. In particular, we need to provide transparent user experience, that is, our data protection approach should not alter the functionality, workflow, and the look-and-feel of an application. Further, we need to provide intuitive, user-intended protection, that is, the default security policy should match a user’s understanding of the expected (good) behaviors of an application.

The centerpiece of our approach is a new systems mechanism called the security overlay, which can intercept user input and application output and display relevant data on an overlay window right on top of the application’s UI. The overlay window is isolated from the application and its security is dependent on the trusted computing base, or TCB, such as a virtual machine monitor or the OS kernel.

We have developed a prototype of security overlay and applied it to several application scenarios. For example, the security overlay of a web-based email client can ensure that user sees and agrees that the text on the overlay display is really his message, and that the outgoing email payload matches that text. We call this the “what you see is what you send (WYSIWYS)” policy. As another example, the security overlay for WhatsApp can display plaintext input on the overlay window for the user but only send the encrypted input to WhatsApp (and its remote server). In other words, this provides end-to-end message encryption.

Wenke Lee is the co-director of the Institute for Information Security & Privacy and also a professor of Computer Science in the College of Computing at Georgia Tech. His research expertise includes systems and network security, botnet detection and attribution, malware analysis, virtual machine monitoring, mobile systems security, and detection and mitigation of information manipulation on the Internet. Lee regularly leads large research projects funded by the National Science Foundation, Department of Defense, Department of Homeland Security, and private industry. Significant discoveries from his research group have been transferred to industry, and in 2006, Lee co-founded Damballa, Inc. to focus on detection and mitigation of advanced persistent threats.

As digital technologies evolve and become more prevalent, their impact on people with disabilities becomes increasingly critical. Design choices can hinder use (for example, failure to include alt text for images can make a page incomprehensible to a blind user), can seek to improve accessibility, or can increase the number of possible users inadvertently (for example, improvements in video conferencing can help deaf users communicate). This panel will explore various issues in this area: human-computer interaction, the (im)possibility of universal design, corporate decisionmaking by tech companies, and legal and policy contexts.

Moderator:
Solon Barocas — CITP Fellow

Panelists:
Keith Hiatt — Former software engineer and pro bono attorney

Clayton Lewis ’66 — Professor of Computer Science and Fellow of the Institute of Cognitive Science at University of Colorado Boulder

Mara Mills — Assistant Professor of Media, Culture, and Communication at NYU Steinhardt

Michael Stein — Professor of Law at College of William & Mary School of Law; Co-founder and Executive Director of the Project on Disability and Visiting Professor of Law at Harvard Law School

The conference will focus on the need for affirmative, preventative measures to be put in place to prevent physical harm from code-based machines and systems. Planned topics include medical devices and automotive software.

Please RSVP on event website.

Everything we do on the web is tracked and profiled. What types of data are companies collecting? Who are they trading it with? And how is this data used for personalizing our online experience and treating different users differently? What are the algorithms used for targeting ads, as well as prices, news recommendations, and so forth? A quickly emerging area of computer science research aims to bring transparency to privacy-impacting practices on the web via empirical measurement. This conference will discuss the state of the art in this field and the research agenda for the next few years as well as questions of policy — how should laws utilize the results of measurement, and what new laws do these studies suggest? Can self-regulation be effective, and how can web services work together with transparency researchers to foster a healthy public dialog?

Please RSVP on event website.

Date: Monday, October 13, 2014
Time: 1 pm
Location: Labyrinth Books, 122 Nassau Street

Labyrinth and the Princeton Public Library invite you to a lunch-time conversation between “author, internet guru, and practical philosopher” (Alex Kozinski) Cory Doctorow and Computer Science Professor Edward Felten about the state of copyright and creative success in the digital age.

Can small artists still thrive in the Internet era? Can giant record labels avoid alienating their audiences? Doctorow’s new book is about the pitfalls and the opportunities that creative industries (and individuals) are confronting today — about how the old models have failed or found new footing, and about what might soon replace them. An essential read for anyone with a stake in the future of the arts, Information Doesn’t Want to Be Free offers a vivid guide to the ways creativity and the Internet interact today, and to what might be coming next.

Bring a sandwich and your questions. Coffee and cookies will be provided.

Cory Doctorow is a science fiction author, activist, journalist, and blogger as well as coeditor of Boing Boing and the author of young adult novels like Homeland, Pirate Cinema, and Little Brother and novels for adulsts including Rapture of the Nerds and Makers. He is former European director of the Electronic Frontier Foundation and cofounder of the UK Open Rights Group. Edward W. Felten is Professor of Computer Science and Public Affairs at Princeton University, where he is also the Director of the Center for Information Technology Policy, a cross-disciplinary effort studying digital technologies and public life. He blogs at Freedom to Tinker.

From Yahoo’s international legal fight over the online sale of Nazi memorabilia to Google’s protracted struggle for the right to scan copyrighted books, courts around the world have grappled with the application of old rules to rapid innovations in information technology that have major societal implications. This international panel of judges who have been at the forefront of these famous cases will explore some of the issues that they have faced in dealing with high stakes information technology cases.

The Hon. Denny Chin ’75
Judge, US Court of Appeals for the Second Circuit

The Hon. Jeremy Fogel
Judge, US District Court for the Northern District of California Director, Federal Judicial Center

The Hon. Jean-Jacques Gomez
Justice (retired), French Cour de Cassation (Supreme Court)

Underlying the commercial possibilities of Bitcoin are both a fascinating, innovative and complex technical architecture and an intricate balance of market forces, social norms, and group consensus. Bitcoin has grown considerably from its original specification and it’s often unclear the extent to which Bitcoin’s rules are technical vs social in nature. This conference will bring together experts in both areas to elucidate the underpinnings of Bitcoin and examine key questions about its future. How should we best foster exploration of the design space of Bitcoin-like cryptocurrencies (“altcoins”)? What are the implications of research on markets, economic stability, currencies, and human behavior for the technical system, and vice versa? What would Bitcoin developers and researchers like from each other, and how can we facilitate more collaboration between the two groups?

Please make sure you RSVP by Thursday, March 19, 2014 to be included in the food count.
Bitcoin Conference RSVP form.

Streaming Live: https://www.youtube.com/user/citpprinceton

Schools across the country are rapidly adopting new technological tools and cloud services to support their educational missions. To use these online services, schools transfer large quantities of student personal data including transcript information, homework essays, lunchroom purchases and even student weight to third party providers. What can the providers do with the student information? Does the law protect the privacy of the data? Do school districts assure the protection of the data they transfer or is student privacy lost in the cloud? Join CITP’s visiting professor and two key stakeholders for a disconcerting look at the state of privacy protection and a positive look at possible future solutions.

Speaker:
Joel R. Reidenberg, Microsoft Visiting Professor of Information Technology Policy, CITP, Princeton University

Commentators:
Steve Mutkoski, World Wide Policy Director, Microsoft
Kenneth Mitchell, Ed.D., Superintendent, South Orangetown Central School District, New York; Chair, Lower Hudson Council of School Superintendents