The CPSR Compiler - November 2007
The CPSR Compiler - November 2007 - 1.1
COMPUTER PROFESSIONALS for SOCIAL RESPONSIBILITY
Turning Thoughts to Actions
- Registration is now open for Technology in Wartime Conference
- Board member Katitza Rodriguez nominated to be a discussant in the main session on Security on the Internet Governance Forum
- CPSR and CPSR's issues mentioned in Grady Booch’s interview with CNet
- Social dimensions of ICT policy conference
- Blow Struck Against Machine with Secret Voting Software and Invisible Ballots
- “eLearning Africa”, 3rd time, May 2008
- UPSEC 2008 CFP
Registration is now open for Technology in Wartime, a conference organized by Computer Professionals for Social Responsibility.
The event will attract an international audience of computer scientists, policy makers, military professionals, human rights workers, and academics. The goal of this non-partisan conference will be to consider the ethical implications of wartime technologies and how these technologies are likely to affect civilization in years to come. Topics will range from high tech weapons systems and internet surveillance, to privacy-enhancing technologies that aid human rights workers documenting conditions in war-torn countries and help soldiers communicate their experiences in blogs and e-mail. We are also interested in the history of computer-aided weapons systems. Ultimately we want to engage a pressing question of our time: What should socially-responsible computer professionals do in a time of high tech warfare?
The proceedings will be broadcast live on the Web, and the presentations collected in book form online, released under an open license, and made available to the public and policy makers looking for expert opinions on wartime technology issues during the election year.
We have an amazing lineup, including Bruce Schneier (BT Counterpane), Barbara Simons (ACM), Herb Lin (NAS), Cindy Cohn (EFF), Patrick Ball (Benetech), Nick Mathewson (Tor), and Noah Shachtman (Wired magazine’s war correspondent). Plus more!
Visit the Technology in Wartime site to register.
Saturday, January 26, 2008
Stanford Law School
559 Nathan Abbott Way
Palo Alto, California 94305
The second meeting of the Internet Governance Forum (IGF) will be held in Rio de Janeiro on 12-15 November 2007.
The selection was part of a broad-based consultative process by the Secretary-General's Advisory Group which assists him in preparing the Rio de Janeiro meeting.
CPSR member Grady Booch gives an interview about some of CPSR's core issues, and includes a major plug for CPSR:
Debating the morality behind software development
Booch: Yes, but at the ultimate level, the software developer can say, "Do I want to actually build a system that potentially could violate human rights?"
What software developer do you know actually thinks about that when he or she sits down at the keyboard?
Booch: I know many. There is a group called Computer Professionals for Social Responsibility <http://www.cpsr.org/> where many of its members think about that kind of thing. That group was formed to deal with the social issues of the developers....
8th International Conference on Human Choice and Computers
HCC8: Social dimensions of ICT policy
25-27 September 2008
Pretoria, South Africa
Paper submission deadline: 31 October 2007
Reviewer comments: 15 March 2008
Final camera ready copy due: 30 May 2008
Scope and theme
National, regional and international policy plays a major role in the advancement of ICT in various sectors and the shaping of ICT-mediated socio-economic practice. Moreover, it provides mechanisms for addressing potentially undesirable effects of ICT innovation and influences ethical conduct in modern society. This conference is intended to explore policy action concerning ICT and socio-economic change and to discuss particular policies through which various institutions of contemporary governance have sought to promote ICT, to achieve specific socio-economic changes, or to address undesirable effects of ICT diffusion in contemporary society.
The conference is structured in the following tracks:
A. Theoretical papers on policy action regarding ICT and socio-economic change, such as on globalization, the post-industrial society, the information society, etc. We are interested in papers examining why information and communication technologies require policy policies by national and international institutions and necessitate the active involvement of the civil society. This includes the following:
- Theoretical perspectives on the significance of new ICTs for the society and economy;
- Major socio-economic changes, as well as ethical and political dilemmas associated with the concepts of information economy, information society, knowledge society, and globalization;
- The expectations, anxieties and hopes national governments, international development organizations, civil society organizations, and societies at large associate with the new information and communication technologies.
- Undesirable and/or unexpected effects of ICT-mediated practices, including risk assessment and possible mechanisms of control.
B. Analyses of the social consequences of specific areas of ICT policy, such as policies for the diffusion of ICT innovation and economic change, and policies for the 'information society'. In other words, we are interested in papers examining what courses of policy action are undertaken and with what social effects. This includes papers dealing with the following:
- Social, political and ethical analyses of major areas of action and government intervention that have so far comprised ICT policy in various countries and regions - such as the promotion of competitive national ICT industries, or telecommunications regulation.
- Potential risks posed in civil life by the spread of new technologies and the legal measures available for protection against these risks. Areas of relevant policy include:
- Intellectual property rights
- Governance of the internet
- Policies for digital inclusion
- policy in the action-areas of various government institutions, such as education, health, labour, security, defence, and finance, as well as the action areas of NGOs.
C. Assessment of specific cases of ICT-related policy. We are interested in papers that examine the effects of particular policy initiatives, including the following:
- Case studies of national and regional ICT policy initiatives and their social effects
- Industrial and institutional change policies
- National systems of innovation
- International collaborative policies, such as the EU R&D programmes
- Comparisons of national or regional ICT polices and their effects
- Analyses of WSIS proposals and action
- The debate on the internet governance
- Legal measures for addressing undesirable effects; codes of ethics
- Human resources and capability building policies
- Mechanisms for professionalism, such as certification, accreditation, continuing education, licensing.
- Mechanisms for coping with the complexity and dubious quality of circulated 'information'
Types of submissions
We welcome contributions such as:
* Research papers (5000 - 8000 words )
* Work in progress paper (2000 - 3000 words) reporting on ongoing research
* Panels (3-5 members).
Programme Committee chairs:
Chrisanthi Avgerou, London School of Economics
Peter van den Besselaar, Universiteit van Amsterdam & Netherlands Center for Science System Assessment Rathenau Instituut
Local organization chair:
Carina de Villiers, University of Pretoria
Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm
Back to top
Blow Struck Against Machine with Secret Voting Software and Invisible Ballots
Dear Friends of Open Voting:
On Halloween eve, we struck back against one of the scariest voting machines ever produced. The Diebold TS voting machine obtained on eBay by Open Voting Foundation met justice.
My first reaction when I found out the machine was available on eBay June 15 of last year was "take a sledgehammer" to it!  It turns out we did get the machine, but several friends talked me out of smashing it -- for the time being. This was a good thing because it helped us make some other points.
We examined the machine in some detail and reported on various faults we found. In March of this year, the Associated Press cited Open Voting Foundation in an article explaining why Diebold might want to exit the voting system business .
Diebold decided to take their name off the voting machines, and we helped them a bit with that.
Another idea was to turn the machine into a trustworthy voting machine by adding a printer and replacing the proprietary secret software with public software. We concluded that the machine was just too badly designed for this to be economical.
So, back to my original idea.
The event was very well documented. Several TV and radio stations covered it.
There is a video report on YouTube by Sebastian Kunz of 960 The Quake.
There were many still pictures taken as well. Here are a few courtesy of Alec Bash:
Thank you and best wishes.
(the machine was one of several hundred sent back to Diebold by Maryland after the 2004 election, but somehow got stuck in shipping. After 1.5 years, the shipper put it on eBay along with other unclaimed freight)
Back to top
“eLearning Africa”, 3rd time, May 2008
African event - "eLearning Africa": The 3rd International Conference on ICT for Development, Education and Training will take place from May 28 to 30, 2008 in Accra
Please visit: http://www.elearning-africa.com/
Back to top
UPSEC 2008 CFP
The USENIX workshop on Usability, Psychology and Security (UPSEC 2008) will be held on April 14 in San Francisco. We encourage people
on this list to submit their work and to attend the workshop. We'd also appreciate your help in circulating the CFP to others who may be
UPSEC attendees are also invited to attend the the First USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '08), which will be held on the following day in the same location.
CALL FOR PAPERS
Usability, Psychology, and Security 2008
April 14, 2008
San Francisco, CA, USA
Sponsored by USENIX, The Advanced Computing Systems Association
Co-located with the 5th USENIX Symposium on Networked Systems Design & Implementation (NSDI '08), which will take place April 16-18, 2008, and the First USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '08), which will take place April 15, 2008
Submissions due: January 18, 2008
Notification of acceptance: February 28, 2008
Final papers due: March 18, 2008
Elizabeth Churchill, Yahoo! Research
Rachna Dhamija, Harvard University
Alessandro Acquisti, Carnegie Mellon University
Steven M. Bellovin, Columbia University
Dan Boneh, Stanford University
Coye Cheshire, University of California, Berkeley
Julie Downs, Carnegie Mellon University
Stuart Schechter, Microsoft Research
Sean Smith, Dartmouth University
J.D. Tygar, University of California, Berkeley
Paul Van Oorschot, Carleton University
Information security involves both technology and people. To design and deploy secure systems, we require an understanding of how users of those systems perceive, understand, and act on security risks and threats.
This one-day workshop will bring together an interdisciplinary group of researchers, systems designers, and developers to discuss how the fields of human computer interaction, applied psychology, and computer security can be brought together to inform innovations in secure systems design. We seek to deepen the conversation about usable security to go beyond the user interface, toward developing useful and usable systems of humans and technology.
Topics include but are not limited to:
- Error detection and recovery
- Human perception and cognitive information processing
- Identity and impression management
- Individual and cultural differences
- Information seeking and evaluation
- Judgment and decision-making
- Learning, training, and experience
- Mental models
- Models of privacy, sharing, and trust
- Organizational, group, and individual behavior
- Risk perception, risk analysis, and risk communication
- Security behavior study methodology
- Social engineering
- Social influence and persuasion
- System proposals and design approaches
- Threat evaluation
- Usability- User motivation and incentives for secure behavior
The study of human attention, learning, reasoning, and behavior addresses issues of central relevance to computer security. For example:
- Security weaknesses often arise from biases in human perception and cognitive information processing. For example, phishing attacks use confusing perceptual cues and fear to trick users into revealing sensitive information.
- Assessing, creating, and managing secure systems requires ongoing information seeking and information evaluation, as new threats emerge constantly. However, understanding complex and dynamic systems is time-consuming and error-prone, and users have little motivation to spend the time and effort that is required.
- The perception of risk can influence users' willingness to employ security mechanisms or engage in risky behavior. However, risk perception and decision-making are often based on limited domain knowledge and are subject to bias; we underestimate some risks and exaggerate others.
- People's level of confidence in their risk assessments can be perceptually and socially manipulated, independent of actual risks. Attackers (and system designers) often create the perception of security, even when none exists.
- Human reasoning follows certain patterns, which are subject to change with experience. Through training and education, we can help users to learn methods and procedures and develop mental models of how security systems work.
- People learn through interaction with others. Models of social influence suggest that information garnered from a trusted source can affect people's behavior or attitudes, but the level of trust conferred on others is dependent on situational factors. Organizational factors and group behavior can also have a large effect on individual behavior.
- Approaches to risk assessment, identity and impression management, and trust vary from one individual to another and also vary by culture.
Usability, Psychology, and Security 2008 invites insightful new contributions that apply aspects of human/computer interaction and applied psychology to solving problems in computer security. We invite submissions in two categories.
- Short papers: We encourage short papers that describe innovative work in progress or position papers that map out directions for future research or design. Short papers should be no longer than five (5) pages.
- Full papers: Full papers may describe systems, case studies, fieldwork descriptions, experimental studies, and design frameworks. Full papers must be no longer than ten (10) single-spaced 8.5" x 11" pages, including figures, tables, and references.
All submissions should offer new contributions that have not been published elsewhere. Author names and affiliations should appear on the title page. Submissions must be in PDF and must be submitted via the form on the Usability, Psychology, and Security 2008 Call for Papers Web site:
Papers accompanied by nondisclosure agreement forms will not be considered. All submissions will be treated as confidential prior to publication in the Proceedings.
Simultaneous submission of the same work to multiple venues, submission of previously published work, and plagiarism constitute dishonesty or fraud. USENIX, like other scientific and technical conferences and journals, prohibits these practices and may, on the recommendation of a program chair, take action against authors who have committed them. In some cases, program committees may share information about submitted papers with other conference chairs and journal editors to ensure the integrity of papers under consideration. If a violation of these principles is found, sanctions may include, but are not limited to, barring the authors from submitting to or participating in USENIX conferences for a set period, contacting the authors' institutions, and publicizing the details of the case.
Note, however, that we expect that many papers accepted for the workshop will eventually be extended as full papers suitable for presentation at future conferences.
Authors uncertain whether their submission meets USENIX's guidelines should contact the Program Chairs, upsec08chairs(a)usenix.org, or the USENIX office, submissionspolicy(a)usenix.org.
This workshop evolved from Usable Security (USEC'07). The USEC'07 program and papers are available on the workshop Web site: http://www.usablesecurity.org/
(c) Computer Professionals for Social Responsibility 2007
Redistribution of this email publication -- both internally and externally -- is encouraged if it includes this paragraph.
CPSR is a 501(c)3 nonprofit organization. Donations are tax deductible.
Pay Dues or Make Donations via:
1370, Mission St., 4th floor
San Francisco, 94103-2654
Find out about email discussion lists and Working Groups hosted by CPSR at:
The CPSR Compiler is emailed to CPSR members in good standing who have provided CPSR with their email address.
Last modified December 28, 2007 09:15 AM