Center for Information Technology Policy

I have several times mentioned the Center for Information Technology Policy [CITP], at Princeton University, and its director, Professor Ed Felten, in posts here regarding a variety of topics, and I have been a regular reader of the CITP blog, Freedom to Tinker, for several years.   (There’s always a link to the blog in the sidebar at right.)  The university’s alumni magazine, the Princeton Alumni Weekly, has just published a long feature article on the CITP, which I recommend as  an excellent overview of what the CITP does.

The article points out that the work the CITP does, on the real-world implications of the use of technology, sometimes makes them less than universally popular.

CITP scientists venture into the wider world to point out problems with how technology is being used, and, in the process, noses sometimes get put out of joint.

One of the areas in which the CITP has been active has been the (in)security of electronic voting machines.  A few weeks ago, I wrote about the work done by Prof. J. Alex Halderman from the University of Michigan, a research fellow at the CITP, in demonstrating the vulnerability of the test voting system set up by Washington DC.   The article lists many other cases of the CITP’s work, which has usually demonstrated that the machines are woefully insecure.

Voting-machine studies are in the center’s DNA. Andrew Appel ’81, a Princeton computer-science professor, is an expert witness in a long-running lawsuit challenging New Jersey’s use of paperless voting machines, which he and others say are acutely vulnerable to manipulation. Most recently, in October, Appel helped persuade the state Superior Court to release an uncensored version of the expert report detailing the problems. A voting machine that has been hacked so that it displays a working Pac-Man video game — instead of candidates’ names — stands, like a trophy, in the center’s lounge on the third floor of Sherrerd Hall, a glass box of a building across from the engineering library.

Another area of active research has been so-called Digital Rights Management [DRM].  Prof. Felten and his graduate students have not always endeared themselves to the content-production industry.

In 2006, they demonstrated that a method Sony was using to protect its DVDs from piracy introduced security risks in users’ computers.

Currently, CITP has a number of interesting research topics.  One important area is the security and privacy implications of “cloud computing”.  The potential convenience of computing in the cloud is a real benefit, but there is a downside that users do not always consider.

So long as you have access to the Internet, you can get your virtual hands on almost anything you need. But you’ve also outsourced the job of handling sensitive information to large companies whose workings you barely understand.

As Prof. Felten pointed out in testimony to Congress, personal information held in the cloud is, in general, an asset of the holding company.  Even if the people running the company  seem like good guys, and say the right things, it is generally not clear that their promises would be legally enforceable in the case of a takeover or bankruptcy.

The article also describes several other interesting projects, including RECAP, a system, implemented through a Firefox extension, designed to provide free access to public court records, and AllOurIdeas, a new twist on conducting opinion surveys.

The article is an entertaining read, and will perhaps explain why I was pleased to hear about Prof. Felten’s appointment as the FTC’s chief technologist.