In a month, I’ll be presenting at Usenix’s Steps to Reducing Unwanted Traffic on the Internet workshop. The paper is “Lightweight Encryption for Email” (PDF), and my co-authors are Susan Hohenberger and Ronald L. Rivest.

At a high-level, we’ve designed (and prototyped) a mechanism for doing public-key signatures and encryption in the context of email, using only existing architecture and, most importantly, without deploying a public-key infrastructure that the user needs to know about. We think our approach will be quite useful in fighthing phishing attacks. The other papers regarding the phishing-specific components of our approach are still in submission. I’ll link to them when they’re ready.

This Saturday, the 12th, I’ll be giving a talk on cryptographic voting and the latest voting standards effort I helped start: Voting System Performance Rating. The real reason you should come, though, is to hear the other speakers, including Ron Rivest.

The talk is at the Radcliffe Institute for Advanced Study at Harvard and is sponsored by IEEE, ACM, and the ACLU. Find out more about the speakers, or even register for the conference, it’s free.

As usual, I’ll have my slides posted to my web page a few days after the talk, under a Creative Commons license, of course.

UPDATE: the slides are up in Quicktime and PDF at the usual place.

This Friday, at the Berkman Center’s Internet and Society 2004 Conference, I’ll be on a panel on electronic voting from 6:30-8:00pm.

So, if you’re willing to give up your Friday Evening and you’re in Cambridge, you should check it out. Jonathan Zittrain from Harvard Law will be moderating, and that alone is worth the trip.

Starting with some discussions at Crypto 2004, a few of us cryptographers discussed setting up new standards for evaluating voting systems.

We were specifically worried about the design-oriented, pass/fail nature of current standards. Instead, we want performance-oriented, multi-dimensional tests. Basically, instead of saying “machine X is good for voting because it uses DES encryption,” a fairly useless statement, we want a testing authority to say “machine X receives a 7.6 score on confidentiality and a 3.5 score on usability because 95% of users maintained voter secrecy and 40% of users were able to express their vote correctly.”

So we got together and wrote up a paper in this month’s Communications of the ACM. If you want to learn more, visit the web site and sign up to the newsletter.

This past Tuesday, just before election results, I gave a talk at Harvard Law School’s Digital Democracy class on “Secure and Fair Elections.” In my new attempt to teach as much as I can to as many people as I can, I’m posting all of my slides online in various usable formats.

Check out the slides.

Boston Magazine’s Jake Halpern wrote an article about my work in this month’s Boston Magazine.

Overall, as a high-level overview, it’s a decent article. Of course, there are a number of exaggerations I’d like to correct:

• I’m not a star PhD student. I’m just a normal PhD student.
• I’m not sure about the supposed “nodding somberly”, “heavy sigh”, and “mischievious smile”… as if somehow I have this enormous burden on my shoulders. I’m just one researcher looking at voting machines.
• the scenario about rigged voting machines that use a specific time slot as a covert channel is not new. Nor is it incredibly likely. It’s just a quick scenario used to explain why simple arguments like “but the voting machine doesn’t know the candidates ahead of time, how can it be rigged?” are not sufficient to make me feel safe about DRE voting machines.

The difficulty in talking about this voting stuff (certainly the same issue that many other scientists deal with) is that people expect a black-and-white outcome. Machines are totally safe. Or, the world is going to crumble because these machines are the work of Satan. The truth is somewhere in the middle, of course. And the only way we can ensure safety is by having some people (like me) remain paranoid.