ISTS: Institute for Security, Technology, and Society

Edward Felten presents the first talk in the speaker series "Surveillance in the Age of Big Data", co-sponsored by ISTS and the Computer Science Colloquium. The National Security Agency is collecting data about a substantial fraction of all domestic phone calls. This talk will examine several technical tradeoffs surrounding the phone data program. How effective is such a program likely to be in identifying potential terrorists or clearing up false suspicion? How easily can enemies evade the program? Can the program be redesigned to better protect privacy, without losing effectiveness? In general, can intelligence agencies carry out their analysis and data processes in a way that better protects the privacy of innocent people? Edward Felten is Director of Princeton's Center for Information Technology Policy (CITP), a cross-disciplinary effort studying digital technologies in public life. CITP has seventeen affiliated faculty members and maintains a diverse research program and a busy events schedule. Dr. Felten's research interests include computer security and privacy, and public policy issues relating to information technology. Specific topics include software security, Internet security, electronic voting, cybersecurity policy, technology for government transparency, network neutrality and Internet policy.

Extending Our Understanding of Human Behavior Through Continuous Sensing Wednesday, October 23, 2013 at 4:15pm Location: 006 Steele Deepak Ganesan Associate Professor, University of Massachusetts, Amherst Co-sponsored by ISTS and the Computer Science Colloquium Abstract Deepak Ganesan Our ability to continuously monitor activities, health, and lifestyles of individuals using sensors has reached unprecedented levels --- on-body sensors enable continuous sensing of our physiological signals, smartphones have a plethora of sensors to monitor activity and location, and a growing number of sensors embedded in the physical world enable monitoring of our living spaces. Such ubiquitous sensing promises to revolutionize our understanding of the social, environmental, and behavioral determinants of a wide range of human activities and health conditions. Despite its promise, there are fundamental challenges in designing such systems in terms of data processing, sensing, and power. How can we make reliable inferences despite the noisy, uncertain nature of natural environments? How can we expand our understanding of human behavior through more sensors that fully capture our actions, attention, and environmental cues? How can we cope with the burden of having to re-charge a growing ecosystem of wearable sensors? My talk discusses our ongoing work to address these challenges. From a data perspective, I will talk about leveraging machine learning techniques to detect use of addictive drugs with wearable ECG sensors, and methods to fuse information across diverse continuous sensor sources. From a sensing perspective, I will talk about the design of computational eyeglasses, a wearable sensor that continuously tracks eye and visual context. From a power perspective, I will discuss our work on RF-powered sensor devices that can sense, process and communicate at orders of magnitude less power than a typical battery-powered sensor. Bio Deepak Ganesan is currently Associate Professor in the Department of Computer Science at UMASS Amherst. He received his Ph.D. in Computer Science from UCLA in 2004 and his bachelors in Computer Science from IIT, Madras in 1998. He received the NSF CAREER Award in 2006, the IBM Faculty Award in 2008, and a UMass Lilly Teaching Fellowship in 2009. His publications have received awards at various conferences, most recently, a Best Paper Award at ACM CHI 2013, and an Honorable Mention for Best Paper Award at ACM Ubicomp 2013. He was a Program co-chair for ACM SenSys 2010 and IEEE SECON 2013.

Securing IT in Healthcare: Part III May 17, 2013 Panel 4: Challenges in Securing mHealth Infrastructure Panel Abstract When developing mobile health technology, who is the adversary? What are the most important concerns in developing mHealth technology that can be trusted by healthy individuals, patients, family members, clinical staff, employers, researchers, and payers? In this panel we heard from those who design and build mHealth technology as well as those with experience deploying current technology, to better understand the real risks and threats to security and privacy. Panelists and Presentations Chaired by Andrés Molina-Markham, Dartmouth College, Department of Computer Science Jacob Sorber, Clemson University Jaeyeon Jung, Microsoft Research Yih-Chun Hu, University of Illinois at Urbana-Champaign On May 16-17, 2013, ISTS hosted the third Securing Information Technology in Healthcare (SITH3) workshop in collaboration with members of the Trustworthy Information Systems for Healthcare (TISH) project team. This workshop's focus was on the exciting and ever transforming field of mHealth -- the application of mobile computing technologies to health and wellness. The SITH Workshops traditionally bring together experts from many disciplines to discuss information technology in healthcare.

Securing IT in Healthcare: Part III May 17, 2013 Panel 3: Opportunities for mHealth in the Developing World Panel Abstract Mobile technology provides tremendous opportunities to make health and wellness more accessible to billions of people in developing countries. In this panel we heard from a mix of technology developers, health practitioners, and public-health officials who are pioneers in this space. We discussed technical and infrastructural challenges, sustainable business models, differing privacy laws and cultural norms, and sought to identify open research problems that need to be addressed. Panelists and Presentations Chaired by David Kotz, Champion International Professor of Computer Science, Dartmouth Hamish Fraser, Partners in Health Director of Informatics and Telemedicine; OpenMRS David Aylward, Ashoka Lakshminarayanan Subramanian, New York University Ashutosh Sabharwal, Rice University On May 16-17, 2013, ISTS hosted the third Securing Information Technology in Healthcare (SITH3) workshop in collaboration with members of the Trustworthy Information Systems for Healthcare (TISH) project team. This workshop's focus was on the exciting and ever transforming field of mHealth -- the application of mobile computing technologies to health and wellness. The SITH Workshops traditionally bring together experts from many disciplines to discuss information technology in healthcare.

Securing IT in Healthcare: Part III May 17, 2013 Panel 2: Evolving Business Models in mHealth Panel Abstract How are device manufacturers, new service providers, and existing EHR players building business models for mHealth? What are the opportunities for home or long-term care, including remote service from hospitals (e.g., for chronic care or surgery recovery)? What is the role/opportunity for mainstream EHR players and how will data collected from a wide-range of mobile devices be integrated into the patient record? Panelists and Presentations Chaired by Eric Johnson, Benjamin Ames Kimball Professor of the Science of Administration and Director, Glassmeyer/McNamee Center for Digital Strategies Paul Gorup, Chief Innovation Officer, Cerner Joseph Ternullo, Center for Connected Health at Partners HealthCare Cameron McKennitt, President and COO of PolyRemedy Chuck Parker, Executive Director, Continua Health Alliance On May 16-17, 2013, ISTS hosted the third Securing Information Technology in Healthcare (SITH3) workshop in collaboration with members of the Trustworthy Information Systems for Healthcare (TISH) project team. This workshop's focus was on the exciting and ever transforming field of mHealth -- the application of mobile computing technologies to health and wellness. The SITH Workshops traditionally bring together experts from many disciplines to discuss information technology in healthcare.

Securing IT in Healthcare: Part III Wendy Nilsen, Ph.D. is a Health Scientist Administrator at the NIH Office of Behavioral and Social Sciences Research (OBSSR). Wendy's scientific focus is on the science of human behavior and behavior change, including: utilizing mobile technology to better understand and improve health, adherence, the mechanisms of behavior change and behavioral interventions in complex patients in primary care. More specifically, her efforts in mobile and wireless health (mHealth) research include: leading the development of the NIH mHealth Public-Private Partnership, convening meetings to address methodology and barriers to the utilization of mobile technology in research; serving on numerous federal mHealth initiatives; and, leading the mHealth training institutes. Wendy is also the chair of the Adherence Network, a trans-NIH effort to enhance and develop the science of adherence. She is also a member of the Science of Behavior Change, Health Economics and HMO Collaboratory working groups. These projects are initiatives funded through the Common Fund that target behavioral and social sciences research to improve health across a wide range of domains. Wendy also chairs the NIH Integrating Health Strategies workgroup that supports the science of behavioral treatments for 'complex patients' in primary care.

Securing IT in Healthcare: Part III May 17, 2013 Panel 1: Intersection of mHealth and Behavioral Health Panel Abstract This panel discussed the potential for mHealth in an evolving healthcare context in the U.S., with a particular focus on the role that mHealth approaches may have in healthcare delivery systems which integrate physical and behavioral healthcare. The panel also discussed models for deploying mHealth tools in healthcare systems to increase the quality and reach of evidence-based behavioral healthcare while reducing costs. The pros and cons of mHealth apps used with clinical populations (in alliance with healthcare systems) and for wellness promotion/quantified self also were debated. Panelists Chaired by Lisa Marsch, Director of the Center for Technology and Behavioral Health at the Dartmouth Psychiatric Research Center (PRC/CTBH), and Andrew Campbell, Professor of Computer Science, Dartmouth College Sarah Lord, PRC/CTBH David Gustafson, University of Wisconsin-Madison Niels Rosenquist, Massachusetts General Hospital Timothy Bickmore, Northeastern University On May 16-17, 2013, ISTS hosted the third Securing Information Technology in Healthcare (SITH3) workshop in collaboration with members of the Trustworthy Information Systems for Healthcare (TISH) project team. This workshop's focus was on the exciting and ever transforming field of mHealth -- the application of mobile computing technologies to health and wellness. The SITH Workshops traditionally bring together experts from many disciplines to discuss information technology in healthcare.

Securing IT in Healthcare: Part III KEYNOTE- May 16, 2013 Patricia Mechael Patty Mechael Dr. Patricia Mechael is the Executive Director of the mHealth Alliance, which is hosted by the United Nations Foundation. Patty has been actively involved in global health for 15 years with field experience in over 30 countries, primarily in Africa, the Middle East and Asia. She has worked with a broad range of institutions on research, program design and implementation, strategic planning and policy development for mHealth and eHealth initiatives, as well as reproductive health and women's health and rights. Patty has a Masters in International Health from the Johns Hopkins School of Public Health and Hygiene and a PhD in Public Health and Policy from the London School of Hygiene and Tropical Medicine, where she specifically examined the role of mobile phones in relation to health in Egypt. Prior to joining the mHealth Alliance, she was Director of Strategic Application of Mobile Technology for Public Health and Development at the Center for Global Health and Economic Development at the Earth Institute. She is also faculty at the School of International and Public Affairs and Earth Institute, Columbia University. On May 16-17, 2013, ISTS hosted the third Securing Information Technology in Healthcare (SITH3) workshop in collaboration with members of the Trustworthy Information Systems for Healthcare (TISH) project team. This workshop's focus was on the exciting and ever transforming field of mHealth -- the application of mobile computing technologies to health and wellness. The SITH Workshops traditionally bring together experts from many disciplines to discuss information technology in healthcare.

This video provides an overview of the cutting edge research and the education and outreach the Institute for Security, Technology, and Society (ISTS) at Dartmouth College leads to address the most critical issues affecting information security and privacy and the societal impact of information and communication technologies (ICTs) in an increasingly networked world.

C10M: Defending the Internet at scale. At talk given at Dartmouth College by Robert David Graham. March 4, 2013

Given by Matthew Green, Johns Hopkins University

As smart grid technologies are increasingly deployed there remains a concern that the unintended consequences of unconsidered event scenarios could result in a more brittle infrastructure. New single points of failure could be introduced that have far-reaching consequences. The best approach to mitigating such issues was discussed by Jeff Dagle of the Pacific Northwest National Laboratory on January 23, 2013 at Dartmouth. The talk was co-sponsored by ISTS and the Department of Computer Science Colloquium.

Sam Gustman, Chief Technology Officer of the USC Shoah Foundation Institute, spoke at Dartmouth on October 26, 2012. The Shoah Foundation is the custodian of the Visual History Archive, a collection of 51,696 audiovisual testimonies from Holocaust survivors and other witnesses. Mr. Gustman discussed the archive’s founding and resources, including how their systems and processes are now used by the USC Digital Repository to provide cloud services to collections from around the world. The talk was co-sponsored by ISTS, the Department of Film and Media Studies and the Dartmouth College Library.

Christena Nippert-Eng, Professor and Chair of the Department of Sociology at Illinois Institute of Technology, visited Dartmouth September 26, 2012 to discuss issues regarding privacy that rose out the research for her book Islands of Privacy (2010, University of Chicago Press) and her current work on privacy socialization. The talk was co-sponsored by ISTS and the Sociology Department’s Reitman/DeGrange Memorial Lecture.

Associate Professor of Computer Science at the University of Memphis, Santosh Kumar, spoke at Dartmouth May 23, 2012. Professor Kumar spoke about the development of Autosense, a comprehensive suite of wearable sensors designed to collect multiple physiological indices of stress and addictive behavior (e.g., ECG, Respiration, Alcohol, etc.) and Fieldstream, a software framework on the mobile phone that collects and reports on the physiological measurements from AutoSense sensors. The talk was co-sponsored by ISTS, the CS Colloquium, and the Psychiatric Research Center's (PRC) Center for Technology and Behavioral Health (CTBH).

Ill-informed lawmakers and policymakers, rather than true experts, are addressing issues of cybersecurity and are focused on the wrong issues. This was the message presented April 26, 2012 by Gary McGraw, Chief Technology Officer of Cigital, Inc. and a leading authority on software security. The talk was co-sponsored by ISTS and the War and Peace Studies Program of the Dickey Center for International Understanding.

A presentation by Travis Goodspeed given to Computer Science 258 Course (Advanced Operating Systems) at Dartmouth College on Feb 22, 2012.

Jeffrey P. Bigham, Assistant Professor in the Department of Computer Science at the University of Rochester, gave a talk on November 15, 2011 that was co-sponsored by the CS Colloquium and ISTS. Dr. Bigham’s works spans Access Technology, Human Computation, and Intelligent User Interfaces. He discussed approaches to crowdsourcing that work in real-time to assist people with disabilities in their everyday lives.

How can the US prevent a major cyber attack, and how should it respond to one? Are there policy models from other realms that we can draw upon to develop a strategy for cyber defense, cyber deterrence, or cyber offensives? And how important is cyber defense for national security in the 21st Century? These and other questions were considered by experts in cyber security and defense policy on October 20, 2011 as they discussed one of the major emerging security challenges of the new century. Moderated by Associate Professor of Government Daryl Press, panelists included: Martin Libicki, RAND Corporation; Herb Lin, National Research Council; and Jon Lindsay, University of California, San Diego. The panel was co-sponsored by ISTS and the War and Peace Studies Program of the Dickey Center for International Understanding.

Sergey Bratus of Dartmouth and Edmond Rogers of the University of Illinois at Urbana-Champaign, both affiliated with the Trustworthy Cyber Infrastructure for the Power Grid (TCIPG, http://tcipg.org) project, spoke at TROOPERS 2011 (http://troopers.de), an IT Security conference held in Heidelberg, Germany on April 30, 2011. They described what a real-world large power company's SCADA/control network looks like, what it takes to fuzz-test real-world SCADA equipment, and why such testing is useful to the asset owners and operators now and even more so in the future.

Andrew Odlyzko from the School of Mathematics, University of Minnesota, gave a presentation April 13, 2011. His talk, co-sponsored by ISTS and the Department of Computer Science Colloquium, considered the role of economics, sociology, and psychology, as well as technology, in improving network security.

Katholieke Universiteit Leuven’s Len Sassaman and independent researcher Meredith L. Patterson spoke at Dartmouth on February 17, 2011. They discussed the craft of finding weaknesses in computer programs and systems and how this is taught, including how classic case studies in software vulnerabilities can be reduced to familiar principles of the formal languages and computation theory and the implications of this reduction for the future of the current Internet protocols and the design of new secure ones.

James Oakley and Sergey Bratus of Dartmouth College spoke at Shmoocon 2011, the hacker/infosec conference in Washington, DC, on January 29, 2011. They discussed how the exception handling mechanism present in all recent GCC-compiled executables is based on the DWARF standard. It is ubiquitously used but not well understood, and contains a Turing-complete bytecode virtual machine. They showed how this bytecode can be changed to contain a Trojan payload with no native binary code.

Ryan Speers and Ricky Melgares of the Dartmouth College Trust Lab presented at ShmooCon 2011, the annual East Coast hacker convention. They discussed which proposed wireless sensor network attacks actually work on ZigBee, and provided proof of concept implementations of theoretical attacks. They presented a tool that autonomously discovers and profiles networks in real time, gathering as much information over time about a network and its devices, their relationships, and traffic flows among other things.

Dr. Cyndi Rowland, Executive Director of WebAIM and the Technology Director of the National Center on Disability and Access to Education at Utah State University presented on January 25, 2011 about web accessibility for persons with disabilities and what it means for educational institutions. Dr. Rowland's talk was offered in support of the Dartmouth Centers Forum's 2010-11 theme, Speak Out | Listen Up!

David S. Wall, PhD, FRSA, AcSS is Professor of Criminology at Durham University, UK where he conducts research and teaches in the fields of cybercrime, policing and intellectual property crime. Dr. Wall’s October 21, 2010 presentation was co-sponsored by the Institute for Information Infrastructure Protection (I3P) at Dartmouth College. He discussed how demands for better policing of cybercrimes cannot easily be met because Internet-related offenses mainly takes place within a globalized and transnational context, while crime tends to be nationally defined and policing locally delivered. He argued that the future of policing the internet does not solely revolve around increasing the role and capacity of the public police, rather, it involves the public police engaging with the various networks of security that currently constitute the self-policing of the internet.

Computer games are a multi-billion dollar industry and security flaws are not quietly exploited or brushed under the table — computer game cheats and pirates broadcast their feats widely on YouTube and Torrents. Steven Davis, CEO of IT GlobalSecure Inc., a boutique security engineering firm focused on the Computer Game and Gaming Industries, presented an overview of the security challenges that the computer game and entertainment industries face on October 6, 2010.

Lawrence Lessig, Director of the Edmond J. Safra Foundation Center for Ethics and Professor of Law at Harvard Law School spoke at Dartmouth on May 27, 2010. Professor Lessig discussed the connection between special interest money and critical policy decisions, explaining why past attempts at reform have gone nowhere, and then presented a way forward that would unite citizens of all backgrounds—left, center, and right—who are fed up with lobbyists’ influence in Washington. This talk was co-sponsored by the Department of Film and Media Studies, the Dartmouth College Library, the Rockefeller Center for Public Policy, Dartmouth Computing Services and Research Computing, and ISTS.

Helen Nissenbaum, Professor of Media, Culture and Communication and Computer Science at NYU gave a talk on May 18, 2010, co-sponsored by the Philosophy Department, Digital Humanities, and ISTS. Dr. Nissenbaum’s areas of expertise span social, ethical, and political implications of information technology and digital media.

Latanya Sweeney, Professor of Computer Science, Technology and Policy at Carnegie Mellon University spoke on April 15, 2010. Her talk described a techno-policy pursuit to design a minimally invasive Nationwide Health Information Network (NHIN) that achieves guarantees of real-world applicability and guarantees of trust.

Kevin Fu, Assistant Professor, University of Massachusetts, Amherst spoke on April 7, 2010 about implantable medical devices designed to treat chronic ailments using tiny embedded computers to control therapies and collect physiological data. As implantable medical devices rapidly embrace wireless communication and Internet connectivity they will vastly improve care for chronic disease, but will also introduce new security risks. Dr. Fu discussed efforts to mitigate the risk of intentional (i.e. malicious) malfunctions.

This panel discussion, held February 9, 2010 and sponsored by The Dartmouth Centers Forum, questioned whether technology has always played a role in political protest or if new information technology and the Internet change the activity and impact of political protest in fundamental and new ways. The panel, moderated by Denise Anthony, Research Director of ISTS and Associate Professor and Chair of Sociology at Dartmouth, featured: Bruce Etling, Director of the Internet & Democracy Project at the Berkman Center for Internet & Society at Harvard University, Elham Gheytanchi, Professor of Sociology, Santa Monica College and Evgeny Morozov, Yahoo! Fellow at the Institute for the Study of Diplomacy, Georgetown University.

Neel Sundaresan, Senior Director and Head, eBay Research Labs spoke on November 12, 2009 about how eBay brought buyers and sellers together with the limited tools and technologies available at its outset and helped them conduct commerce without physically meeting each other but by trusting each other with goods and money. The phenomenal growth and evolution of eBay is filled with stories of man meets machine. This talk covered the technical, economic, and social aspects of these stories from the “Long Tail” – a term that has become synonymous with eBay.

This panel discussion from October 22, 2009, hosted jointly by ISTS and the Institute for Information Infrastructure Protection (I3P), in recognition of Cyber Security Awareness Month, explored a range of topics related to the separation of our private and public selves online. The panel addressed such vexing questions as: Does an employer have the right to monitor and control its employees’ online activities? Should any information posted on the Internet be considered private? Do these questions suggest a paradigm shift in human interaction unique to the cyber realm or have we faced similar questions from technologies in the past? The panel—moderated by Denise Anthony, Chair of the Department of Sociology and Research Director of ISTS—featured: Hans Brechbuhl, Executive Director of the Center for Digital Strategies at the Tuck School of Business, James Moor, Daniel P. Stone Professor in Intellectual and Moral Philosophy, Charles Palmer, Chief Technical Officer of Security and Privacy at IBM, and Mark Williams, Associate Professor of Film and Television Studies.

Andrew Cutts, visited Dartmouth on October 13, 2009 to talk about his role as Director of Cyber Security Policy in the Department of Homeland Security and discussed a range of cybersecurity policy issues he has dealt with since joining DHS. These issues included supporting the national cyber initiative, developing cybersecurity strategies, advancing the understanding of national cyber risk, clarifying roles and missions, and helping operational efforts mature.

Jonathan Zittrain, Professor, Harvard Law School and Co-Founder and Faculty Co-Director, Berkman Center for Internet & Society gave a talk at Dartmouth on May 4, 2009 in cooperation with the Rockefeller Center for Public Policy. Dr. Zittrain discussed the unusual and distinctive technologies whose power increases in proportion to the people participating in them, contrasted with other technologies that leverage what the few can impose on the many, whether a PC virus maker who crashes millions of machines or a law enforcement officer who can use new consumer platforms to spy without needing help from private parties.

The concept of Cloud Computing has raised many hopes and just as many concerns. Steve Hanna, Distinguished Engineer at Juniper Networks, spoke on March 5, 2009 about the risks and rewards of sharing computing resources over the Internet. He is co-chair of the Trusted Network Connect Work Group in the Trusted Computing Group, co-chair of the Network Endpoint Assessment Working Group in the Internet Engineering Task Force and is active in other networking and security standards groups such as the Open Group and OASIS.

Window Snyder, Chief Security Officer at Mozilla spoke on October 30, 2008 describing how Mozilla works to secure Firefox and how these techniques can be applied to any software project. Topics discussed included: threat modeling, security response, security metrics, and more.