April 29, 2010

Cornell Professors to Present Research to Congress

Print More

For iPhone users, Blackberry addicts, Facebook chatters and Internet surfers, the notion of personal security and privacy is one that is often taken for granted. Friday, two Cornell professors will present a briefing to congressional staffers on cyber security and information technology, arguing that our conversations may not be as private as we would like to think.

The briefing, entitled “Building Security and Privacy into Information Technology,” will be given by Prof. Steven B. Wicker, electrical and computer engineering, and Prof. Andrew Myers, computer science. The professors will present their research, focusing on the myriad flaws within network security systems and the ways in which these flaws may threaten individual technology users.

Myers, whose research focuses on security issues surrounding cellular and demand-response systems, explained that the traditional threat from computer viruses and unauthorized hackers now applies to anyone using a smart-phone.

“Cell phones these days are just little computers, so absolutely this [danger] spills into cell phones … In the old days, you ran the program on a computer. Now, these programs run on your cell phone, on some cluster in a cloud … There’s info being shared on a network, and the security of that is being shared by that network,” Myers said.

Myers suggests that a major security problem may be at the programming level, where technology is developed using antiquated methods.

“The way that we build software now is not that fundamentally different from the way it was 30 years ago” said Myers. “The abstractions available to programmers were created in a world where the internet was starting to exist, where a programmer sat at a computer and trusted a computer.”

Now, according to Myers, neither the programmers developing new technology nor the corporations for which they work are providing effective security for their consumers, in part because it is too expensive.

“Industry can’t really afford to invest the resources in basic security and policy” Myers said. “Basic research in general, the industry doesn’t do. Basic research tends to benefit everybody as much as the company that did it.”

But despite these corporate shortcomings, Myers believes that his research could potentially reconfigure an otherwise deficient culture. FABRIC, a new platform designed by Myers, allows users to extend information from their personal computer across a network, using other participating computers to store information more securely. Myers hopes this system, which he will present to the Congressional panel today, will provide better protection than the current virus protection, firewalls and network filters offered by software companies.

Prof. Wicker, whose research identified personal privacy issues for the same platforms, agreed with Myers that privacy must be engineered into our gadgets from the nascent stages in their development.

“Take something like cell technology in which huge amounts of data about the individual collects over the course of time,” Wicker said. “The network is continually telling where you are. Who has access to this material and when? What I’ve done is to develop privacy overlays. The goal is to demonstrate that it’s a design choice, that you can design the service to be privacy aware, and still allow people to go about talking on their phones.”

Wicker also agreed that privacy may not be as desirable for the companies developing products as it is for the consumers using them.

“The more info you have about people, the more you can segregate them into groups and classes more likely to buy a product and less,” Wicker said. “Clearly corporate interests want this information so that they can target their products accordingly.”

Wicker plans to use his time before the Congressional panel to insist upon structural change to current privacy laws.

“[The panel] is going to hear that we need to build privacy into our systems. It has to become part of the culture of design,” Wicker said. “If we stay on the track we are now, we’re going to create an extremely intrusive system that basically shows what’s going on in people’s homes.”

But both researchers remain optimistic that although the process may be slow, legislation and educated awareness will enact the changes that will ensure our information’s security.

“I think the change will be gradual, but we can see the change already beginning to occur,” Wicker said. “I’m teaching a first year engineering class [Security, Privacy, and Information Network Design], and in time we’ll be graduating engineers who think about design in terms of privacy. Yes, we will see legislatures react to problems, but overall it’s going to be a long process.”

Original Author: Dan Freedman