Cybersecurity raises questions about who owns data and how best to discourage security breaches. This talk will offer some unexpected and perhaps controversial perspectives from economics on relevant questions, including: Who presumptively should own data? What is the purpose of liability law? Should those who violate data security always be liable, or only if they fail to take appropriate measures to prevent leaks? Could “the market” solve the problem, e.g., by people choosing where to shop on the basis of data security? Would regulation be a better means than liability to promote cybersecurity? Don’t expect answers to these questions; my hope is to stimulate and hopefully inform the discussion. If time allows, I’ll review some major actions by the Federal Trade Commission, who is the lead national agency policing privacy-related conduct.
Dr. Tim Brennan is professor emeritus of public policy and economics at UMBC, retiring in July 2020 after thirty years on the UMBC faculty. He has also been FCC Chief Economist, held the T.D. MacDonald Chair in the Canadian government’s Competition Bureau, and served on the staff of the White House Council of Economic Advisers. Before UMBC, he was an associate professor of telecommunications and public policy at George Washington University and a staff economist at the US Department of Justice Antitrust Division. He has over 130 articles and book chapters and books on competition policy, economic regulation, telecommunications and energy policy, intellectual property, and economic methods. His MA in math and Ph..D. in economics are from the University of Wisconsin.
This talk will discuss data and results from the first nationwide survey of cybersecurity among local or grassroots governments in the United States, examines how these governments manage this important function. As we have shown elsewhere, cybersecurity among local governments is increasingly important because these governments are under constant or nearly constant cyberattack. Due to the frequency of cyberattacks, as well as the probability that at least some attacks will succeed and cause damage to local government information systems, these governments have a great responsibility to protect their information assets. This, in turn, requires these governments to manage cybersecurity effectively, something our data show is largely absent at the American grassroots. That is, on average, local governments fail to manage cybersecurity well. After discussing our findings, we conclude and make recommendations for ways of improving local government cybersecurity management.
Donald F. Norris is Professor Emeritus, School of Public Policy, University of Maryland, Baltimore County. His principal field of study is public management, specifically information technology in governmental organizations, including electronic government and cybersecurity. He has published extensively in refereed journals in these areas. He received a B.S. in history from the University of Memphis and an M.A. and a Ph. D. in political science from the University of Virginia.
Laura Mateczun is a graduate of the University of Maryland Francis King Carey School of Law, and a member of the Maryland Bar. She is currently a Ph.D. student at the University of Maryland, Baltimore County School of Public Policy studying public management. Her research interests involve local government cybersecurity, criminal justice, and the importance of equity in
hackUMBC is UMBC’s 36-hour virtual tech innovation marathon where students worldwide collaborate on new ideas to build mobile, web, and hardware projects. hackUMBC invites diverse groups of students to enjoy a weekend of hacking, workshops, tech talks, networking, and other fun activities. At the end of 36 hours, participants’ projects are presented and judged for different prize categories from sponsors and other organizations.
The 2020 hackUMBC hackathon starts at 7:00 pm on Friday, November 13 and ends with a session starting at 6:00 pm Sunday with announcements and demonstrations of the winning hacks.
hackUMBC 2020 is still planning on offering all the same perks and excitement as in previous years. However, it will be completely virtual in order to follow coronavirus safety guidelines. All communication throughout the event will be done Virtually, our Discord workspace, and Zoom video conferencing.
This year there will be six tracks:
hackUMBC is free, but you must register here to participate. Any high school or undergraduate students or recent graduates are eligible to participate in our event. Additionally, all participants must follow the MLH code of conduct and hackUMBC code of conduct. To complete the pre-registration process, you will need a valid student or government-issued ID card and your resume. Since this year hackUMBC will be hosted virtually, all you will need is your hacking device (laptop, desktop, tablet, etc.) and Wi-Fi!
(Joint work with Alan T. Sherman)
A boardroom election is an election with a small number of voters carried out with public communications. We present BVOT, a self-tallying boardroom voting protocol with ballot secrecy, fairness (no tally information is available before the polls close), and dispute-freeness (voters can observe that all voters correctly followed the protocol).
BVOT works by using a multiparty threshold homomorphic encryption system in which each candidate is associated with a masked unique prime. Each voter engages in an oblivious transfer with an untrusted distributor: the voter selects the index of a prime associated with a candidate and receives the selected prime in a masked form. The voter then casts their vote by encrypting their masked prime and broadcasting it to everyone. The distributor does not learn the voter’s choice, and no one learns the mapping between primes and candidates until the audit phase. By hiding the mapping between primes and candidates, BVOT provides voters with insufficient information to carry out effective cheating. The threshold feature prevents anyone from computing any partial tally—until everyone has voted. Multiplying all votes, their decryption shares, and the unmasking factor yields a product of the primes each raised to the number of votes received.
In contrast to some existing boardroom voting protocols, BVOT does not rely on any zero-knowledge proof; instead, it uses oblivious transfer to assure ballot secrecy and correct vote casting. Also, BVOT can handle multiple candidates in one election. BVOT prevents cheating by hiding crucial information: an attempt to increase the tally of one candidate might increase the tally of another candidate. After all votes are cast, any party can tally the votes.
Farid Javani is a Ph.D. candidate in computer science at UMBC, working with Alan Sherman. His research interests include algorithms, security, applied cryptography, and distributed systems. He is the manager of the Enterprise Architecture team at CCC Information Services in Chicago. email: .
Host: Alan T. Sherman, . Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1:00 pm. All meetings are open to the public. Upcoming CDL Meetings: Oct. 30, Jonathan Katz (UMCP), [possibly on secure distributed computation]; Nov. 13, TBA, [possibly: David R Imbordino (NSA), Security of the 2020 presidential election]; and Dec. 11, TBA, [possibly: Peter A. H. Peterson (Univ. of Minnesota Duluth), Adversarial Thinking]
Protocols for secure multi-party computation (MPC) allow a collection of mutually distrusting parties to compute a function of their private inputs without revealing anything else about their inputs to each other. Secure computation was shown to be feasible 35 years ago, but only in the past decade has its efficiency been improved to the point where it has been implemented and, more recently, begun to be used. This real-world deployment of secure computation suggests new applications and raises new questions.
This talk will survey some recent work at the intersection of the theory and practice of MPC, focusing on a surprising application to the construction of Picnic, a “post-quantum” signature scheme currently under consideration by NIST for standardization.
Jonathan Katz is a faculty member in the department of computer science at the University of Maryland, College Park, where he formerly served as director of the Maryland Cybersecurity Center for over five years. He is an IACR Fellow, was named a University of Maryland distinguished scholar-teacher in 2017-2018, and received the ACM SIGSAC Outstanding Contribution Award in 2019.
Host: Alan T. Sherman, . Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public.
Upcoming CDL Meetings: Nov. 13, TBA, [possibly: David R Imbordino (NSA), Security of the 2020 presidential election]; Dec. 11, TBA, [possibly: Peter A. H. Peterson (Univ. of Minnesota Duluth), Adversarial Thinking]
Aaron Wilkowitz
Customer Engineer, Healthcare & Life Sciences, Google
5:30 – 7:00 pm EDT, Tuesday, 15 September 2020
free and online; register here to get the link
Aaron specializes in Healthcare & Federal and has worked with numerous private companies & federal agencies around reaching better healthcare outcomes and minimizing fraud through smarter data. Previously Aaron worked at a predictive analytics firm APT helping Fortune 200 companies drive to better data-driven decisions.
Agenda
5:30 – 5:35 Welcome
5:35 – 6:30 Aaron Wilkowitz Talk
6:30 – 6:45 Q&A