Dear Readers:

We are pleased to bring you this issue of Cipher!  In it you will find a book review by Robert Bruen, Mary Ellen Zurko's LISTWATCH, and several new calls-for-papers.

Within the context of  the recently settled US presidential election, a frequent topic of conversation around our break room has been the viability of voting on the Internet.  I'll bet you've had those discussions too.  A small, local, upside to the ordeal is that it  sparked a genuine interest in students to review some of the literature on electronic voting protocols.  I'd like to pass along a few links to papers that we found interesting and useful.  Avi Rubin recently authored a paper entitled "Security Considerations for Remote Electronic Voting Over the Internet" [1]  that summarizes his comments at the National Workshop on Internet Voting [2].  Ron Rivest's research group on electronic voting maintains a web page with interesting articles and a great bibliography on many aspects of electronic voting [3].  Also of note is the Sensus project by Lorrie Cranor and Ron Cytron, specifically the paper entitled "Design and Implementation of a Practical Security-Conscious Electronic Polling System"  [4].  These are a few of the resources that we found helpful. 

On December 8, 2000 at a speech at the University of Nebraska, President Clinton highlighted a new Scholarship for Service program (SFS) to support students who are preparing to enter into careers in Information Assurance [5].  This was certainly good news to many in our community who have invested years making the case that we do in fact have a shortage of trained security practitioners and educators, and  worse, we lack the capacity to educate professionals in the numbers needed to have an impact.  Key aspects of these problems were detailed in Eugene Spafford's 1997 briefing to the US House of Representatives Committee on Science [6].  Matt Bishop's insightful keynote presentation at the National Colloquium on Information Systems Security Education in May 2000 also highlights these concerns and gives us a look at what we have accomplished in computer security education in the past four years [7].   The Scholarship for Service program also provides modest support for curriculum and faculty development, and "capacity-building" efforts for Universities that desire to ramp up new education and research programs in computer security.   It's a small step, but it's certainly timely and in the right direction.  There are many innovative ideas floating around...sharing courses...sharing students...sharing faculty...a national dialog on information assurance will be interesting to see what emerges. 

One of the aspects of assembling Cipher that I enjoy is working with the fantastic volunteers that make the newsletter happen.  I'd like to introduce our newest volunteer, Joe Morsello.  Joe is employed by the Concero group, currently assigned to Nortel Networks at Research Triangle Park in North Carolina, USA.  Joe is also pursuing a MS degree at North Carolina State University in Innovation and Technology Management.  With so many of our readers shaping the future of information assurance, we thought it would be interesting to provide a forum for you to write an occasional  editorial piece.  Joe has agreed to take this on as a project.  If you have thoughts on this (or would like to volunteer an editorial!) please contact Joe at

Many thanks to our contributors for their help with this issue!  

Best regards and Happy Holidays!

Jim Davis