Cipher Issue 132, May 31, 2016, Editor's Letter

Dear Readers,

The Security and Privacy Symposium and Workshops were held last week, and as usual, the research and ambiance were great. The Distinguished Paper was "A2: Analog Malicious Hardware" by Kaiyuan Yang, Matthew Hicks, Qing Dong, Todd Austin, and Dennis Sylvester from the University of Michigan, and it was about a clever use of two capacitors to hide an almost invisible and exploitable flaw into hardware. Another paper, "Algorithmic Transparency via Quantitative Input Influence: Theory and Experiments with Learning Systems" by Anupam Datta, Shayak Sen, and Yair Zick of CMU, introduced a new (to me) take on privacy of personal data. Even if data is publically known or given freely, the uses of it may be improper, and that can be considered a privacy violation. Thus the goal of "algorithmic transparency."

The first European Security and Privacy Symposium, held in March, was a success, by all accounts, and planning for Euro S&P 2017 is underway. It will be in Paris.

Over the past few years, the Computer Society has been trying to encourage conference organizers to keep a small surplus from the events that they run, but it has been difficult to find a balance of incentives that encourge financial conservatism and still benefit future conferences and their attendees. The new proposed plan seems to be a healthy way of sharing money between the Society, the conferences, and the Technical Committee (which can use the money for student travel grants, for example). A major barrier to such plans has been the fact that funds can carry over for only a year or two. This will be loosened, and the result should be that organizers can count on more financial flexibility in taking on new projects (like Euro S&P).

Ulf Lindqvist, our Technical Committee Chair, would like all our S&P fans and conference attendees know that joining the Technical Committee is free, and you can sign up through the Computer Society website. In the future, in order to vote for new officers of the TC, people will need to be current members of the Computer Society (which is not free). The TC recommends joining up and participating in governance activities.

Richard Austin, our intrepid and fearless book reviewer, takes us to a discussion of cyber conflict. What is the meaning of "cyberwar"? Is there a meaningful difference between different levels of conflict, and how can we think of them in the context of traditional conflict?

The continuing aftermath of the Apple iPhone and the FBI has generated a lot of news, but so have other notable issues in banking, government security lapses, and other topics. Our news list is overbrimming.

Keep your bits on a conditional branch and don't overflow the buffer,

      Hilarie Orman