電子前鋒基金會 (Electronic Frontier Foundation) 成立於 1990 年,是美國最早關注網際網路上民權議題的非營利組織。當年網路通訊才剛開始普及,幾位共同創辦人發現美國執法單位對於電腦與網路通訊技術普遍欠缺瞭解,所採取的做法可能對隱私權、言論自由等民權與自由造成限制或危害,既有民權團體當時對新資訊技術瞭解也不夠深入,無法在政策上或個案上提供有效的回應或協助。EFF 成立以來全力投入網路民權的工作,除了針對重要案件提供法律扶助,也致力在公眾倡議,並在政策、法案上提供專業見解,協助政府與民眾瞭解各種資訊技術及其應用對於民權議題的影響。
此次來訪的 Seth Schoen 是 EFF 首位僱用的技術專員,在職十四年期間他不但在組織內部扮演銜接資訊技術專業與法律專業的角色,也曾以專家身分參與美國政府聽證或在法庭擔任專家證人。Seth 的專長包括加密技術、資訊安全、電磁紀錄與證據學、網路法及隱私權等。
Seth 此次來臺將進行兩場公開活動。11/27 (五) 晚上與台大電機系的鄭振牟教授針對資安與加密技術共同舉行一場專家講座 (英文進行),以深入淺出的方式讓非技術背景的朋友也能對加密問題有所瞭解。Seth 將介紹他所參與開發的 Let's Encrypt 網路加密憑證系統,鄭教授也將探討真實世界中加密系統可能出現的狀況。11/30 (一) 晚上與台灣長期關心資訊、人權與民主的幾位學界、社運界、開源社群界的朋友針對個資、隱私、監控與自由等資訊與人權交會的主要議題進行交流。
如果你平常就關心自己在網路上的言論與行為會被如何紀錄,或是你的身分識別資料如何在有意無意間洩露給他人,會流向何方、被如何儲存、誰可以使用、為了甚麼目的而使用,那麼你一定要來。如果你沒有太思考過這些問題,或者覺得反正自己 have nothing to hide,給這幾位朋友一個晚上的時間,他們會讓你改觀。
註:本活動以英文進行。
Note: The talks will be delivered in English.
-
Speakers / 講者
Seth Schoen -
Seth Schoen 已在 Electron Frontier Foundation 服務了十四個年頭,他是 EFF 第一位聘用的技術專業人員,此後其他 NGO與政府單位也紛紛效法 EFF 設置類似的職缺。 Seth 的工作包括讓 EFF 的訴訟、公共政策以及社會運動部門對技術的內涵與運作有所瞭解,並針對特定主題進行研究:包括網路服務商如何干擾使用者的通訊,以及有關電腦記憶體和雷射印表機如何作為法庭證據等。他曾受邀擔任美國聯邦機構 ( 包括 Copyright Office, Sentencing Commission) 與數個法院的專家證人,也是 Let's Encrypt 憑證系統最早的技術貢獻者之一。
Seth Schoen has served for fourteen years as the first-ever Staff Technologist at the Electronic Frontier Foundation; his position has inspired the creation of similar positions at other NGOs and government agencies. Seth has sought to inform EFF's litigation, policy, and activist work with technical expertise, and has researched topics including ISPs' interference with user communications and computer memory and laser printer forensics. He has testified before the U.S. Copyright Office, U.S. Sentencing Commission, and several courts. He is one of the original technical contributors to the Let's Encrypt certificate authority project. (photo by James Grimmelmann on Flickr,CC BY 2.0)
臺大電機系
鄭振牟教授
鄭振牟是國立台灣大學電機工程學系副教授,鄭教授主持的快速密碼學實驗室研究方向涵蓋解決密碼學與破密學中幾個重要問題的演算法理論分析,以及它們在大規模平行電腦上的實作。目前在大規模平行電腦進行演算法實作,所仰賴的通用程式語言並不適合用以進行密碼與破密系統的開發工作,不但因為這類系統的 複雜度非常高,而且整體安全性往往與系統最弱的一環相若,在開發時只要稍有差池,整個系統的安全性就可能瓦解。鄭老師所帶領的實驗室一方面發展更適合應用於密碼 與資訊安全方面的系統層級設計工具,包括新的程式語言與其編譯器;另一方面,也積極尋求利用密碼與破密演算法幫助電子設計自動化的可能,例如利用快速 解方程組的演算法來達成最佳化資源配置與排程的工作。 快速密碼學實驗室也從事與現實生活息息相關的資訊安全研究,包括電子支付系統與安全元件的設計與分析,RFID系統(如悠游卡)安全性分析,以及雲端計算安全等研究。- Professor Chen-Mou Cheng is associate professor at the Department of Electrical Engineering. He leads the Fast Crypto Lab, whose main research area is cryptographic hardware and embedded systems (CHES), as well as electronic system-level (ESL) design. Currently, FCL's main research activities focus on the design and analysis of efficient algorithms to solve several important problems arising from cryptology, as well as the development and implementation of these algorithms on massively parallel computers.
Besides the preceding fundamental research, FCL is also actively engaged in applied, more practical information-security research that plays a very important role in our daily life. This includes the design and implementation of secure components for electronic payment systems, security analysis of radio-frequency identification (RFID) systems (such as the EasyCard used in Taipei Metro Rapid Transit System), and cloud computing security.
Agenda / 議程
- 19:00 - 19:10 - 莊庭瑞(中研院資訊所)
- 開場 / Opening
- 19:10 - 21:00 - 專家講座
- Seth Schoen (EFF)
- - Let's Encrypt: A Free Certificate Authority to Encrypt the Entire Web
Abstract: Getting digital certificates that browsers will accept can be costly and time-consuming for Web site operators. That's a major reason many sites still don't use HTTPS security, even though it's increasingly recognized as an essential step in protecting Internet users against a wide range of threats.
Several organizations have come together to address this problem. We've created a new robotic certificate authority which aims to issue publicly-trusted certificates, at no charge, by the millions. Called Let's Encrypt, this CA is a service of the Internet Security Research Group, with contributions from the nonprofit and Internet technology sectors. Our free and open source software and protocol will let system administrators run a single command to turn on HTTPS on their servers in about a minute, helping eliminate obstacles to activating encryption for every Web server. Hosting companies may also do this on a large scale on behalf of their customers.
I'll describe why we need this kind of service, explain how it works, and offer ways to help the project. - 鄭振牟(台大電機系)
- - Real-world cryptography: What could possibly go wrong?
Seth Schoen 訪台系列公開活動:
11/27 (五) 19:00-21:00 臺大博理館 112 教室 (本活動) (英文進行)
11/30 (一) 18:30-21:00 臺大法律霖澤館 3F 1301教室 (以講者母語(英文與中文)進行)
- 莊庭瑞:描繪、跟蹤、以及大眾監控 (Profiling, Tracking, and Mass Surveillance)
- 何明諠:台灣網路透明度報告 (Introduction to the Taiwan Internet Transparency Report)
- 邱伊翎:健保資料庫加值應用的法律及去識別化問題 (Law and de-identification issues in NHI value-added databases)
- 唐鳳:自由:從零開始 (On Freedom Zero)
- Seth Schoen:Why Computer Safety Is Hard (電腦安全大不易)
活動聯絡人
陳世隆 (中研院法律所助理)
eddiechen1004@sinica.edu.tw
(02)2652-5414