From the Editors

The Invisible Computers

ust over a decade ago, shortly before we launched IEEE Security & Privacy, MIT Press published Donald Normans book The Invisible Computer. At the time, conversations about the book focused on

the opportunities exposed by his powerful analogies between

computers and small electric motors as system components. Today, almost everything we use has one or more computers, and a surprising number have so many that they require internal networks. For instance, a new automobile has so many computers in it that it has at least two local area networks, separated by a firewall, to connect them, along with interconnects to external systems. Theres probably even a computer in the key! Medical device makers have also embraced computers as components. Implantable defibrillators and pacemakers have computers and control APIs. If its a computer, it must have some test facilities, and these, if misused, could threaten a patients health. Doctors who have driven these designs, focused entirely on saving lives, are shocked when asked about safeguards to prevent unauthorized abuse. Its probably good that their minds dont go that way, but someone (thats you) should definitely be thinking that way. In 2007, the convergence battle in the mobile telephone world was resolved with the iPhone. iPhones launch ended the mad competition to add more surfaces and smaller buttons to attach more features
NOVEMBER/DECEMBER 2011

to each phone. Ever after, a mobile phone would be primarily a piece of software. One button was enough. After that, it was software all the rest of the way down, and control of the technologys evolution shifted from mechanical to software engineers. By now, the shape of the computer systems world is beginning to emerge. No longer is the familiar computer body plan of a screen, keyboard, and pointing device recognizable. Now computers lurk inside the most innocuous physical objects, specialized in function but increasingly sophisticated in behavior. Beyond the computers presence, however, is the ubiquity of interconnection. The new generation of computers is highly connected, and this is driving a revolution in both security and privacy issues. It isnt always obvious what threats to security and privacy this new reality will present. For example, its now possible to track stolen cameras using Web-based services that scan published photographs and index them by metadata included in JPEG or TIFF files. Although this is a boon for theft victims, the privacy risks have yet to be understood.

The computer cluster that is a contemporary automobile presents tremendous improvements in safety, performance, and functionality, but it also presents security challenges that are only now being studied and understood. Researchers have identified major vulnerabilities and, encouragingly, report engagement from the automobile industry in acting to mitigate the documented risks. Security and privacy practitioners and researchers have become comfortable working in the well-lit neighborhood of the standard computer system lamppost. However, the computing world will continue to change rapidly. We should focus more effort on the challenges of the next generations of embedded and interconnected systems.

Marc Donner Associate Editor in Chief

his is my valedictory editorin-chief message. I helped George Cybenko, Carl Landwehr, and Fred Schneider launch this magazine and have served as associate EIC ever since. In recent years, my primary work moved into other areas, and lately I have felt that I was gaining more than I was contributing. Thus, at the beginning of 2011, I suggested to EIC John Viega that I would like to step down as associate EIC and give him an opportunity to bring some fresh blood to the team. The two new associate EICsShari Lawrence Pfleeger and Jeremy Epsteinare both impressive experts and a wonderful addition. The magazine, and the community it serves, are in excellent hands.
3

1540-7993/11/$26.00 2011 IEEE

COPUBLISHED BY THE IEEE COMPUTER AND RELIABILITY SOCIETIES