Seth Meltzer | Researching the future

 

Connecting state and local government leaders

GCN Interview: IRS researcher Seth Meltzer discusses multicore systems, the secrets of cryptography and barriers to smart-card use. He's written a book on cryptography, 'Cryptography Decrypted,' now available for free on his Web site.<br>

The Internal Revenue Service has a research and development arm? That's a question Seth Meltzer, a researcher at the IRS Research Division, based in Washington, hears a lot. The agency is interested in matters of identity and authentication, two topics that the division has investigated in depth. Meltzer has developed an expertise in these topics.He's written a book on cryptography, 'Cryptography Decrypted,' now available for free on his Web site, www.hxmel.com. The Research Division has almost 100 economists and statisticians who look for ways to make the IRS function more efficiently.A few of us have advanced training in computer science and look at how state-of-the-art computer technologies can benefit the IRS. I'm working on the Taxpayer Burden project, which seeks to identify and reduce the hassle the American public has in filing a tax form ' check writing not included. More than 20 years ago, an IRS senior executive had a vision to staff the IRS with highly trained computer system developers who also had specialized training in an area beneficial to the IRS. I was hired because I have graduate degrees in economics and actuarial science; others had accounting, statistics, management or other financial backgrounds. I mostly look at state-of-the-art programming languages and techniques. Recently, I've been looking at programming multicore computers ' concurrent programming ' and Java generics.In my opinion, multicore computers, like Intel's dual- or quad-core chips, present the next big challenge to system developers. A program run alone will not run faster on a multicore computer if it is not retooled to take advantage of the multicore capabilities. Though some buy multicore machines to improve performance, most performance gains are the result of running two or more programs at the same time.Java generic programming enables stronger error-checking capabilities. Generic programming emanates from the desire to have the compiler identify and flag errors before the program is run. It's complicated ' some say too complicated ' but it's better to find as many errors as possible before program run.Being in research, I usually am working ahead of the curve, technologically. For instance, I was an early deployer of programs written in C++ and Java. In 1999, I led the development and deployment of a client-server system protected by cryptographic methods and keys. Two years ago, I led a team that analyzed designed, retooled and deployed a multithreaded system that takes advantage of multicore capabilities. A fun story. A little more than 10 years ago I was asked to design, build and deploy a program on a small network of IRS computers that could securely share data. Back then, I certainly didn't know how cryptography worked. So, with a senior executive at my shoulder, I typed what I thought was 'cryptography' into a search engine. Unfortunately I misspelled cryptography, and the executive sighed. Although it's a fun story now, I wasn't smiling at that time. I needed to learn fundamentals of cryptography ' and how to spell it.The result of my need to teach myself the fundamentals of cryptography turned me into a published author. ['Cryptography Decrypted' has been in print for seven years.] Since I don't work in IRS Information Systems, I can't comment on their operations. But here's my take on authentication and privacy.Before telecommunications, the authentication problem was easily solved by our senses: We knew who we were talking to because we recognized their faces, voices, etc. Privacy could be ensured by correctly positioning respective mouths and ears.Cryptography and other mechanisms that enable private communication have been around for thousands of years. One macabre story is about messengers whose heads were shaved, messages tattooed onto their scalp and after hair covered the tattoo, sent to deliver the message. After delivery, the only way to ensure no one else would read the message [was] to dispose of his head: Kill the messenger.Fortunately, today we have the Internet for communications instead of such delivery systems. Since the Internet needs lightning-fast secure communication, top-of-the-line mathematicians and computer scientists have, to my satisfaction, solved the technical aspects of Internet authentication and privacy. But, like the gruesome story I just told, administration is a killer. Specifically, managing the distribution of and revocation of keys can be very cumbersome. Research wanted to study authenticated secure pipes. An ASP ensures users that their Internet conversations are with whom they thought ' that the other parties are authenticated ' and that those conversations are private.Assuring another's identity is accomplished with one or more of the following: physical identification, a common shared secret or a physical token. These are respectively referred to as who you are, what you know and what you have. With respect to computers, these can be implemented with biometrics (who you are), cryptographic keys (what you know) and smart cards (what you have).In 2002, we decided to focus on smart cards. I arranged with Carnegie-Mellon University to let me train some graduate students in these technologies, and together with help from a brilliant developer we built a deployable system. My CMU experience made me realize how fruitful collaboration could be when you combine government/corporate expertise and projects with motivated graduate students. We even got help from a famous three-letter federal agency that does know how to spell cryptography. We were very excited; the smart-card system was built so it could transparently replace the cryptographic-key system I helped build in Research in 1999, replacing last-century technology in an innovative and cost-effective way. That's a tough question. Smart cards are widely used in other European and Asian countries to authenticate large and small purchases. Although the Defense Department has issued millions of smart cards to their personnel, smart cards are seldom used in the USA's dot-gov or dot-com sectors. The smart cards I've seen as government ID cards are not used, and other efforts in the commercial sector have also failed.Many believe there's no reason to use a smart card as long as credit card companies are willing to pick up the losses from fraudulent use. Perhaps a huge scam will tilt the board in the smart-card direction.Some big computer manufacturers felt that way a year or two ago when they sold keyboards with smart-card readers built in. Many notebooks have them as well. Nevertheless, I don't see widespread use of smart cards in the next three years; there's too much inertia.

Seth Meltzer

GCN photographer Rick Steele





GCN: What's the role of the Research Division?


Meltzer:




GCN: Then why are you in the Research Division and not in IRS Information Systems?


Meltzer:


GCN: What technologies are you looking at?


Meltzer:








GCN: What is your background in cryptology?


Meltzer:




GCN: What challenges does the IRS have in terms of authentication and encryption?


Meltzer:








GCN: How did you get involved with Smart Cards?


Meltzer:






GCN: How pervasive do you see smart-card use among the public, say, 20 years from now, and what issues still need to be resolved before widespread use becomes feasible?


Meltzer:





NEXT STORY: Crunch time

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.