Anthony Vance

Before moving west to BYU, my family will move east—and north—to Oulu, Finland, where we will live for six months (January—July). I’ll be working as a visiting research professor in the IS Security Center at the University of Oulu, researching with my coauthor and center director, Mikko Siponen.

Among other things, we’ll investigate whether we can devise a theoretically-based and empirically-supported security maturity model, similar to the Capability Maturity Model of software engineering.

I successfully completed my last course required for my Ph.D. Since I already defended my dissertation proposal, I am now officially ABD—All But Dissertation.

I received in the mail today the latest issue of Journal of Management Information Systems (JMIS), in which two of my research articles were published. JMIS is one of the top scientific journals in the field of Information Systems.

The latest issue of JMIS (Spring 2008) is a special issue on Trust in Online Environments. One of my articles examined what factors influence people to trust mobile phones as a secure e-commerce medium. The other article examines the effects of brand alliances and website quality on building trust in e-commerce websites.

I’m in Montreal for the International Conference of Information Systems. Montreal is a beautiful city.

Just as beautiful, I successfully defended my dissertation proposal defense today. This means that my research ideas have been approved and I can go forward with work on my dissertation. Conceivably I could finish my dissertation within the year.

I just passed my competency exams (also known as qualifying or preliminary exams). I’m now a Ph.D. candidate and can continue my Ph.D. program.

My next step will be to defend my dissertation proposal at the ICIS conference this year in Montreal. My dissertation involves users’ willingness to trust or rely on information systems.

As part of my IS research I run a lot of online surveys. I’m sometimes asked what survey service I use. I don’t use any commercial service, but instead use Survey3, an excellent open source survey tool.

Survey3 was developed by fellow IS researcher Conan Albrecht and has a lot of nice features.

I’ve ran Survey3 nearly non-stop for two years on my modest Linux server and I’ve never had any trouble or crashes, and have reliably collected hundreds of surveys. I recommend it.

UPDATE 11/24/2007: Survey3 is no longer under active development?in fact, its project page has been removed. I am still hosting it at the above link. It still works great and I use it regularly.

Google Book Search is one of Google’s relatively unheralded services, but it is second only to the Google search engine in accomplishing Google’s mission to “to organize the world’s information and make it universally accessible and useful”. The amount of information available via Google Book Search is considerable.

Google Book Search has been updated and I am very impressed. It now uses AJAX technology to seamlessly scroll through pages of digitized books. Scrolling seemed just as smooth as using Adobe Reader to view a PDF file. You can also view books in “full screen” mode.

Below is a screenshot of me using URLSnarf to display all of my web browser’s HTTP GET requests. As I scroll through a book in Google Book Search, Google automatically downloads small PNG images in the background (one of the PNG file names shown below is “HyJBeI0ePM0tvlJxRIsaqROQ4WY” with a variable name of “sig”).

The above cartoon by Peter Steiner was published in the July 5, 1993 issue of The New Yorker, just as the World Wide Web and the Internet in general was gaining widespread popularity. The cartoon conveys the freedom of anonymity that communicating over the Internet provides?no one knows who you really are.

However, this is only true in a very superficial sense and only for casual purposes. For any serious person, institution, or government, identities of Internet users are relatively transparent given enough determination. This is because of the nature of the technology–the Internet was not designed with anonymity in mind. For instance, the TCP/IP protocol (the main protocol of the Internet) requires computers to use an IP address, which is by definition a unique identifier.

Fortunately, there are several open source tools that do make robust anonymity on the Internet possible. Steven Gibson on Security Now highlights two of these: TOR and Freenet. I’ve written about TOR before (which works great) but Freenet was new to me.

Freenet is an anonymous distributed database containing files scattered over users’ hard drives all over the world. Users of Freenet are required to make a portion of their hard drive available to store parts of other users’ files. However, these files are encrypted so there is no way to tell what being is stored on your hard drive. Further, when downloading from Freenet, there is no way to tell who you are downloading from.

This technology is very powerful and allows fully anonymous communication, ostensibly encouraging free speech. Unfortunately, this same technology can be used to harbor and distribute criminal information of all kinds. As with other powerful technologies, good is enabled as well as the bad.

I am currently researching ways that web services and RFID technologies can be combined to create dynamically integrated supply chains. As technologies, web services and RFID are very similar in that they both rely on XML-based transfer protocols to transmit information over the Internet.

Within the web services suite of technologies is the capability to create software agents to automatically find and transact with other businesses. RFID, on the other hand, has the capability of unifying a disparate supply chain members by tracking inventory goods at a very granular level and communicating this information up and down a supply chain.

If these two technologies can be successfully combined, entire supply chains could be dynamically formed and automatically integrated. Of course, for such an arrangement to work would require industries to establish standards to support this type of activity. However, from a technological standpoint, the capability already exists.