The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 2 Issue 26

Friday, 14 Mar 1986


o Integrity of the Electoral Process
Mark Jackson
o Ballot Secrecy
Lindsay F. Marshall
o Nuclear waste-land
Jerry Mungle
o Nuclear disasters
Lindsay F. Marshall
o 103/212 modems
o Info on RISKS (comp.risks)

Integrity of the Electoral Process

12 Mar 86 11:39:29 EST (Wednesday)
It seems to me that the discussion has strayed from the mark.  No balloting
procedure is completely unbreakable.  Current systems appear to be
reasonably secure, but this is primarily due to effective vigilance (e.g.
poll watchers from each party).  When enough of the "system" falls under the
effective control of a single organization then fraud becomes possible,
hence inevitable (e.g. Chicago under the Machine).

The "risk" involved in computerization of the ballot collection and counting
process is the centralization of much of the process under the control of a
single organization (hardware and software system).  The challenge is to
assure that the resulting system is sufficiently distributed and subject to
routine checks so that the potential for fraud is not increased.

Apropos of this, it is not clear to me that the proposal for printing
individual ballot hardcopies addresses what would otherwise be an
*increased* risk.  For example, with lever-type voting machines is some
record kept beyond the candidate tallies read out when the polls close?

      [Apparently no individual record is kept -- only the running totals.
       Fraud-prevention is largely dependent on the poll watchers.  But it
       may be relatively easy to vote twice in a large and noisy room if your
       machine is facing away from the poll watchers back-to-back with
       another machine facing the other way -- unless the system is set up
       so that it has to be rearmed manually each time the exit-lever
       automatic vote recorder is triggered.

       There are always some vulnerabilities, as I noted in RISKS-2.23,
       including bribed officials.  The recent election in the Philippines
       give us another datapoint.  PGN]

Ballot Secrecy

"Lindsay F. Marshall" <>
Wed, 12 Mar 86 11:28:38 gmt
One of my regular grouses to Clerks at election time is that the Ballot
is not actual secret. They always say "oh yes it is", but when you point out
that each voting slip is stamped with a serial number (when you get the
paper) which is recorded in such a way that it can be traced back to you,
they then say "Oh, but that's in case there is any Ballot Rigging so that
we can backtrack to find multiple votes etc.". The ballot in UK elections
is most definitely not "secret" in the sense that most people assume, though
there is no evidence that anyone is checking out how you voted (yet).

Nuclear waste-land

11 Mar 1986 06:26:43 PST
Re: Nuclear power plant accidents...

  The explosion in the USSR was due to storage of nuclear waste, not a
power plant accident.  However, seems I recall there are some low probability
(aren`t they all) accidents which can send a breeder reactor into a low yield
explosion (probably *very* dirty, too).

  Two tangental comments - I live near TVA's Browns Ferry reactors.  ALL of the
operators failed NRC license tests(!) so BF has been shut down till 80% can
pass.  Is there a license for reactor control software, and if not, perhaps
TVA might be a good place to test (worst case operator actions and all that)?

  Second, there is a siren to alert the population to a BF accident with a
leak.  Nearby is a state prison with an occasional leak.  People have
suggested a siren to warn of escapes, but the chance for confusion is high.
Anyone know of a good way to spread an alarm when you have multiple risks??

  (ps. smiley face to the TVA test suggestion....)

Nuclear disasters

"Lindsay F. Marshall" <>
Wed, 12 Mar 86 11:24:01 gmt
The last line was a joke - the problem with 2000ton reactor vessels dropping
18ft is not explosion but one of contamination. The radiation leakage would
be huge and most of the South of Scotland and North of England would be
affected. If it actually happened Newcastle might just as well have

103/212 modems [Will the messages never cease?]

Tue, 11 Mar 86 18:27:52 est
In RISKS-2.24, Phil Ngai writes:
> This is an often repeated wives tale by people who ought to know better...

As it happens, I can testify that Phil's statement is not correct, or at
least not universally so.  On Sunday 3/9, I called the modem line of a friend
using my Applemodem 1200.  His modem was not ready, so he answered the call
manually and said "hello" to get my attention.  He tells me that my modem
*did* produce carrier when he picked up the phone.

Sorry, Phil.

Please report problems with the web pages to the maintainer