Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
The outcome of the U.S. Presidential election may have been determined by poor human factors in a computerized vote-casting system. As of this writing (early afternoon on Wednesday), Bush and Gore are separated by less than 1800 votes (.03%) in Florida. Due to the arcana of U.S. election law, whoever carries Florida at this point will win the overall election. And there's a problem in one county that may have resulted in ~3000 votes that were intended for Gore in fact being cast for Buchanan, a minor party candidate. Palm Beach County uses a punch-card voting system. Because of the layout of the names relative to the holes and the buttons to punch those holes, it was apparently easy to get confused about how to vote for Gore. Apart from all the calls to the election board by confused voters, there is circumstantial evidence from the actual tally: Buchanan drew 3407 votes in this county, more than anywhere else in the state, and considerably at variance with both the usual demographics (this county is heavily Democratic, and would be expected to vote for Gore) and with the number of votes Buchanan received in similar, neighboring, larger counties (789 in Broward; 561 in Miami-Dade County). The director of the state Department of Elections doesn't think there's a problem — but he was appointed by Jeb Bush, governor of Florida and brother of the Republican presidential candidate... --Steve Bellovin
In addition to the Palm Beach County curiosity noted by Steve Bellovin, a heavily loaded ballot lock box was found today in a heavily Democratic precinct. I don't think this is what Al Gore meant by a "Lock Box on (Social) Security." [CORRECTION ADDED IN ARCHIVE COPY: Apparently this box contained supplies, not ballots. But *The NY Times* 10 Nov noted various precincts in which ballot boxes and a bag of cards had not been included in the original count.] For some historical perspective, we might recall the 1988 election in Florida, in which there were 200,000 fewer votes for the Senate race than for the presidential candidates, and the remarkable anomaly was mostly only in four counties administered by a particular computer system vendor. The declared winner was Connie Mack, who has just retired, 12 years later. See *The New York Times*, 12 Nov 1988, and RISKS-7.78. And then there was the St Petersburg city election in March 1993 in which 1429 votes were recorded for the incumbent mayor tabulated under an industrial precinct that had ZERO voters, where the mayor won the election by 1425 votes. Fuzzy math strikes again? See Rebecca Mercuri, Corrupted Polling, Inside Risks, *Communications of the ACM*, vol 36 no 11, Nov 1993, p.122, on her Web site at http://www.seas.upenn.edu/~mercuri/mynewhome/Papers/corrpoll.html I would not trust a computerized voting system even if I had written it myself, because of the many ways in which such systems can be subverted. (Last night's events will undoubtedly slow down the final wrapup of Rebecca's PhD thesis noted in RISKS-21.10, because there is more potential grist for her mill — not just in Florida, but in other states as well.) PGN]
http://www.cnn.com/2000/TECH/computing/11/08/e.voting.no.gamble.idg/index.html
An article on CNN.com quotes "experts" as saying that the problems getting
an accurate vote could have been avoided if everyone used electronic vote
counting technology. [Note: not online voting... just electronic voting
machines.]
The article says in part "'Of course you would have 100 percent accuracy
with electronic voting. That would prevent the necessity of a recount,' said
Hans van Wijk, who markets electronic voting systems for Groenlo,
Netherlands-based Nedap. In the Netherlands, some 80 percent of precincts
use e-voting, he said."
As has been discussed numerous times in RISKS (including yesterday in
RISKS-21.10), electronic counting is certainly not 100% accurate. But if
this is what the public thinks of electronic counting, will there be the
same naive expectations about accuracy of online voting? The article talks
about that too (quoting someone from Baltimore Technologies as saying
"Online voting would not only dramatically reduce the count time but also
ensure a more reliable initial result"). There is an acknowledgement that
online voting has its own dangers, noting the risks of accurate
identification of users, denial of service, and malicious attacks. No
recognition though of the risks of just plain malfunctioning software,
though.
Gotta go. All this gore-y discussion of a recount in Florida has me
bush-ed.
--Jeremy
[For those of you who have not seen it, PLEASE read the
People For Internet Responsibility Statement on Internet Voting:
http://www.pfir.org/statements/voting
PGN]
CNN's story about voting technology, on-line and otherwise: http://www.cnn.com/2000/TECH/computing/11/08/e.voting.no.gamble.idg/index.html An interesting quote from the article: "But Dublin-based electronic security company Baltimore Technologies said reliability is no problem. "Online voting would not only dramatically reduce the count time but also ensure a more reliable initial result," said a spokeswoman. She added that online voting would help older, ill, and disabled voters to take part in the polls." RISKS readers will be happy to see there is also a discussion of potential fraud and security risks. Evan McLain <evan.mclain@bigfoot.com>
"REALITY RESET"
http://www.vortex.com/reality
by
Lauren Weinstein (lauren@vortex.com)
November 8, 2000
Today's Edition:
"Hacking the Vote"
http://www.vortex.com/reality/2000-11-08
To subscribe or unsubscribe to/from this list, please send the
command "subscribe" or "unsubscribe" respectively (without the
quotes) in the body of an e-mail to "reality-request@vortex.com".
"Hacking the Vote" (November 8, 2000)
"If they'd been listening to me all along, all of this election confusion
could have been avoided," said Paddy Mastoid.
Paddy is the president of trust-us-not-to-badly-screw-up-your-vote.com, a
firm promoting Internet voting systems. I found 12 messages from him on my
voicemail this morning, as the nation awoke to the bizarre aftermath of
election day, with a historically close election still undecided and the
U.S. population swinging slowly in the wind.
"Look at this mess," said Paddy. "Now they have to re-count all those votes
in Florida, there are concerns over voting irregularities down there, and we
might well end up with a President who didn't even win the popular vote!
Talk about not having a mandate. And I could have prevented all of this
hassle!"
"How so?" I asked.
"Basically, our plan is to eliminate all those long lines at those obsolete
polling places. We want to toss the antiquated paper ballots, punch cards,
and mechanical voting machines out the window. We'll let people vote online
using the same home and office PCs that they already use for accessing
offshore gambling sites and downloading porn."
"Hmmm. Sounds like a tempting goal, but aren't you worried about security,
reliability, all that sort of stuff?" I asked.
"Hey, we didn't just fall off the turnip truck. We're using secure,
redundant Web servers, so your vote will be just as safe as your credit card
numbers during online purchases," said Paddy. "You're happy buying things
online, aren't you?"
"Well, no, not really, not with all of the security breaches at sites that
were supposed to be secure, and their compromising of personal information.
I realize that things can go wrong with old-style voting systems, especially
if they're set up badly, but at least with them it's usually possible to do
various forms of meaningful re-counting when there's a question about an
election's validity."
"But that's my whole point!" said Paddy. "Look at all the trouble being
caused by even being *able* to do a physical re-count. Wouldn't it be better
to have a nice, computerized system where all the votes are electronic and
stored safely in computers where nobody but programmers, system
administrators, and top election officials can screw around with them? You
don't think any of those guys would mess things up do you? When it's all in
the computer, you don't have any *choice* but to trust the computer! You
can't really re-count so there'd be no point to complaining. Problem
solved!"
"Hmmm. What about hackers? If these systems are on the Internet, they'd
seem just as vulnerable to attack and manipulation as any other so-called
secure sites."
"Not to worry!" said Paddy. "We ran a contest and invited hackers to crack
our demonstration system. Five people tried and the only guy who got in was
a 12 year old kid in West Palm Beach, and he promised cross-his-heart not to
tell anyone how after we gave him a DVD player! No problem there."
"But why would most hackers even want to tip their hands by playing with your
demo sites? Wouldn't the real pros just wait until a real election and then
flood your servers with garbage to block real voters out? Couldn't they
plant surprises in unrelated downloads that could hide on people's PCs for
months or years before being activated on election day to disrupt or
manipulate the voting process? There's really no way to secure the typical
operating systems that most people have on their home or office computers
from those sorts of attacks," I said.
"Picky, picky, picky!" said Paddy. "I say let's just deploy these Internet
voting systems now and keep the people happy. If these hypothetical hackers
you're talking about are really that good, we probably wouldn't even realize
that they'd been screwing around with the election anyway. Ignorance can be
bliss. And that would sure be preferable to all the hassles they're having
in Florida today!"
"I really don't think that's necessarily true ..."
"And at least we wouldn't have network TV anchors getting punchy from being
up all night!" said Paddy.
"You do have a point about that," I said.
"I knew that I could convince you, Lauren."
--Lauren--
Lauren Weinstein,
lauren@pfir.org or lauren@vortex.com or lauren@privacyforum.org
Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Copyright 2000 by Vortex Technology. All rights reserved.
This item may be freely redistributed so long as it is complete
and includes this notice.
Whereas mainstream news organizations were bound by self-imposed rules preventing them from releasing state exit poll results before the polls closed, a number of politically oriented Web sites leaked the results as soon as they were available. Voter News Service (VNS), the consortium of news organizations that conducted the exit polls, is threatening to bring legal action against the sites that leaked early results, including DrudgeReport.com and Inside.com — which, however, indicated that they obtained the information not from VNS but from unidentified sources. Inside.com editor Michael Hirschorn said that he had received e-mail leaks from dozens of mainstream journalists, and that the public have as much right to know that kind of information as journalists do. He added: "The genie is out of the bottle, and it's wishful thinking that you could put it back in. Once this information is out, thanks to e-mail and the Internet, it becomes incredibly easy to distribute." [AP/*San Jose Mercury News*, 7 Nov 2000 http://www.mercurycenter.com/svtech/news/breaking/ap/docs/606384l.htm; NewsScan Daily, 8 Nov 2000]
In the closing hours of the election campaign the site of the Republican National Committee (RNC) was vandalized by hackers who urged visitors to vote for Gore. The Democratic National Committee (DNC) denied it had any connection to the act of vandalism, and said intruders had forced the shut-down of the DNC's external e-mail system. [AP/*USA Today*, 7 Nov 2000 http://www.usatoday.com/life/cyber/tech/cti782.htm; NewsScan Daily, 8 Nov 2000]
A Web site offering to sell 21,000 votes for President to the highest bidder has changed its domain name and transferred its registration to a company based in Germany. The www.vote-auction.com site asks visitors to fill out personal details and then offers to sell the votes in blocks broken down by state. The goal, according to the Web site, is to bring "the big money of campaigns directly to the voting public," but the owners, who are Austrian, say they still need to work out the details of how everyone would get paid, and how to verify that they cast the right ballot. The site has been criticized by election officials in Michigan, New York and other states, but as of its reopening this week, more than 2,500 California voters had offered their votes and the leading bid was $48,000, or $19.61 per vote. In August, six people offering to sell their votes for President drew bids as high as $10,000 on eBay before the online auctioneer shut them down. [AP 25 Oct 2000 http://news.excite.com/news/ap/001025/20/votes-for-sale ; NewsScan Daily, 26 Oct 2000]
If you are interested in aviation safety, you might want to check out http://www.pprune.org, click on "Forums", and then "rumors and news", for a remarkable collection of computer problems related to ATC in the UK.
A week later, the FAA route center at Indianapolis is still running on backup generator power ever since a 31 Oct 2000 power outage that "caused flight delays and at least two close encounters between airplanes". The cause of the original outage was still unknown. The route center has 6 diesel generators, three of which are used normally and the other three are for backup. However, after the outage, the diesels fired up, but the main radar could not be brought back up. The 70 controllers had to had planes off to other centers. Close calls were reported by a private jet and a USAir flight. Onboard collision avoidance was given credit for avoiding any tragedies. [Source: An article in the *Indianapolis Star*, 7 Nov 2000 (Generators used for flight routing as a precaution, by Terry Horne); PGN-ed]
I received the following e-mail on a Monday afternoon (after the problems
had been fixed). Several physical devices had been damaged (network hubs
and switches) at UC Santa Barbara making for a very unproductive time for
many employees and students and for a very stressful time for facility and
system administrators.
The point: the weak link will be found and exploited by somebody or
something, causing discomfort to us all. Malicious intent is not a
prerequisite.
Dan Ellis, PhD student, UCSB, ellisd@cs.ucsb.edu (805) 893-4394
> Date: Mon, 06 Nov 2000 08:33:55 -0800
> From: dragon@ece.ucsb.edu
> To: coe-notify@engineering.ucsb.edu, all-grad@engineering.ucsb.edu
> Subject: power outage over the weekend
> Information only --
> A bit after midnight Friday/Saturday, a raccoon strolled into the power
> substation that serves this end of campus and got across a transformer
> that takes the 16kV line down to 4160VAC. The raccoon paid the price for
> this, and he is now merely a warning example of how fragile our power
> infrastructure can be.
> However, various buildings on campus also paid a price, as all power on
> the "A" feeder was off line for nearly two hours.
> Some functions in some buildings had not been restored by this morning,
> however, including HVAC and equipment chilled water in Engineering 1.
> Almost all this equipment is now back in operation. You may wish to check
> computers and process controllers to determine if harm was done during
> this outage.
[A Rocky Raccoon gets added to the long list of Reubened Mammalians.
Must have been Raccoonoitering. After all, it was noit toim, even
if not Down Under! PGN]
A team of computer scientists at Princeton and Rice Universities and the Xerox Palo Alto Research Center (PARC) has been able to remove the invisible "watermarks" used by the 200-company Secure Digital Media Initiative (SDMI) to protect digital music files from pirates. SDMI had offered a prize [RISKS-21.05] to anyone who could defeat its various security measures, four out six of which make use of watermarks. SDMI's Tala Shamoon said, "I expected some would have fallen. This is part of an empirical process to get the best technology." [AP/MSNBC 24 Oct 2000; http://www.msnbc.com/news/480521.asp NewsScan Daily, 24 Oct 2000]
MS has an authenticode mechanism that allows publishers to digitally sign their code using certificates from Verisign. The code is signed via a MS program (signcode) with "-t http://timestamp.verisign.com/scripts/timstamp.dll" as an option. The Verisign stuff is suppose to properly timestamp the signature, but their clock is very wrong!! I did the signature at 12:42, and the .exe now has a new modification timestamp of 12:42, but the certificate claims it was signed at 12:46. So we cannot really believe the times in any of these Verisign certificates. http://www.five-ten-sg.com
Microsoft's internal computer network was invaded by "trojan horse" software that caused company passwords to be sent to an e-mail address in St. Petersburg, Russia. Calling the act "a deplorable act of industrial espionage," Microsoft would not say whether or not the hackers may have gotten hold of any Microsoft source code. [AP/*The New York Times*, 27 Oct 2000 http://partners.nytimes.com/2000/10/27/technology/27WIRE-MSHACK.html; NewsScan Daily, 27 October 2000] [The following issue of NewsScan on 31 Oct 2000 (Hallowe'en!) noted Microsoft says the attack lasted only 12 days instead of the 5 weeks reported earlier, and no major corporate secrets were stolen. PGN]
This morning I received a spam item that originated in a yahoo account. Yahoo seems to be pretty good at responding to spam, so I forwarded a report to them. I noticed in the body of the email that there was the quasi-traditional "to unsubscribe send your email address" to an account at myrealmailbox. So I did the obvious and forwarded the spam again to myrealmailbox (after first browsing their Web site trying in vain to find a policy towards spam.) In return I received this reply: >From: abuse@myrealbox.com >To: gmc333@my-deja.com >Subject: Automatic reply >Date: Mon, 06 Nov 2000 09:09:05 +119303947 (MDT) > >Novell and myrealbox.com are not responsible for this >mailing, it has not used our network or e-mail system. Novell >Internet Message System (NIMS) employs some of the most >sophisticated anti-spamming technology in the industry. >The sender fraudulently used myrealbox.com >IDs for replies or opt-out mails. These accounts >never existed or have been terminated. We are committed >to helping to eliminate this type of mail system >abuse. The RISKS? Apparently the technology is so advanced it's learned the art of plausible deniability. There is also the RISK that a human will never find out what I originally complained about and modify the system appropriately. Greg Compestine http://homestead.deja.com/user.gmc333/index.html
Regarding the enormous convoluted problem of how much EMI is required to cause a spark and hence an explosion in a fuel tank (Re: EMI, TWA 800 and Swissair 111, from Peter B. Ladkin, RISKS-21.08), Andy Weir, in his book "The Tombstone Imperative" made a very simple suggestion: Fill the vacant space above the fuel in the tanks with nitrogen, and any spark, however caused, cannot lead to an explosion. Should not engineers welcome the most simple solution to a problem? Should we not listen to people who are not engineers? Peter Mellor, Centre for Software Reliability, City University, London EC1V 0HB +44 (0)20 7477 8422 Pete Mellor <p.mellor@csr.city.ac.uk>
2001 USENIX Annual Technical Conference Announcement and Call for Papers 25-30 Jun 2001, Marriott Copley Place Hotel Boston, Massachusetts USA http://www.usenix.org/events/usenix01 Sponsored by USENIX, the Advanced Computing Systems Association FREENIX Refereed Track: November 27, 2000 General Session Refereed Track: December 1, 2000 Notification to authors: January 31, 2001 Camera-ready papers due: May 1, 2001. Program Chair: Yoonho Park, IBM Research USENIX Conference Office 2560 9th Street, Suite 215 Berkeley, CA 94710 USA Phone 510-528-8649; Fax 510-548-5738 email: conference@usenix.org
Please report problems with the web pages to the maintainer