The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 22 Issue 24

Weds 11 September 2002

Contents

Florida Primary 2002: Back to the Future
Rebecca Mercuri
Nurses refuse to wear locator devices
Duane Thompson
Computer-Assisted Passenger Screening System defeated
Max
The Underground Web
Monty Solomon
Missed phone connections
Robert Kuttner via Monty Solomon
Microsoft says Win 2000 hacking outbreak subsides
PGN
Greek court finds Government ban on electronic games unconstitutional
Giorgos Epitidios
The pinnacle of chutzpah in spam filtering
Przemek Klosowski
REVIEW: "Computer Forensics and Privacy", Michael A. Caloyannides
Rob Slade
Info on RISKS (comp.risks)

Florida Primary 2002: Back to the Future

<"Rebecca Mercuri" <notable@mindspring.com>>
Wed, 11 Sep 2002 03:14:39 -0400

Well, Florida's done it again.

Tuesday's Florida primary election marked its first large-scale roll-out of
tens of thousands of brand-new voting machines that were promised to resolve
the problems of the 2000 Presidential election.  Instead, from the very
moment the polls were supposed to open, problems emerged throughout the
state, especially in counties that had spent millions of dollars to purchase
touchscreen electronic balloting devices.

Florida voters, including Gubernatorial candidate Janet Reno, experienced
delays (ranging from minutes to hours) due to touchscreen machines not
working properly or at all.  Reno, and others (including Duval County
officials) reportedly sought court orders requesting additional time for the
day's voting session. Governor Jeb Bush granted a two hour extension, but
some of the polling places did not receive notice and shut down their
machines at 7PM, only to discover that restart was impossible because of the
way the machines had been designed.

In addition to polls and machines that opened late, many precincts reported
problems with some electronic cards voters used to activate their ballots.
A few machines in Miami-Dade County reset themselves while voters were
trying to vote.  Even the mark-sense ballots proved troublesome -- in Orange
County many votes will have to be hand-counted because defects made them
unreadable by the optical scanners.

Lest readers think that Florida is alone with these election problems, other
states, including Georgia and Maryland, have also reported similar
difficulties with touchscreens.  Problems in MD led 4 counties there to
commission a report from UMD, which revealed serious reliability concerns,
due to "catastrophic failure," "malfunction," and "unusability" of one of
the two machines they were given for testing.  The Association of Computing
Machinery's Special Interest Group on Computer Human Interaction (ACM
SIGCHI) offered to perform similar evaluations on Palm Beach's new voting
equipment, urged by U.S. Representative Robert Wexler, but the offer was
declined by the County's Board of Elections.

Florida was forewarned about problems with some of their new machines when,
in local municipal elections held back in March 2002, anomalies surfaced in
Palm Beach County.  Some voters submitted sworn affidavits to the state's
15th Circuit Court, attesting to problems ranging from a lack of privacy at
the voting booth, to machines "freezing up" until rebooted or reset, and
voter cards being rejected.

During this past summer, as part of an investigation into Emil Danciu's
contest (one of two lawsuits for the March Palm Beach County election), the
court permitted me to perform a "walk through inspection" of the County's
Board of Election warehouse where the machines were being stored and
prepared for this Fall's primary.  To my amazement, I learned that the
devices would not be tested to see whether they would register a vote for
each candidate that appeared on the ballot face.  Rather, the tallying
system was checked by transferring data between cartridges, (circumventing
the ballot face on each machine) and only one vote, for the first candidate
in each race, was cast using the touchscreen. This essentially meant that
most of the new machines would get their first real use only at the actual
election. (Not only does this testing lack rigour, but it only marginally
complies with Florida election law.)

The Palm Beach County machines were running new software too, since the
firmware on each of their 3400 machines was reprogrammed just weeks before
the Fall primary. (Such firmware reprogrammability represents a major
security and auditability risk.) A thorough inspection of the machines,
requested by Danciu's legal team, was denied by the court, on the grounds
that the purchase contract with Election Supervisor Teresa LaPore made it a
felony violation (for her) of the vendor's trade secret clause if any
devices were provided (Danciu had even offered to pay for one) for an
internal examination.  This trade secrecy also apparently prevents
disclosure of the program code files and testing reports maintained by the
state of Florida as part of their certification process.

But there's more.  Further problems may begin to surface after the
tabulation results are analyzed.  Although if any candidate wishes to seek a
recount, the only one they will get from the touchscreen machines is a
printout of the same electronic data residing inside of the machines -- not
an independent tally from human-readable ballots that were examined by the
voters who cast them on election day. Even Brazil, where 400,000
fully-electronic voting machines were first deployed nation-wide in their
2000 election, deemed it appropriate to retrofit their machines to produce
recountable voter-verifiable paper ballots, and they will begin to institute
this by modifying some 3% of their machines for their next election.

Sadly, many US communities seem to feel that it is necessary to rush ahead
with voting equipment procurements, while reliable systems, appropriate
testing, usability, security, and auditability procedures, and other
safeguards, are years away.  Florida 2000 woke us up to what many already
knew -- our voting systems and laws were flawed.  Florida 2002 lets us know
that expensive computers can not and will not provide the answer to our
election troubles.

For the short run, communities that have purchased malfunctioning equipment
should return it to the manufacturers and request refunds.  There should be
an immediate moratorium throughout the United States (and world) on the
procurement of electronic voting systems that do not provide
voter-verifiable paper ballots.  In other words, if your community is
thinking of buying touchscreen or other fully-computerized voting equipment,
don't let them do it!  Candidates and voters who believe they may have
evidence of ballots being lost or foul-play with voting systems, should
contact me, as soon as possible, at mercuri@acm.org in order to learn how
data could be secured before it may be deleted. Those seeking additional
information on voting systems can refer to the numerous articles linked on
Peter Neumann's website and on mine (at www.notablesoftware.com/evote.html).
Please let your voice and concerns be heard.  Democracy is at stake.

Rebecca Mercuri, Ph.D., Bryn Mawr College

*This article is copyrighted property of Rebecca Mercuri (c) 2002.
All rights reserved.  Reprint permission is granted only in its entirety,
with this notice intact.  This article can be distributed but not sold.
For any other uses, please contact the author for permission.*


Nurses refuse to wear locator devices

<Duane Thompson <dst@rmhcn.org>>
Fri, 6 Sep 2002 16:31:11 -0700 (PDT)

  [This is interesting.  It was forwarded via a Healthcare Management e-mail
  list to which I subscribe.  DT]

Since Monday, nearly half of the 120 nurses at Castro Valley, Calif.-based
Eden Medical Center who were assigned to wear personal locator badges as
part of a program to provide more efficient care have turned in their
devices to protest a system they say invades their privacy and could be
misused by managers. The nurse locator system-launched in October on two
floors with plans to expand to a third-allows hospital administrators to
locate a nurse or a supervisor anywhere at any time. Although the systems,
which are used by hospitals across the U.S., can record response times,
number of nurse visits to a patient room, and length of time of each visit,
Eden uses its $273,000 system to record only response times. According to
hospital officials, the system is meant to help nurses answer patient calls
faster and allow the hospital to track nurses more easily in case of
emergency. They add that since the installation of the system, patient
satisfaction ratings have increased and response times have decreased. But
nurses say the devices invade their privacy, interfere with patient care by
disrupting conversations between nurses and patients, and contain
potentially harmful infrared sensors-a charge the hospital's
radiation-safety officer rejects. The nurses note that the hospital has
installed the system in the nurses' lounge and kitchen and say that
supervisors could use the vocal communication feature to listen in on
conversations; the hospital says it has no intention of using the system to
listen to nurses. Eden has not taken action against the nurses who refuse to
wear the badges.   [Reang, *San Jose Mercury News*, 6 Sep 2002; Tate, (Contra
Costa Times*, 6 Sep 2002.]


Computer-Assisted Passenger Screening System defeated

<Max <max7531@earthlink.net>>
Sat, 07 Sep 2002 11:06:14 -0700

I just read an excellent paper on the inequities of the Computer-Assisted
Passenger Screening System (CAPS) for airline travelers (thank you
Crypto-Gram), and thought it would add some quantitative analysis to the
Homeland Insecurity RISKS debate. Here's the abstract:

  To improve the efficiency of airport security screening, the FAA deployed
  the Computer Assisted Passenger Screening system (CAPS) in 1999. CAPS
  attempts to identify potential terrorists through the use of profiles so
  that security personnel can focus the bulk of their attention on high-risk
  individuals. In this paper, we show that since CAPS uses profiles to
  select passengers for increased scrutiny, it is actually less secure than
  systems that employ random searches. In particular, we present an
  algorithm called Carnival Booth that demonstrates how a terrorist cell can
  defeat the CAPS system. Using a combination of statistical analysis and
  computer simulation, we evaluate the efficacy of Carnival Booth and
  illustrate that CAPS is an ineffective security measure. Based on these
  findings, we argue that CAPS should not be legally permissible since it
  does not satisfy court-interpreted exemptions to the Fourth
  Amendment. Finally, based both on our analysis of CAPS and historical case
  studies, we provide policy recommendations on how to improve air
  security.

And here's a link to the whole paper (the formatting is a little off; scroll
down a bit from the title):
  http://swissnet.ai.mit.edu/6805/student-papers/spring02-papers/caps.htm


The Underground Web

<Monty Solomon <monty@roscom.com>>
Thu, 29 Aug 2002 04:04:31 -0400

Drugs. Gambling. Terrorism. Child Pornography. How the Internet makes any
illegal activity more accessible than ever: It's the kind of call everyone
dreads. For Kristen Bonnett, the daughter of NASCAR race driver Neil
Bonnett, it came on Feb. 11, 1994--the day her father crashed during a
practice run at the Daytona International Speedway. A few hours later, he
died. Bonnett was devastated, but she got on with her life. Then, seven
years later, came a second call. This time, it was a reporter asking for
comment on autopsy photos of her father that were posted on the Internet.
Shocked, she quickly got online. "Forty-eight thumbnail pictures, basically
of my Dad on the table, butt-naked, gutted like a deer, were staring me
directly in the face," says Bonnett. Now, when she thinks of her father, she
pictures him lying atop an autopsy table.

Warning: You are about to enter the dark side of the Internet. It's a place
where crime is rampant and every twisted urge can be satisfied.  Thousands
of virtual streets are lined with casinos, porn shops, and drug
dealers. Scam artists and terrorists skulk behind seemingly lawful Web
sites. And cops wander through once in a while, mostly looking lost. It's
the Strip in Las Vegas, the Red Light district in Amsterdam, and New York's
Times Square at its worst, all rolled into one--and all easily accessible
from your living room couch.  ...  [*Business Week*, cover story, 2 Sep 2002]
  http://www.businessweek.com/magazine/content/02_35/b3797001.htm


Missed phone connections

<Monty Solomon <monty@roscom.com>>
Wed, 28 Aug 2002 23:24:53 -0400

By Robert Kuttner, *The Boston Globe*, 28 Aug 2002

OUR LONG-DISTANCE telephone service stopped functioning yesterday.  For the
magazine I edit, it was a pretty big inconvenience.  For several hours we
pooled cellphones.

My first call was to our bookkeeper. Were we current on our bills? We were.

My second call was to Qwest, the offending long-distance company. Its lines
were jammed. A company spokeswoman said she didn't know how many customers
had lost service, but Qwest's own filing with the Federal Communications
Commission yesterday, as required by law, indicated that 500,000 calls per
hour didn't get through.  ...

http://www.boston.com/dailyglobe2/240/oped/Missed_phone_connections+.shtml


Microsoft says Win 2000 hacking outbreak subsides

<"Peter G. Neumann" <neumann@csl.sri.com>>
Tue, 10 Sep 2002 11:19:08 PDT

On 30 Aug, Microsoft warned customers of an increase in reported hacker
attacks against Windows 2000, but offered few details about the root of the
problem.  On 6 Sep 2002, MS said the malicious activity has "lessened
significantly" -- claiming that the attacks probably did not result from new
vulnerabilities in its operating system, but rather from administrators not
following standard procedures to secure their servers.  "By analyzing
computers that have been compromised, Microsoft has determined that these
attacks do not appear to exploit any new product-related security
vulnerabilities and do not appear to be viral or worm-like in nature," the
company stated in its advisory, available online at
http://support.microsoft.com/default.aspx?scid=kb;en-us;q328691.  "Instead,
the attacks seek to take advantage of situations where standard precautions
have not been taken," the advisory said. "The activity appears to be
associated with a coordinated series of individual attempts to compromise
Windows 2000-based servers."  MS urges us to take preventive measures to
protect themselves against future attacks: eliminate blank or weak
administrator passwords, disable guest accounts, run up-to-date antivirus
software, use firewalls to protect internal servers, and stay up to date on
all security patches.  [Source: article by Matt Berger, *Info World*, 9 Sep
2002; PGN-ed, TNX to Lillie Coney]
  http://www.infoworld.com/articles/hn/xml/02/09/09/020909hnmshack.xml

   [So, it's all OUR fault, even if I don't even use MS software!  PGN]


Greek court finds Government ban on electronic games unconstitutional

<"Giorgos Epitidios" <gepiti@gepiti.com>>
Wed, 11 Sep 2002 15:56:05 +0300

(Re: Pareas via Max, RISKS-22.23)

One of the advantages of Greek law is that every court (no just special ones
as in many countries) can decide on the constitutionality of a law. This has
it's own risks - inconveniences but, I am glad to report that in this case
it worked well. The stupid law banning electronic games has been found
unconstitutional by the court that was judging the "criminals".

Giorgos Epitidios, Athens, Greece  gepiti@gepiti.com


The pinnacle of chutzpah in spam filtering

<Przemek Klosowski <przemek@tux.org>>
Wed, 11 Sep 2002 01:24:09 -0400

Recently, I got a piece of spam, which I forwarded to the 'abuse' at the
sending ISP (a large, national carrier). I quickly got a reply:

	************* Content Filter Notification **************

	The following mail was blocked since it contains sensitive content.

	Source mailbox: <przemek@tux.org>
	Destination mailbox(es): <abuse@....>
	Policy: Prohibited Word Filter

I wrote back, without much hope for any effect:

    Well, sure the mail contains offending material..

      IT WAS SENT TO ME FROM YOU GUYS---THAT'S WHY I AM COMPLAINING

    [Why you'd have a content filter on an 'abuse@...' is beyond me.]
       [Because they get lots of spam also?  PGN]


REVIEW: "Computer Forensics and Privacy", Michael A. Caloyannides

<Rob Slade <rslade@sprint.ca>>
Mon, 9 Sep 2002 19:56:41 -0800

BKCMFRPR.RVW   20020604

"Computer Forensics and Privacy", Michael A. Caloyannides, 2001,
1-58053-283-7, U$79.00
%A   Michael A. Caloyannides micky@ieee.org
%C   685 Canton St., Norwood, MA   02062
%D   2001
%G   1-58053-283-7
%I   Artech House/Horizon
%O   U$79.00 800-225-9977 fax: 617-769-6334 artech@artech-house.com
%P   392 p.
%T   "Computer Forensics and Privacy"

This book occupies a unique place in the literature of computer
forensics.  Most works in the field, such as Kruse and Heiser's
"Computer Forensics" (cf. BKCMPFRN.RVW), concentrate on documentation
of the investigation with a view to presentation in court.  The actual
mechanics of data recovery tend to be left to commercial tools.
Caloyannides demonstrates how to delve into corners of the computer in
order to actually get the data out.

At the same time, this work is inconsistent, on at least two levels.
The perspective flips back and forth between forensics and privacy,
alternately emphasizing how to find evidence, and how to hide
evidence.  The technology involved is the same, but the shifts in
viewpoint can be jarring to the reader.  At the same time, the depth
of technical detail can vary wildly.  At one point the book stops shy
of telling you how to undelete files with a sector editor (an activity
that could be useful to every computer user), while other sections
list lengthy and extraordinary measures to secure personal computers.

Part one concentrates on the data recovery aspect of computer
forensics.  Chapter one is entitled an introduction, but seems to be
more of an editorial on privacy, with the added statement that the
book is intended both for law enforcement personnel needing details of
computer forensic techniques and those wishing to preserve the privacy
of data.  The use of, and factors related to the use of, computer
forensics is supported by specific cases (rather than vague
suppositions) in chapter two.  One has to agree with the author's
statement, in chapter three, that "computer forensics can be done--
and, sadly, is often done--by persons with a minimal amount of either
education or experience."  Therefore it is unfortunate that the
forensic tools list and book structure are both difficult at this
point, although there is good material and writing, and Caloyannides
is not afraid to tackle the social and political aspects of the field.
Chapter four outlines various places (primarily in Windows) from which
data may be recovered.  It is an odd mix of little known and very
valuable information, and extremely poor explanations of basic
functions like manual undeletion and file overwriting.  A strange and
terse look at steganography, US and UK surveillance systems,
cryptography, and anonymity makes up chapter five.  Data acquisition,
from sources such as key logging and Van Eck radiation, is reviewed in
chapter six.  Chapter seven debunks a short list of measures falsely
believed to provide privacy protection.

Part two turns to privacy and security.  Chapter eight is a discussion
of legal and commercial protections of privacy (mostly in the US) and
their failings.  Installing and configuring a privacy protected
configuration of Windows is covered in chapter nine, in considerable
detail.  Chapter ten's review of basic online privacy is heavy on
additional software packages.  Intermediate online privacy, in chapter
eleven, looks at browser and email configurations, more packages, and
has a section on tracing email that would be helpful in dealing with
spam.  (An unfortunate typesetting error seems to have deleted what
might have been valuable information about PGP [Pretty Good Privacy].)
Chapter twelve is more advanced, dealing with anonymizing services and
personal firewalls, but may be beyond the average user.  A general
opinion piece on cryptography, chapter thirteen nevertheless provides
a good, basic background, albeit with a social and political emphasis.
Chapter fourteen looks at more practical encryption, detailing PGP and
specialized cryptographic programs, with a detour into biometrics.

Part three is a brief look at legal and other issues.  Chapter fifteen
is a brief look at laws, mostly in the US.  Chapter sixteen touches on
security aspects of VoIP (Voice over Internet Protocol) and GSM
(Global System for Mobility) wireless services.

Despite the ragged organization and style, and some glaring gaps in
coverage, this book does contain a wealth of information for both the
computer forensic examiner, and the user concerned with privacy.  For
anyone beyond the most basic user it is well worth a read.

copyright Robert M. Slade, 2002   BKCMFRPR.RVW   20020604
rslade@vcn.bc.ca  rslade@sprint.ca  slade@victoria.tc.ca p1@canada.com
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade

Please report problems with the web pages to the maintainer

Top