The RISKS Digest
Volume 27 Issue 07

Monday, 5th November 2012

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Ohio—ES&S's "experimental" patches
South Carolina didn't encrypt hacked social security numbers ...
Jeffrey Collins via Lauren Weinstein
FCC Describes 911 and Cellphone Problems
Edward Wyatt and Brian X Chen via NNSquad
Russia launches massive Internet censorship list
Iain Thomson via NNSquad
"What to look for onsite when choosing a colo facility"
Matt Prigge via NNSquad
After Sandy, wired New Yorkers get reconnected with pay phones
Ben Cohen
After Hurricane Sandy: Lessons for the data center"
Paul Venezia via Gene Wirchenko
When your fuel pumps are below sea level...
Danny Burstein
NYU Hospital's Backup System Undone by Key Part in Flooded Basement
Monty Solomon
Why Do Hospital Generators Keep Failing?
Monty Solomon
Re: In Sandy's Wake...
Dimitri Maziuk
Re: Internet Voting in the U.S.
Monty Solomon
Re: Risks in Internet Voting
Joly MacFie
WEIS 2013 Washington DC June 11-12 - Call for Papers
Allan Friedman
Info on RISKS (comp.risks)

Ohio—ES&S's "experimental" patches (Bello/Fitrakis)

"Peter G. Neumann" <>
Mon, 5 Nov 2012 14:41:01 PST
More detail on the brief item in RISKS-27.06.

Gerry Bello and Bob Fitrakis, *Free Press* 2 Nov 2012 [excerpted from their
website entry on this article on 5 Nov 2012.  PGN]

*The Free Press confirms installation, secret justification of uncertified
last minute election tabulation reporting software in Ohio*

The Free Press has obtained internal memos from the senior staff of the Ohio
Secretary of State's office confirming the installation of untested and
uncertified election tabulation software. Yesterday, the Free Press reported
that "experimental" software patches were installed on ES&S voting machines
in 39 Ohio counties. (see Will "experimental" software patches affect the
Ohio vote?  <>).

Election Counsel Brandi Laser Seske circulated a memo dated November 1st
renewing the already shaky justification for installing software made by
Election Systems and Solutions on vote tabulation equipment used in 39 Ohio
counties. The letter to Ohio Secretary of State personnel Matt Masterson,
Danielle Sellars, Myra Hawkins, Betsy Schuster, and Ohio's Director of
Elections Matthew Damschroder, clarified the dubious justification for not
complying with the legal requirements for the examination of all election
related equipment.

Seske begins by explaining what she purports to be the purpose of the
software patch: "Its function is to aid in the reporting of results that are
already uploaded into the county's system. The software formats results that
have already been uploaded by the county into a format that can be read by
the Secretary of State's election night reporting system."

According to the contract between the Ohio Secretary of State's office and
ES&S, this last minute "experimental" software update will supposedly
transmit custom election night reports to the Secretary of State's office
from the county boards of elections, bypassing the normal election night
reporting methods.

In order to justify this unusual parallel reporting method, Seske explains
"It is not part of the certified Unity system, so it did not require federal
testing." This attempt to skirt federal and state law from one of the most
partisan Secretary of State offices in the nation ignores basic facts of how
modern information systems function.

Seske continues "Because the software is not 1) involved in the tabulation
or casting of ballots (or in communicating between systems involved in the
tabulation or casting of ballots) or 2) a modification to a certified
system, the BVME [Board of Voting Machine Examiners] was not required to
review the software." These claims are factually unsound. The software,
although not communicating actual ballot information, facilitates
communication between systems upon which votes are tabulated and
stored. Although the software purports to not modify the tabulation system
software, it is itself a modification to the whole tabulation system. This
is why certification and testing is required in all cases.

Just as in 2004, the Ohio Secretary of State's office has enabled the
possibility of a "man in the middle" attack. This software, functioning on a
network through which votes are transmitted could act to intercept, alter or
destroy votes from counties where it is not even installed, hence the "man
in the middle" nickname.

On September 19, the last minute contract between ES&S and the Ohio
Secretary of State's office was inked. Within a week, Seske wrote "He [Matt
Masterson] has reviewed and approved the changes." Masterson is the Deputy
Director of Elections. After Masterson's approval, Seske acted to bypass the
Ohio Board of Voting Machine Examiners required review.

"Pursuant to the board's policy, each change will be approved unless three
members of the BVME request a meeting to review a change within 15 days of
today's date. Given the proximately of the upcoming election, please let me
know as soon as possible whether you will be requesting a meeting to review
the changes," wrote Seske.

Government reports such as Ohio's Everest study document that any single
change to the system could corrupt the whole voting process.

An unelected, partisan group of attorneys appears to have conspired to
install election software without testing and certification that they are
professionally unqualified to pass judgment upon. These types of last minute
installations of software patches on voting machines are considered suspect
by knowledgeable and experienced election protection attorneys, in light of
all the voting machine irregularities exposed during the 2004 election in

/Gerry Bello is the chief researcher at the Columbus Free Press. He
holds a degree in computer security from Antioch College. Bob Fitrakis
is the Editor of the Free Press. He holds Ph.D. in Political Science and
a J.D. from the Moritz College of Law at Ohio State University.

  [Here are just a few of the Recent Election Issues Articles noted on their
  website.  The complete list is rather astounding, and not included here.
  Please see the website if you are interested.  PGN]

Another Husted dirty trick in Ohio: Secretary of State's Office admits
direct reporting function of untested election software
  November 5, 2012
/  Gerry Bello and Bob Fitrakis/

OHIO ? VOTE HEIST 2012? </departments/display/19/2012/4780>
  November 5, 2012
/  Ecological Options Network/

Invoices prove Romney-related voting company Hart InterCivic does
maintenance on Cincinnati voting machines
  November 5, 2012
/  Gerry Bello and Bob Fitrakis/

The electronic architecture of voter suppression
  November 4, 2012
/  Gerry Bello and Bob Fitrakis/

As Ohio Faces vote-rigging lawsuit, are dems, liberals, election
officials ready to safeguard votes? </departments/display/19/2012/4776>
  November 4, 2012
/  Art Levine/

Busting Election Theft Attempts </departments/display/19/2012/4778>
  November 4, 2012
/  Ecological Options Network/

Will Your Vote Even Get Counted? </departments/display/19/2012/4774>
  November 3, 2012
/  Sheila Parks/

The Free Press confirms installation, secret justification of
uncertified last minute election tabulation reporting software in Ohio
  November 2, 2012
/  Gerry Bello and Bob Fitrakis/

Will "experimental" software patches affect the Ohio vote?
  October 31, 2012
/  Bob Fitrakis and Gerry Bello/

Why we fight to prevent stolen elections in 2012 and beyond
  October 31, 2012
/  Joan Brunwasser, Sally Castleman, Victoria Collier, Bob Fitrakis,
Lori Grace, Emily Levy, Mark Crispin Miller, Greg Palast, Jonathan Simon
and Harvey Wasserman/

Mike Connell: Man in the Middle </departments/display/19/2012/4765>
  October 30, 2012
/  John Wellington Ennis/

Gripping documentary exposes voter suppression and election rigging in
the 2004 presidential election </departments/display/19/2012/4764>
  October 29, 2012
/  Roger Hill/

Thom Pintello: I Just Want My Vote to Count"
  October 27, 2012
/  A short film by Dorothy Fadiman/

1021 E. Broad St. Columbus, OH 43205 | 614.253.2571 | <>

South Carolina didn't encrypt hacked social security numbers ...

Lauren Weinstein <>
Mon, 29 Oct 2012 21:41:01 -0700
Jeffrey Collins, Haley defends not encrypting taxpayer information,
Augusta Chronicle via NNSquad,

  Up to 3.6 million returns from as far back as 1998 might have been
  compromised by the international hacker, who likely penetrated the [SC]
  Department of Revenue's system a month before the breach was detected by
  the U.S. Secret Service.  "The industry standard is most Social Security
  numbers are not encrypted. A lot of banks don't encrypt," Haley
  said. "It's very complicated. It's very cumbersome. There's a lot of
  numbers involved with it."

FCC Describes 911 and Cellphone Problems (Edward Wyatt/Brian X Chen)

Lauren Weinstein <>
Wed, 31 Oct 2012 11:25:36 -0700  (*The New York Times* via NNSquad)

  "Cellphone calls in the Northeast region were continuing to fail Wednesday
  because one-quarter of the transmission sites in areas ravaged by
  Hurricane Sandy were knocked out and many of those are not expected to
  come back online for several days at least, government officials said. "

I frequently remind people thinking about going cell-only with no landlines,
that cell service is usually the first to become overloaded and fail during
major disasters.  Microcell batteries often run out very quickly after power
goes down, as well.

Russia launches massive Internet censorship list (Iain Thomson)

Lauren Weinstein <>
Thu, 1 Nov 2012 13:39:38 -0700
  "The decision on what sites are to be banned will be enacted by the
  sinister-sounding Roskomnadzor (aka the Agency for the Supervision of
  Information Technology, Communications and Mass Media) and enforced with
  deep-packet inspection of all Internet traffic across the country, which
  must be reassuring for those using Russian cloud providers."  (Register via NNSquad)

Stalin Smiles.

"What to look for onsite when choosing a colo facility" (Matt Prigge)

Gene Wirchenko <>
Mon, 05 Nov 2012 12:32:53 -0800
  [`colo' refers to colocation, not Colorado!  Both may be risky?  PGN]
Matt Prigge, InfoWorld, 05 Nov 2012

What to look for onsite when choosing a colo facility
Hurricane Sandy provides an excellent reminder that no matter how
good a colo's facilities look on paper, careful attention to detail
is critical to picking a good one

interesting sentence:

In one case, a data center literally had to run a manual bucket brigade to
lift diesel fuel to roof-mounted generators because the fuel pumps in the
sub-basement were submerged in flood water—an act that is nothing short
of heroic.

After Sandy, wired New Yorkers get reconnected with pay phones (Ben Cohen)

Lauren Weinstein <>
Thu, 1 Nov 2012 10:59:28 -0700
  "Not since the birth of the iPhone has the pay phone experienced such
  demand, thanks to Sandy.  Natural disasters tend to vindicate the public
  pay phone. With their clunky bodies mounted high and sometimes behind
  glass stalls, they generally remain serviceable during power outages, even
  amid flooding. When times get tough, in fact, the biggest challenge is
  often keeping the devices free of coin overloads."
  (Ben Cohen, *Wall Street Journal*, 31 Oct 2012, via NNSquad)

It's worth noting that the push to eliminate POTS phone service—being
lead by AT&T who wants everything to be VoIP (mainly to evade regulations on
traditional phone service) could have enormous negative implications for
emergency situations when cellular and Internet service fails.  The reason
most traditional POTS lines stay up is that they are connected by copper
directly to the central office and powered from massive batteries there.
There are critical public safety issues to be considered in this entire

"After Hurricane Sandy: Lessons for the data center"

Gene Wirchenko <>
Mon, 05 Nov 2012 12:28:56 -0800
They're coming out of the walls!  DR commenters on hurricane Sandy.
Paul Venezia | InfoWorld, 05 Nov 2012
After Hurricane Sandy: Lessons for the data center
You never want to say 'I told you so,' but now is a good time to
bring up the need for better monitoring, backup power, and other improvements

A commenter points out some generator failure modes and the difficulty in

When your fuel pumps are below sea level...

Danny Burstein <>
Thu, 1 Nov 2012 00:12:35 -0400 (EDT)
[NY Times explanation for Bellevue Hospital's shutdown]

"After pumping out 17 million gallons of water from the basement, the water
is still two and a half feet deep in the cavernous basement where the fuel
pumps apparently shorted out and became inoperable - unable to feed the
13th-floor backup generators, [Health and Hospitals Corp - which runs
Bellevue - President] Mr. Aviles said."

Bellevue Hospital is only about 20 feet above sea level, and hence the
basement is below the water table. And requires sump pumps.

I've never been able to verify the story, but supposedly back in the 1965
blackout a similar event happened. The backup generators kicked in, but the
sump pumps weren't hooked into the emergency circuit so a few hours later,
etc., etc.

True, the initial surge from the hurricane brought a LOT of additional water
inside, but once the tide was back to normal levels the levels should have
been brought under control pretty soon.

NYU Hospital's Backup System Undone by Key Part in Flooded Basement

Monty Solomon <>
Sat, 3 Nov 2012 13:27:13 -0400

Why Do Hospital Generators Keep Failing?

Monty Solomon <>
Sat, 3 Nov 2012 13:32:05 -0400

Re: In Sandy's Wake... [RISKS-27.06]

Dimitri Maziuk <>
Mon, 05 Nov 2012 12:55:07 -0600
"Tell me, Mr Weinstein, what good is your landline when you're unable to

That is, I used to believe that myself, but over the years I've
developed doubts. What you get

* May or may not be a good old powered POTS circuit completely independent
  of the voice, data, and/or video fiberm and/or coax taken out by the

* May or may not get taken out by the disaster that wiped out the above

* If still operational, may or may not be overloaded by all the emergency

* All that for a small price of a new ipad/year (assuming a private
  residence line after factoring in all the applicable taxes and fees as
  well as must-have "premium" services like unlisted number and call
  blocking to filter out the worst of the robo-calls).

The tricky part about risk management is realizing that at some point you
have to just let it go.

Dimitri Maziuk, Programmer/sysadmin, BioMagResBank, UW-Madison

Re: Internet Voting in the U.S. (RISKS-27.06)

Monty Solomon <>
Sun, 4 Nov 2012 20:33:13 -0400
  [In my desire to get the previous issue out, I neglected to provide
  an adequate reference for the Simons/Jones CACM paper.  Here it is,
  thanks to Monty.  PGN]

Barbara Simons, Douglas W. Jones
Internet Voting in the U.S.
Communications of the ACM, Vol. 55 No. 10, Pages 68-77
October 2012

Re: Risks in Internet Voting (RISKS-27.06)

Joly MacFie <>
Sun, 4 Nov 2012 21:28:44 -0500
  [From NNSquad]

I just posted some video of a related event - a recent forum in NYC on the
vulnerability of all e-voting systems to fraud. Some interesting stuff about
a) ownership of the firms (some shady) that make/operate the systems, b) a
general lack of oversight/ accountability, c) vulnerability to
manipulation. According to two panelists, the MOVE Act's back end is now
operated by a Spanish company.  Several other countries, for instance
Ireland, have dumped electronic voting entirely.


Full Version

WEIS 2013 Washington DC June 11-12 - Call for Papers

Allan Friedman <>
Wed, 31 Oct 2012 18:13:53 +0000
12th Annual Workshop on the Economics of Information Security
June 11-12, 2013 Georgetown University, Washington DC


Information security continues to grow in importance, as threats
proliferate, privacy erodes, and attackers evolve. Cybersecurity fears and
privacy concerns dominate headlines. Yet the security of information systems
depends on more than just technology. Good security requires an
understanding of the incentives and tradeoffs inherent to the behavior of
systems and organizations.

As society's dependence on information technology has deepened, policy
makers and business leaders have taken notice. Now more than ever, careful
research is needed to accurately characterize threats and countermeasures,
in both the public and private sectors.

The Workshop on the Economics of Information Security (WEIS) is the leading
forum for interdisciplinary scholarship on information security, combining
expertise from the fields of economics, social science, business, law,
policy and computer science. Prior workshops have explored the role of
incentives between attackers and defenders, identified market failures in
Internet security, quantified risks of personal data disclosure, and
assessed investments in cyber-defense.  This workshop will build on past
efforts using empirical and analytic tools to not only understand threats,
but strengthen security and privacy through novel evaluations of available

We encourage economists, computer scientists, business school researchers,
law scholars, security and privacy specialists, as well as industry experts
to submit their research and attend the Workshop.  Suggested topics include
(but are not limited to) empirical and theoretical economic studies of:

- Optimal investment in information security
- Measurement and modeling of online crime
- Risk management and cyberinsurance
- Security standards and government regulation
- Privacy, confidentiality and anonymity
- Behavioral security and privacy
- Security metrics and organizational performance
- Psychology of risk and security
- Vulnerability discovery, disclosure, and patching
- Cyberwar strategy and game theory
- Incentives for information sharing, cooperation and coordination

Of particular interest this year are papers that can address the global
problems of cybersecurity policy, including international conflict and
coordination, government regulation and private sector solutions. A
selection of papers accepted to this workshop will appear in an edited
volume aimed to offer insights to policy makers, managers and practitioners,
as well as the larger academic community.

Important Dates

Submissions due February 25, 2013
Notification of Acceptance April 12, 2013
Workshop June 11-12, 2013

Submitted manuscripts should represent significant and novel research
contributions. Please note that WEIS has no formal formatting
guidelines. Previous contributors spanned fields from economics and
psychology to computer science and law, each with different norms and
expectations about manuscript length and formatting. For questions, please
contact the program chair Allan Friedman at

  [Thanks to Jeremy Epstein, who forwarded this to RISKS.  He says, “I
  highly recommend this very interesting conference, now in its 11th year.''

Please report problems with the web pages to the maintainer