Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
From _The_Globe_and_Mail_, Saturday, 19 November (reprinted w/o permission):
Machine misses 1,408 votes, Toronto clerk wants recount by Sean Fine
Toronto's city clerk is asking council to order a city-wide recount after
1,408 votes in Monday's [14 Nov.] civic elections went unread by sophisticated
new machines. [...] "We want the integrity of the election to be upheld,"
deputy clerk Barbara Caplan said in explaining why all 16 city wards, plus the
Metro Toronto wards and trustee races, should be retabulated. Ms Caplan said
the recount could affect the outcome of only one city race, the three-vote
victory for reformer Malcolm Martini over conservative Michael Walker in Ward
16. As well, three school trustee races could be affected.
But a battle may occur over the manner of the recount. The clerk's office
wants to give the machines, purchased recently at a cost of $1.6 million
(Canadian), another chance. Ms Caplan said the computerized vote-counting
machines were not to be faulted. An error in the printing or cutting of
ballots put them "off- register," or off-line, meaning they could not be
scanned by the machine, she said. In the recount, those ballots that are not
read by the machine would be tabulated manually, she said. [...]
In the city's closest race, which pitted Mr. Walker against Mr. Martini, Mr.
Walker, a six-year veteran of council, was initially declared the victor Monday
night. On Wednesday, the clerk's department discovered errors in manual
addition and Mr. Martini emerged the winner by three votes. Now the entire
ward race is in question since 81 ballots were not read by the machine. [...]
In no other city ward, and in none of the eight Metro wards located in the
City of Toronto, was the margin of victory smaller than the number of unread
ballots. The number of ballots not read ranged from a low of 47 in Ward 4 to a
high of 237 in Ward 12. [...]
Under law, the ballots would have to be read in the same fashion - that is,
by the machines - as on election day, Ms Caplan said. Only those ballots
rejected by the machines would be read manually.
The following resolution was the only proposed resolution which passed at this
year's New Hampshire State Republican Convention:
WHEREAS The State of New Hampshire has set no minimum standard for
computer security in computerized voting, and
WHEREAS The state of the art in computer crime has progressed
dramatically in the last few years to now include virus programs which
can transmit themselves from one computer to another without active
participation by the computers' owners, operators, or users, and
WHEREAS The State of New Hampshire has computerized voting equipment,
some of which:
o Does not have the ability to recount manually,
o Does not have the ability to recount at all,
o Uses secrecy of internal procedures as a primary security
strategy,
o Does not give the voter the ability to ensure the computer has
voted as instructed,
NOW THEREFORE, BE IT RESOLVED that the Republican Party of the State
of New Hampshire calls upon the Legislature of the State of New
Hampshire to enact legislation that would establish the following
minimum computer security features for any further expansion of
computerized voting or vote counting:
Computerized voting equipment must either produce a manually
recountable ballot for the voter's inspection prior to
electronically casting the voter's ballot or use as its input a
ballot which can be used in a manual recount.
Submitted by Kurt Hyde, Delegate from Weare.
This proposed standard is essentially the same one proposed at the first
National Symposium on Security and Reliability of Computers in the Electoral
Process at Boston University in August of 1986 (Co-chaired by Eva Waskell and
myself).
Many thanks to the RISKS Forum members who participated in the
development of this standard during 1985 and 1986.
Kurt
Stan Stahl, in RISKS 7.75, writes:
> The critical bottom line, and it is one that shouts out to us in the
> wake of the RTM worm, is that we absolutely must begin to take the
> teaching of ethics seriously. Some school districts are beginning to do
> this and they are to be commended for it. Perhaps if everyone were
> exposed to ethics courses, beginning in the early grades and continuing
> through computer ethics courses and business ethics courses, etc, then
> it would be clear `in the entire community what is and what isn't
> ethical behavior.'
In my experience teaching ethics here and at McGill
University, such courses have little direct effect on the moral
behaviour of the students taking them. About all that can be
expected — and this is the *maximal* result — is that the
students will be made aware of one more set of constraints they
must operate within: a code of professional ethics. (In those
states which permit them. Many don't.) Like all such codes, the
extent to which they are taken seriously has much more to do with
upbringing, personality, generally accepted broad social norms,
peer pressure, etc., than with schooltime pedagogy. Clever
people, or persons thinking themselves above or outside the
rules, always find excuses for circumventing them. Scientific
pursuits in general, and mathematical/logical ones in particular,
due to the glamour and the cachet of difficulty attached to them,
encourage adepts in such beliefs. The famous technological
imperative is at work as well: do what is "technically sweet"
first, and ask whether it was good after all once it's done. The
novelist Walker Percy in one of his books quotes "a scientist's
prayer, if scientists ever prayed, which they don't: `Lord, grant
that my work lead to the betterment of the human condition, and
not the reverse. Failing that, Lord, let it not lead to the
complete destruction of mankind. And, failing that, Lord, please
don't let the end come before my article is published in
*Brain*.'" And, frankly, the general culture we live in worships
at the altar of Expediency, not Justice or Virtue, so one cannot
expect much help there.
Further, most `ethics' instruction at the university level
with which I am familiar proceeds along lines so shallow and
analytical that it completely fails to engage the spirit of the
listener. One doesn't have to be a devotee of Allan Bloom or his
ilk to see this. However dedicated and forceful the teacher, the
material taught is so unchallenging and `conservative' (in the
sense of supporting the *status quo*) that even the very young
see through it and hit their mental channel-changers. To explain
why this is so would require a long discussion, descending
occasionally into rant and tirade, of the practice of moral
philosophy in the English-speaking world in the 20th century, the
which I will spare us all. Suffice it to say, the first ethics
course most students take is, in my overwhelming experience, the
last.
This is not to say that I oppose teaching ethics.
Obviously, if such teaching does nothing more than lower the rate
of mischief in general circulation by a little bit it is A Good
Thing. I merely wish to point out the limitations of all such
pedagogy. The teacher in *Stand And Deliver*, please note, was
NOT teaching ethics.
Hugh Miller, University of Toronto, MILLER@UTOREPAS.BITNET
Eric Roskos writes,
> In an Ethics course, the most you can do is discuss ethical paradigms, which
> include systems of ethics in which it is entirely acceptable to engage in any
> activity that benefits you ("situation ethics" are an example of this).
We're missing something in this discussion. A few digests back, someone
observed that post-Watergate attorneys began taking ethics courses as part of
their training. But I don't believe for a moment that the purpose was to
"teach" ethics to the attorneys. It was simply to get on the record that the
attorney had studied ethics so that he could not later claim ignorance of
ethical concepts or their irrelevance to his/her professional conduct. By
this, ethical considerations can now legitimately be raised in disciplinary
proceedings.
It may come down to this in Computing Science as well.
_Brint
Some argue that the decompiled source code to the Internet worm shouldn't be released because that would make it easier for someone to turn it into something really damaging. This is a specious argument. Anyone can modify the worm's object file into something very malevolent, and it doesn't even require the use of adb. Just write an exit() that actually does "rm -rf /" followed by an infinite loop, and link it to the worm object file using ld -r so it can be the subject of another ld run. I simply refuse to believe that I'm the only person to think of something like this. The only "sensitive" information contained in the worm source is the security holes it exploits, and these are now very widely known. The worm is completely powerless without them, and you don't need the worm to exploit in much worse ways a system that still has the holes. On the other hand, there are a lot of people who have perfectly legitimate reasons for wanting to see that code. I, for one, would very much like to show my management and our security staff exactly what it did (*and* did not) do. Although I personally have no reason to believe that the analysis prepared at MIT and Berkeley is not complete, it is just not the same thing as having the actual source in hand when trying to reduce the general paranoia level in others. Phil
A small error of fact in Bill Stewart's contribution:
>I've always been dissatisfied with the printf/scanf family - field widths are
>hard-coded in the format strings, with no way to parameterize them except
>building format strings on the fly...
Not true, and it hasn't been true for a long time. A field width or
precision specification of '*' means "pick up an integer from the parameter
list at this point". Either Bill has a very strange version of Unix or he
just missed this in the manual page — it's been there at least since V7,
which came out nearly ten years ago.
Henry Spencer at U of Toronto Zoology
uunet!attcan!utzoo!henry henry@zoo.toronto.edu
Many articles have appeared recently about "smart roads"; systems in which communication of some sort between roads and vehicles enable such things as automatic toll assessment, route planning, traffic jam avoidance, etc. Much concern has been expressed about the Big Brother potential of such systems. But this is by no means an essential hazard. The transponders, barcode tags, or whatever could be purchased anonymously, and authorization to cross various toll points n times purchased in advance, like postage stamps. Attempting to pass without prepaid authorization triggers a buzzer, light, gate, or something directing one to a conventional toll booth. Those who proceed anyway are chased down like someone who goes through an ordinary toll booth without paying. Any technological advance is greeted by cries of "it won't work" and irrational fears. Smart roads are no exception. We should indeed protest implementations of the technology which are invasive to privacy, but suppress Luddite urgings to abandon it altogether.
IFF (Identification Friend or Foe) and Toll Roads in the UK
Fitting IFF to cars
Chaz Heritage and others raise genuine concerns about the possibilities for
intentional and unintentional misuse of such a hypothetical system.
However I do feel some of the more fantastic possibilities are unlikely to
materialise. (Of course other risks, maybe with even worse consequences than
already imagined might, so don't stop discussing this!)
European Single Market
From 1992, all goods sold in the Single Market must conform to common
specifications. As a result, National Type Approval for cars will be replaced
by a type approval for the whole of the EEC. (This, in fact will apply to all
goods & services, but we are discussing cars here)
For example, the U.K. would like to introduce a requirement for U.S. style
third brake lights. However before it can do this, it needs all the other
member countries to agree.
So to REQUIRE the fitting of an IFF-style device, it must be agreed by all
the EEC countries (and it must then conform to a common standard).
The British consumer may in its lethargy accept Big Brother, but here in W.
Germany there would be a revolution if such an intrusion into privacy was even
so much as suggested. (There was enough outcry when machine-readable
passports/national ID cards were introduced; this was somewhat pacified by
removing the requirement to carry I.D. at all times)
Foreign Vehicles
The number of foreign registered (usually European) vehicles on British roads
is increasing all the time, with the increase in contacts, trade, etc, with the
mainland which has occurred since the U.K. joined the EEC in 1973.
When the Chunnel opens there will be even more.
The U.K like most countries. is bound by the terms of the Treaties on
International Road Traffic to let visitors to the U.K. drive on their roads. If
the Essex Police got a MAIL message every time a car without a U.K. IFF plate
drove along the A12 (a major 'E' route) then their computer systems would soon
be overloaded.
Simple ways are best
As a final postscript on the theme of "Big Brother is watching you"; let me
ask the rhetorical question:
"Why use complicated methods of control when simple ones are best?".
An example: all vehicles loading on to one particular ferryboat are monitored
by video as they pass Passport Control.
Presumably, during the crossing, a list of all license plates can be made,
and telexed across to the destination port.
What could be simpler than that? Why use complicated electronics when old-
fashioned surveillance works just as well, if not better.
Nigel Roberts
I saw a segment on "Electronic number plates" on "Beyond 2000" (or "Towards 2000"), a series from Australia which actually goes into more detail than most shows... They start with the Big Picture, but they don't stop with "but now it gets so complex you couldn't possibly understand it" — they go on to explain in some technical detail. So here's what they said: The "black box" is welded to the frame of your car, and is virtually indestructable. It has no external features. It has no power source (!). If the handshake fails, a camera snaps a picture of car, driver(?), and traditional number plate. The system they showed had 10 (?) nodes in central Hong Kong (or some other high-density Asian city). There are still a few bugs to work out of the system, which RISKS readers have been quick to point out. No power source? I guess part of the inquiry from the roadbed is energy enough for it to transmit back. Towards 2000 and Beyond 2000 are on The Discovery Channel, which cable services sometimes have as part of the basic service. Opinions expressed above do not necessarily — Allan Pratt, Atari Corp. reflect those of Atari Corp. or anyone else. ...ames!atari!apratt
denbeste@OAKLAND.BBN.COM writes: >I find Chaz's description of the new system in Britain for toll-roads very >interesting, to say the least. I have some interesting questions: >1. As I understood it, what we have is a radio handshake between each car and >fixed transceivers at the entrance and exit from the toll-road, presumably >connected to a computer billing system which mails you a bill each month. What >if you move and don't tell the computer your new address? The Illinois Toll Authority has already installed this automated toll collecting equipment on one exit as a trial. They are retaining the coin collection equipment, but are also supplying several large users, such as limousine services and trucking companies, who use this exit with equipment that will allow the users to be billed directly. The device can read the identification of vehicles traveling at up to 35 MPH [56 km/hr]. Since the coin collection boxes are located on a curve here, the speed limit should pose no problems. In case you are from the Chicago area, this equipment is located at the Farnsworth exit off of the East-West Tollway, I-88, formerly IL-5. Unfortunately, there was no information readily available to describe the transceiver. The Illinois Toll System does not use entry/exit tolls, but rather periodic toll barriers. This causes large backups during rush hour, as everyone has to put in their $0.40. The hope is that this system will reduce congestion, and that the expense of adding more toll booths can be avoided. John Haller jhh@ihlpl.att.com
Please report problems with the web pages to the maintainer