Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
NPR reported today that Waymo is buying a slew of cars to create a driverless taxi fleet with no human overseer required in the car. Emergency takeover would be done by a fleet of well-trained remote admin personnel, *via cell phone*. There seem to be some massive flaws in that reasoning. One is the need for real-time response. Another is unavailable cell-phone coverage. I recall the case of someone who used his cellphone to start his car at home, and then drove into Red Rock Canyon Park, parked, and later tried to start his car (with the presence of his cellphone). Unfortunately, he had left his wireless unlocking/starting dongle at home, and there was no cell coverage in the canyon. His wife climbed up out of the canyon, called a neighbor who could get the remote dongle out of their house, and bring it to them so that they could drive home. Just one more example of short-sightedness and lack of awareness...
https://www.bbc.com/news/business-44383220 Aviation safety expert Professor Graham Braithwaite of Cranfield University: “Cabin crew need to be able to see outside the aircraft if there is an emergency. Being able to see outside the aircraft in an emergency is important, especially if an emergency evacuation has to take place. Flight attendants would need to check outside the aircraft in an emergency, for example for fire, before opening a door and commencing an evacuation - and anything that needed power to do this may not be easy to get certified by an aviation safety regulator.'' Prof Braithwaite said the main obstacle in a windowless aircraft would be passenger perceptions of the technology. However, aviation regulator the European Aviation Safety Agency said: "We do not see any specific challenge that could not be overcome to ensure a level of safety equivalent to the one of an aircraft fitted with cabin windows. In addition to emergency evacuation slides, perhaps an emergency "peep hole" to supplement camera or screen failure? [Perhaps the pilots would not need windows either, because everything is computer controlled? PGN]
(Irfan Khan / Los Angeles Times) Mercado de Los Angeles in Boyle Heights on Tuesday. Poll worker Shannon Diaz puts up signs as voting begins at El Mercado de Los Angeles in Boyle Heights on Tuesday. If you are a registered voter in Los Angeles County and poll workers say they can't find your name on the roster at the polling place when you go to vote, don't worry—you can still cast a provisional ballot. Some Angelenos needed a bit of reassurance that their votes would be counted in Tuesday's primary election after 118,522 voters' names were accidentally left off rosters due to a printing error, according to L.A. County Registrar Dean C. Logan. About 2.3% of L.A. County's 5.1 million registered voters and 35% of the county's 4,357 precincts were affected by the error, according to figures provided by the registrar-recorder/county clerk's office, which was still trying to determine the reason for the printing error. Voters whose names are missing are being encouraged to file provisional ballots, which are verified by vote counters later. http://www.latimes.com/politics/la-pol-ca-california-primary-june-live-118-522-voters-accidentally-left-off-los-1528244633-htmlstory.html
Early in the counting for the Ontario provincial election on Thursday evening 2018-06-07, I noticed the CBC election site displayed this dynamic table of popular vote numbers: Party Votes Vote Share PC 389,435 40.45% NDP 333,475 34.63% LIB 174,446 18.12% GRN 48,022 4.99% OTH 17,467 NaN% The "NaN%" survived several on-the-fly updates to the numbers. When I checked on Friday morning, with final results in, the table was Party Votes Vote Share PC 2,322,422 40.63% NDP 1,925,574 33.69% LIB 1,103,283 19.30% GRN 263,987 4.62% OTH 100,058 1.75% It's not obvious to me why the first set of numbers should lead to a NaN for the "OTH" parties vote share rather than 1.81%. The page is still there at https://newsinteractives.cbc.ca/onvotes/results if anyone cares to investigate the code, but I don't know how long it'll last. One trusts that this code is purely for display on the CBC website, and has nothing to do with actual vote tallying... In passing, this election was conducted with paper ballots hand marked and scanned by machine, with the ballots retained for hand recount if necessary, so pretty much Best Practice as I understand it. I don't believe any such recount has been called for.
In Florida, the site of recent mass shootings such as at the Stoneman Douglas High School and the Pulse nightclub, more than a year went by in which the state approved applications without carrying out background checks. This meant the state was unaware if there was a cause to refuse a licence to allow somebody to carry a hidden gun—for example, mental illness or drug addiction. The reason is dismayingly banal: an employee couldn't remember her login. https://nakedsecurity.sophos.com/2018/06/12/florida-skips-gun-background-checks-for-a-year-after-employee-forgets-login/
[Nothing to worry about!] https://news.ycombinator.com/item%3Fid%3D17285062 Oh yeah. Just plug it into your computer. For sure.
As police raid Israeli-operated boiler rooms in Asia and Eastern Europe, local law enforcement has yet to indict a single operative from an industry that has stolen billions https://www.timesofisrael.com/israelis-nabbed-in-philippines-are-tip-of-iceberg-in-alleged-fraud-gone-global/
via NNSquad https://www.bloomberg.com/news/articles/2018-06-11/sweden-tries-to-halt-total-cashlessness-with-lawmaker-proposal The move is a response to Sweden's rapid transformation as it becomes one of the most cashless societies in the world. That's led to concerns that some people are finding it increasingly difficult to cope without access to mobile phones or bank cards. There are also fears around what would happen if the digital payments systems suddenly crashed.
Coinrail virtual currency exchange was breached, and lost only $40M. Ethereum dropped, and the end result was an estimated $40B lost over the weekend to cryptocurrencies overall. (PGN-ed) https://www.npr.org/2018/06/11/618912309/cryptocurrencies-lose-billions-in-value-after-an-exchange-is-hacked
Charlie Osborne for Zero Day (7 Jun 2018) Carbon Black research suggests that as interest in cryptocurrency rises, so does the market for weapons to steal it. https://www.zdnet.com/article/cryptocurrency-theft-malware-is-now-an-economy-worth-millions/ selected text: The researchers estimate that over the past six months alone, a total of $1.1 billion has been stolen in cryptocurrency-related thefts, and approximately 12,000 marketplaces in the underbelly of the Internet are fueling this trend. In total, there are roughly 34,000 products and services on sale that are related to cryptocurrency theft, ranging from just over a dollar in price to $224, with an average cost of around $10. "The available dark web marketplaces represent a $6.7 million illicit economy built from cryptocurrency-related malware development and sales," the researchers say.
Hydro-Quebec will temporarily stop processing requests from cryptocurrency miners so that it can continue to fulfill its obligations to supply electricity to the entire province. Canada's biggest electric utility is facing unprecedented demand from blockchain companies that exceeds Hydro-Quebec's short- and medium-term capacity, according to a statement Thursday. In the coming days, Hydro-Quebec will file an application to the province's energy regulator proposing a selection process for blockchain industry projects. Hydro-Quebec has been courting cryptocurrency miners in recent months in a bid to soak up surplus energy from dams in northern Quebec. Power rates in the province are the lowest in North America, both for consumers and industrial customers. https://www.msn.com/en-us/news/markets/quebec-halts-bitcoin-mining-power-requests-amid-booming-demand/ar-AAylZv3 Always risky, getting what you want. Then, there's this... https://techcrunch.com/2018/06/08/ibms-new-summit-supercomputer-for-the-doe-delivers-200-petaflops/ ...which one commenter somewhere suggests should be used to mine bitcoins. Besides petaflop ratings, we need potential kWh/bitcoin comparisons.
Original article (in Spanish): https://www.eldiario.es/tecnologia/Liga-Futbol-microfono-telefono-aficionados_0_780772124.html Automated translation: https://translate.google.com/translate%3Fsl%3Des%26tl%3Den%26js%3Dy%26prev%3D_t%26hl%3Den%26ie%3DUTF-8%26u%3Dhttps%253A%252F%252Fwww.eldiario.es%252Ftecnologia%252FLiga-Futbol-microfono-telefono-aficionados_0_780772124.html%26edit-text The Liga de Fútbol Profesional, the body that runs the most important sports competition in Spain, is using mobile phones of football fans to spy on bars and other public establishments that put matches for their clients. Millions of people in Spain have this application on their phone, which accumulates more than 10 million downloads, according to data from Google and Apple. All of these people can become undercover informants for La Liga and the owners of football television broadcasting rights. If they give their consent for the app to use the device's microphone (which is common in many applications), they are actually giving permission for La Liga to remotely activate the phone's microphone and try to detect if what it sounds like is a bar or public establishment where a football match is being projected without paying the fee established by the chains that own the broadcasting rights. In addition, use the geolocation of the phone to locate exactly where that establishment is located.
*The Washington Post* reports "Chinese government hackers have compromised the computers of a Navy contractor, stealing massive amounts of highly sensitive data related to undersea warfare - including secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020, according to American officials. " Gee. Do you think connecting secret documents to the Internet is wise? Good thing the Manhattan Project only had a Russian spy in their midst. Otherwise the Soviets may have stolen nuclear secrets and got the bomb before 1949. https://www.washingtonpost.com/world/national-security/china-hacked-a-navy-contractor-and-secured-a-trove-of-highly-sensitive-data-on-submarine-warfare/2018/06/08/6cc396fa-68e6-11e8-bea7-c8eb28bc52b1_story.html%3Futm_term%3D.e6cf621eb36c [Also noted by Jose Maria Mateos. PGN]
via NNSquad https://techbeacon.com/g-suite-leaks-10000-orgs-google-ux-blamed-fury-no-bug-defense People keep misconfiguring G Suite to leak their companies' private data. An estimated 10,000 or more organizations are affected. Google denies it's a bug, passive-aggressively telling people to RTFM. But that's not the point, is it? Given the scale of the problem, shouldn't la GOOG be fixing an obvious admin UX problem? When you blame the users in situations like this, you've already lost the argument.
Zack Whittaker for Zero Day (8 Jun 2018) Password reset flaw at Internet giant Frontier allowed account takeovers A two-factor code used to reset an account password could be easily bypassed. https://www.zdnet.com/article/password-reset-flaw-at-frontier-allowed-account-takeovers/ opening text: A bug in how cable and Internet giant Frontier reset account passwords allowed anyone to take over user accounts. The vulnerability, found by security researcher Ryan Stevenson, allows a determined attacker to take over an account with just a username or email address. And a few hours worth of determination, an attacker can bypass the access code sent during the password reset process.
Stephanie Condon for Between the Lines (ZDNet), 8 Jun 2018 Facebook's acknowledgement of these agreements is the latest incident to shed light on the way the company has shared user data in ways users are unlikely to understand. https://www.zdnet.com/article/facebook-gave-some-companies-extended-access-to-user-data/ opening text: In the latest revelation about Facebook's data-sharing practices, the social media giant acknowledged Friday that it gave certain companies extended, special access to user data in 2015—data that was already off limits to most developers.
via NNSquad https://www.wired.com/story/facebook-bug-14-million-users-posts-public/ FACEBOOK HAS FOUND itself the subject of another privacy scandal, this time involving privacy settings. A glitch caused up to 14 million Facebook users to have their new posts inadvertently set to public, the company revealed Thursday. "Private" posts that turned out to be public. Pretty much a worst case scenario.
Zack Whittaker, ZDNet, 7 Jun 2018 The bug had a rare 9.8 out of 10 score on the common vulnerability severity rating scale. https://www.zdnet.com/article/cisco-fixes-critical-bug-that-exposed-networks-to-hackers/ opening text: A "critical"-rated bug in one of Cisco's network access management devices could have allowed hackers to remotely break into corporate networks.
Charlie Osborne for Between the Lines (ZDNet) 7 Jun 2018 While you see flowers, Norman sees gunfire. https://www.zdnet.com/article/meet-norman-the-worlds-first-psychopathic-ai/ selected text: Researchers at the Massachusetts Institute of Technology (MIT) have developed what is likely a world first—a "psychopathic" artificial intelligence (AI). Norman is an AI system trained to perform image captioning, in which deep learning algorithms are used to generate a text description of an image. However, after plundering the depths of Reddit and a select subreddit dedicated to graphic content brimming with images of death and destruction, Norman's datasets are far from what a standard AI would be exposed to. The results are disturbing, to say the least. In one inkblot test, a standard AI saw "a black and white photo of a red and white umbrella," while Norman saw "man gets electrocuted while attempting to cross busy street."
https://www.scientificamerican.com/article/should-we-always-trust-what-we-see-in-satellite-images/ The author argues that an "on the ground" confirmation is a wise precaution to verify imagery content. Image processing algorithms can render misleading impressions which affect major decisions. "One example of the misuse of remotely sensed data was in 2003, when satellite images were used as evidence of sites of weapons of mass destruction in Iraq. These images revealed what were identified as active chemical munitions bunkers and areas where earth had been graded and moved to hide evidence of chemical production. This turned out not to be the case." "Trust but verify" remains a wise precaution to follow when analyzing satellite imagery.
http://www.washingtonpost.com/business/economy/unproven-facial-recognition-companies-target-schools-promising-an-end-to-shootings/2018/06/07/1e9e6d52-68db-11e8-9e38-24e693b38637_story.html?noredirect=on&utm_term=.3fccfa98bcd2 "Although facial recognition remains unproven as a deterrent to school shootings, the specter of classroom violence and companies intensifying marketing to local education officials could cement the more than 130,000 public and private schools nationwide as one of America's premier testing grounds—both for the technology's abilities and for public acceptance of a new generation of mass surveillance." Mass shootings at schools in the US, while statistically rare compared to other gun-related deaths (suicide, for instance), are horrifying events. A set of companies are pitching facial recognition technology as a bromide and deterrent, though they are coy to explain how their software stacks function or enable deterrence. Exploiting fear and anxiety are long-practiced sales techniques.
Thanks to SRI's Steven Cheung for spotting this one. A fun vulnerability that uses zip files to overwrite files https://nakedsecurity.sophos.com/2018/06/06/the-zip-slip-vulnerability-what-you-need-to-know/
When Apple previewed the upcoming iOS 12 and MacOS Mojave at this week's WWDC keynote, http://www.fastcompany.com/40578098/watch-apple-wwdc-livestream-live-coverage The killer new features that got both developers and users most excited were the ones you'd would expect: the visually stunning Dark Mode on MacOS, the insanely customizable Memojis on iOS, FaceTime group-calling features on both platforms, massive improvements to Siri, and Apple's all-new Screen Time digital health tracking tools. <http://www.fastcompany.com/40580992/macos-mojave-brings-dark-mode-better-privacy-and-more-ios-ideas> <http://www.fastcompany.com/40580906/apples-latest-animoji-you> <http://www.fastcompany.com/40580873/siri-wants-to-automate-your-life-with-shortcuts> <http://www.fastcompany.com/40581638/apple-gives-iphone-some-real-responsible-use-features-but-why-now> All those features deserved the applause they got from the crowd. But it was other updates—definitely less sexy and headline-grabbing—that set Apple apart from other technology giants. I'm talking about the new privacy features built into both iOS 12 and MacOS Mojave that make it so much harder for other parties to get at your personal information. https://www.fastcompany.com/40581691/all-the-people-apple-just-pissed-off-to-better-protect-your-privacy
https://www.nytimes.com/2018/06/07/business/guitar-center-warranty.html Former employees and customers at the giant music retailer described problems with how it sells protection plans, particularly in Puerto Rico.
Originally posted here: 3Dhttps://medium.com/%40enkiv2/microsoft-github-and-distributed-revision-control-c563b5e98d17 Microsoft, Github, and distributed revision control People legitimately criticize Github for creating artificial centralization of open source software & having a dysfunctional internal culture, and for being a for-profit company. Microsoft's acquisition may not make any of these things worse, & won't make them better. But, there's a really specific & practical reason people not already boycotting github have begun to consider it in response to the Microsoft acquisition: Microsoft's history of using deals, acquisitions, & standards committees as anticompetitive tools. Github was never going to do much of anything beside host your projects, and since hosting your projects is its main business, it's not going to do nasty things like delete them. Microsoft, however, is absolutely willing to do that kind of thing if they decide they can get away with it. History bears this out—some of it recent. Microsoft hasn't been able to do it to the likes of IBM or Netscape since the 90s, but only because their complacency over the PC market has prevented them from being able to successfully branch out into phones or servers; however, they have been happily performing their embrace-extend-exterminate tactic on open source projects for the past fifteen years. (Note: If Github got as big as Microsoft & had side hustles as profitable, they would do the same thing. This isn't about particular organizations being evil—capitalism forces organizations to act unethically and illegally by punishing those unwilling to break the law.) People concerned about open source software distribution being centralized under the aegis of unreliable for-profit companies have been boycotting Github & Gitlab for years, and Google Code and Sourceforge before that. They've also been working on alternatives to central repositories. Named data networking goes beyond simply ensuring that the owner of the hostname is not a for-profit company (liable to throw out your data as soon as they decide that it'll make them money to do so). Instead, DNS as a single point of failure goes away entirely, along with reliance on data centers. If you're considering migrating away from Github—even if the recent news merely reminded you of problems Github has had for years—take this opportunity to migrate your repository to git-ssb or git-ipfs, instead of moving to another temporary host-tied third party thing like gitlab or bitbucket. Your commits are already identified by hashes, so why not switch to hashes entirely & use an NDN/DHT system? That way, there's no third party that could take down your commits if it goes down. The entire DNS system could die permanently & it wouldn't interrupt your development.
[From ocean wave motions to lungs! Great idea. PGN] Charles Q. Choi, *The Washington Post*, 9 Jun 2018 http://www.washingtonpost.com/national/health-science/how-the-body-could-power-pacemakers-and-other-implantable-devices/2018/06/08/16d287b0-5559-11e8-a551-5b648abe29ef_story.html In I Sing the Body Electric, poet Walt Whitman waxed lyrically about the action and power of beautiful, curious, breathing, laughing flesh. More than 150 years later, MIT materials scientist and engineer Canan Dagdeviren and colleagues are giving new meaning to Whitman's poem with a device that can generate electricity from the way it distorts in response to the beating of the heart. Despite tremendous technological advances, a key drawback of most wearable and implantable devices is their batteries, whose limited capacities restrict their long-term use. The last thing you want to do when a pacemaker runs out of power is to open up a patient just for battery replacement. The solution may rest inside the human body—rich in energy in its chemical, thermal and forms. The bellows-like motions that a person makes while breathing, for example, can generate 0.83 watts of power; the heat from a body, up to 4.8 watts; and the motions of the arms, up to 60 watts. That's not nothing when you consider that a pacemaker needs just 50 millionths of a watt to last for seven years, a hearing aid needs a thousandth of a watt for five days, a smartphone requires one watt for five hours. Increasingly, Dagdeviren and others are investigating a plethora of ways that devices could make use of these inner energy resources and are testing such wearable or implantable devices in animal models and people. Good vibrations One energy-harvesting strategy involves converting energy from vibrations, pressure and other mechanical stresses into electrical energy. This approach, producing what is known as piezoelectricity, is often used in loudspeakers and microphones. To take advantage of piezoelectricity, Dagdeviren and colleagues have developed flat devices that can be stuck onto organs and muscles such as the heart, lungs and diaphragm. Their mechanical properties are similar to whatever they are laminated onto, so they don't hinder those tissues when they move. So far, such devices have been tested in cows, sheep and pigs, animals with hearts roughly the same size as those of people. “When these devices mechanically distort, they create positive and negative charges, voltage and current—and you can collect this energy to recharge batteries, You can use them to run biomedical devices like cardiac pacemakers instead of changing them every six or seven years when their batteries are depleted.'' Scientists are also developing wearable piezoelectric energy harvesters that can be worn on joints such as the knee or elbow, or in shoes, trousers or underwear. People could generate electricity for electronics whenever they walk or bend their arms. Body heat A different energy-harvesting approach uses thermoelectric materials to convert body heat to electricity. “Your heart beats more than 40 million times a year,'' Dagdeviren notes. All that energy is dissipated as heat in the body—it's a rich potential source to capture for other uses. Thermoelectric generators face key challenges. They rely on temperature differences, but people usually keep a fairly constant temperature throughout their bodies, so any temperature differences found within are generally not dramatic enough to generate large amounts of electricity. But this is not a problem if the devices are exposed to relatively cool air in addition to the body's continuous warmth. Scientists are exploring thermo-electric devices for wearable purposes, such as powering wristwatches. In principle, the heat from a human body can generate enough electricity to power wireless health monitors, cochlear implants and deep-brain stimulators to treat disorders such as Parkinson's disease. Static and dynamic Scientists have also sought to use the same effect behind everyday static electricity to power devices. When two different materials repeatedly collide with, or rub against, one another, the surface of one material can steal electrons from the other, accumulating a charge, a phenomenon known as triboelectricity. Nearly all materials, both natural and synthetic, are capable of creating triboelectricity, giving researchers a wide range of choices for designing gadgets. Nanotechnologist Zhong Lin Wang of Georgia Tech: “The more I work with triboelectricity, the more exciting it gets, and the more applications it might have. I can see myself devoting the next 20 years to it.''
David Strom's Web Informant, 11 Jun 2018 [TNX to Gabe Goldberg] When someone tries to steal money from your bank or credit card accounts, these days it is a lot harder, thanks to a number of technologies. I recently personally had this situation. Someone tried to use my credit card on the other side of Missouri on a Sunday afternoon. Within moments, I got alerts from my bank, along with a toll-free number to call to verify the transactions. In the heat of the moment, I dialed the number and started talking to my bank's customer service representatives. Then it hit me: what if I were being phished? I told the person that I was going to call them back, using the number on the back of my card. Once I did, I found out I was talking to the right people after all, but still you can't be too careful. This heat-of-the-moment reaction is what the criminals count on, and how they prey on your heightened emotional state. In my case, I was well into my first call before I started thinking more carefully about the situation, so I could understand how phishing attacks can often work, even for experienced people. To help cut down on these sorts of exploits, banks use a variety of risk-based or adaptive authentication technologies that monitor your transactions constantly, to try to figure out if it really is you doing them or someone else. In my case, the pattern of life didn't fit, even though it was a transaction taking place only a few hundred miles away from where I lived. Those of you who travel internationally probably have come across this situation: if you forget to tell your bank you are traveling, your first purchase in a foreign country may be declined until you call them and authorize it. But now the granularity of what can be caught is much finer, which was good news for me. These technologies can take several forms: some of them are part of identity management tools or multi-factor authentication tools, others come as part of regular features of cloud access security brokers. They aren't inexpensive, and they take time to implement properly. In a story I wrote last month for CSOonline <https://www.csoonline.com/article/3271134/authentication/how-risk-based-authentication-has-become-an-essential-security-tool.html I discuss what IT managers need to know to make the right purchasing decision. In that article, I also talk about these tools and how they have matured over the past few years. As we move more of our online activity to mobiles and social networks, hackers are finding ways at leveraging our identity in new and sneaky ways. One-time passwords that are being sent to our phones can be more readily intercepted, using the knowledge that we broadcast on our social media. And to make matters worse, attackers are also getting better at conducting blended attacks that can cut across a website, a mobile phone app, voice phone calls, and legacy on-premises applications. Of course, all the tech in the world doesn't help if your bank can't respond quickly when you uncover some fraudulent activity. Criminals specifically targeted a UK bank that was having issues with switching over its computer systems last month knowing that customers would have a hard time getting through to its customer support call centers. The linked article documents how one customer waited on hold for more than four hours, watching while criminals took thousands of pounds out of his account. Other victims were robbed of five and six-figure sums after falling for phishing messages that asked them to input their login credentials. <https://www.welivesecurity.com/2018/05/28/scammers-drain-mans-bank-account-fraud-hotline/ The moral of the story: don't panic when you get a potentially dire fraud alert message. Take a breath, take time to think it through. And call your bank when in doubt. Comments always welcome here: http://blog.strom.com/wp/%3Fp%3D6568
What continues to bug me is that banks don't ask, “Did you call this number from the back of your card?'' Those of us who did will say “Of course'', but we aren't the ones to worry about. I've gotten calls from banks asking me about transactions; when I said “I will call you back'', they said “Fine, of course.'' But they SHOULD have started the call with “This is TBTF Bank, calling about a questionable transaction on your Visa card. To ensure that this is a legitimate conversation, please call us back at the number on the back of your card.''
This is similar in Britain (not that I'm a constitutional expert). Candidates stand for election in each electoral area, and we vote for which one we want to serve as our Member of Parliament. The winner is the one with most votes—the 'first-past-the-post' system. Usually one of the big parties gets a majority of MPs so forms the government directly, but sometimes (as at the present time) the biggest party needs a support agreement with a smaller party to get a majority. While this may seem like an elected dictatorship, it's obvious who is in charge, and we get the chance to vote them out at the next election. By contrast, as I understand it, mainland European countries often have a large number of small parties so coalitions are the usual arrangement. The problem here is that much policy-making may be hidden in behind-the-scenes deals between parties, i.e. a party may have to support something that it doesn't want to get something that it does, or vice-versa. This can give unstable governments as in Italy as the original poster said, or the opposite when an election just changes a few of the elected representatives and everything continues as as before. The EU seems to be based on the European model, with a large bureaucracy notionally governed by a small, unfocused elected assembly, which may account for the fractious relationship between the UK and the EU; indeed, a cynic such as myself may feel that the aim is to create the impression of democracy rather than giving power to voters. As British MPs are elected regionally, there's no direct correlation between the total number of votes gained by parties and the numbers of their MPs, so there are periodic campaigns to adopt some kind of proportional representation system, though this brings various other problems. A bigger problem is potential voter-identity fraud, a frequent topic in RISKS. There's talk of requiring voters to show some proof of identity at polling stations, but what, as there's no particular official UK identity document?
Please report problems with the web pages to the maintainer