*** Democracies Online Newswire - http://e-democracy.org/do *** *** *** *** Up to seven posts a week. To join over 2500 subscribers, *** *** e-mail <[EMAIL PROTECTED]>, in message: sub do-wire ***
If you are interested in learning about the risks associated with technology, the RISKS digest has been around for over ten years. Subscription information below. Steven Clift Democracies Online Newswire ---------- Forwarded message ---------- Date: Wed, 11 Sep 2002 7:36:40 PDT From: RISKS List Owner <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [risks] Risks Digest 22.24 RISKS-LIST: Risks-Forum Digest Weds 11 September 2002 Volume 22 : Issue 24 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/22.24.html> and by anonymous ftp at ftp.sri.com, cd risks . Contents: Florida Primary 2002: Back to the Future (Rebecca Mercuri) Nurses refuse to wear locator devices (Duane Thompson) Computer-Assisted Passenger Screening System defeated (Max) The Underground Web (Monty Solomon) Missed phone connections (Robert Kuttner via Monty Solomon) Microsoft says Win 2000 hacking outbreak subsides (PGN) Greek court finds Government ban on electronic games unconstitutional (Giorgos Epitidios) The pinnacle of chutzpah in spam filtering (Przemek Klosowski) REVIEW: "Computer Forensics and Privacy", Michael A. Caloyannides (Rob Slade) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 11 Sep 2002 03:14:39 -0400 From: "Rebecca Mercuri" <[EMAIL PROTECTED]> Subject: Florida Primary 2002: Back to the Future Well, Florida's done it again. Tuesday's Florida primary election marked its first large-scale roll-out of tens of thousands of brand-new voting machines that were promised to resolve the problems of the 2000 Presidential election. Instead, from the very moment the polls were supposed to open, problems emerged throughout the state, especially in counties that had spent millions of dollars to purchase touchscreen electronic balloting devices. Florida voters, including Gubernatorial candidate Janet Reno, experienced delays (ranging from minutes to hours) due to touchscreen machines not working properly or at all. Reno, and others (including Duval County officials) reportedly sought court orders requesting additional time for the day's voting session. Governor Jeb Bush granted a two hour extension, but some of the polling places did not receive notice and shut down their machines at 7PM, only to discover that restart was impossible because of the way the machines had been designed. In addition to polls and machines that opened late, many precincts reported problems with some electronic cards voters used to activate their ballots. A few machines in Miami-Dade County reset themselves while voters were trying to vote. Even the mark-sense ballots proved troublesome -- in Orange County many votes will have to be hand-counted because defects made them unreadable by the optical scanners. Lest readers think that Florida is alone with these election problems, other states, including Georgia and Maryland, have also reported similar difficulties with touchscreens. Problems in MD led 4 counties there to commission a report from UMD, which revealed serious reliability concerns, due to "catastrophic failure," "malfunction," and "unusability" of one of the two machines they were given for testing. The Association of Computing Machinery's Special Interest Group on Computer Human Interaction (ACM SIGCHI) offered to perform similar evaluations on Palm Beach's new voting equipment, urged by U.S. Representative Robert Wexler, but the offer was declined by the County's Board of Elections. Florida was forewarned about problems with some of their new machines when, in local municipal elections held back in March 2002, anomalies surfaced in Palm Beach County. Some voters submitted sworn affidavits to the state's 15th Circuit Court, attesting to problems ranging from a lack of privacy at the voting booth, to machines "freezing up" until rebooted or reset, and voter cards being rejected. During this past summer, as part of an investigation into Emil Danciu's contest (one of two lawsuits for the March Palm Beach County election), the court permitted me to perform a "walk through inspection" of the County's Board of Election warehouse where the machines were being stored and prepared for this Fall's primary. To my amazement, I learned that the devices would not be tested to see whether they would register a vote for each candidate that appeared on the ballot face. Rather, the tallying system was checked by transferring data between cartridges, (circumventing the ballot face on each machine) and only one vote, for the first candidate in each race, was cast using the touchscreen. This essentially meant that most of the new machines would get their first real use only at the actual election. (Not only does this testing lack rigour, but it only marginally complies with Florida election law.) The Palm Beach County machines were running new software too, since the firmware on each of their 3400 machines was reprogrammed just weeks before the Fall primary. (Such firmware reprogrammability represents a major security and auditability risk.) A thorough inspection of the machines, requested by Danciu's legal team, was denied by the court, on the grounds that the purchase contract with Election Supervisor Teresa LaPore made it a felony violation (for her) of the vendor's trade secret clause if any devices were provided (Danciu had even offered to pay for one) for an internal examination. This trade secrecy also apparently prevents disclosure of the program code files and testing reports maintained by the state of Florida as part of their certification process. But there's more. Further problems may begin to surface after the tabulation results are analyzed. Although if any candidate wishes to seek a recount, the only one they will get from the touchscreen machines is a printout of the same electronic data residing inside of the machines -- not an independent tally from human-readable ballots that were examined by the voters who cast them on election day. Even Brazil, where 400,000 fully-electronic voting machines were first deployed nation-wide in their 2000 election, deemed it appropriate to retrofit their machines to produce recountable voter-verifiable paper ballots, and they will begin to institute this by modifying some 3% of their machines for their next election. Sadly, many US communities seem to feel that it is necessary to rush ahead with voting equipment procurements, while reliable systems, appropriate testing, usability, security, and auditability procedures, and other safeguards, are years away. Florida 2000 woke us up to what many already knew -- our voting systems and laws were flawed. Florida 2002 lets us know that expensive computers can not and will not provide the answer to our election troubles. For the short run, communities that have purchased malfunctioning equipment should return it to the manufacturers and request refunds. There should be an immediate moratorium throughout the United States (and world) on the procurement of electronic voting systems that do not provide voter-verifiable paper ballots. In other words, if your community is thinking of buying touchscreen or other fully-computerized voting equipment, don't let them do it! Candidates and voters who believe they may have evidence of ballots being lost or foul-play with voting systems, should contact me, as soon as possible, at [EMAIL PROTECTED] in order to learn how data could be secured before it may be deleted. Those seeking additional information on voting systems can refer to the numerous articles linked on Peter Neumann's website and on mine (at www.notablesoftware.com/evote.html). Please let your voice and concerns be heard. Democracy is at stake. Rebecca Mercuri, Ph.D., Bryn Mawr College *This article is copyrighted property of Rebecca Mercuri (c) 2002. All rights reserved. Reprint permission is granted only in its entirety, with this notice intact. This article can be distributed but not sold. For any other uses, please contact the author for permission.* ------------------------------ .... clip .... Date: 29 Mar 2002 (LAST-MODIFIED) From: [EMAIL PROTECTED] Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, send e-mail requests to <[EMAIL PROTECTED]> with one-line body subscribe [OR unsubscribe] which requires your ANSWERing confirmation to [EMAIL PROTECTED] . If Majordomo balks when you send your accept, please forward to risks. [If E-mail address differs from FROM: subscribe "other-address <x@y>" ; this requires PGN's intervention -- but hinders spamming subscriptions, etc.] Lower-case only in address may get around a confirmation match glitch. INFO [for unabridged version of RISKS information] There seems to be an occasional glitch in the confirmation process, in which case send mail to RISKS with a suitable SUBJECT and we'll do it manually. .MIL users should contact <[EMAIL PROTECTED]> (Dennis Rears). .UK users should contact <[EMAIL PROTECTED]>. => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to [EMAIL PROTECTED] with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 21" for volume 21] http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. Lindsay Marshall has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r http://the.wiretapped.net/security/info/textfiles/risks-digest/ . http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/ ==> PGN's comprehensive historical Illustrative Risks summary of one liners: http://www.csl.sri.com/illustrative.html for browsing, http://www.csl.sri.com/illustrative.pdf or .ps for printing ------------------------------ End of RISKS-FORUM Digest 22.24 ************************ *** Past Messages, Discussion http://e-democracy.org/do *** *** To subscribe, e-mail: [EMAIL PROTECTED] *** *** Message body: SUB DO-WIRE *** *** To UNSUBSCRIBE instead, write: UNSUB DO-WIRE *** *** Please forward this post to others and encourage *** *** them to subscribe to the free DO-WIRE service. *** *** Please send submissions to: [EMAIL PROTECTED] ***
