Wednesday, September 27, 2006

Most Iraqis Favor Immediate U.S. Pullout

A Washington Post article by Amit R. Paley reports on two new polls.

A strong majority of Iraqis want U.S.-led military forces to immediately withdraw from the country, saying their swift departure would make Iraq more secure and decrease sectarian violence, according to new polls by the State Department and independent researchers.

In Baghdad, for example, nearly three-quarters of residents polled said they would feel safer if U.S. and other foreign forces left Iraq, with 65 percent of those asked favoring an immediate pullout...

"Majorities in all regions except Kurdish areas state that the Multi-National Force-Iraq (MNF-I) should withdraw immediately, adding that the MNF-I's departure would make them feel safer and decrease violence," concludes the 20-page State Department report, titled "Iraq Civil War Fears Remain High in Sunni and Mixed Areas."

By large margins, though, Iraqis believed that the U.S. government would refuse the request, with 77 percent of those polled saying the United States intends keep permanent military bases in the country...

"The very fact that there is such a low support for American forces has to do with the American failure to do basically anything for Iraqis," said Mansoor Moaddel, a professor of sociology at Eastern Michigan University, who commissioned a poll earlier this year that also found widespread support for a withdrawal. "It's part of human nature. People respect authority and power. But the U.S. so far has been unable to establish any real authority."

Interviews with two dozen Baghdad residents in recent weeks suggest one central cause for Iraqi distrust of the Americans: They believe the U.S. government has deliberately thrown the country into chaos.

The most common theory heard on the streets of Baghdad is that the American military is creating a civil war to create an excuse to keep its forces here.

Our troops are getting killed to perpetuate a situation that Iraqis don't want and believe is causing more of them to be killed? Stay the course? Bah! Humbug!

Labels: ,


Sunday, September 24, 2006

The Big Gamble on Electronic Voting

The New York Times has a long article by Randall Stross [registration required] in its business section today about the risks of electronic voting machines.
HANGING chads made it difficult to read voter intentions in 2000. Hotel minibar keys may do the same for the elections in November...

One brand of machine leads in market share by a sizable margin: the AccuVote, made by Diebold Election Systems. Two weeks ago, however, Diebold suffered one of the worst kinds of public embarrassment for a company that began in 1859 by making safes and vaults.

Edward W. Felten, a professor of computer science at Princeton, and his student collaborators conducted a demonstration with an AccuVote TS and noticed that the key to the machine’s memory card slot appeared to be similar to one that a staff member had at home.

When he brought the key into the office and tried it, the door protecting the AccuVote’s memory card slot swung open obligingly. Upon examination, the key turned out to be a standard industrial part used in simple locks for office furniture, computer cases, jukeboxes — and hotel minibars.

Once the memory card slot was accessible, how difficult would it be to introduce malicious software that could manipulate vote tallies? That is one of the questions that Professor Felten and two of his students, Ariel J. Feldman and J. Alex Haldeman, have been investigating...

Even before the researchers had made the serendipitous discovery about the minibar key, they had released a devastating critique of the AccuVote’s security. For computer scientists, they supplied a technical paper; for the general public, they prepared an accompanying video. Their short answer to the question of the practicality of vote theft with the AccuVote: easily accomplished...

I spoke last week with Professor Felten, who said he could not imagine how a newer version of the AccuVote’s software could protect itself against this kind of attack. But he also said he would welcome the opportunity to test it. I called Diebold to see if it would lend Princeton a machine.

Mark G. Radke, director for marketing at Diebold, said that the AccuVote machines were certified by state election officials and that no academic researcher would be permitted to test an AccuVote supplied by the company. “This is analogous to launching a nuclear missile,” he said enigmatically, adding that Diebold had to restrict “access to the buttons.”

I persisted. Suppose, I asked, that a test machine were placed in the custodial care of the United States Election Assistance Commission, a government agency. Mr. Radke demurred again, saying the company’s critics were so focused on software that they “have no appreciation of physical security” that protects the machines from intrusion...

This same point was featured prominently in the company’s press release that criticized the Princeton study, saying it “all but ignores physical security and election procedures.” It is a criticism that collides with the facts on Page 5 of the Princeton study, where the authors provide step-by-step details of how to install the malicious software in the AccuVote.

Even before the minibar lineage of the AccuVote key had been discovered, the researchers had learned that the lock was easily circumvented: one of them could consistently pick it in less than 10 seconds.

If skeptics cannot believe what they read about the ease of manipulating an election, they can watch the 10-minute online video: the AccuVote lock is picked, a memory card is inserted and the malicious software is loaded; the machine is rebooted, and within 60 seconds the machine is ready to throw the election in favor of any specified candidate...

Recently, there have been signs that states are having second thoughts about trusting their AccuVote equipment. Officials in California, Florida and Pennsylvania have been outspoken about their concerns. In Maryland earlier this year, the state House of Delegates voted 137 to 0 in favor of a bill to prohibit the use of its AccuVote machines because they were not equipped to generate a paper audit trail.
Previous post.

Labels: , ,


Friday, September 22, 2006

Privacy Innovations


Thursday, September 21, 2006

Let's boycott Diebold ATMs!

By now, readers of this blog should be familiar with the multitudinous problems and insecurities of Diebold electronic voting machines, with Diebold's lame defenses of the same, and with the tepid response to these problems by the politicians running the voting machines, such as the one quoted in this Washington Post article
"We know the equipment works because it's been qualified to federal standards," said Kevin J. Kennedy, executive director of the Wisconsin State Elections Board and president of the National Association of State Election Directors.
It's time for a boycott. But boycotting elections themselves is counter-productive, and sidestepping the machines (e.g., voting by absentee ballot) has its own problems.

However, Diebold has a much bigger and more profitable business than voting machines: Automated teller machines (ATMs). They have a big chunk of the market, but not a monopoly. So, next time you are about to get cash, look at the brand name on the ATM, and if it's Diebold, look for another machine.

You've got to hit them in the pocketbook to make them notice.



Gene-Altered Profit-Killer

A Washington Post article by Rick Weiss points out that scientists who have urged caution in releasing genetically altered plants outside the laboratory now have belated support from an unexpected source: rice farmers.

The disclosure last month that American long-grain rice has become widely contaminated with traces of an experimental, gene-altered rice has provoked an economic crisis for farmers and reignited a long-smoldering debate over the adequacy of U.S. oversight of biotech food.

Already, Japan has banned U.S. long-grain imports, noting, as have other countries, that the genetically altered variety never passed regulatory muster. Stores in Germany, Switzerland and France have pulled American rice off their shelves. And at least one ship last week remained quarantined in Rotterdam, awaiting word of whether its contents would be diverted or destroyed.

"Until this happened, it looked like rice farmers were finally going to make a profit this year," said Greg Yielding, executive director of the Arkansas Rice Growers Association. Instead, U.S. rice prices have slumped about 10 percent, and some expect market losses to reach $150 million...

"We've been warning for years that something like this could happen," Yielding said, citing a December 2005 report from the Agriculture Department's inspector general that lambasted the government for not keeping a closer eye on companies developing new crops. "This is one of those deals where you hate to be right." ...

Although U.S. farmers say they favor, in theory, further development of the crops, many have called for delays in field testing or marketing until other countries agree to accept them. With few mechanisms in place to segregate engineered from conventional varieties, and wide availability of tests able to detect minute quantities of foreign DNA, they say it is not worth the risk that shipments will become contaminated and rejected.

Hit them in the pocketbook, and they notice.

Labels: ,


Monday, September 18, 2006

Just when you think the news about Diebold can't get any worse...

Along comes this post by Ed Felten reporting that they have found that
The access panel door on a Diebold AccuVote-TS voting machine — the door that protects the memory card that stores the votes, and is the main barrier to the injection of a virus — can be opened with a standard key that is widely available on the Internet...

It’s a standard part, and like most standard parts it’s easily purchased on the Internet. We bought several keys from an office furniture key shop — they open the voting machine too. We ordered another key on eBay from a jukebox supply shop. The keys can be purchased from many online merchants.

Using such a standard key doesn’t provide much security, but it does allow Diebold to assert that their design uses a lock and key. Experts will recognize the same problem in Diebold’s use of encryption — they can say they use encryption, but they use it in a way that neutralizes its security benefits.
Earlier Diebold post.

Labels: , ,


Wednesday, September 13, 2006

Electronic Voting:
A view from the trenches

Avi Rubin has not only been at the forefront of the examination of direct recording electronic (DRE) voting machines, he has also served as an election judge in the last several elections. He has posted a report of his experiences yesterday. Excerpts:
The electronic poll books presented an even bigger problem, however. Every so often, about once every 15-25 minutes, after a voter signed in, and while that voter's smartcard was being programmed with the ballot, the poll book would suddenly crash and reboot. Unfortunately, the smartcard would not be programmed at the end of this, so the poll worker would have to try again. However, the second time, the machine said that the voter had already voted. The first few times this happened, we had some very irate voters, and we had to call over the chief judge. Soon, however, we realized what was happening, and as soon as the poll book crashed, we warned the voter that it would come up saying that they had already voted, but that we knew they hadn't. Then, the chief judge would have to come over, enter a password, and authorize that person to vote anyway. Then we had to make a log entry of the event and quarantine the offending smartcard. Unfortunately, the poll books take about 3 minutes to reboot, and the chief judges are very scarce resources, so this caused further delays and caused the long line we had for most of the afternoon and evening while many of the machines were idle. Another problem was that the poll book would not subtract a voter from its total count when this happened, so every time we had an incident, the poll book voter count was further off the mark. We had to keep track of this by hand, so we could reconcile it at the end of the day...

Throughout the early part of the day, there was a Diebold representative at our precinct. When I was setting up the poll books, he came over to "help", and I ended up explaining to him why I had to hook the ethernet cables into a hub instead of directly into all the machines (not to mention the fact that there were not enough ports on the machines to do it that way). The next few times we had problems, the judges would call him over, and then he called me over to help. After a while, I asked him how long he had been working for Diebold because he didn't seem to know anything about the equipment, and he said, "one day." I said, "You mean they hired you yesterday?" And he replied, "yes, I had 6 hours of training yesterday. It was 80 people and 2 instructors, and none of us really knew what was going on." I asked him how this was possible, and he replied, "I shouldn't be telling you this, but it's all money. They are too cheap to do this right. They should have a real tech person in each precinct, but that costs too much, so they go out and hire a bunch of contractors the day before the election, and they think that they can train us, but it's too compressed." ...

I haven't written at all about the Accuvote machines. I guess I've made my opinions about that known in the past, and my new book deals primarily with them. Nothing happened today to change my opinion about the security of these systems, but I did have some eye opening experiences about the weaknesses of some of the physical security measures that are touted as providing the missing security. For example, I carefully studied the tamper tape that is used to guard the memory cards. In light of Hursti's report, the security of the memory cards is critical. Well, I am 100% convinced that if the tamper tape had been peeled off and put back on, nobody except a very well trained professional would notice it...

The least pleasant part of the day was a nagging concern that something would go terribly wrong, and that we would have no way to recover. I believe that fully electronic systems, such as the precinct we had today, are too fragile. The smallest thing can lead to a disaster. We had a long line of "customers" who were mostly patient, but somewhat irritated, and I felt like we were not always in a position to offer them decent customer service. When our poll books crashed, and the lines grew, I had a sense of dread that we might end up finishing the day without a completed election. As an election judge I put aside my personal beliefs that these machines are easy to rig in an undetectable way, and become more worried that the election process would completely fail. I don't think it would have taken much for that to have happened.



Why you shouldn't use a Diebold voting machine

... if you have any choice in the matter.

Ari Feldman, Alex Halderman, and Ed Felten have just released a paper on the security of e-voting technology. The paper is accompanied by a ten-minute video that demonstrates some of the vulnerabilities and attacks they discuss. These are highly-credible computer science researchers who have recently been focusing on electronic voting.

Their abstract:
This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities — a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine’s hardware and software and the adoption of more rigorous election procedures. [emphasis mine]
See also

Labels: ,


Tuesday, September 12, 2006

Does Hardware Exist?

David Alan Grier has a column in IEEE Computer entitled "The Empty Box," advancing the theme that someday software will be as mythical as hardware is now.
Of course, I will concede that hardware once existed. It roamed the land in vast herds that stretched from horizon to horizon. The earth shook when these herds began their annual migration from their breeding grounds in California to the great trade shows in Las Vegas.

Sadly, hardware is now completely extinct. It was a victim of overpopulation, the degradation of its prime desktop habitat, and the terrible glaciers of hyperbole that swept out of Madison Avenue in the early 1990s and scoured the earth clean.

Labels: ,


Friday, September 08, 2006

CDT on evaluating DRM

The Center for Democracy & Technology has just issued a report, "Evaluating DRM: Building a Marketplace for the Convergent World," that is the calmest, most rational comprehensive survey of the subject that I have yet seen. They recognize the competing interests of a large variety of stakeholders, including consumers, copyright holders, distributors, and equipment manufacturers – without name calling, ad hominem attacks, or accusations of bad faith.

An interesting aspect of the report is that, rather than trying to stake out a legal or moral position on the topic, it aims to educate reviewers of DRM systems and DRM-enabled products about the questions they should ask, and the answers they should communicate to the public.
The explosive growth of the Internet and digital media has created both tremendous opportunities and new threats for content creators. Advances in digital technology offer new ways of marketing, disseminating, interacting with, and monetizing creative works, giving rise to expanding new markets that did not exist just a few years ago. These technologies also promise to democratize the production of creative content by putting the creation and wide distribution of creative works within the reach of private individuals. At the same time, however, the technologies have created major challenges for copyright holders seeking to exercise control over the distribution of their works and protect against piracy.

Digital rights management (DRM) represents a response to these issues. DRM is designed to help content creators protect their content from widespread uncontrolled distribution. Its proponents maintain that DRM can facilitate the secure distribution of digital content in new markets and help fuel new business models that exploit the power of digital media and the Internet, giving consumers many more choices. Critics, meanwhile, contend that DRM will do little to stop piracy, and that its main effect may be to frustrate consumers' ability to take advantage of the full power of digital media...

For now, and for the foreseeable future, it is the market rather than the government that is likely to play the primary role in shaping DRM.

As DRM increasingly becomes integrated into media that consumers purchase, it will be important for the public and product reviewers to understand how to evaluate the impact of DRM on the media user’s experience. Different DRM systems will provide different capabilities for users. An informed base of consumers capable of comparing products and expressing and acting on their preferences is essential to ensuring that the marketplace for digital media products and services is diverse, competitive, and responsive to reasonable consumer expectations...

We suggest specific questions that consumers and reviewers should be asking about media devices and services incorporating DRM. These “metrics” for DRM include: Transparency – Is there clear disclosure to users of the effects of DRM? ... Effect on Use – What are the specific parameters and limitations for the use of a work? ... Collateral Impact – Does a DRM technology have any other potential impact on a user, apart from its effects on the user’s use of the particular work? ... Purpose and Consumer Benefit– Does it appear that DRM is being used to innovate and facilitate new business models that fill previously unaddressed demand and give consumers new choices? ...

CDT believes that, in applying metrics for DRM, it is important to consider a forward-looking frame of reference as well: specifically, what an honest and law-abiding consumer could do with networked, general purpose computers and open-format media. In such an open-media environment, devices are freely interoperable. Content can be readily moved across home and personal networks, converted to different formats, and accessed on several devices. Consumers are able to easily transfer and access their content from diverse locations over the Internet. Wide personal and transformative uses of content are possible, limited only by the imagination of technologists in devising new ways to manipulate digital data.

Content owners will object that it is not reasonable to expect protected digital media to live up to such a standard. After all, completely unprotected media of the kind envisioned in the open media environment is easily susceptible to massive piracy. This is a fair observation. Our point is not that everything that is possible with unprotected content on general purpose computers should be immediately possible for DRM-protected media, nor that every deviation from the open media environment is somehow harmful or unfair.

Rather, using the open media environment as a frame of reference helps illustrate the technical choices and tradeoffs associated with DRM. In a world of technological convergence and digital media, there is no technical reason why content cannot be distributed with the flexibility that networked, general purpose computer architecture can provide. There may be economic, business model, or legal reasons for taking a different approach. But consumers and product reviewers seeking to evaluate DRM should have a clear picture of the tradeoffs that have been made in each of the areas described in the metrics.



Tuesday, September 05, 2006

We will all fry together...

A press release from the British Antarctic Survey discusses evidence from an 800,000-year Antarctic ice core record shows unprecedented atmospheric change due to carbon dioxide and other greenhouse gases.
Ice cores reveal the Earth's natural climate rhythm over the last 800,000 years. When carbon dioxide changed there was always an accompanying climate change. Over the last 200 years human activity has increased carbon dioxide to well outside the natural range and we have no analogue for what will happen next.
According to the Environmental News Service report
The 3.2 kilometer East Antarctica ice core is the deepest ever removed... The core shows that there have been eight cycles of atmospheric change in that time frame when levels of carbon dioxide and methane, another greenhouse gas, peaked - and each has been accompanied by warming in the climate.

But the current peak levels are far above anything seen in past cycle and the rate of change is alarming, the scientists said...

Levels of atmospheric carbon dioxide have jumped 35 percent in the past two centuries and are rising at an unprecedented rate.

Carbon dioxide levels have risen 30 ppm in the past 17 years - an increase that used to take 1,000 years.

Furthermore, methane had never tipped 750 parts per billion (ppb), but is now 1,780 ppb...



Saturday, September 02, 2006

Warning: "Anonymous" Browser may be Fake

Spotted a reference to this in Bruce Schneier's generally reliable blog.
Social news rave about Browzar - they claim it a new secure browser leaving no footprints. After looking at it closer, I found out that it’s not a browser at all, and moreover, this software thrusts search via it’s own PPC-SE full of ads on user.
Always be careful about obtaining software from a source you don't have good reason to trust.