tag:blogger.com,1999:blog-186497162024-03-19T08:41:26.485-04:00ABQORDIA - Thoughts on security and societyJeremyhttp://www.blogger.com/profile/15815932490811373617noreply@blogger.comBlogger100125tag:blogger.com,1999:blog-18649716.post-46935582551146297352009-07-22T09:50:00.003-04:002009-07-22T09:56:06.331-04:00The WinVote videoJust after the November 2008 election, a <a href="http://www.youtube.com/watch?v=xl2TjX4PpL8">video </a>appeared on YouTube showing someone playing with an <a href="http://www.verifiedvoting.org/article.php?id=5138">AVS WinVote DRE voting machine</a> in my home county (Fairfax Virginia), and showing that under certain circumstances it records incorrect votes, and even flips selected candidates.<br /><br />I was recently asked for comments on the video, so I thought I'd post them here too.<br /><br />My reaction (aside from the amateur filmmaking) is that while it tooka bunch of fiddling before the machine failed, the fact that the failures occurred show that under some circumstances the WinVote will fail to get the voter's intent - i.e., there's unquestionably one or more bugs in the software that can trigger under certain circumstances and cause incorrect candidate selection. The question is whether it would also fail under normal circumstances - once you've established that the bug occurs in an unrealistic situation, one has to ask can it also occur in a realistic situation. Given the minimal level of testing done in the Federal and state certification processes, it would be highly unlikely to be detected as part of certification. I don't know whether Fairfax County's testing is thorough enough that it might have been found there.<br /><br />The more interesting question is whether a voter (other than the one who made this video) ever encountered this problem by accident, and believing it to be their mistake never reported it (or reported it to a pollworker, who never reported it to the Fairfax County office). [Or perhaps it got reported in another state that used the WinVote, but the word never got to the Fairfax County Board of Elections.<br /><br />And the other interesting question is whether this bug, when triggered, causes incorrect recording of the candidate choices.... if the voter doesn't notice that it switched candidates on them, does the vote recorded in memory reflect what is being shown on the screen or what the voter had actually selected before the flip? The answer isn't obvious...Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com2tag:blogger.com,1999:blog-18649716.post-10267161324794076892009-06-19T13:22:00.003-04:002009-06-19T13:41:02.569-04:00Cloud Computing - all that's old is new againCloud computing is the buzzword du jour. What amazes me most is how little people realize that it's nothing new.<br /><br />From about 1978 until ultimate cancellation in 1986, AT&T ran a project called "Net 1000" (codename: ACS or Advanced Computing System). This was the first product AT&T released as part of the deregulatory process.<br /><br /><a href="http://www.amazon.com/Managing-Projects-Telecommunication-Services-Mostafa/dp/0471713430/ref=sr_1_1?ie=UTF8&s=books&qid=1245432579&sr=8-1"><span style="font-style: italic;">Managing projects in telecommunication services</span></a> b<span class="addmd">y Mostafa Hashem Sherif describes Net 1000 as follows: "The service consisted in providing customers with the capacity to develop, install, and manage applications software to run on AT&T's owned processors. The architecture was based on having a large number (100-200) of dispersed data centers (caled "service points"). These were interconnected using an X.25 packet switched network from the regulated part of AT&T. Initially, data centers were built in New York, Chicago, Los Angeles, Greensboro, Salt Lake City, Camden, Kansas City, and San Antonio [...] A Network Operations Center was constructed in Somerset, NJ. [...] The idea of Net 1000 was for users to pay for what they use. They wer charged for network terminations (ports), disk storage, transmission bandwidth, connection time, and communications process." (Page 79)<br /><br />Sherif continues on page 81 that problems with the business included "the absence of application software and overlook[ing] the time needed to develop, test, and deploy software applications, particularly in a new operating environment."<br /><br />Later on, AT&T changed the direction for Net 1000, and it ceased to be an application hosting infrastructure. But that's another story.<br /><br />AT&T lost more than $1B on Net 1000. Yes, that's billion.<br /><br />Certainly there are significant differences between cloud computing and Net 1000 - AT&T was trying to sell both the network communications and the applications platform, while cloud vendors are using the existing network infrastructure. And of course computer equipment is much cheaper - at the time I worked on Net 1000, the VAX 11/780 computers used as the application hosting platforms cost about $200,000 each, and operated at a speed comparable to about 1 MHz (vs. 2+GHz for a typical laptop today). Databases are a lot more mature too - the Net 1000 product was built on a DBMS called "Seed", which I think was written in FORTRAN, with a COBOL layer built on top of that. (We looked at a startup called Oracle but their products weren't mature enough to use for a nationwide offering!)<br /><br />I'm not predicting that cloud computing will go the way of Net 1000. Just saying that all that's old is new again.<br /></span>Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com2tag:blogger.com,1999:blog-18649716.post-79089288951497859062009-06-10T14:57:00.002-04:002009-06-10T15:03:32.840-04:00Election Day 2009 - report from the trenchesWhat, it’s election day again? Yes, Virginia, there is an election this year (state and most local candidates are elected in odd numbered years). Today was the Democratic primary– it’s an open primary to select Governor and Lieutenant Governor candidates, and in some places to select candidates for the House of Delegates. (The Republicans picked their candidates at a convention last month – in Virginia, it’s up to the parties whether to select candidates by convention or primary. The third statewide office, Attorney General, only had one candidate on the Democratic side so it wasn’t on the ballot.)<br /><br />My precinct in Fairfax County has 1975 registered voters (small for this county), of whom 146 showed up over the 13 hours the polls were open, and 6 others voted absentee. We had four pollworkers – a chief and three assistants (including me). We were using two AVS WinVote DREs, neither of which had an apparent problems (after the special election a few months ago with strange results, I checked the zero and end of day tapes carefully). I found the election interesting because it was so slow that I had a chance to observe all of the weird things that happen in nearly any election, but in a general election we’re too busy to notice.<br /><br />1. One of the three candidates for Lieutenant Governor had withdrawn before the election, but after the ballots were approved. We had signs everywhere telling voters that, but he still got four votes in our precinct.<br /><br />2. Several voters didn’t know it was only a Democratic primary, and wanted to vote for Republican candidates. I presume they undervoted.<br /><br />3. One voter left without pressing the final “Vote” button. Local rules say that the vote is voided rather than cast.<br /><br />4. Several voters seemed surprised that there were just two races on the ballot (as noted above, some areas also had a third race for Delegate).<br /><br />5. One voter who didn’t have a driver’s license or similar ID tried to use a Visa card with a photo. Luckily, Virginia allows an affidavit as an alternative to an ID, so we didn’t have to decide whether a credit card is a valid ID.<br /><br />6. One voter was listed as a permanent overseas voter who gets an absentee ballot automatically, so she had to vote a provisional ballot until the county can verify that she hadn’t already voted absentee.<br /><br />7. One voter needed to vote curbside; the DRE was very easy to handle for that use. However, the rules in Virginia are such that I could carry it to the car by myself (without a second pollworker coming along), so I could have (theoretically) cast extra votes without anyone noticing – except that the count would have mismatched. We discovered when it was time to close the polls and fill out the final reports that we forgot to note the protective counter when the machine was carried out to the curb and back again – most likely because none of the pollworkers had ever done curbside voting before.<br /><br />8. One voter said he had registered to vote in his high school in the past few weeks (which was probably after the deadline). I wanted to allow him to cast a provisional ballot (if for no other reason than to give him the feeling that his vote might be counted), but the chief for the precinct called the county which said they didn’t have him listed, so she sent him away.<br /><br />9. One voter had trouble getting the touchscreen to respond to him. The problem seemed to be that he was balling up his fist and pushing the screen with his thumb, which probably caused his other fingers to touch the screen at the same time.<br /><br />10. No one asked about the paper optical scan ballots we used in the fall general election, nor did anyone express concern about the reliability/accuracy of the DREs (other than my wife). Just a statement of facts, ma’am!<br /><br />All in all, a thoroughly ordinary election, but one that reinforced the range of “unusual” activities.Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com0tag:blogger.com,1999:blog-18649716.post-62057007072752407362009-06-07T21:44:00.003-04:002009-06-07T21:47:20.020-04:00Metric to English measurements - no more precisionHere's an excerpt from a CNN report about the airplane crash: "The part of the ocean where the debris and bodies have been found ranges between 19,685 and 26,247 feet (6,000 and 8,000 meters) deep. The search area covers 77,220 square miles (200,000 square km), an area nearly as big as the country of Romania."<br /><br />Converting 6000 meters to feet doesn't change from 1 to 5 digits of precision, and similarly for the other numbers.<br /><br />This happens in all sorts of reporting. Why isn't it taught as part of Journalism 101?Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com0tag:blogger.com,1999:blog-18649716.post-80703785968896594142009-05-14T15:50:00.003-04:002009-05-14T16:02:13.811-04:00A little knowledge is a dangerous thingLast week the Washington Post reported that a web site belonging to the <a href="http://www.dhp.virginia.gov/">Virginia Department of Health Professions</a> was broken into, and that millions of records regarding use of controlled drugs had been at least potentially accessed by an attacker. The attacker claims to have encrypted the records with a key only s/he knows, and will not release the key without being paid a ransom.<br /><br />Clearly this was a bad thing.<br /><br />But here's where we get into "a little knowledge". The Washington Post <a href="http://www.washingtonpost.com/wp-dyn/content/article/2009/05/12/AR2009051202983.html">reports </a>that "Del. Joe May, an electrical engineer by profession and the House's resident expert on technology issues, wanted to know what security measures the hacker had to overcome to access the records." So far, so good. They then quote May as saying "It doesn't sound like the proper firewalls, the proper backing up, the proper security measures were in place, ... and the question is why didn't we go ahead and have VITA do it."<br /><br />Unfortunately, the problem almost certainly wasn't an issue of firewalls or similar security measures - it's much more subtle than that, probably an application security flaw. <br /><br />I served with Del May on a state commission on electronic voting issues some years ago, and learned that he's got a great understanding of the big picture, but doesn't understand the details. As an example, he insisted that it was impossible for someone to break into a voting machine because there's no source code that's publicly available. I'm sure that will come as a great surprise to the black hats who routinely reverse engineer products to find vulnerabilities and develop attacks, to the white hats at companies like Symantec and McAfee who reverse engineer the attacks to come up with protections, and the hundreds of millions of users who have to install patches to protect against the vulnerabilities that, in Del May's mind, cannot exist.<br /><br />It's great that the legislature has technical members - this is very much in keeping with Thomas Jefferson's view of a citizen legislature. However, those members need to be aware enough of their breadth of knowledge to understand when it's time to call an expert. You don't ask an oncologist for an expert opinion on brain surgery, or vice versa. Del. May and the legislature need to ask for help when they need it.<br /><br />Ironically, the article concludes "Paquette [the state technology director] said DHP had one of the most secure systems in state government, and that firewall systems and backups were operational at the time of the attack". If this is one of the "most secure" systems, I'd hate to see the others....Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com1tag:blogger.com,1999:blog-18649716.post-71999505378600012502009-05-14T15:39:00.002-04:002009-05-14T15:48:18.649-04:00Too much information (for too little value)I rarely go to the movies - I usually just wait until whatever I want to see comes out on DVD. But recently I wanted to see the <a href="http://www.thisamericanlife.org">This American Life</a> <a href="http://www.ncm.com/Fathom/OriginalPrograms/ThisAmericanLifeEnc.aspx">live simulcast</a>. When I <a href="http://www.movietickets.com">bought my tickets</a>, I was disappointed that I had to register in order to make the purchase - and very surprised that a required field in the <a href="https://www.movietickets.com/myaccount.asp">registration </a>is a birthdate.<br /><br />I can see where if I were under 18 they might want a birthdate to verify what types of movies I'm allowed to see (although it should really control admission, not ticket purchase). But for those of us over 18, it's only useful for marketing purposes - and it's an unnecessary piece of personal information for them to have. Just another bit of data to put identities at risk...<br /><br />The privacy policy says "Through customer surveys, subscriptions, and newsletter registration, our site may request users to give us contact, demographic and/or financial information (such as<br />their name, locale, gender, age, income level and email address). The demographic information is used, among other things, to enhance user experience so we can be more content specific." I guess they consider the birthdate to be demographic, although IMHO if that were the case they could do just fine with the year alone.<br /><br />I've filed a complaint with their customer service department. Not surprisingly, I haven't heard back. I may file a complaint with their privacy person next.Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com0tag:blogger.com,1999:blog-18649716.post-82892764642788489372009-05-07T13:45:00.002-04:002009-05-07T13:54:21.448-04:00How to guarantee bad passwords (part 2)As I described in a <a href="http://abqordia.blogspot.com/2009/04/how-to-guarantee-bad-passwords.html">recent post</a>, overly complex password rules lead to hard-to-remember passwords that get written down. Well, I tried not to write it down, and promptly forgot it. So I called the helpful help desk person, who reset it for me to a random value, and had me reset the password. Other than the cost to the organization of having to have a person involved in password resets, so far so good.<br /><br />But then the kicker: your new password can't have any two character sequence the same as any of your previous 9 passwords. Makes sense to some extent - you shouldn't be able to switch from "myDOGspot!!" to "myDOGspot??". However, it means that in order to do this check, they're almost certainly not storing one-way hashes of the passwords (as good security engineers do), but rather the original passwords. The help desk person assured me that the passwords are encrypted, so there's nothing to worry about. So even if someone breaks into their site, all they'd get is the encrypted passwords.... Of course, if someone figures out how to get in below the level of encryption, then game over.<br /><br />Moral of the story: "improving" security by strong passwords can backfire in many ways, by causing users to write them down, having servers that store the original passwords, etc.Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com0tag:blogger.com,1999:blog-18649716.post-90409596108349522312009-05-01T11:20:00.002-04:002009-05-01T11:22:46.360-04:00Disaster recoveryBruce Perens has an excellent <a href="http://perens.com/works/articles/MorganHill/">analysis </a>of the recent California bay area telecom outage, which showed the level of interdependency among systems. Anyone who thinks cloud computing is a panacea, especially for government services (some of which are needed in emergencies) needs to understand the implications of this outage, and what attackers may have learned from it.<br /><br />Well worth reading.Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com0tag:blogger.com,1999:blog-18649716.post-10495255473537605352009-04-30T14:11:00.003-04:002009-04-30T14:24:13.934-04:00How to guarantee bad passwordsGetting users to choose good passwords and not write them down is always a challenge. It's a tradeoff - if you make the requirements too loose, then an attacker can guess the password. Make it too complex, and users have to write them down. The rules should be proportional to the sensitivity of the data that's accessible - read-only access to a newspaper shouldn't require as strong a password as financial or health information.<br /><br />In the "too loose" category, the extreme case I've run into was a web site used for storing personnel information - which should have had relatively strong requirements - that required a two character password. No quality restrictions, no frequency of changes, nothing. Bad choice.<br /><br />Today, I ran into the other end of the spectrum. A site that requires passwords that:<br />* have a minimum length of 9 characters<br />* must contain two upper and two lower case characters<br />* must contain two digits and two special characters<br />* must be different from the last 9 passwords you've used<br />* must not contain a single quote<br /><br />But the kicker: passwords may not contain any word of two letters or more. That's apparently determined (as best as I can tell through trial and error) by comparing every substring to a dictionary. So a password like 97to$%ABC isn't acceptable, because "to" is a word. And 3-5zq?jbeLN isn't valid either, because "be" is a word. Presumably a1b2c3d4e5** would be a valid password, though. (I didn't try that one.)<br /><br />Oh, and the password expires every 60 days, so just about when you've come up with something that matches their criteria, it's time to change again.<br /><br />Now granted this site has some sensitive information, but wouldn't it make more sense to use certificate-based authentication, which is far harder to attack in a brute force manner than passwords? (Assuming, that is, that you're not using certificates with MD5 signatures.)<br /><br />I'd bet that 90% of their users have the passwords written down.Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com2tag:blogger.com,1999:blog-18649716.post-46568623032835753142009-04-30T12:07:00.001-04:002009-04-30T12:55:55.863-04:00Social Security card requirementsTo get paid by an employer in the US, the employee and employer are required to fill out an I-9, which requires that the employee provide various forms of ID. In addition, employers are generally required to use the eVerify system to do an online employee check – that the Social Security Number provided actually belongs to the employee. <br /><br />This is about an employer who decided to go beyond the law, and is not only violating the law but also causing themselves extra work.<br /><br />I work roughly one day a year for Fairfax County (Virginia) as a pollworker, for which I’m paid $100. I obviously don’t do it for the money. Even though I presented a passport as proof of citizenship (a requirement for being a pollworker, and legally adequate for the I-9), this year they decided to demand that pollworkers also provide a copy of Social Security Cards – even though for many of us, they’re clearly labeled “not valid for identification”. I refused to provide mine – it’s not a legal requirement, but rather their policy. And I said if they didn’t want to pay me, they don’t have to. [Incidentally, no employer has ever asked me to provide a Social Security card – of course I have to provide the SSN, but that’s a different requirement.]<br /><br />Last week, I got a call from the county’s payroll department. It seems that eVerify kicked me out as a mismatch – my Social Security record includes my middle name, and I used my middle initial on the pollworker form, or vice versa. So they’re spending an hour of someone’s time (not to mention annoying me) to validate my SSN, so they can determine whether I have a legal right to work – even though they’ve already determined that, by virtue of my passport.<br /><br />I suggested that if the verification doesn’t match, they don’t have to pay me. But Virginia law requires them to pay pollworkers. Further, the law gives only a few reasons for refusing to allow someone to be a pollworker, and refusal to provide a Social Security card isn’t one of them (about the only reasons for refusing someone are if they’re not a citizen of the US, not a resident of Virginia, or a convicted felon). <br /><br />The county employee also said that “only” ½ of 1% of people failed e-Verify. Given that being a pollworker is a job that (almost?) no one does for the money, one would expect that every single verification failure is an error – unlike in other jobs where there’s a certain fraction of illegal workers. So in a “real world” environment – say a grocery store, where the motivation for fake credentials is much higher – the rate of mismatches is probably ten times higher.<br /><br />My conclusion: eVerify is a huge waste of money and will have a negative impact in the long run, because the ratio of false positives (people who are incorrectly tagged as being unauthorized to work) is so high it will cause organizations to become complacent and ignore the TRUE positives.<br />Postscript: After writing this blog entry but before posting it, I met some people from the Social Security Administration who confirmed my understanding that there’s no legal requirement for presenting a Social Security card as a condition to work.Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com0tag:blogger.com,1999:blog-18649716.post-56650100908662229872009-03-23T09:48:00.002-04:002009-03-23T09:59:26.313-04:00Election corruption in KentuckyThere's been a number of reports of election corruption in Kentucky. The <a href="http://media.kentucky.com/smedia/2009/03/19/17/clayindict.source.prod_affiliate.79.pdf">indictment </a>is long, but it describes how local officials in Clay County Kentucky used a number of schemes, including paying voters for their votes and tricking voters into walking away from electronic voting machines (DREs) before their vote had been cast. <a href="http://www.crypto.com/blog/vote_fraud_in_kentucky/">Matt Blaze</a> has a very nice writeup on what the indictment really means. <br /><br />The critical things that have been missed by some of the hysterical discussions (e.g., <a href="http://www.bradblog.com/?p=7001">Brad Friedman</a>) are that:<br /><ol><li>Much of the corruption could have happened regardless of the technology in use. Vote buying far predates DREs.</li><li>Auditing wouldn't really help - there were no software attacks, and about the only thing that could have helped is if a pattern were noticed in the audit logs (i.e., perhaps a higher-than-expected percentage of voters appeared to go back from the summary screen and change their votes, in the case where the election officials were telling voters to walk away too soon).<br /></li><li>Paper ballots wouldn't help - the same types of vote buying and stealing can happen with paper ballots. When I was a pollworker in November 2008, many voters handed me their optical scan ballots and walked away (I stopped them) instead of verifying that their ballot was read into the scanner. If I wanted, I could have replaced their ballots with ballots I marked, in just the same way as the Kentucky officials changed voters votes.</li></ol>The real message to be reinforced from this indictment is that election officials, like any other community, has some bad actors. Honest elections require an element of trust in the voting officials; this case proves that the trust isn't always deserved. This shouldn't be surprising, as every organization, including places like the CIA and FBI, have had their share of corrupt insiders.Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com3tag:blogger.com,1999:blog-18649716.post-7292425657260488072009-03-11T22:02:00.002-04:002009-03-11T22:14:33.840-04:00Fairfax County elections in the news againWhile the rest of the country (except Minnesota) is taking a break from elections, it's still election time here in Virginia. Tuesday was a special election to fill a vacancy in the Fairfax County Board of Supervisors (roughly the equivalent of a city council). The vacancy was caused when the former member was elected chair of the Board of Supervisors (roughly the mayor) in a special election in February. That vacancy was caused when the former chair was elected to Congress in November. A domino election, one might say.<br /><br />But even simple elections aren't simple. Last night, things were unclear, as reported in <a href="http://www.washingtonpost.com/wp-dyn/content/article/2009/03/10/AR2009031003495.html">The Washington Post</a>. Today, I spent the day in the canvass, and things became a lot clearer.<br /><br />In this election, there were 25 precincts, and 2 voting machines per precinct. All machines in question were made by Advanced Voting Solution (AVS), and are Windows-based touchscreens called WinVote. (AVS is out of business, as I've noted here before, and although another company is supposedly maintaining the machines, there's not much recourse for failure.) Unlike some other recent Fairfax County elections, there were no optical scans, except for absentee ballots. <br /><br />In one of the precincts, there were two anomalous results:<br /><br />First, on one of the two machines in this particular precinct, the zero tape showed the "public counter" having zero votes (which is as it should be), and then showed three votes for Mr. Cook, two for Mr. Moon, one for Mr. Campbell, and one write-in. That's the pattern Fairfax County uses for L&A testing. But how was it possible to reset the public counter after L&A testing without also resetting the vote totals?<br /><br />Second, at the end of the day, the two machines synchronize via Wi-Fi (the same technology we use at home and in hotels), and then the master machine prints its own vote totals and the<br />combined vote totals. It showed a total of 359 votes cast (which would be about right for one machine in this low turnout election), of which 377 were for Mr. Cook, 328 for Mr. Moon, 15 for Mr. Campbell, and 3 write-ins, for a total of 723 votes. Yes, you read that right - 359 votes, but 723 recorded. And there were only 707 voters in the precinct, so it's not like it did the totals for the races but not the overall total. So clearly the per-candidate totals are wrong, and they don't add up to the total number of votes.<br /><br />The "solution" was to bring up both machines in the precinct (one at a time), have them print their totals, then have them print the "ballot images" (which I put in quotes because they're the software representation of the ballot images), and add those up by hand. When they did that, the number of votes on the two machines combined equaled the number of voters who checked in at the polls, and for each machine the number of voters equaled the sum of the number of votes for the candidates. All of which makes perfect sense... except that it doesn't explain in any way the discrepancies.<br /><br />Finally, one other piece of data: Virginia law says that in a case of machine malfunction, the board of elections is required to follow the instructions in the manual provided by the vendor. I got a chance to see the manual - it's totally silent on what to do. This had the Dem lawyer quite unhappy, since it meant that they're ignoring the law.<br /><br />Shortly after the canvass completed, the Democrat conceded. He was 90 votes behind out of about 12,000 cast. Given Virginia's extremely restrictive recount law, I think that was the right decision - but it leaves unresolved what went wrong with the voting machines.<br /><br />My one hope is that once again both parties will see the dangers of DREs - it was really a coin toss which side would win in such a close race without anything meaningful to look at.Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com1tag:blogger.com,1999:blog-18649716.post-55140015243227250672009-03-08T20:36:00.002-04:002009-03-08T20:38:46.842-04:00Micro-economics - is the economy really *that* bad?I read the newspapers like everyone else, but here's a micro-indicator I just received: "The cookie depots are facing unprecedented demand. Depot transactions are up 27% and the size of each transaction is much larger than last year. We have increased our deliveries to depots this year by 104% yet still stock levels are extremely low in all depots. Cookies are being rushed to us from the bakery as we speak since we have cleaned out, once again, the local supply."<br /><br />Or in non-Girl Scout speak: cookie sales in the Washington DC area are up sharply. Is that because people are giving up luxuries and buying cookies? Is the DC area relatively unscathed? Or is the economy just not as bad as the media is reporting?Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com0tag:blogger.com,1999:blog-18649716.post-8301041101439413792009-02-19T11:52:00.002-05:002009-02-19T11:58:24.537-05:00Hiding from GoogleI recently started working on a project that has a * in the middle of its name - think of GM's On*Star as an example. Google (and other search engines I tried, including Microsoft Live, Yahoo!, and Lycos) all treat the * as a wildcard, and don't allow wildcard escaping.<br /><br />Now On*Star isn't hard to find with Google, because the words "on" and "star" rarely appear together except in this context. But if you take two other words that frequently occur together, put a * between them, and then try to find references to that unique term, you won't get very far. For example, stimulus*package would not be a good name, nor would high*tech.<br /><br />It's not clear to me whether the people who started this project knew that their project name would make it effectively impossible to find the project and either did that intentionally or didn't care, or whether it's a happenstance that is now a problem. But in any case, it's a way to hide in plain sight - any websites they have can be indexed by robots, but won't be found by searchers.Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com0tag:blogger.com,1999:blog-18649716.post-49032164275425548082009-01-25T20:01:00.002-05:002009-01-25T20:41:43.519-05:00When is a safety deposit box not a safety deposit box?For 25 years or so I've had a safety deposit box (SDB), where I keep valuables like birth certificates, savings bonds, passports, stock certificates, etc. It's in a bank about 5 miles from where I live, and I'd like it to be at a more convenient location. It's also at a bank where I no longer have any other business, and I think one of these days they may decide they don't want my safety deposit box business, since they have a limited number of boxes and would like to offer them to other customers.<br /><br />So my current bank (PNC) just opened a branch that's reasonably convenient, and has "Express Storage Boxes" (XSB), which are similar to but not the same as a safety deposit box:<br /><ul><li>XSBs are inside the bank, but not in a vault with a big door & lock (which is also presumably fire proof).</li><li>XSBs can be accessed without talking to a bank staffer any time the bank is open.</li><li>XSBs don't require a signature card to access.</li><li>The customer has both keys to the XSB, and there's no "bank key" required for access.<br /></li></ul>So an XSB seems like a fairly poor cousin to a safety box. But as a security specialist, I think about risk management.<br /><br />What are the threats that a safety deposit box is supposed to protect against, and how well does it actually protect against them?<br /><ul><li>Fire - an XSB is protected by the standard fire protection system in the bank, while a SDB is inside a (somewhat) more fireproof vault. Or at least I assume the vault is more fireproof - it's hard to tell by simply walking in, and asking too many questions might not be a good thing. Banks don't believe in security by openness!</li><li>Flood - probably no difference here.<br /></li><li>Theft - divide this into "bank hours" and "after hours". During bank hours, the requirement for matching signatures provides some (minimal) measure of protection for a SDB, as does the requirement for a bank key. However, the bank key is frequently just kept in an unlocked desk drawer right outside the safe, so it's probably not providing much protection. After hours, the vault (presumably) provides some extra measure of protection for the SDB, although the bank itself presumably has cameras, alarms, etc. which would protect the XSB. Both have the same level of protection against insider (bank employee) theft, since they both require the customer's key to open the box, unless the lock is drilled out which would be pretty obvious.</li></ul>It isn't obvious to me whether a real safety deposit box is worth the additional aggravation, but it just seems wrong to put my stuff in a box in the bank that anyone could walk over and touch. Is the big vault door just feel-good security, or is it truly offering an extra measure of security, given the cameras and sensors that protect the whole of the bank?<br /><br />Of course there's the issue for both XSB and SDB if the lock gets drilled out, but I'll put that risk aside for another day...Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com4tag:blogger.com,1999:blog-18649716.post-49202980830793758282009-01-22T09:09:00.002-05:002009-01-22T09:23:05.200-05:002004 & 2008 - Four Years and A Million MilesTuesday I joined 1.8 million of my closest friends for the celebration of President Obama's inauguration. (As Rachel Maddow says, it just feels good to say it.) It was the nation's biggest party - 50% larger than the previous record, Lyndon Johnson's 1965 inauguration, according to the Washington Post.<br /><br />But more than the number of people is the feeling. In 2004, I went to the inauguration war with my (then) 18 year old daughter to protest against the war in Iraq. With heavily armed police and military on every corner, it felt like we an occupied country under an oppressors thumb. (Some might argue that in fact we were.) The police and military were tense and it showed.<br /><br />By contrast, this week's inauguration was a love-in - a very cold one, but an amazing feeling of optimism for the future. There were far more police and military than there had been four years ago, but we all felt that they were there to protect us - and they seemed relaxed and happy to see the crowds. Yes, it was cold and noisy and very very very crowded -but there's no way to avoid the infectious feel of celebration.<br /><br />My daughter, now 22, her partner, and I arrived just before noon, so we were a mile from the Capitol, almost at the Lincoln Memorial. Anyone who watched the inauguration on TV had a better view than we did - we watched on the Jumbotrons set up along the National Mall. Was it worth going? Absolutely! Feeling the excitement, and knowing that 50 years from now we'll look back and know that we were there when America turned the corner - priceless!<br /><br />(My son and his friends, by contrast, arrived at the Mall at 4am - something they would never do for a class! - and were as close to the front as people without tickets could get. They could see the stage, but not the individual people.)<br /><br />And now the work begins. We'll all find things that we disagree with President Obama as he pushes through his agenda. But a new day has started, and I feel more optimistic than I have in a long time.Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com0tag:blogger.com,1999:blog-18649716.post-71772392293016447792009-01-10T15:33:00.002-05:002009-01-10T15:37:02.917-05:00A good idea, badly doneAccording to a Computerworld <a href="http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9125261&source=rss_topic17">article</a>, "Starting Jan. 1, Visa Inc. is requiring all new fuel-dispensing machines being installed at gas stations around the U.S. to support the Triple Data Encryption Standard, a mandate that is designed to make it harder for identity thieves to <a href="http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=Financial&articleId=9106958">steal debit card data</a> from gas pumps by shielding the personal identification numbers (PIN) of customers."<br /><br />While using strong encryption (such as 3DES) is a good idea, it's too bad that's the focus - breaking the encryption is not a very effective way to steal credit card numbers. Far easier is one of a hundred other methods - breaking into the server where the credit card numbers are stored, installing a "skimmer" to read the credit card at the gas pump, hacking the software, etc.<br /><br />Seems to me that Visa needs a better risk assessment methodology...Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com0tag:blogger.com,1999:blog-18649716.post-27123411224712118272008-12-02T07:14:00.002-05:002008-12-02T07:30:49.463-05:00Getting a proper recount in Virginia's 5th CDAs I <a href="http://abqordia.blogspot.com/2008/11/interesting-undecided-race-virginias.html">wrote </a>almost a month ago, Virginia's 5th Congressional District is still up in the air. The <a href="https://www.voterinfo.sbe.virginia.gov/election/DATA/2008/07261AFC-9ED3-410F-B07D-84D014AB2C6B/Official/6_s.shtml">official results</a> show incumbent Virgil Goode behind challenger Tom Periollo by about 800 votes out of about 300,000 cast.<br /><br />But as I noted in that earlier posting, Virginia recount laws are very restrictive. Let's be precise:<br /><br /><ul><li>If you've got a DRE, you look at the total tapes printed on election day. If they're illegible, you reprint them.<br /></li><li>If you've got optical scan, you reprogram and retest the scanner to only count the one race in question, and rerun the ballots. If the scanner kicks out a ballot, you can examine it by hand.</li><li>If you've got traditional hand-counted paper ballots (<span style="font-style: italic;">not</span> optical scan), you recount those.<br /></li></ul>Note that optical scan ballots aren't examined by hand, unlike in other places. The good news is that you don't have the mess currently going on in Minnesota trying to <a href="http://minnesota.publicradio.org/features/2008/11/19_challenged_ballots/">figure out what the voter was trying to do</a> with some strange markings. The bad news is that if the machine isn't interpreting the voter's markings correctly, it's illegal to actually look at the ballot.<br /><br />The good news is that this problem, which has been of great concern to those of us in the verifiable voting community for years, is now getting some press attention. The WashPost ran a story <a href="http://www.washingtonpost.com/wp-dyn/content/article/2008/11/24/AR2008112402985.html">mentioning the recount</a>, and published a <a href="http://www.washingtonpost.com/wp-dyn/content/article/2008/11/29/AR2008112901696.html">letter to the editor</a> (from me) on the topic. Today, the Roanoke Times published an <a href="http://www.roanoke.com/editorials/wb/186186">editorial </a>calling for a reform of Virginia's archaic recount laws.<br /><br />So maybe there's hope to get some progress on fixing the recount problems this year.<br /><br />In Virginia, the issues of election integrity have been truly bipartisan, because both sides have seen what happens when you can't do a recount: the 2005 Attorney General race (Republican candidate won by <0.02%), 2006 Senate race (Democratic candidate won by <0.4%), and now this race.Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com0tag:blogger.com,1999:blog-18649716.post-73923665547076900302008-11-10T11:20:00.003-05:002008-11-10T11:34:50.704-05:00Old and new in central OhioI spent most of this weekend in central Ohio, visiting my daughter. We spent Saturday roaming the roads of Amish country, a bit northeast of Columbus and southwest of Cleveland. Two items struck my fancy.<br /><br />In Wooster, home of the <a href="http://www.wooster.edu">College of Wooster</a>, we had a nice breakfast and visited Freedlander's Department Store, which is going out of business. Freedlander's is the story of the growth of America's heartland. The store, which until now is the largest independently owned downtown department store in America, was opened in 1884 by a Polish Jewish immigrant who got his start peddling goods from farm to farm before opening his store in the thriving town of Wooster. The store grew over the next 75 years and generations of the founding family, slowly taking over neighboring buildings until it covered most of a downtown block, four stories high. In the 1970s things started declining, and today all that's left is a small fraction of what was there a few decades ago - probably largely done in by suburban stores like WalMart and cars which made it easier to travel to bigger cities & stores. A nice history of the store can be found <a href="http://www.wooster.edu/voice/2008/10/24/features/freedlanders.php">here</a>.<br /><br />The lesson is that we should never assume things will be the same 20 years from now as they are today. The technology industry survives because it constantly reinvents itself, although some companies who have thrived have lost sight of the continuing changes. Wang Labs comes to mind - when I graduated from college in 1980 they were one of the highest of the high fliers, and were in the process of building a huge new campus. Now, almost no one has even heard of them.<br /><br /><br />The second item was also something of a recognition of continuing change, and how people learn to adapt. As is well known, Amish people eschew use of electricity and other modern conveniences. However, after teenagers finish 8th grade (the end of their formal education), both boys and girls are permitted to work in the "English" (secular) world. So I was amused when visiting a cheese store to see the girls, dressed in their traditional Amish clothing, chatting on the phone with their friends, and expertly running cash registers. The cashier I spoke to said she didn't get tired of cheese (which was rather overwhelming in the store), but rather the sheer number of people she had to deal with every day - quite a contrast to her serene farm life. The most amusing example I saw of this old-new contrast was at a flea market, where a young woman (again wearing traditional clothing) was intently staring at a computer screen used to set up a laser engraving machine!<br /><br />I wonder how they feel about the contrast between old and new?Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com0tag:blogger.com,1999:blog-18649716.post-22190180640664487772008-11-09T16:16:00.004-05:002008-11-09T16:20:35.027-05:00Verifiable Voting legislative priorities for 2009Now that the election is over, it's time for the Verifiable Voting Coalition of Virginia (<a href="http://www.vvcva.org">VVCVa</a>) to set our legislative options for 2009. Please post your thoughts as responses to this blog posting!<br /><br /><div><span style="color:#482c1b;">Below is a preliminary list of items that may be on the agenda:<br /><br /></span><ol><li><span style="color:#482c1b;">Non-partisan redistricting (guaranteed to be a good fight again this year)</span></li><li><span style="color:#482c1b;">Explicitly permit independents to be poll workers</span></li><li><span style="color:#482c1b;">No-excuse in person <span style="border-bottom: 1px dashed rgb(0, 102, 204); background: transparent none repeat scroll 0% 0%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;">absentee voting</span> (we keep trying) - maybe we should point out how many people voted absentee and how it contributed to a generally smooth <span style="border-bottom: 1px dashed rgb(0, 102, 204);">election day</span></span></li><li><span style="color:#482c1b;">Explicit instructions on breakdowns - when emergency paper ballots are required</span></li><li><span style="color:#482c1b;">SBE authority to tell jurisdictions the minimum number of ballots they are required to have on hand.</span></li><li><span style="color:#482c1b;">SBE to gain authority to tell jurisdictions the minimum number of poll workers they need - but that is both a funding and an ability to find workers issue, so much harder to make a rule.</span></li><li><span style="color:#482c1b;">Improve the machine to voter ratio.</span></li></ol></div> <div><span style="color:#482c1b;">We're also hopeful that given the very close race in the Virginia 5th Congressional District (undecided at this writing), we'll see interest in fixing Virginia's audit and recount laws, which are among the most restrictive in the nation.<br /><br />If there are specific issues that you would like to work on, also please let us know that. We always welcome help as we develop legislation and lobby legislators. <span style="color:#000000;">We request your feedback before Friday Nov. 14 to be added in time to our coalition' discussion. </span><br /><br />Thanks for all your work this year to write your legislators about your concerns.</span></div>Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com1tag:blogger.com,1999:blog-18649716.post-63609076847592039802008-11-06T20:17:00.002-05:002008-11-06T20:21:56.936-05:00An interesting undecided race - Virginia's 5th CongressionalNo, there's no massive undervotes or hanging chads or anything like that, but Virginia's 5th Congressional District, home to Charlottesville and the University of Virginia, is a cliffhanger: the Democratic challenger was ahead this morning by 31 votes out of 300,000 over the Republican incumbent - as of this writing the margin is about 600 votes. (Most recent info <a href="https://www.voterinfo.sbe.virginia.gov/election/DATA/2008/07261AFC-9ED3-410F-B07D-84D014AB2C6B/Unofficial/6_s.shtml" target="_blank">here</a><a href="https://www.voterinfo.sbe.virginia.gov/election/DATA/2008/07261AFC-9ED3-410F-B07D-84D014AB2C6B/Unofficial/6_s.shtml"> </a>.)<br /><br />There's a couple of interesting things here:<br /><br />(1) Problems with vote total uploads. The coverage (see below) indicates that there were problems uploading the unofficial results into VERIS, Virginia's statewide system for voter registration and election results. (This is the same system that <span style="font-style: italic;">appears </span>to have been the cause of the long lines in Chesapeake.) The coverage indicates that right around midnight there was some sort of glitch and vote totals were scrambled and/or lost. As the reports are short on technical details, I'm not sure what really happened.<br /><br />(2) The race is close enough that there's a good chance one of the candidates will ask for a recount (recounts aren't automatic in Virginia, but allowed when the margin is less than 0.5%). But Virginia law, as readers of this blog may remember, is extremely restrictive. For DREs, you look at the totals from the machines and re-add those. If the tape is illegible, you print a new one. For optical scan, you test the machine (the tests being undefined - it was the best I could do when we were amending the law) and then run the ballots through again and use the results from the total tape. Only with a judge's order can you manually inspect the ballots - but judges have refused since the law doesn't tell them when to allow inspection.<br /><br />Not clear at this point what's going to happen next - will the purported loser challenge things?<br /><br />Local coverage:<br /><br /><a href="http://www.thenewsrecord.com/2008webfiles/20081106election.htm" target="_blank">http://www.thenewsrecord.<span class="nfakPe">com</span>/<wbr>2008webfiles/20081106election.<wbr>htm</a><br /><a href="http://www.wdbj7.com/Global/story.asp?S=9297265&nav=menu368_11_10_22" target="_blank">http://www.wdbj7.<span class="nfakPe">com</span>/Global/<wbr>story.asp?S=9297265&nav=<wbr>menu368_11_10_22</a><br /><a href="http://www.inrich.com/cva/ric/news.apx.-content-articles-RTD-2008-11-05-0282.html" target="_blank">http://www.inrich.<span class="nfakPe">com</span>/cva/ric/<wbr>news.apx.-content-articles-<wbr>RTD-2008-11-05-0282.html</a><br /><a href="http://www.wset.com/news/stories/1108/567630.html" target="_blank">http://www.<span class="nfakPe">wset</span>.<span class="nfakPe">com</span>/news/<wbr>stories/1108/567630.html</a><br /><a href="http://www.roanoke.com/politics/wb/183217" target="_blank">http://www.roanoke.<span class="nfakPe">com</span>/<wbr>politics/wb/183217</a><br /><a href="http://www.wset.com/news/stories/1108/567480.html" target="_blank">http://www.<span class="nfakPe">wset</span>.<span class="nfakPe">com</span>/news/<wbr>stories/1108/567480.html</a>Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com1tag:blogger.com,1999:blog-18649716.post-91765557195017873212008-11-05T20:15:00.003-05:002008-11-05T20:19:16.162-05:00My first day as a pollworker<p class="MsoPlainText">Like many Americans, I had a long day yesterday - I'm a pollworker in Fairfax County Virginia.<span style=""> </span>I started my day at 415am (haven't gotten up that early in a while!) so I could be at my polling place by 500am to start setting up.<span style=""> </span>(I'm jealous of <a href="http://avi-rubin.blogspot.com/2008/11/my-day-at-polls.html">Avi Rubin</a> whose polling place didn't open until 700am, so he got to sleep later!)<span style=""> </span>By the time I arrived, there were already 10 people in line - even though polls didn't open until 600am.<o:p></o:p></p> <p class="MsoPlainText">Virginia is a hodge-podge when it comes to voting equipment.<span style=""> </span>Each city or county (they're different in Virginia) can choose their equipment from a list approved by the state - and they make <a href="http://www.sbe.virginia.gov/cms/Election_Information/Voting_Systems_Ballots/Index.asp">many different choices</a>.<span style=""> </span>Fairfax County uses a hybrid system: Diebold optical scanners and AVS WinVote touchscreen DREs.<span style=""> </span>The WinVote machines have been used for the past few years and voters are familiar with them; the optical scan is new this year thanks to a bill I helped write and pass a couple years ago.<o:p></o:p></p> <p class="MsoPlainText">Once we got the machines set up, the doors opened right on time.<span style=""> </span>I heard (but didn't see) that by the time polls opened, the line went out the door of the school where our polling place was held, and down the street a couple hundred feet.<span style=""> </span>What I know is that the line was non-stop from 600am until about 830am - after which we never had more than a handful of people in line for the rest of the day.<o:p></o:p></p> <p class="MsoPlainText">When voters came in, they went to one of two desks (A-L and M-Z) by last name (yes, some voters asked if it was by first or last name).<span style=""> </span>This turned out to be our bottleneck - thanks to the optical scan machine and the privacy booths described below, we could have completely eliminated lines if we had been able to divide our pollbook into three or four groups, but Virginia law doesn't allow us to do that.<span style=""> </span>Given what I've read in other places, I think I'm happy we didn't have electronic pollbooks.<o:p></o:p></p> <p class="MsoPlainText">In our training, the county election officials had told us we were to give voters the optical scan ballot in a folder with instructions on how to fill it out.<span style=""> </span>If the voter explicitly asked for a DRE, we were to allow them to choose that, but we were not to offer that choice.<span style=""> </span>Some of the pollworkers in my precinct, including the chief, seemed to disagree with that guidance and either suggested the DRE, or asked voters their preference.<span style=""> </span>(Later on in the day the deputy chief noticed this aberration from the policy, and instructed everyone what to do.<span style=""> </span>I heard from friends working in other polling places that they similarly had problems with giving instructions.)<o:p></o:p></p> <p class="MsoPlainText">Most voters were fine with the optical scan, and a few expressed a strong preference for it.<span style=""> </span>Some expressed a strong preference for the DREs - mostly older voters, to my surprise.<span style=""> </span>Why is that?<span style=""> </span>Is it familiarity from the past few elections?<o:p></o:p></p> <p class="MsoPlainText">One of the frustrating parts about this "choice" was that we weren't allowed to tell voters why they should choose one or the other - we couldn't say "the DREs are inaccurate and unauditable" or "it saves money" anything like that.<span style=""> </span>(In fact, during the training, the instructors didn't even know why the change was being made, other than the law told them to.)<span style=""> </span><span style=""> </span>One of the great things about optical scan is that when the line gets long, you get more pens - unlike DREs, where when the line gets long, you're out of luck.<span style=""> </span>But I couldn't say that either.<o:p></o:p></p> <p class="MsoPlainText">Back to the story, we had seven "privacy booths" (basically stand-up cardboard boxes where you can mark your ballot) and three "privacy desktops" (cardboard boxes that sit on a table) for use by voters while coloring their optical scan ovals.<span style=""> </span>During the morning rush, and several other times during the day, we had all 10 of them in use, and sometimes the three DREs were in use also.<span style=""> </span>To do that with all DREs would have taken at least a dozen, at a cost of $3000 each (vs. $5000 for a single optical scanner).<span style=""> </span>So I figure we saved the taxpayers at least $30,000 in my precinct alone (that's before counting the cost of the optical scan ballots, but those are relatively cheap).<o:p></o:p></p> <p class="MsoPlainText">Virginia law says you can have no more than 750 registered voters per DRE (if you're using DREs).<span style=""> </span>My precinct, which has just under 2000 registered voters, could therefore have had as few as three DREs, if we weren't using optical scan.<span style=""> </span>If we had three DREs, instead of 10 cardboard boxes plus three DREs, the lines would have been hours long, and might well have lasted all day - the line which started at 600am might well have had voters waiting six hours or more.<o:p></o:p></p> <p class="MsoPlainText">By about 1100am, over 50% of registered voters had cast their ballots (including absentees).<span style=""> </span>That meant the remaining 8 hours were slow - there just weren't that many voters left.<span style=""> </span>There was no last minute rush with people running in to cast their ballot just before the doors closed at 700pm - in fact, our last voter came in about 5 minutes before closing.<span style=""> </span>When we closed the polls, just over 80% of registered voters had cast ballots - consistent with the rest of the county.<o:p></o:p></p> <p class="MsoPlainText">Then came the long process of closing out the machines, packing everything up, accounting for every piece of paper, reconciling totals, etc.<span style=""> </span>(There was one mistake which initially caused us to think we had one more votes than voters - until we discovered by careful review that in the pollbooks, someone had marked two different people as the 59th voter of the day.<span style=""> </span>Mystery solved.)<span style=""> </span>We didn’t finish until 930pm.<span style=""> </span>Then I went home and watched election results.<o:p></o:p></p> <p class="MsoPlainText">For working from 500am to 930pm, I earned $100.<span style=""> </span>(Plus I had to take training, which is unpaid.)<span style=""> </span>Definitely not a way to get rich.<o:p></o:p></p> <p class="MsoPlainText"><o:p> </o:p></p> <p class="MsoPlainText">Some lessons learned and other notes:<o:p></o:p></p> <p class="MsoPlainText">When I went to pollworker training, I had to present an ID.<span style=""> </span>But when I showed up to work as a pollworker, no one asked to see my ID.<span style=""> </span>This is similar to the TSA "identity triangle" problem - the TSA matches your ID against your boarding pass, and the airline makes sure you have a valid boarding pass, but no one checks that the two are the same, which allows for <a href="http://www.theatlantic.com/doc/200811/airport-security">subverting the system</a>.<span style=""> </span><span style=""> </span>If someone knew that I was a pollworker in my precinct, they could show up at 500am and claim to be me - and get access to things like the key that authorizes casting multiple votes on a machine.<span style=""> </span>Of course, if the real person showed up, that would make things sticky - but in the meantime, it highlights a low-risk vulnerability in the system. <o:p></o:p></p> <p class="MsoPlainText">The most novel way to cast a ballot incorrectly was a voter who after marking his ballot, slipped it in between the base and side of the cardboard privacy booth (so it fell to the floor underneath the box).<span style=""> </span>Luckily, I realized this as he started to walk out the door without scanning his ballot (I was standing at the scanner at that point helping voters), so I retrieved his ballot and got it scanned in.<o:p></o:p></p> <p class="MsoPlainText">At the close of the night, I noticed that the presidential breakdown was roughly 55%/45% for Obama on the optical scan machine vs. 50%/50% on the DRE.<span style=""> </span>Friends in other precincts noticed similar discrepancies.<span style=""> </span>Why is that?<span style=""> </span>Are people who like DREs more likely to vote Republican?<span style=""> </span>I don't think it's just coincidence, given the wide difference and the consistency across precincts.<o:p></o:p></p> <p class="MsoPlainText">Localities in Virginia that use DREs only learned the hard way that the lines just get too long, since you can't just go out and buy more when lots of voters show up.<span style=""> </span>Perhaps instead of arguing against DREs on the basis of security or reliability, we should argue on the basis of line length - that's something everyone can understand!<o:p></o:p></p> <p class="MsoPlainText">And finally: several voters came up to me and other pollworkers during the day and thanked us for being there.<span style=""> </span>While it didn't make me any less tired, it sure was nice to feel appreciated!<o:p></o:p></p>Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com1tag:blogger.com,1999:blog-18649716.post-80267545429984315502008-11-03T06:56:00.001-05:002008-11-03T06:56:55.641-05:00Push or pull for prescription security?I recently had a reason to fill two prescriptions on the same day, one at a local pharmacy and the other through a mail-order pharmacy. In both cases, the same doctor was writing the prescriptions.<p>First, I tried calling the doctor to get copies of the prescriptions to bring to the store and mail off. No luck - he doesn't do that any more. (Maybe if I had an office visit he would, I don't know.) Instead, it's all done electronically - but the two were handled differently by the pharmacies.<p>For the mail-order pharmacy, I had to call them, give them the name and phone number of my doctor (which they looked up in some sort of registry), the names of the prescriptions, and my insurance and credit card number to pay. They then called the doctor, who approved the prescriptions by phone. For the local prescription, I called the doctor's office, gave them the phone number of the pharmacy which they called and ordered the prescription, which I then picked up and paid for.<p>So I wondered, is one of these more secure and/or private? I don't think there's a privacy difference - in both cases, my doctor (obviously) knows what prescriptions I'm taking, and so does the pharmacy. In the mail order case, presuming that they really checked the doctor's information I gave them against some sort of authorized prescribers list, then a patient can't get prescriptions without approval (unless I subvert the doctor's telephone system and redirect the approval calls). And in the local pharmacy case, while I could cause the doctor's office to call a fake pharmacy (since I provide them with the phone number), that would have no real value to me.<p>The most likely problem is if I could convince the mail order pharmacy that the doctor's phone number had changed, and their records were out of date, then I might be able to get prescriptions that aren't authorized. Presumably they have processes in place to prevent those types of attacks - and those processes are hopefully stronger for controlled drugs (e.g., narcotics) than for ordinary medications (e.g., antibiotics).<p>As a security engineer, I can't help but think about the security aspects of almost anything I see...Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com0tag:blogger.com,1999:blog-18649716.post-38345810377473617122008-10-29T10:12:00.002-04:002008-10-29T10:21:25.984-04:00A real-life Zelig<a href="http://en.wikipedia.org/wiki/Zelig">Zelig </a>is a Woody Allen film about Leonard Zelig, a "human chameleon" who shows up (thanks to very clever editing) in all sorts of historical places. There are echoes of the idea in <a href="http://en.wikipedia.org/wiki/Forrest_Gump">Forrest Gump</a> (better known for the line "life is a box of chocolates").<br /><br />Robert Furman, age 93, <a href="http://www.washingtonpost.com/wp-dyn/content/article/2008/10/18/AR2008101801942.html">died </a>last week. He was a real-life Zelig - as a young man, he supervised building the Pentagon, helped bring scientists to Los Alamos, tracked German scientists like Werner Heisenberg across Europe during and after World War II, and worked with baseball player turned spy <a href="http://en.wikipedia.org/wiki/Moe_Berg">Moe Berg</a>. When the war was over, he didn't speak of his involvement but instead returned to a quiet life, eventually becoming a builder of shopping malls.<br /><br />An obituary well worth reading. And a man I wish I had known.<br /><br />[For a fascinating biography of Moe Berg, read "<a href="http://www.amazon.com/Catcher-Was-Spy-Mysterious-Life/dp/0679762892/ref=sr_1_1?ie=UTF8&s=books&qid=1225289974&sr=8-1"><i>The Catcher Was a Spy: The Mysterious Life of Moe Berg</i></a>." It mentions many of the same incidents listed in the obituary, with more details, although it disputes the claim in the obit that Berg spoke seven languages.]Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com0tag:blogger.com,1999:blog-18649716.post-74505688894181336172008-10-10T09:07:00.002-04:002008-10-10T09:10:37.185-04:00Proud papaI usually write about technology topics. But today, I have to <a href="http://www.sbjf.org/sbjco/schmaltz/yiddish_phrases.htm">shep naches</a>: my son Daniel spent the summer on a research program at the <a href="http://www.weizmann.ac.il">Weizmann Institute</a> in Rehovot Israel, and yesterday an article about his summer experience <a href="http://www.connectionnewspapers.com/article.asp?article=320696&paper=63&cat=104">appeared </a>in the local newspaper. Makes a father proud!Jeremyhttp://www.blogger.com/profile/10024431949628837220noreply@blogger.com0