Category Archives: Security

Security

Diebold v. Felton (again)

Leave a comment

Ed Felton wrote a very clear and convincing presentation on the unacceptable security weaknesses in electronic voting systems. Naturally Diebold responded, but unfortunately their response was sadly amateurish and attacked Felton’s credentials rather than refute any of his arguments. In fact, they played some classic marketing ploys to prop up their position after the facts clearly were not on their side. Felton then responded point-by-point and made even more compelling arguments against Diebold voting boxes. For example:

Diebold: The current generation of AccuVote-TS software — software that is used today on AccuVote-TS units in the United States — features the most advanced security features, including Advanced Encryption Standard 128 bit data encryption, Digitally Signed memory card data, Secure Socket Layer (SSL) data encryption for transmitted results, dynamic passwords, and more.

Felton: As above, Diebold does not assert that any of these measures would prevent the attacks described in our paper. Nor do we see any reason why they would.

“The most advanced security features.” Sounds great, no? And the “most advanced” status is validated by whom? On what scale? More advanced than absentee ballot security?

Diebold: Every voter in every local jurisdiction that uses the AccuVote-Ts should feel secure knowing that their vote will count on Election Day.

Felton: Secure voting equipment and adequate testing would assure accurate voting — if we had them. To our knowledge, every independent third party analysis of the AccuVote-TS has found serious problems, including the Hopkins/Rice report, the SAIC report, the RABA report, the Compuware report, and now our report. Diebold ignores all of these results, and still tries to prevent third-party studies of its system.

The fiasco in Los Angeles proves that even influential officials think that secrecy about software and bold marketing language is an acceptably low bar for American elections. We laugh about people voting after death in Chicago, but the vote manipulation was real. Why make those mistakes again? The Online Journal has a report on a sad state of current affairs in the windy city:

The $50 million touch-screen and optical-scan voting system provided by Sequoia Voting Systems failed across Chicago and suburban Cook County during the March 21 Illinois primary. However, the leading corporate-controlled newspapers merely lamented the failures of the system without addressing its fundamental flaws or even reporting that the company running the election is foreign-owned.

The “high-tech” computerized voting system was “cumbersome” and “slow,” one mainstream Chicago newspaper reported. The machines failed across the county causing “plenty of frustration and confusion for voters,” the paper reported. The ballots and votes from more than 400 precincts were still uncounted two days after the election due to machine malfunctions and lost memory cartridges which contain the results.

Reports from other dailies noted that as of noon Wednesday, Chicago was missing memory cartridges from 252 polling stations while Cook County officials “couldn’t find” the results from 162 suburban precincts.

Election officials tried to assure the public that although nobody knew where all the ballots and computerized memory cartridges were, they were “most assuredly not lost.”

“I don’t trust that,” U.S. Rep. Bobby Rush (D-Ill.) said. “This is Chicago. This is Cook County. We created vote fraud, vote scandal and stealing votes. We created that mechanism. It became an art form.”

“Ballot chaos” is how another large Chicago newspaper described the situation in which the votes from hundreds of precincts could not be found or counted on Election Night.

“We have accounted for the votes,” Langdon Neal, city election chairman told the publication. “What we haven’t been able to do is count them.”

In one precinct on the Near South Side, for example, the Sequoia optical scanner failed to register anything but Republican ballots. Although “election officials” tried to repair the machine four times, by the end of the day it had failed to register a single Democratic ballot in a precinct in which some 86 percent of the voters are Democrats.

We should all be wise to the verifiable paper-trail, like a receipt system proposed by Rivest, since that is the only real type solution that can be trusted. I would no sooner want electronic voting systems to be adopted in my neighborhood than a bottle of snake-oil in my medicine cabinet.

History, Security

The Haditha Affair

Leave a comment

Vanity Fair has published a tragic story that attempts to reconstruct events related to the death of one Marine and twenty-four Iraqi men, women, and children on November 19, 2005 in Haditha, Iraq:

When noncombatants are killed, it matters little to the survivors whether the American rules allowed it, or what the U.S. military courts decide. The survivors go to war in return, which provokes more of the same in a circular dive that spirals beyond recovery. Haditha is just a small example. By now, nearly one year later, hatred of the American forces in the city has turned so fierce that military investigators for the trials at Pendleton have given up on going there. That hatred is blood hatred. It is the kind of hatred people are willing to die for, with no expectation but revenge.

[…]

A man cries, “This is an act denied by God. What did he do? To be executed in the closet? Those bastards! Even the Jews would not do such an act! Why? Why did they kill him this way? Look, this is his brain on the ground!”

The boy continues to sob over the corpse on the floor. He shouts, “Father! I want my father!”

Another man cries, “This is democracy?”

Well yeah, well no, well actually this is Haditha. For the United States, it is what defeat looks like in this war.

Side note: two of three 500-pound laser-guided GBU-12 Paveway bombs were duds on that day. That is the same munition used to kill Al Zarqawi, and it was originally developed to attack “many small and moving targets on the Ho Chi Minh trail” in the Vietnam War.

The problem with identifying the enemy reminds me of a particular type of problem in network security during the mid 1990s. Many initially believed that the best way to respond to someone sending denial of service attacks to your perimeter was to respond with similar or even superior floods of packets. The problem with this, as was quickly discovered, was the difficulty in positively identifying the true source of the attacking packets. An IP address is easily spoofed. This problem was then actually made worse when a “smurf attack” was devised. Smurfing meant sending just enough attack packets to a victim network that the systems would start attacking each other. In other words, a clever attacker can sometimes use very little effort to stir up a large battle that they could never win on their own.

History, Security

Ike Was Right

5 Comments

Excellent article by Michael Hirsh:

Oct. 4, 2006 – He was a Republican president from Texas at a time of great peril for America, a moment in history when the conservative base of his party was dominated by radical thinking about how to take on the nation’s mortal enemy. It was an election year, and the GOP was making political hay by mocking Democratic weakness. Among the most radical Republican critics was one of the president’s own top cabinet officers, who called for pre-emptive war.

But Dwight D. Eisenhower said no to that. In some of the most important yet little appreciated decisions ever made by any U.S. president, Ike faced down both his own advisers and his base in the early to mid-’50s and embraced the containment policies of the other party. And he did it for a simple reason: he knew they were right. His only litmus test was competence.

Um, just one thing. President Eisenhower was born in Texas but he actually was from Abilene, Kansas.

Thus Ike is about as Texan as George W. Bush is a Connecticutian (born in New Haven, Connecticut). But of course it makes for a surprise opening to read “Republican president from Texas” in an article about great leadership…

History, Security

Iraq Security Continues to Decline

Leave a comment

The BBC does not mince words with this report. Clearly the Bush administration policies are turning out to be little more than hot air, leaving Iraq a more dangerous place and feeding anti-American sentiments. Since Bush and his team have systematically removed anyone who disagreed with their view of progress (Powell, Garner, etc.) they ultimately have no one left to blame for their failures:

The next stage involves plans to build trenches around Baghdad to make it harder for insurgents and militia groups to get themselves and supplies in.

But no-one believes such a huge city can be sealed off.

And this operation also means the Americans are more exposed to attack. At least 15 soldiers and marines have been killed since Saturday, most in the Baghdad area.

In Washington, much has been made of Bob Woodward’s statements that there are now 800-900 attacks a week.

In fact, such figures were already public.The Washington-based think tank the Brookings Institution has published such statistics on its Iraq Index for some time.

The debate here is not over statistics or how bad things are. It is what to do about it before it is too late.

The answers seem to be running out.

Newsweek’s “State of Denial” covers more of the internal machinations of Rumsfeld, Rice, Cheney and Bush as they struggle to shirk accountability:

Indirection? Two or three steps removed? It was inexplicable. Rumsfeld had spent so much time insisting on the chain of command. He was in control; not the Joint Chiefs, not the uniformed military, not the National Security Council or the NSC staff, not the critics or the opiners. How could he not see his role and responsibility?

In a 2004 interview, Garner referred to a relativistic policy “template”:

PALAST:
Garner says his desire for quick elections conflicted with the Bush administration’s economic timetable. Even as they battled to put out oilfield fires, Washington pushed a timetable for privatising oil and other industries.

GARNER:
I think we as Americans – and this isn’t sepia – just we as Americans we tend to like to put our template on things, and our template is good for us, but it is not necessarily good for everybody else. TE Lawrence has a great saying – I wish I could repeat it exactly, I can’t, but it goes something like this: “It is better for them to do it imperfectly than for us to do it for them perfectly because in the end this is their country and you won’t be here very long.” I think that’s good advice.

PALAST:
While Iraqis worried about power and water, Washington’s concern was that Garner impose an elaborate plan to redesign Iraq’s economy on a radical free market model.

Bush put his template on Iraq, and Rumsfeld and Cheney made sure it was his and only his template that would be used. So how can they say today that someone else designed it or that it was not their idea to smash down the square peg of free market economics into a round hole of Iraqi political and social stability?

It is so terribly tragic that the administration’s idea of a free market apparently assumed that security costs would be negligible. Someone completely missed the fact that destruction of essential public services not only creates opportunity for development but even more so for the opposite; far more cost-effective destructive forces (fueled by unguarded stockpiles of weapons), which the US can now scarcely afford to compete with. It seems obvious, but the Bush administration clearly did not appreciate how dangerous it is to remove all the safeguards and structure from a society when you have not figured out a reliable way to prevent exploitation and opportunism by forces other than those you can control.

PALAST:
One year on, the General still worries about the cost of putting economic programmes before democratic elections.

GARNER:
I’m a believer that you don’t want to end the day with more enemies than you started with.