A Really Secret Ballot

ACM TechNews highlights a voting and encryption article in The Economist about the search for a way of voting that is both reliable and trustworthy. Encrypting people's votes might achieve some trustworthiness.

Dr. Peter Ryan, computer scientist at the University of Newcastle upon Tyne in England may have found one way of doing this. Ryan calls his development "Pret a Voter". The gist of his approach is that paper ballots are used that are in two halves. The candidates' names are on one side and the the tick boxes are on the other. The voter ticks the boxes he wants and divides the paper, putting only the half with the tick boxes on it in the ballot box. The ballots are then scanned by optical reader. The 'trick' part is that the candidates are listed in random order on each ballot paper.

While anyone looking at the deposited half of the ballot paper cannot determine in whose interest the votes were cast, the machine can because each deposited half also carries a cryptographic cipher containing the candidate order on that particular ballot.

A second approach elaborates on Ryan's system. Ben Adida and Ron Rivest, of the Massachusetts Institute of Technology, have created what they call "Scratch & Vote". The ballot paper looks the same as that used in Ryan's 'Pret a Voter', but with an additional scratch-off area that acts as an extra level of security.

David Chaum, a computer scientist and cryptographer who, among other things, invented the idea of digital cash, has created a third idea called Scantegrity II. In this approach, a voter fills in an oval-shaped space instead marking an 'x' next to a candidate's name. With Scantegrity however, the voter uses a special pen whose "ink" reacts with a pattern of two chemicals that has been printed inside the oval-shaped space.

While none of these solutions has been widely tested yet meaning American voters will not see them in process for this election, there is a good chance they will be offered in the next election, especially if scandals emerge in the coming election.

For details on the 3 approaches, see full write-up in The Economist.

US's First Internet Votes To Be Cast This Friday

Slashdot is running an article today about the nation's first Internet-based voting system, which goes online this Friday.

Between Oct. 24 and Nov. 2, an estimated six to seven hundred U.S. citizens will use PCs with no hard drive and other disabled components (hardened laptops to remove security risks) located at specific kiosks in Germany, Japan and the U.K. to cast their votes for president. The Okaloosa Distance Ballot Piloting (ODBP) test program could help change the current bureaucratic obstacle course now affecting roughly 6 million overseas residents who must register earlier than other voters and whose mail-in absentee ballots could be mishandled.

Despite the favorable results of Director of the Security and Assurance in Information Technology (SAIT) Laboratory Alec Yasinac's security analysis, the mere fact that a wider computer security community has not been asked to evaluate the ODBP program has resulted in a multitude of unanswered questions.

"We should not go ahead until full details of the system have been disclosed," says David Dill, a professor of computer science at Stanford University, who has testified before Congress about electronic voting. Dill praises Okaloosa County's program for attempting to create a secure, verifiable system that includes the use of paper Voter Choice Records (VCRs) to allow for a 100 percent audit against the electronic votes. Other locations have adopted less secure alternatives for overseas voters, allowing them to send ballots in by fax or e-mail. Still, he believes the pitfalls outnumber the benefits. "If not for the VCRs, this entire proposal would be completely unacceptable," Dill says. "But if the goal is to hand count every one of them, that seems like a lot of overhead for what amounts to a complicated way to fill out paper absentee ballots. The way I look at it, the entire Internet voting part of this scheme is confusing and possibly harmful."

See more in Popular Mechanics.

Ohio Secretary of State's Web Site Hacked; voter suppression tactics

The Risks Digest reports today that the office of the Ohio Secretary of State Jennifer Brunner has cut back on the accessible functionality of its website after an apparent security breach was detected by technical staff. A statement from the office noted that "this is not the first instance of direct assault on the operations of the Secretary of State's office." It has been bombarded with phone calls and email "with menacing messages and even threats of harm or death," according to the statement.

"What we know is our IT department detected a situation with our Web site where there was somehow suspicious activity where someone could have gotten into our site and tried to move things around," a spokesman told The Cleveland Plain Dealer Monday afternoon.

Brunner and her office are in the midst of a bitter dispute with the state Republican Party which demanded that her office release a list of new voter registrations that don't match state and federal database records.

Ohio has 20 electoral votes and is a battleground state. Voter registration records this year in Ohio show record levels of registrations.

See article in wired.com.

Thousands Face Mix-Ups in Voter Registrations

ACM TechNews reports that new state voter registration systems throughout the United States are mistakenly rejecting voters and thus potentially disrupting the entire election process.

The problems are originating from the change from locally managed lists to statewide databases, a change required by the Help America Vote Act, passed in 2002 in the aftermath of the deadlocked presidential race 2 years earlier. While the switch is supposed to be a more efficient and accurate way to keep lists updated, the transition to the new state registration systems are incorrectly rejecting thousands of voters across the country. It is impossible to know how many voters are affected nationwide.

In Alabama, scores of voters are being labeled convicted felons based on erroneous lists. Michigan must restore thousands of names it illegally removed from voter rolls over residency questions. Tens of thousands of voters could be affected in Wisconsin since officials there admit that their database is wrong in one out of five times that it flags voters.

The electronic lists have been coming online gradually and for 31 states this will be the first time they are used in a presidential election. It is

"this season's big issue," said Wendy R. Weiser, who directs voting rights projects for the Brennan Center for Justice at New York University's School of Law, noting that efforts to keep names off the lists are "a new trend, not in the majority of states but in the battleground states."

See full article at washingtonpost.com.

E-Voting Report: Several States Still Vulnerable

ACM TechNews flagged an article in PCWorld about the inadequate assurance of the accuracy of electronic-voting machines, as per a report from three voting security advocacy groups. The report, released by Common Cause, Verified Voting, and the Brennan Center for Justice at the New York University School of Law, predicts that some voting systems will fail on election day.

Pamela Smith, president of Verified Voting said that state protections against voting fraud and e-voting machine failure have improved greatly since the last U.S. presidential election in 2004. Still, several states refuse to take basic precautions to protect the integrity of voting systems, she added.

"There are some folks who still don't get it," said Smith.

Colorado, Delaware, Kentucky, Louisiana, New Jersey, South Carolina, Tennessee, Texas, Utah, and Virginia all received failing grades in three of four voting security areas. Of the 24 states using direct-recording electronic machines, only California, Indiana, and Ohio received satisfactory grades in all four categories.

David Beirne, executive director of the Election Technology Council, a trade group representing e-voting machine vendors, says the report came too late for changes to be made this year.

For details, see PCWorld.

Tool To Allow ISPs To Scan Every File You Transmit

Slashdot posts a story about a tool developed by Brilliant Digital Entertainment, an Australian software company, that can scan every file that passes between an ISP and its customers. The new monitoring technology appearing simultaneously with changes in U.S. law are adding pressure to turn Internet service providers into cops examining all Internet traffic for child pornography.

Privacy advocates are objecting to such tools and say that monitoring all traffic would be an unconstitutional invasion.However, such monitoring just became easier with a law approved unanimously by Congress and signed on Monday by President Bush.

A PowerPoint slide show from Brilliant Digital Entertainment describing the technology was passed on to AOL last month by two powerful forces in the fight against child porn, the office of New York Attorney General Andrew M. Cuomo and Ernest E. Allen, president and CEO of the National Center for Missing and Exploited Children.

"This would be plainly illegal in the United States, whether or not a governmental official imposed this on an ISP or the ISP did this voluntarily," John Morris of the Center for Democracy and Technology said after viewing Brilliant Digital's slide show. "If I were the general counsel of an ISP, I wouldn't touch this with a 10-foot pole."

For more information, see MSNBC.

International Spam Ring Shut Down

Slashdot features a New York Times story about the imminent shutdown of an international spam ring with ties to Australia, New Zealand, China, India and the U.S. Using the CAN-SPAM Act of 2004, finances of the members in the U.S. are being frozen while the FBI pursues criminal charges.

The group, using several names but was known among spam-fighting organizations as HerbalKing, sent billions of unsolicited messages to Internet users of the last 20 months, promoting replica watches and an assortment of pharmaceuticals, including weight-loss drugs and herbal pills that supposedly provide enhancement of male anatomy. Officials and investigators say this spam operation was perhaps the most extensive encountered.

“They were sending extraordinary amounts of spam,” said Jon Leibowitz, an F.T.C. commissioner. “We are hoping at some level that this will help make a small dent in the amount of spam coming into consumers’ in-boxes.”

For full article, see the New York Times, as well as a press release from the Federal Trade Commission.

E-voting security result 'awful,' says Ohio secretary of state

ACM TechNews excerpted an article describing how Ohio voters who do not trust touch-screen systems will be given the option of a paper ballot. This action follows largely from the results of Ohio Secretary of State Jennifer Brunner's Evaluation & Validation of Election-Related Equipment, Standards, & Testing (EVEREST) analysis. The analysis uncovered "critical security failures" in every system evaluated by teams of both corporate and academic computer scientists and security specialists.

Brunner said that the results of the test exceeded her worst expectations.

"When I finally saw the results of our [EVEREST] tests, I thought I was going to throw up," she says. "I didn't think it would be that bad. And it was--it was awful."

See full article in COMPUTERWORLD.

New Bill To Rein in DHS Laptop Seizures

Slashdot writes of a proposed new bill that would limit the searches of laptops or other electronic devices to cases where customs agents have reasonable suspicion of illegal activity. In addition, the legislation would limit the length of time a device could be removed from its owner's possession, after which the search becomes a seizure, requiring probable cause.

The Travelers Privacy Protection Act, written by U.S. Senators Russ Feingold, D-Wis., and Maria Cantwell, D-Wash., and Representative Adam Smith, D-Wash., was introduced in response to a Department of Homeland Security policy, released on July 16th that allows customs agents to detain laptops for an indefinite period of time to "review and analyze" their contents, "absent individualized suspicion". That policy was released after reports emerged of U.S. customs agents requiring American citizens and legal residents to turn over their laptops or cell phones and wait for hours while the devices were searched. In some cases, the contents of the devices were copied. In other cases, the devices were confiscated and returned weeks or even months later with no explanation.

“Most Americans would be shocked to learn that upon their return to the U.S. from traveling abroad, the government could demand the password to their laptop, hold it for as long as it wants, pore over their documents, emails, and photographs, and examine which websites they visited – all without any suggestion of wrong-doing,” Feingold said. "Focusing our limited law enforcement resources on law-abiding Americans who present no basis for suspicion does not make us any safer and is a gross violation of privacy. This bill will bring the government’s practices at the border back in line with the reasonable expectations of law-abiding Americans.”

See more at Security Focus.

Data-Mining for Terrorists Not 'Feasible,' DHS-Funded Study Finds

Yesterday, Wired Magazine's online network blog covered a report by a privacy and terrorism commission funded by the Department of Homeland Security that found that the technology designed to decide from afar whether a person had terrorist intent would not work. The committee, created by the National Research Council in 2005, says that false positives could quickly lead to privacy invasions.

"Automated identification of terrorists through data mining (or any other known methodology) is neither feasible as an objective nor desirable as a goal of technology development efforts," the report found. "Even in well-managed programs, such tools are likely to return significant rates of false positives, especially if the tools are highly automated."

Committee co-chair Charles Vest made it clear at the unveiling of the report in Washington yesterday that the committee was not dismissing the threat of terrorism to us physically and as a nation.

"Terrorists can damage our country and way of life in two ways: through physical, psychological damage and through our own inappropriate response to that threat," Vest said in opening remarks (.mp3).

The committee emphasized that the government should have useful tools to fight terrorism, but that they must respect Americans' privacy.

See article in Wired Blog Network.

Computer Hardware 'Guardians' Protect Users From Undiscovered Bugs

ACM TechNews relates how researchers at the University of Michigan developed a system that allows microprocessors to work around functional bugs, including those yet undetected.

Intel and other chipmakers uncover bugs by simulating different scenarios, commands, and configurations a processor might encounter. However, not all bugs are found since it is practically impossible to simulate every possibility. The researchers' system builds a virtual fence that prevents chips from operating in untested configurations. The system tracks all configurations that a company tested and then stores that information on a tiny monitor that is added to each processor. The miniscule monitor, called a "semantic guardian", works by keeping the processor inside its virtual fence. When the chip encounters an untested configuration, it switches the processor to a slower safe mode.

"Users wouldn't even notice when their processor switched to safe mode," said Valeria Bertacco, assistant professor in the Department of Electrical Engineering and Computer Science. "It would happen infrequently, and it would only last momentarily, to get the computer through the uncharted territory. Then the chip would flip back to its regular mode."

See details at UNIVERSITY OF MICHIGAN NEWS SERVICE.

DHS To Proceed With Spy-Satellite Surveillance Program Despite Privacy Concerns

SANS Institute brings to light the story of a Department of Homeland Security program called the National Applications Office (NAO) proceeding with the first phase of a highly controversial satellite-surveillance program, despite not ensuring that the program will comply with privacy laws.

The Government Accountability Office (GAO) issued a non-classified but highly sensitive 60-page report that, according to one source says that the department

"lacks assurance that NAO operations will comply with applicable laws and privacy and civil liberties standards."

Through NAO, US government officials at the federal, state and local levels gain access to data gathered by spy satellites to help them with emergency response and domestic security concerns.

House Homeland Security Committee Chairman Bennie G. Thompson of Mississippi and other Democrats asked Congress to freeze the money for the program until after the November election. However, the bill Congress approved and which President Bush signed into law Tuesday, allows the department to launch a limited version now.

See complete article in the Wall Street Journal.

Tracking Laptop Thieves Safely

ACM TechNews reports on free laptop-tracking software developed by researchers at the University of Washington (UW) and the University of California, San Diego. The software is called Adeona and it transmits the location of a device back to a central server.

However, some experts worry that, without additional security measures, this type of tracking technology could inadvertently make users more vulnerable to spying.

"If you lose your laptop, a commercial service can tell you where it is right now," says Tadayoshi Kohno, an assistant professor of computer science at the University of Washington, in Seattle. "The issue, from a privacy perspective, is that this also means that someone who might break into or have access to the commercial service's database might be able to track you even before the laptop leaves your possession."

For details, see Technology Review.

CSRF Flaws Found On Major Websites, Including a Bank

Slashbook reports on a recent announcement by Princeton researchers about four major Web sites on which they found exploitable cross-site request forgery (CSRF) vulnerabilities. The sites are NYTimes, YouTube, Metafilter and INGDirect.

YouTube, Metafilter and INGDirect have since patched the vulnerabilities after having been alerted to them, but the NYTimes has yet to fix theirs.

In a CSRF attack, the attacker can force a user's browser to request a page or an action without the user knowing. CSRF is not well understood in the Web development community, making it a common vulnerability on websites.

“CSRF is extremely pervasive. It’s basically wherever you look,” says Jeremiah Grossman, CTO of WhiteHat Security.

Princeton's discovery of CSRF bugs on well-known websites is only the tip of the iceburg.

“We're starting to see more and more of these attacks, and I believe this will continue until developers become more educated about CSRF" says Bill Zeller, a PhD candidate at Princeton.

See darkREADING for more information.