Obama Administration to Inherit Tough Cybersecurity Challenges

ACM TechNews remarks on the status of the initiatives launched in the current administration and what U.S. President-elect Barack Obama will need to take on to improve cybersecurity. Many of the current initiatives are still works in progress, including the Homeland Security Presidential Directive-12 (HSPD-12) which aspires to improve the security of government facilities and computer networks by requiring federal agencies to issue new smart card identity credentials to all employees and contractors by the end of October. Meeting that goal is at least two years away however.

The need is critical for the Obama administration to stop tying federal cybersecurity responses so closely to the post-9/11 war against terror, says analyst at Gartner Inc., John Pescatore.

"The terrorist attacks of 2001 sent the Bush administration in the wrong direction" on the cybersecurity front, Pescatore said. There's been too much of tendency to view cyberthreats in the same light as physical terrorism threats and to respond to them in the same manner. In the process, some of the more immediate threats to government data and networks have been somewhat overlooked, he said

.
See full story in COMPUTERWORLD.

Minnesota Senate Race Could Hinge on Scanning Machine Mistakes

ACM TechNews notes that according to an article in cnet news, the U.S. Senate race in Minnesota is yet undecided and that a hand recount could reveal that several thousand votes were mistakenly rejected by optical-scan voting machines. The outcome of the Senate race may depend on whether scanning machines made mistakes two weeks ago when tabulating ballots. Republican Senator Norm Coleman holds only a 200 vote lead over his opponent, Democrat Al Franken. With Coleman's lead being under a margin of 0.5 percent of the more than 2.9 million votes cast in the race on November 4th, the state automatically starts a hand recount of every ballot.

Director of governmental affairs for the Minnesota secretary of state's office Beth Fraser says the optical scanning machines used to read paper ballots could have mistakenly rejected enough ballots to affect the outcome of the race.

Although the optical scanning machines may have rejected some crucial votes, Fraser said the machines are still the best option for counting votes.

"It speeds up the counting but gives us the paper ballots to count on, so the results are fully auditable," she said.

See entire article in cnet news.

Feds Can Locate Cell Phones Without Telcos

Slashdot flags on Ars Technica report about the release of documents obtained under the Freedom of Information Act suggesting that "triggerfish" technology can be used to pinpoint cell phones without involving the cell phone providers at all. Triggerfish are cell-tower spoofing devices that can trick cell phones into giving up their location and other identifying information without notifying the carrier or the user. This may be significant because the legal rulings requiring law enforcement to meet a high "probable cause" standard before acquiring cell location records have so far pertained to requests for information from providers.


The Justice Department's electronic surveillance manual explicitly suggests that triggerfish may be used to avoid restrictions in statutes like CALEA (Communications Assistance for Law Enforcement Act) that bar the use of pen register or trap-and-trace devices...

It is therefore somewhat surprising that it is only with the passage of the USA PATRIOT Act in 2001 that the government has needed any kind of court order to use triggerfish. Although previously the statutory language governing pen register and trap-and-trace orders did not appear to include location tracking technology, the updated definition explicitly includes any "device or process which records or decodes dialing, routing, addressing, and signaling information."


See full story in Ars Technica.

Why Veins Could Replace Fingerprints and Retinas as Most Secure Form of ID

ACM TechNews mentions the fact that finger vein authentication is starting to gain traction in Europe. Widely introduced by Japanese banks in the past two years, it is claimed to be the fastest and most biometric method of authentication. Companies in Europe have also begun to roll out this advanced biometric system from Japan, which identifies people from the unique patterns of veins inside their fingers.

Hitachi developed the technology, which captures the pattern of blood vessels by transmitting near-infrared light at different angles through the finger, then turning it into a digital code to match it against preregistered profiles. Unlike fingerprints that can be "lifted" and retinas scanned without an individual realizing it, its is extremely unlikely that people's finger vein profiles can be taken withouth them being aware of it.

Easydentic Group in France says it will use finger vein security for door access systems in the United Kingdom and other European markets.

For full story, see London Times Online.

Obama, McCain Campaigns Both Hacked, FIles Compromised

Slashdot writes of post-election news coming out of both campaigns on what transpired behind closed doors. Apparently both Obama's and McCain's campaigns had their systems hacked over the summer -- and not by each other.

Technology experts detected what they initially thought was a case of "phishing" at the Obama headquarters in midsummer. However, by the next day both the FBI and Secret Service came to the campaign with an ominous warning:

"You have a problem way bigger than what you understand," an agent told Obama's team. "You have been compromised, and a serious amount of files have been loaded off your system."

Obama's aides were told by the Feds in late August that the McCain campaign's computer system and been similarly infiltrated.The campaign's computer system had been hacked and the FBI had become involved, as per the confirmation of a top McCain official to NEWSWEEK.

White House and FBI officials told the Obama campaign that they believed a foreign entity or organization had been seeking information on the evolution of both camps policy positions-information that might prove useful in negotiations with a future administration. Obama technical experts later speculated that the hackers were Russian or Chinese.

See Newsweek.

E-Voting Groups Are Watching a Handful of States

ACM TechNews summarizes an article on potential problems with electronic voting in several states. Pamela Smith, president of Verified Voting and long a critic of electronic voting machines, is more worried about the long lines on election day. Any sort of equipment failure in places like Pennsylvania and Virginia will create additional problems because they do not have polls open for early voting despite the record number of new voter registrations, particularly among Democrats.

Further, Pennsylvania and Virginia do not mandate paper-trail backups for their touch-screen electronic voting machines. Critics of e-voting say that without that paper trail, there is no way to audit the results of a touch-screen machine.

Several states do not have adequate numbers of voting machines in place to back up malfunctioning equipment.

As Smith points out

"This is an election that will sort of stress-test the [election] systems," she says. "Any problem that's going to come up is going to be amplified."

See full article in PCWorld.