Category Archives: Elections

Davos discovers cyber attacks

Cyber attacks made the Davos Top 5 Global Risks in Terms of Likelihood. Davos, the annual conclave of the hyper-rich and famously elected, has also discovered Severe income disparity and Water supply crisis, so maybe they’re becoming more realistic.

However, in Figure 17 on page 25 they’ve got Cyber attacks as an origin risk, along with Massive incident of data fraud or theft and Massive digital misinformation. I think they’re missing the point, which is the real origin risk is poor infosec, and the origin of that is vendors like MSFT knowingly shipping systems with design flaws and people and organizations running them while hiding such problems.

Interesting comment on page 26: Continue reading

Iranian Internet Disturbances

iran20090615.gif Here’s an example of some Internet routing in Iran, in this case on the way to the Ministry of Foreign Affairs on Monday 15 June 2009. Normally, routing and latency don’t change much. Starting Saturday 13 June, the day after the election, routing and latency have become increasingly disturbed. More here.

Twitter Reschedules

whereistheirvote.jpg Twitter recognizes that a network upgrade is important, but the role twitter is playing in Iran is more important, and reschedules for 1:30 AM Iranian time. Now that’s risk management!

Would that U.S. states had all rescheduled Diebold and the like to the junk heap after the 2000 U.S. election.

Also notice who twitter’s hosting service is: NTT America. I’ve been predicting for years that the U.S. duopoly’s intransigence would lead to NTT and other competent international ISPs eating their lunch, and I see it’s beginning to happen.

-jsq

Pirate Party Legitimized by Winning EU Parliament Seat

Support for Prohibition began to diminish as enforcement became increasingly expensive and it was becoming apparent that the ban was doing little to curb crime and drunkenness. There’s lots of academic and commercial effort put into stopping software and other intellectual property piracy, especially for videos. A form of risk management, I suppose, but one that ignores the much bigger risk to traditional intellectual property of causing political blowback such as what just happened in Sweden:
“Together, we have today changed the landscape of European politics. No matter how this night ends, we have changed it,” Falkvinge said. “This feels wonderful. The citizens have understood it’s time to make a difference. The older politicians have taken apart young peoples’ lifestyle, bit by bit. We do not accept that the authorities’ mass-surveillance,” he added.
Funny thing about what happens when the majority of the population participates in an illegal activity: eventually it’s not illegal anymore.
At least partially, The Pirate Party puts its increased popularity down to harsh copyright laws and the recent conviction of the people behind The Pirate Bay. After the Pirate Bay verdict, Pirate Party membership more than tripled and they now have over 48,000 registered members, more than the total number of votes they received in 2006.

With their presence in Brussels, the Pirate Party hopes to reduce the abuses of power and copyright at the hands of the entertainment industries, and make those activities illegal instead. On the other hand they hope to legalize file-sharing for personal use.

Many of those abuses of power probably already are illegal; the appropriate laws just aren’t being enforced. We saw this during alcohol prohibition in the U.S., and we see it now with marijuana prohibition in the U.S. The first prohibition ended, the second probably will, and meanwhile, online “piracy” is on its way to being redefined.

-jsq

Florida Ditches Touchscreens for Paper and Optical Scan Voting

Blog_Florida_Voting_2004.gifWell, it turns out we don’t have to wait for the technology to be ready. Florida is ditching all of its touch-screen voting machines and moving to a proven technology:
Under the state’s new election law, disabled voters can keep voting by touch screen — akin to using an A.T.M. — until 2012. But everyone else will use them only twice more, for the presidential primaries on Jan. 29 and municipal elections next spring. With optical scanning, voters use pens to mark paper ballots that are then read by scanning machines, leaving a paper record for recounts.

Voting Machines Giving Florida New Headache, By Abby Goodnough, October 13, 2007

Meanwhile, how is the source of these machine helping?
Sequoia Voting Systems, which manufactured some of Florida’s machines, offered to buy them back for a bleak $1 apiece.
Now here’s a case where vendor liability would be very interesting.

-jsq

Outrage: Less and More

danrather0207.jpg We’ve been discussing Outrage Considered Useful. Alex remarked in a comment:

The term "Outrage" suggests that risk cannot or should not be discussed in a rational manner.

What I think Sandman is getting at is that often risk isn’t discussed in a rational manner, because managers’ (and security people’s) egos, fears, ambitions, etc. get in the way. In a perfect Platonic world perhaps things wouldn’t be that way, but in this one, people don’t operate by reason alone, even when  they think they are doing so.

Outrage x Hazard may be a means to express risk within the context of the organization, but I like probability of loss event x probable magnitude of loss better for quantitative analysis.

Indeed, quantitative analysis is good. However, once you’ve got that analysis, you still have to sell it to management. And there’s the rub: that last part is going to require dealing with emotion.

Continue reading

Count ‘Em All By Hand

ButchHancock.gif I admire Matt Blaze, and I only hope he was being sarcastic in the entire post in which, after pointing out that California just decertified three major voting machine manufacturors due to massive security problems, he wrote:
How to build secure systems out of insecure components is a tough problem in general, but of huge practical importance here, since we can’t exactly stop holding elections until the technology is ready.

The best defense: Ad hominem security engineering. Matt Blaze, Exhaustive Search, 6 August 2007

Well, yes, yes we can. Continue reading

Passport Friction

Ben Hyde has an interesting bunch of thoughts about verification friction:
We recently got new passports, a project that was at least a dozen times more expensive and tedious than doing my taxes. I once had a web product that failed big-time. A major contributor to that failure was tedium of getting new users through the sign-up process. Each screen they had to step triggered the lost of 10 to 20% of the users. Reducing the friction of that process was key to survival. It is a thousand times easier to get a cell phone or a credit card than it is to get a passport or a learner’s permit. That wasn’t the case two decades ago.

Friction, by Ben Hyde, Ascription is an Anathema to any Enthusiasm, 10 May 2007

He mentions some cases where friction may actually be socially useful, as in making it harder to get liquor and easier to get condoms, or some automobile traffic engineering. Then he gets to the especially interesting part. Continue reading

Congressional Confusopoly

U.S. 109th Congress, TX-10 Have you noticed how difficult it is to find accurate maps of U.S. Congressional districts? The ones the New York Times is using in its election coverage are out of date, and the Times is far from alone in this error. A correct map is on the right; more on that below.

Continue reading

Ipsos Custodies

This morning I voted early. This involved using an electronic voting machine. At least it was some local Texas brand, rather than one of the better-known brands that has well-known problems.

However, an easy way occured to me how somebody could subvert these local machines; a way that doesn’t even involve modifying the software, wireless networks, or any access to the machine other than through the voting interface. Continue reading