* Forwarded (from: netmail) by Roy J. Tellason using timEd 1.10.y2k.

Date: Thu, 09 Oct 2003 07:10:04 -0400
From: "Peter G. Neumann" 
Subject: Analysis of California recall data confirms voting system doubts
  (from Rebecca Mercuri)

  Following is based on information from Rebecca Mercuri.
  [The words are hers, not mine, lightly edited for RISKS.]

Rebecca Mercuri has analyzed California's recall ballot data and reports
that it confirms numerous doubts about election systems.  Her results
demonstrate that the style of voting system in use (punchcard, optically
scanned, or touchscreen) cannot be generically considered either "good or
bad".  She asserts that the particular model of the system, as well as the
procedural controls in place in each county, along with the ballot layout,
may have considerably more impact on the reliability of the election results
than the type of system deployed.

The analysis revealed some shocking details.  Of the 8,359,168 votes cast
statewide, some 384,427 (nearly 4.6%) were not recorded for the recall
question.  Almost half of these missing votes (over 175,000) were in Los
Angeles, nearly 9% for that county.  Yet the Datavote punchcards used in 14
other counties fared somewhat better, on average, than all of the optically
scanned and touchscreen systems, with the exception of only the ES&S Optech
Eagle (used in San Francisco and San Mateo counties) and the Diebold
Accu-Vote-TS (used in Alameda, though with some reports of equipment
malfunctions).  The Sequoia Edge touchscreens, currently under litigation in
Riverside County, performed slightly worse than the Datavote punchcards.
The ES&S iVotronic touchscreens were ranked lowest of the three touchscreen
types in the state, and were outperformed by all other systems with the
exception of the Sequoia Optech optically scanned systems and the Pollstar
and Votomatic punchcards.

In earlier court battles prior to the recall election, the ACLU claimed that
voters using punchcards would be unfairly disenfranchised, as compared to
voters using optically scanned or touchscreen systems.  As it turns out, the
counties using Datavote punchcards had residual vote rates that were better
than all but one of the optically scanned systems, and also lower than two
of the three touchscreen systems.  At the other end of the scale, the
counties using Pollstar and Votomatic punchcards (which included
heavily-populated Los Angeles) had worse residual vote rates than any other
type of voting system in use in the state.  Clearly it is not the punchcards
themselves that are to blame, since the Datavote systems demonstrate that
punchcards can be used successfully.

The residual vote technique was previously used by MIT/Caltech in their
studies following the 2000 Presidential Election.  For the California
analysis, she performed her calculations by comparing the difference between
the total number of ballots cast, as reported by California Secretary of
State Kevin Shelley's office, with the total numbers of "yes" and
"no" votes
on the recall question.  It should be noted that the residual vote tally is
incapable of differentiating between a voter who deliberately or
accidentally did not make a selection on the recall question, and an
equipment failure (such as hanging chad) that could result in a cast vote
not being counted.

The rush to fully computerized ballot casting is misguided.  Although
supplemental technologies are needed for disabled voters, there is no clear
evidence that touchscreen systems are substantially or consistently better
for use by the general population than other voting methods.  The fact that
the touchscreens in California do not provide any way to perform an
independent recount [and no real assurance that votes are even handled
correctly in the absence of the voter-verified audit trail that Rebecca has
long been recommending -- PGN] should make them less desirable than the
paper-based systems that do have such capabilities.  Counties, like San
Francisco, that are doing well with optically scanned ballots, and the
smaller ones that use punchcards effectively, should feel no pressure to
modernize.

For further information, contact Rebecca Mercuri via telephone at
1-609/895-1375 or 1-215/327-7105, email mercuri{at}acm.org and Internet at
http://www.notablesoftware.com/evote.html

 -- -- -- --
Supporting Data for California Recall Question, Rebecca Mercuri 7 Oct 2003

Numbers represent RESIDUAL VOTE RATE as percentage of total votes cast
according to type or model of machine:

Punchcard                6.24
  Datavote               1.94
  Pollstar               6.02
  Votomatic              8.17

Optically Scanned        2.68
  ES&S Eagle             1.87
  Diebold Accu-Vote-OS   2.36
  ES&S 550 and 560       2.42
  Mark-A-Vote            3.04
  Sequoia Optech         4.35

Touchscreen              1.49
  Diebold Accu-Vote-TS   0.72
  Sequoia Edge           2.01
  ES&S iVotronic         3.49

Statewide                4.59



Date: Thu, 09 Oct 2003 20:25:05 +0200
From: Debora Weber-Wulff 
Subject: German toll system unusable

A German consortium called TollCollect, consisting of global players such as
the Deutsche Telekom and DaimlerChrysler has been trying for some time to
create a "modern toll collection system" using GPS, among other things. The
German Government decided today to postpone the introduction of the system,
at a cost of millions of Euros, because it doesn't work.

It was to be fully automatic. Trucks (and only trucks were to pay the toll)
were to have an OBU (On-Board Unit, and of course a different one than all
the other countries using such devices.  Some trucks would need 3-5 of the
things, depending on the routes they take). The OBU is to have a GPS
receiver and a mobile transmitter, so that when the truck is moving it's
position can be determined. When the truck drives over highways that are not
toll-free for trucks, the toll is to be calculated and sent by mobile
transmitter to a central office, that bills the shipping company direct.

Sounds simple, doesn't it?

For this purpose, lots of new masts were erected (as if we don't already
have enough of this nonsense in Germany), and a beta test was arranged.
Shipping companies complained that they were charged toll, although they
were using the non-toll road that ran near a toll road.  [GPS tolerance
miscalculated? Maybe the German mapmakers made some mistakes?]. Others
reported happily that they were charged no toll, although they were using a
toll road. Some truckers reported the OBU busting its circuit breakers when
the ignition in the truck was started.

The problem is, that no one knows what the cause for the problems is.  Maybe
it is the map update system, which updates the map in the OBU about 500-1000
times a month [that is around once an hour, or more, according to my
calculations! - dww].  And of course, the OBUs can't be produced fast enough
so that all the trucks that cross Germany have one by 1 Nov, the date
(already moved before) the toll was to have gone into effect.

Foreign truckers were to use a special system of 3500 terminals that are
installed at truck stops throughout Germany.  Or, toll could be paid in
advance "by Internet". Reports are, that this doesn't work, either, and
takes an enormous amount of time.

The minister for transport, Manfred Stolpe, has often been asked why German
didn't use a low-tech system like Austria (they sell little stickers called
Vignettes) or Italy (they put people in toll booths at specific points on
the highways). Stolpe says, he wanted a high-tech solution that would work
for decades.

Perhaps using a current mobile techonology and old-fashioned notions of
high-tech was not really a great idea? Germany has now sunk over 730 Million
Euros into the project.  The toll of 12.4 (euro)cents per kilometer was to
bring in 2.8 billion Euros a year into cash-strapped Germany, with the
consortium raking in a fifth of the take.

There has also been scandal from the get-go in 2001, where by amazing
coincidence a German-led consortium won the bid, although other bidders
could show that they had experience in actually building such a thing.  And
then the government gave them a special liability dispensation, so that the
consortium doesn't have to pay a fine for missing the start date, which has
been moved before.

So here we have a fine mixture of mismanagement, high-tech woes and
government games. The EU in Brussels is beginning to sniff into the affair,
as it is beginning to smell like fish left on the counter for a week.

At least it gives Germans something to complain about to take their minds
off the unemployment figures!

[German language articles:]
  http://www.tagesschau.de/thema/0,1186,OID2318248_REF1_NAVSPM1,00


Prof. Dr. Debora Weber-Wulff, FHTW Berlin, FB 4, Treskowallee 8, 10313 Berlin
Tel: +49-30-5019-2320  http://www.f4.fhtw-berlin.de/people/weberwu/

--

Date: Tue, 7 Oct 2003 01:38:16 -0400
From: Monty Solomon 
Subject: School district sued over WLAN planning

A school district is sued in Illinois over planning a WLAN without
addressing a group of parents' concerns over electromagnetic radiation's
effects.
  http://wifinetnews.com/archives/002303.html

--

Date: Wed, 8 Oct 2003 21:08:02 -0400
From: George Mannes 
Subject: Risk of trusting computer-free security?

  A dog trainer was sentenced to 6 1/2 years in prison Monday for providing
  defective bomb-sniffing dogs to the government after the 11 Sep 2001
  attacks and lying about their credentials.  Russell Lee Ebersole,
  convicted in June 2003 on 27 counts of fraud, insisted his dogs were
  competent and blamed his conviction on jealous competitors. ...
  Ebersole's Detector Dogs Against Drugs and Explosives, of Stephenson, Va.,
  provided bomb-sniffing dogs to several federal agencies in the months
  after the 9/11 attacks.  The agencies paid Ebersole $700,000 from Sep 2001
  to May 2002.  Ebersole's contracts were canceled after his dogs failed
  independent tests on five different occasions. On one test, dogs were
  unable to detect 50 pounds of dynamite and 15 pounds of C-4 plastic
  explosives hidden at the Federal Reserve parking garage in Washington.
  [Source: Man Jailed for Faulty Bomb-Sniffing Dogs, By Matt Barakat,
  Associated Press 8 Sep 2003]
  http://www.newsday.com/news/nationworld/nation/wire/
  sns-ap-dogs-cant-sniff,0,4930607.story?coll=sns-ap-nation-headlines

After years of reading RISKS, I have become instinctively suspicious of all
the things that can go wrong in security -- and other areas -- if one trusts
a computer too much. But, as this story taught me, my wariness around
computers creates a new Risk: the belief that excluding a computer from a
particular situation makes that situation inherently less Risky.

Before I read this, if someone had asked me what was more reliable -- a
bomb-sniffing dog or a bomb-sniffing electronic device -- I'm sure I would
have said the dog.  What's more honest, sincere and trustworthy than a dog?
Plus, from Risks I've learned that there's a huge difference between a shiny
gadget's performance in a lab under controlled conditions in a lab and its
performance out in the field under less orderly conditions.  Unfortunately,
it appears, dogs can be programmed just as poorly as computers are.  - GM

  [But are the high-tech systems really better than the canine sniffers? 
  Some of the system technologies seem to have "gone to the dogs".  PGN]



Date: Thu, 09 Oct 2003 11:34:09 -0700
From: Joshua Levy 
Subject: New CD antipiracy mechanism disabled by shift key

A new and humorous approach to audio CD copy protection is based on the
Windows feature that auto-runs code on CDs when they are inserted.  A
Princeton student has pointed out that the feature is disabled by holding
down the shift key when inserting the disc.

  http://rss.com.com/2100-1025_3-5087875.html

A satirical, but entirely too believable, take on this:

  Keyboard Manufacturers Named in DMCA Suit
  German-based media giant Bertelsmann Group has launched a 400 million
  dollar lawsuit against major hardware manufacturers, alleging they traffic
  in banned circumvention devices that can be used to illegally copy their
  music CDs.  It says that the Digital Millennium Copyright Act entitles it
  to protection from devices that can be used to circumvent its
  technological protections against piracy.  Specifically, it demands
  compensation for the inclusion of "Shift" buttons on standard computer
  keyboards.
    http://www.kuro5hin.org/story/2003/10/8/201119/758



Date: Wed, 08 Oct 2003 10:40:35 -0400
From: Duke Robillard 
Subject: Franklin security/liberty quote (Re: Cronkite: The New Inquisition)

Old Ben wasn't quite *that* radical.  :-)  What he actually wrote was

  They that can give up essential liberty to obtain a little temporary
  safety deserve neither liberty nor safety

  Historical Review of Pennsylvania, 1759 (although he used it earlier in a
  letter; cf. http://www.bartleby.com/100/245.1.html)

I think the Ben's choice of words makes his meaning quite different than
your's.  In particular, Ben says they "deserve neither," not that they'll
"have neither."  He's making a value judgment, saying that "essential
liberties" are intrinsically better than "temporary
securities," and that
people who disagree don't deserve either.  You're saying that giving up
liberty will mean you can't get security.  That argument could be made, but
Ben wasn't making it in this quote.

Ben's original quote also gives the Patriot Act guys plenty of wiggle room,
by using the phrases "essential liberty" and "temporary
safety."  Who's to
judge "essential" and "temporary"?



---