* Forwarded (from: netmail) by Roy J. Tellason using timEd 1.10.y2k.

Date: Mon, 04 Aug 2003 16:47:58 -0400
From: James Moyer 
Subject: Virginia Identity Theft Passport 

As part of my study of photo ID documents (and the theory for explaining how
they work, the current version of my paper is at
http://www.njlicense.org/sdt.pdf), I've been trying to figure out the trust
failure portion of Security Document Theory.

Trust failure occurs when a document is no longer believed to be valid. Too
much counterfeiting or other security problems causes too many bad
documents
to be in the wild, though I believe that institutions can turn their backs
on ID documents, which sometimes occurs in countries that have national ID
cards. (People from several different countries, such as Italy and
Argentina, have told me that police may just decide not to trust their ID
card, and haul them in to get their identity assessed differently.)

The Virginia Identity Theft Passport is a different variation of that. The
trust has eroded from the normal documents, and now people, in certain
situations, need yet another document to back up their current assortment
of
documents. (My theory considers photo ID card trust failures inevitable, as
long as the photo ID card performs multiple functions which have value to
criminals.)

I'm particularly amused by the reductio ab absurdum for the theft passport.
Instead of a separate document, why couldn't it be an endorsement on the
individual's driver's license (which would imply something like "this
is a
regular John Smith, who is not *that* John Smith." Or "this is a *real*
Virginia driver's license."



Date: Tue, 29 Jul 2003 09:23:30 -0700
From: "NewsScan" 
Subject: Pentagon's online trading market plan draws fire

The U.S. Defense Department's Defense Advanced Research Projects Agency
(DARPA) has plans to set up an online Policy Analysis Market that will
allow
traders to bet on the likelihood of future terrorist attacks and political
assassinations in the Middle East. The bizarre scheme has drawn fire from
Senators Ron Wyden (D-Ore.) and Byron Dorgan (D-N.D.). "The idea of a
federal betting parlor on atrocities and terrorism is ridiculous and it's
grotesque," said Wyden, while Dorgan described the plan as "useless,
offensive and unbelievably stupid. How would you feel if you were the King
of Jordan and you learned that the U.S. Defense Department was taking bets
on your being overthrown within a year?" However, the Pentagon defended the
initiative, comparing it to commodity futures markets. "Research indicates
that markets are extremely efficient, effective and timely aggregators of
dispersed and even hidden information. Futures markets have proven
themselves to be good at predicting such things as election results; they
are often better than expert opinions." The market would allow traders to
deposit money in an account and then use it to buy and sell contracts. If a
particular event comes to pass, the bettors who wagered correctly would win
the money of those who guessed wrong.  [BBC News 29 Jul 2003; NewsScan
Daily, 29 Jul 2003]
  http://news.bbc.co.uk/1/hi/world/americas/3106559.stm

  [This plan was subsequently scrapped.  One of its proponents, John
  Poindexter (head of DARPA's IAO office), reportedly will be retiring.
  PGN]

--

Date: Mon, 04 Aug 2003 10:58:36 -0700
From: "NewsScan" 
Subject: New online futures market bets on next White House scandal

In response to the Pentagon's now-discarded plans for a terrorism futures
market, academics from half a dozen U.S. universities have created an
American Action Market, which will offer traders the opportunity to wager
on the likelihood of various Washington political events, such as: Which
country will the White House threaten next? Who will be the next foreign
leader to move off the CIA payroll and onto the White House's "most
wanted" list? Which corporation with close ties to the White House
will be the next cloaked in scandal? The AAM will begin registering traders
in September and will open for business October 1. "It's quite
amazing, the Pentagon and the White House are very fertile imaginative
fields these days," says one of the AAM founders. "(The AAM
project) sounds humorous, but that just shows how far things have gone.
We've entered the realm of fiction. Things are really Dr.
Strangelove." Bob Forsythe, a University of Iowa professor who helped
set up the Iowa Electronic Markets that speculate on election results, says
such futures markets can deliver fairly accurate predictions, but the
traders have to be knowledgeable. "You have to have informed traders
or they don't work very well. Who are the informed traders in an
assassination market, for example? The same is true for predicting the
White House." [Wired.com 4 Aug 2003; NewsScan Daily, 4 Aug 2003] 
  http://www.wired.com/news/politics/0,1283,59879,00.html

--

Date: Wed, 6 Aug 2003 11:59:43 -0700
From: Kim Alexander 
Subject: Voting tech problems galore in Mississippi

Errors - human, mechanical - mar Election Day
By Cathy Hayden, chayden{at}clarionledger.com [PGN-ed]
http://www.clarionledger.com/news/0308/06/melec02.html

Election officials and political party offices were flooded all day on 5 Aug
2003 with reports of voting snafus ranging from locked precincts to machine
malfunctions to voters receiving ballots with the wrong names on them.
"It's worse than it has been in 10 years," said Claude McInnis, 
chairman of the Hinds County Democratic Party. "We had redistricting. 
That made it much more complex."  [...]

Because Mississippi has 82 counties and there are party primaries, "164
groups of people are running the elections - the Republican county executive
committee in every county and Democratic county executive committee. There's
a lot happening," according to David Blount, spokesman for Secretary of
State Eric Clark.

[The article quotes a voter who did not recognize anyone on the ballot --
he had been given the wrong ballot, probably the fault of the poll worker.
Usual tales of a precinct that was locked for three hours (with poll workers
operating out of their own vehicles), nonworking touch-screen systems,
failure to read the initialization chip, etc.  PGN]

Kim Alexander, President, California Voter Foundation
kimalex{at}calvoter.org, 916-441-2494, http://www.calvoter.org

--

Date: Thu, 24 Jul 2003 18:32:47 EDT
From: M Baumeister 
Subject: Electronic voting - once again...

"According to election industry officials, electronic voting systems are
absolutely secure, because they are protected by passwords and tamperproof
audit logs.  But the passwords can easily be bypassed, and in fact the audit
logs can be altered.  Worse, the votes can be changed without anyone
knowing, even the County Election Supervisor who runs the election system."

... for the rest of the story:
Inside A U.S. Election Vote Counting Program  [by Bev Harris]
  http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm

--

Date: Mon, 28 Jul 2003 10:20:38 +0100
From: "LEESON, Chris" 
Subject: Why e-voting is a non-starter: Risks with e-voting

Bill Thompson has written an article on the BBC Website about the
Risks of Electronic Voting:

  http://news.bbc.co.uk/1/hi/technology/3095705.stm

He starts by mentioning the recently-revealed DirectX flaw, security
problems in Windows Server 2003, and thefts from a South African bank due
to e-mail sniffing.

He then mentions the general problems with Authentication, and then some
specific problems found with the Diebold Election Systems equipment. He
caps
this section of the article with noting that the company concerned refuses
to allow independent code reviews on the grounds of commercial
confidentiality.

In other words, the same old story.

The article closes with the following paragraphs:

  The British Government is still set on giving us all easy ways to vote,
  and the pilots from last year's council elections are being extended.
 
  There is still talk of online voting in the next general election, and of
  moving away from paper ballots entirely in the future.

  Yet every time we get to look inside a piece of software or a security
  system that has been developed in secret, and built on the top of a
  compromise between acceptable levels of risk and the cost of doing it
  properly, we find holes and errors.

  This is the reason why we must not move to an online voting system. It
  cannot be made secure, it cannot be guaranteed and it cannot be trusted,
  no matter who writes it, and no matter what claims are made.

  A democratically elected government of the United Kingdom has massive
  power. The gains to be made from undermining a general election are just
  too high for us to take the risk of moving the election online.

  Paper ballots and physical presence in the polling station make the system
  too unwieldy to hack. We should keep it that way.

--

Date: Thu, 07 Aug 2003 08:59:54 -0700
From: "Brett McCarron" 
Subject: Hospital records stuck in memory stick

Hospital bosses in Greater Manchester have tightened up IT security
procedures after a Crewe estate agent found a memory stick sold as new
contained confidential details of 13 cancer patients.

A report into the security breach, which happened earlier this year, found
that the data had been transferred onto the memory stick when a computer
storing a database of patient details was sent for an upgrade.  The
hospital's IT supplier Pocos took the computer to MBS Computers in Crewe,
where the data was copied onto the stick. But the investigation was unable
to ascertain how it then came to be sold as new.
  http://silicon.com/news/500013-500001/1/5491.html
  http://zdnet.com.com/2110-1105_2-5060979.html

  [I'll bet that opened package memory sticks sell pretty quickly at
  computer superstores - BWM].

Brett McCarron, IT Security & Policy Officer, WDFW Information
Technology Services, 600 Capitol Way N. - Olympia, WA  98501-1091  (360)
902-2331



Date: Wed, 30 Jul 2003 09:36:42 -0700
From: "NewsScan" 
Subject: Tech exodus: 500,000 U.S. jobs moving overseas

One out of 10 jobs in the U.S. computer services and software sector could
move overseas by the end of next year, according to a new report from
Gartner Inc.  And while professionals in the computer industry will be
especially hard-hit, IT jobs in other sectors such as banking, health-care
and insurance will feel the impact also, with one in 20 being exported to
emerging markets such as Russia, India or other countries in Southeast
Asia. "Suddenly we have a profession -- computer programming -- that
has to wake up and consider what value it really has to offer," says
Gartner VP and research director Diane Morello.  Morello estimates that
based on her preliminary calculations, at least 500,000 jobs will be lost
to offshore outsourcing by then end of 2004.  The trend toward
"offshore outsourcing" is heating up as a political issue, with
legislators in five states proposing bills that would require workers hired
under state contracts be American citizens or fill a special niche that
citizens cannot.  [Reuters/CNN.com 30 Jul 2003; NewsScan Daily, 30 July
2003]
  http://www.cnn.com/2003/TECH/internet/07/30/jobs.oversees.reut/index.html



---