* Forwarded (from: netmail) by Roy J. Tellason using timEd 1.10.y2k.



Date: Thu, 24 Jul 2003 09:28:33 -0700
From: "NewsScan" 
Subject: Serious flaws in electronic voting systems

Johns Hopkins University experts say that high-tech voting machine software
from Diebold Election Systems has flaws that would let voters cast extra
votes and allow poll workers to alter ballots secretly. Aviel D. Rubin,
technical director of the Information Security Institute at Johns Hopkins,
led a team that examined the Diebold software, which has about 33,000
voting machines operating in the United States. Adam Stubblefield, a
colleague of Rubin's, said that "practically anyone in the country --
from a teenager on up -- could produce these smart cards that could allow
someone to vote as many times as they like." Diebold has not seen the
Institute's report and would not comment on it in detail, but a company
spokesman said: "We're constantly improving it so the technology we
have 10 years from now will be better than what we have today. We're always
open to anything that can improve our systems." Peter G. Neumann, an
expert in computer security at SRI International, said the Diebold code was
"just the tip of the iceberg" of problems with electronic voting
systems.
  [*The New York Times, 24 Jul 2003; NewsScan Daily, 24 Jul 2003]
  http://partners.nytimes.com/2003/07/24/technology/24VOTE.html



Date: Thu, 24 Jul 2003 23:48:51 -0400
From: Mark Lutton 
Subject: Bypassing the safeguards

On 23 Jul 2003, New York City Councilman James E. Davis was shot to death by
political opponent Othneil Boaz Askew inside New York's City Hall.  Davis
had a concealed handgun of his own.

How did the two opponents get their weapons past the metal detectors?
According to the news report, the councilpersons (and apparently their guests)
routinely bypass the detectors.

You can have all the technology in the world against violence and terrorism
and it won't do you a damn bit of good if you let everybody and his enemy go
around it.



Date: Tue, 22 Jul 2003 09:27:32 -0700
From: "NewsScan" 
Subject: Biometrics technology: not yet ready for primetime

Gartner Research director Anthony Allen told guests at the launch of
European Biometrics Forum that while widespread use of biometrics was
likely by 2008, the technologies still had some kinks to be ironed out.
Biometrics, which includes technologies used for voice, face, iris and
fingerprint identification systems, is virtually useless without adequate
back security measures and databases, said Allen, and current systems have
several fallibilities that must be corrected. For instance, evidence shows
that wearing eyeglasses can fool an eyescanner, prosthetic makeup can
confuse face scanners, a sore throat can change a voice print and breathing
heavily on a fingerprint scanner can make prints unrecognizable. However,
newer generations of technology are beginning to rectify some of these
shortcomings; the latest fingerprint scanners now incorporate methods of
detecting body heat and blood flow and can scan below the surface later,
making it more difficult to deceive.  [*The Register*, 22 Jul 2003;
NewsScan Daily, 22 Jul 2003]
  http://www.theregister.co.uk/content/55/31865.html



Date: Tue, 22 Jul 2003 09:27:32 -0700
From: "NewsScan" 
Subject: Identity theft: a crime that pays?

The number of victims that have fallen prey to identity thieves is severely
underreported, according to a study by Gartner Research, which estimates
that 3.4% of U.S. consumers -- about 7 million adults -- have suffered ID
theft in the past year. Moreover, identity thieves generally get away with
it -- arrests are made in only one out of every 700 cases. "The odds
are really stacked against consumers," says Gartner VP Avivah Litan.
"Unfortunately, they are the only ones with a vested interest in
fixing the problem." Typically, victims of ID theft learn of the crime
a year or more later after it happens -- long after the trail has gone
cold. "It is different from payment fraud, where the thief takes a
credit card number and consumers are innocent until proven guilty. With
identity theft, it is the opposite: Consumers are thought to be guilty
until proven innocent," says Litan. "There is a serious
disconnect between the magnitude of identity theft that innocent consumers
experience and the [financial] industry's proper recognition of the crime.
Without external pressure from legislators and industry associations,
financial services providers may not have sufficient incentive to stem the
flow of identity crimes."  [CNet News.com 21 Jul 2003; NewsScan Daily,
22 Jul 2003] http://news.com.com/2100-1009_3-5050295.html



Date: Thu, 24 Jul 2003 09:27:00 -0500
From: Jim Bauman 
Subject: Presidential "doublespeak" ...

The risk here is that what is purported to be a way to enhance
communication could actually be a way to do the opposite (Hmmm ... Navigate
nine Web pages
instead of sending an e-mail from your mail client to
president{at}whitehouse.gov ... Gee, which would you choose?).  Is it a
muddled signal from the White House that they want the American public's
feedback and yet they don't?

Also, it's a handy way for the White House to sort its e-mail---those in
favor of their position and those who are not.  Would then, the President
or his people bother to read and consider the e-mails not favoring the
White House's policy on a certain national/foreign affair?  Would they pay
more attention to those that favor their position?

Would they have an "accurate" number of e-mails in favor of their
policies, but a nebulous one in regards to the e-mails that don't?

White House puts up obstacle course for e-mails Critics cite burden of
additional steps By John Markoff, *The New York Times*, 18 Jul 2003
http://www.chicagotribune.com/technology/chi-0307180184jul18,1,7186833.story

Do you want to send an e-mail message to the White House?  Good luck. In
the past, to tell President Bush -- or at least those assigned to read his
mail -- what was on your mind it was only necessary to sit down at a
personal computer connected to the Internet and dash off an e-mail note to
president{at}whitehouse.gov.

But this week, Tom Matzzie, an online organizer with the AFL-CIO,
discovered that communicating with the White House has become a bit more
daunting. When he sent an e-mail protest against a Bush administration
policy, the message was bounced back with an automated reply that
instructed him to send the message in a new way.

Under a system deployed on the White House Web site for the first time last
week, those who want to send a message to President Bush must navigate as
many as nine Web pages and fill out a detailed form that starts by asking
whether the message sender supports or differs with White House policy.

The White House says the new system, at http://whitehouse.gov/webmail, is
an effort to be more responsive to the public and offer the administration
"real-time" access to citizen comments.  [...]

--

Date: Fri, 25 Jul 2003 23:04:16 -0400
From: Monty Solomon 
Subject: Owner of stolen 'sex.com' can sue VeriSign

Elinor Mills Abreu, Reuters, 25 Jul 2003

The owner of "sex.com," once considered one of the Internet's
hottest addresses, can seek payment from the company that improperly
transferred the domain to a "con man" who later fled to Mexico
when ordered to pay $65 million, a court ruled on Friday.  The Ninth
Circuit Court of Appeals in San Francisco ruled that
"computer-geek-turned-entrepreneur" Gary Kremen can hold VeriSign
Inc.'s Network Solutions unit liable for handing the sex.com Web address
over to a "con man."  The decision has widespread implications
for companies that register domains, which until now have not been held
responsible when Web sites are switched from their rightful owners, a
lawyer
for the plaintiff said.  ...
  http://finance.lycos.com/home/news/story.asp?story=35007290

--

Date: Sun, 20 Jul 2003 17:30:40 -0600
From: "J. Lasser" 
Subject: Another risk of decency filters

You could lose a customer.

I've moved out to Colorado and was pursuing broadband through my phone
company. After they verified that my line was DSL-capable, they gave me a
call and asked what ISP I'd like to use. Helpfully, they suggested that MSN
had the best pricing deal with them.

After I agreed that this would be fine, they asked what user ID I would
like. I said 'jonlasser' would be ideal. The system rejected that and
several other variations due, the support technician decided, to the
three-letter word buried in my last name. She asked if I'd like to pick
another user ID.

I said no, and asked about other service providers I could use with their
service. It turns out that there's an option for those of us who already
have mail/web from elsewhere and just need the broadband, which is really
what I wanted in the first place. But for that decency filter, however, MSN
would have had another customer.

Jon Lasser jon{at}lasser.org 410-659-5333



---