Diebold has released a response to the Felten study. It appears to me to be misleading in several important respects, so I thought it merited a quick fisking:
Three people from the Center for Information Technology Policy and Department of Computer Science at Princeton University today released a study of a Diebold Election Systems AccuVote-TS unit they received from an undisclosed source. The unit has security software that was two generations old, and to our knowledge, is not used anywhere in the country.
As I noted yesterday, this response would be a lot more credible if Diebold had a habit of submitting its machines to independent review. It’s hardly Felten’s fault that he had trouble getting access to a newer version of the machine.
Continue reading →
Are you good at geography? If so, you may enjoy the small geography quiz buried deep inside of the telecommunications bill now pending in the U.S. Senate. Hidden on page 121 is a paragraph directing the FCC to expand universal service payments to “insular areas, including any insular area that is a State comprised entirely of islands…”
Can you name all the states that are comprised entirely of islands? No, Rhode Island isn’t one of them. As it turns out, the list of states covered by this provision is quite short:
1. Hawaii.
And, by total coincidence, a senator from that state–Daniel Inouye–is the co-chairman of the Senate Commerce Committee–which wrote the bill.
Continue reading →
Via TechDirt comes news that a California DJ confirms that he, too, has been “hacking” the gov’s site. As Joe says, the real scandal is why the governor’s office hired such incompetent administrators. What other confidential government documents are they making available to the world?
A few weeks ago, the FCC courageously requested public comment on the merits of using auctions to determine who gets Universal Service support to provide subsidized phone service in rural areas. One difficulty with a reverse auction is what, if anything, to do about stranded investment. What are the legitimate investment expectations that the incumbent provider deserves to recover?
Under the current system, the incumbent rural phone companies will be subsidized in perpetuity. Yet, cable VoIP service and wireless systems have been built in many rural areas without Universal Service support. Many of the competitors are now seeking their fair share. Chairman Kevin Martin noted Tuesday at a Senate hearing that these competitors received $1 million when he came to the commission but get $1 billion now.
Martin stood up for reforming Universal Service so it supports the best and most efficient new technologies, and he took a beating from Senate Commerce Chairman Ted Stevens (R-AK)–an ally of the incumbent rural phone companies–who, like most politicians, focused on who would be the winners and losers:
Continue reading →
Diebold is not happy with Prof. Felten’s paper:
The marketing director for the machine’s maker – Diebold Inc.’s Diebold Election Systems of Allen, Texas – blasted the report, saying Felten ignored newer software and security measures that prevent such hacking.
“I’m concerned by the fact we weren’t contacted to educate these people on where our current technology stands,” Mark Radke said.
This is pretty rich coming from a company that fiercely resists independent inspections of their machines. I rather doubt Prof. Felten deliberately chose an old version of Diebold’s software to make them look bad. In fact, I would be shocked if Diebold were willing to lend Prof. Felten a newer version of their voting machine so he could verify their claims that the security problems have been fixed.
Continue reading →
Assistant Attorney General Thomas O. Barnett gave a rather odd history of the iTunes Store at a speech at George Mason University yesterday:
Apple’s iTunes music service has (for the moment) solved a problem that some observers, less than five years ago, predicted might never be solved: how to create a consumer-friendly, yet legal and profitable, system for downloading music and other entertainment from the Internet. It is instructive to review the history of the problem. The technical capability to offer digital music over the Internet has existed at least since the early 1990s; nevertheless, digital music first moved online in a significant way only in 1999 with the launch of the Napster centralized file-sharing service. There were major flaws with the early attempts to offer downloadable music: Napster and Grokster were based principally on piracy, while recording industry efforts such as MusicNet and pressplay never achieved wide use and, in addition, were attacked as risking a recording industry monopoly over not just the songs, but technological development as well. While it battled the music pirates, the music industry suffered huge losses, including a 25 percent drop in sales from 2001 to 2002, which could be measured in the billions of dollars. Reviewing that bleak picture, the head of the Recording Industry Association of America said in 2002, “I wish I could tell you that there is a silver bullet that could resolve this very serious problem. There is not.”
Continue reading →
Today Ed Felten released a provacative new paper about Diebold’s AccuVote-TS voting machines. According to the paper, 33,000 of these machines will be used in this fall’s elections. He argues that the machines are fatally flawed, and that election materials need to take emergency measures to ensure the integrity of the elections.
Regular readers of TLF won’t be surprised to learn that I found the paper persuasive. But even though I read the paper expecting to agree with it, I was still surprised at just how poorly designed Diebold’s machines are.
Under the hood, the Diebold machines are glorified PDAs running Microsoft’s Windows CE software. Diebold simply took off-the-shelf computer components, build a more or less ordinary computer, and then wrote software that would perform the vote-counting functions.
The problem is that they took hardly any precautions at all to prevent someone from replacing that software. And because it’s what computer scientists call a general-purpose computer, the replacement software can be programmed to do virtually anything you can imagine. You could install software on your Diebold machine to play Tetris, balance your checkbook, or display a screen saver. Or, as Felten and his grad students demonstrated, you could install software to rig elections.
Continue reading →
Assuming that Declan’s explanation for how the Angelides campaign got the Schwarzenegger audio is right (and it’s consistent with everything I’ve seen on the subject), the media coverage of the story is incredibly lazy. Whether the Angelides campaign’s actions constitute “hacking” or not is not a complicated question. The way to answer it would be to get a precise description of what they did from the two campaigns (the Schwarzenegger campaign says they have logs of the access, so they should be able to answer specific questions about it), and then to ask a computer expert whether that specific sequence of actions constitutes hacking.
Yet not one of those stories features a quote from a computer science professor, a webmaster, or anyone else with technical expertise in administering web sites. Each and every reporter takes an agnostic stance, as if it’s a complex and difficult question that will take days of painstaking research to answer. It seems to me that this does their readers a disservice.
Presumably, the idea here is that a “balanced” story is one that faithfully reports the opinions of each side, without passing judgment on either side’s position. This is appropriate in cases where the statements in question are matters of opinion. But a good journalist should do some independent research to verify assertions that are matters of fact. If candidate Smith says the sky is blue, and candidate Jones says it’s green, the good reporter looks up at the sky and reports on what color it looks like to him, he doesn’t pretend that the color of the sky is a matter of opinion.
So I’m reading this New York Time editorial and at first, everything seems pretty sensible:
In a directive whose logic is not always apparent, the Transportation Security Administration has spelled out what airline passengers can carry on board with them, what must be placed in checked luggage, and what can’t go on the plane at all. Knives must be checked but knitting needles and corkscrews are allowed in the cabin. Up to four ounces of eye drops can be carried aboard, with fingers crossed that multiple terrorists won’t combine their allotments to exceed the limit. Laptops, digital cameras, mobile phones and other electronic devices are permitted, so never mind any warnings you’ve heard that they could be used to trigger a bomb. The bomb ingredients themselves, notably liquid explosives, will be kept out of the cabin by a ban on liquids, gels and lotions, except for small amounts of baby formula and medications.
Perhaps the Times will be a voice of reason in an hysterical debate, pointing out the absurdity of trying to ban everything that might conceivably be dangerous?
Not a chance.
Continue reading →
When I saw this story from the San Jose Mercury News, I was irritated by its vagueness. The campaign of Phil Angelides, the Democratic campaign for governor of California, “admits downloading” a “tape” of Gov. Arnold making a racist comment. There’s an extensive back and forth between the two campaigns about whether the downloading was ethical or not, but not specific details about what actually happened.
Fortunately, Declan McCullagh is on the case:
The controversy may center on the design of the Web server called speeches.gov.ca.gov. The California government used it to post MP3 files of Schwarzenegger’s speeches in a directory structure that looked like “http://speeches.gov.ca.gov/dir/06-21.htm.htm”. (That Web page is now offline, but saved in Google’s cache.)
A source close to Angelides told CNET News.com on Tuesday that it was possible to “chop” off the Web links and visit the higher-level “http://speeches.gov.ca.gov/dir/” directory, which had the controversial audio recording publicly viewable. No password was needed, the source said.
If Declan is right, then this isn’t a hard issue.
Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.