Monday, December 15, 2003

Satellite tracking of cars -- "when, not if"

The BBC reports that a govt appointed committee is considering fitting a tracker to every car in order to introduce congestion charging on all roads. Professor David Begg, leading the committee, is quoted as saying:

It is now a matter of when, not if. Six months ago it was on the shelf, but Mr Darling is now very serious about it.

It seems the day when everyone is under constant surveillance 24 hours a day no matter where they are or what they're doing is getting closer. Satellite tracking of cars, plus ever increasing usage of CCTV (still largely unregulated), plus agencies from MI5 to the Charities Commission able to monitor internet and phone activities, plus govt powers to spy on bank accounts, plus an ID card system tracking our usage of govt services and quite probably our purchases or movements, gets us pretty close to that day already.

Sunday, December 14, 2003


Great news! And congrats to the coalition forces. Now the Iraqis need not fear Saddam ever regaining influence, which may make it easier for the remaining Ba'athists to be hunted down and captured. In the meantime let's hope Saddam is made to answer for his crimes.

Now where's Osama got to?

Wednesday, December 03, 2003

Electronic voting: A threat to democracy?

With low turnouts in many elections in Britain, some people have suggested that electronic voting could be allowed in order to make things easier and hopefully raise voter turnouts, e.g. see this BBC report about e-voting trials in Swindon in recent local elections.

In America there has been a big push towards introducing electronic voting systems after the Florida vote counts in the 2000 presidential election where the voting machines' performance may have influenced the end result in a tight election.

However the move towards electronic voting is by no means straightforward. With a paper ballot, with the vote manually registered by the voter as occurs in British elections at the moment, you have a high degree of checkability. People know what they write on the ballot before it's put in the box. Vote counting can be done under the eyes of the candidates, their representatives and independent observers. We can therefore create reliable voting procedures and vote counting procedures quite easily.

With electronic voting, things are not so straightforward. Without knowing what code is running on the computer recording your vote, you cannot be sure whether the vote is correctly registered by the computer. The vote counting is done by the computer essentially out of sight. The possibility of incorrect counting due to software bugs, the software being hacked or plain skullduggery on the part of the software writers has to be taken into account.

America's recent experiences with voting machines provided by a company called Diebold provide worrying reading:

Under the Help America Vote Act (HAVA), the Election Assistance Commission is charged with establishing voluntary standards for voting machine software and creating an independent testing process for the software. However, this process is far behind schedule. Under HAVA, the Election Assistance Commission members should have been nominated by the President in February 2003. Unfortunately, these nominees have only recently been sent to the Senate for confirmation.

Without this federal review and testing of software, deeply flawed software has been marketed by companies and bought by states. An Analysis of an Electronic Voting System was recently authored by Tadayoshi Kohno, Adam Stubblefield, Aviel Rubin, and Dan Wallach. This voting software, produced by Diebold, has already been purchased by two states. According to this study, some of the most serious of numerous flaws permit a person to:

-vote multiple times,
-view ballots already cast on a machine,
-modify party affiliation on ballots,
-cause votes to be miscounted,
-create, delete and modify votes on voting machine, and
-tamper with audit logs and election results.

States Purchase Insecure Software
As a result of this study, Maryland put on hold its purchase of Diebold voting machines. Later, an independent review confirmed the previous findings. It counted 328 security weaknesses, and concluded that: "The system, as implemented in policy, procedure and technology, is at high risk of compromise" (pg. 17).

Diebold had threatened legal action against students and ISPs who publicised the flaws found in their voting machines, though they have now backed down.

A comprehensive account of both the problems with the machines and the legal actions Diebold attempted in order to try and stop various internal emails detailing flaws in the machines being distributed around the web can be found here. Diebold's response to the problems has been far from reassuring as the threatened legal action illustrates. But it gets worse, since according to the above article:

The state of Maryland, however, commissioned an investigation of the Diebold machines by SIAC. SIAC found 328 security weaknesses; of those, 26 were designated critical . Among the problems: Diebold doesn't encrypt vote totals before they are transferred to the Board of Elections over the Internet. Diebold's response is far from reassuring, as the Washington Post reported:

"Further, as a result of the review, Diebold has rewritten its software to include better encryption coding and harder-to-crack passwords. The encryption and password upgrades will be made only for the machines destined for Maryland , [Diebold executive Mark] Radke said, and would not be available for the 33,000 touch-screen machines already in use elsewhere."

So there you have it: the squeaky wheel gets the grease. Diebold will fix Maryland's machines, but everyone else in America will continue to suffer from hundreds of security holes, 26 of them critical. Feel better?

Of course, anyone that really cares about security knows that a system has to be built with security in mind from the get-go. You can't just bolt security on top of a system after the fact and assume that the any problems will be fixed. But that's exactly what Diebold proposes to do. They told us to trust them before, and now they're asking us to trust them again. How trusting are you?

The above articles paint a very worrying picture about the way electronic voting is shaping up in America and suggest other countries should be very careful and cautious about e-voting. It seems to me that the any moves towards e-voting should involve the following requirements (based on the list in the security focus article):

* the use of open source software that is open to scrutiny by anyone

* the voting machines must pass thorough testing to ensure security and reliability

* the voting machines must produce paper copies of the votes, verified as accurate by the voter, to be used for auditing purposes.

* voting machines must be usable by the disabled.

* Surprise recounts must be held in a proportion of randomly selected constituencies in each election.

* voting machines must only communicate with other systems in order to report vote totals. Incoming communication from other systems should be forbidden.

At any rate, until trials have shown that electronic systems can be used reliably without opening up scope for manipulation of the voting process, we should stick to paper ballots.

Tuesday, December 02, 2003

Labour issuing more gagging orders than the Tories

The Guardian reports that:

Ministers in Tony Blair's government have issued more official gagging orders than the previous Conservative government, figures show.

The rise in the controversial orders - which keep secret Whitehall documents in court cases - has occurred despite official assurances that their use would be curtailed.

Ministers signed 100 public interest immunity certificates (PIIs) in the five full years since Mr Blair came to power in 1997, compared with 70 under the previous five years of the Tory government.

The figures have been collated from lists of orders obtained during an investigation by the BBC's File on Four programme, which will be broadcast tonight on Radio 4.

Rules introduced in the wake of the arms-to-Iraq affair in the mid-1990s were supposed to reduce the volume of such orders.

While in opposition, Labour made political capital by criticising Conservative ministers for exploiting gagging orders to suppress politically embarrassing evidence. Sir Richard Scott, during his inquiry into the arms-to-Iraq affair, delivered a scathing attack on the abuse of such certificates.

So much for their commitment to freedom of information and open government.