RISKS@SRI-CSL.ARPA (RISKS FORUM, Peter G. Neumann, Coordinator) (03/14/86)
RISKS-LIST: RISKS-FORUM Digest, Friday, 14 Mar 1986 Volume 2 : Issue 26
FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Integrity of the Electoral Process (Mark Jackson)
Ballot Secrecy (Lindsay F. Marshall)
Nuclear waste-land (Jerry Mungle)
Nuclear disasters (Lindsay F. Marshall)
103/212 modems (Ephraim)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious. Diversity is welcome.
(Contributions to RISKS@SRI-CSL.ARPA, Requests to RISKS-Request@SRI-CSL.ARPA.)
(Back issues Vol i Issue j stored in SRI-CSL:<RISKS>RISKS-i.j. Vol 1: MAXj=45)
----------------------------------------------------------------------
Date: 12 Mar 86 11:39:29 EST (Wednesday)
From: MJackson.Wbst@Xerox.COM
Subject: Integrity of the Electoral Process
To: RISKS@SRI-CSL.ARPA
It seems to me that the discussion has strayed from the mark. No balloting
procedure is completely unbreakable. Current systems appear to be
reasonably secure, but this is primarily due to effective vigilance (e.g.
poll watchers from each party). When enough of the "system" falls under the
effective control of a single organization then fraud becomes possible,
hence inevitable (e.g. Chicago under the Machine).
The "risk" involved in computerization of the ballot collection and counting
process is the centralization of much of the process under the control of a
single organization (hardware and software system). The challenge is to
assure that the resulting system is sufficiently distributed and subject to
routine checks so that the potential for fraud is not increased.
Apropos of this, it is not clear to me that the proposal for printing
individual ballot hardcopies addresses what would otherwise be an
*increased* risk. For example, with lever-type voting machines is some
record kept beyond the candidate tallies read out when the polls close?
Mark
[Apparently no individual record is kept -- only the running totals.
Fraud-prevention is largely dependent on the poll watchers. But it
may be relatively easy to vote twice in a large and noisy room if your
machine is facing away from the poll watchers back-to-back with
another machine facing the other way -- unless the system is set up
so that it has to be rearmed manually each time the exit-lever
automatic vote recorder is triggered.
There are always some vulnerabilities, as I noted in RISKS-2.23,
including bribed officials. The recent election in the Philippines
give us another datapoint. PGN]
------------------------------
From: "Lindsay F. Marshall" <ncx%cheviot.newcastle.ac.uk@cs.ucl.ac.uk>
Date: Wed, 12 Mar 86 11:28:38 gmt
To: risks@sri-csl.arpa
Subject: Ballot Secrecy
One of my regular grouses to Clerks at election time is that the Ballot
is not actual secret. They always say "oh yes it is", but when you point out
that each voting slip is stamped with a serial number (when you get the
paper) which is recorded in such a way that it can be traced back to you,
they then say "Oh, but that's in case there is any Ballot Rigging so that
we can backtrack to find multiple votes etc.". The ballot in UK elections
is most definitely not "secret" in the sense that most people assume, though
there is no evidence that anyone is checking out how you voted (yet).
------------------------------
Date: 11 Mar 1986 06:26:43 PST
Subject: Nuclear waste-land
From: Jerry Mungle <JMUNGLE@USC-ISIF.ARPA>
To: RISKS FORUM (Peter G. Neumann, Coordinator) <RISKS@SRI-CSL.ARPA>
Re: Nuclear power plant accidents...
The explosion in the USSR was due to storage of nuclear waste, not a
power plant accident. However, seems I recall there are some low probability
(aren`t they all) accidents which can send a breeder reactor into a low yield
explosion (probably *very* dirty, too).
Two tangental comments - I live near TVA's Browns Ferry reactors. ALL of the
operators failed NRC license tests(!) so BF has been shut down till 80% can
pass. Is there a license for reactor control software, and if not, perhaps
TVA might be a good place to test (worst case operator actions and all that)?
Second, there is a siren to alert the population to a BF accident with a
leak. Nearby is a state prison with an occasional leak. People have
suggested a siren to warn of escapes, but the chance for confusion is high.
Anyone know of a good way to spread an alarm when you have multiple risks??
(ps. smiley face to the TVA test suggestion....)
------------------------------
From: "Lindsay F. Marshall" <ncx%cheviot.newcastle.ac.uk@cs.ucl.ac.uk>
Date: Wed, 12 Mar 86 11:24:01 gmt
To: risks@sri-csl.arpa
Subject: Nuclear disasters
The last line was a joke - the problem with 2000ton reactor vessels dropping
18ft is not explosion but one of contamination. The radiation leakage would
be huge and most of the South of Scotland and North of England would be
affected. If it actually happened Newcastle might just as well have
vanished......
------------------------------
From: ucdavis!lll-crg!seismo!harvard!encore!vaxine!wanginst!wang!ephraim@ucbvax.berkeley.edu
Date: Tue, 11 Mar 86 18:27:52 est
To: ucdavis!risks
Subject: 103/212 modems [Will the messages never cease?]
In RISKS-2.24, Phil Ngai writes:
> This is an often repeated wives tale by people who ought to know better...
As it happens, I can testify that Phil's statement is not correct, or at
least not universally so. On Sunday 3/9, I called the modem line of a friend
using my Applemodem 1200. His modem was not ready, so he answered the call
manually and said "hello" to get my attention. He tells me that my modem
*did* produce carrier when he picked up the phone.
Sorry, Phil.
------------------------------
End of RISKS-FORUM Digest
************************
-------