Nobody is telling anyone what they can or can't put in an email
Actually, that's exactly what this bill does.
The law makes it illegal to send 'unsolicited commercial email'. Now, if I didn't send it (as you said - you are the one who sent it), what will they lock me up for, and what does having bogus WHOIS information have to do with it?
Actually, the bill makes quite a few things illegal, including registering domain names with false information if those domains are subsequently used in the from: address of UCE.
Do you understand how that relates to joe-jobs and bogus WHOIS information? Do you understand how putting those things together with the domain you registerd using 111 Main Street as your address and nobody@null.net as your email means I can set you up for a vacation in a federally funded resort?
All that matters is the probability is of an individual voter noticing a change, becuase that's the only vote you can dump. Even if you want to invalidate more, what is your threashold for invalidating a whole box, one bad vote, 10 bad votes? How does the judge know the voter is telling the truth when he says his vote was miscounted? If you invalidate an entire machine's votes based on X bad votes, you open yourself up to a DoV attack where voters could go into precincts where their opponent is likely to win and claim the machines printed out the wrong vote.
The special election in lew of a recount doesn't work. You cannot know who's votes were invalidated, so you have to do the whole thing over. How do you make sure all the voters who showed up on election day make it on revote day? How do you adjust for the fact that candidates get extra time to campaign in precincts with corrupted votes?
No. This is very, very, bad. I cannot believe that on/. where mistrusting the government is a tautology anyone would think this is a good idea. Do you realy want the government telling you what you can and can't put in an email? This bill will make it a FEDERAL OFFENSE punishable by _years_ in federal POUND ME IN THE ASS prison for registering domain names with fake contact information of they originate UCE. Has anyone here ever heard of a joe-job? Know all I have to do is make sure I find your domains with bogus WHOIS data (how many people use 111 Main St?) and spoof the from address. Now the FBI comes and takes YOU away.
Sure, the *vast* majority of people won't verify their ballots. But, if I've got a copy of the ballot that I turned in, and I *do* verify it, then I have *proof* of an error instead of just an accusation. Without knowing what ballots will be verified, there is no 'safe' way to falsify ballot information that is publicly viewable. If 1 in 100 check the recorded vote against their copy of the ballot (which they checked before turning in the other copy) you've got a statistically sound sampling of accuracy. If 1 in 10 of those votes doesn't match the corresponding paper ballot, you've got proof of an error in the system.
If 1:100 voters checks his ballot, and you only modify 1:10 ballots then the probability of a voter noticing a change is 1:1,000. So what do you do when the 1,000th voter's ballot doesn't match his vote? You can't invalidate the other 999 votes, that would be unconstitutional. Worst case, you can invalidate that vote and take that machine out of the system. Too bad you've already counted 99 bad votes.
If you did this with 1:10 machines, or even 1:100 that's a lot of bad votes that you can't invalidate. In a close race you could modify 1:100 ballots, and then probablity of detection goes down to 1:10,000. Even if the problem is detected after only 5,000 votes you still can only invalidate the ones you KNOW are bad. In many polling places a single machine won't even be used 1,000 times in a day.
4. Explain how you do this securely. How do you make sure that the judge doesn't wait until the user leaves and changes votes.
9. They would have to count all of the votes. If they are going to count all of the votes then why have the computer tally them in the first place. Remember from step 5 that we know the paper ballot reflects the voters intention. We do not know that the computer tally reflects the voter intention, therefore the paper ballot is the "real" vote. Why do we need the computers at all? Just to fill out the ballots?
What is needed is a voter-verified paper ballot printout that goes into a separate locked ballot box. This way, after voting on the machine the voter can check the ballot to be sure that the voter's choice is correctly recorded.
If the paper ballot is used only as an audit trail then it is completely worthless. The voter has no way of knowing that what is on the paper acurately reflects what is tabulated. The obvious solution to this is that you actually count the paper ballots, but then the machines are just really expensive punch card punchers.
Anyone who thinks that voters are actually going to check their ballots is deluding themselves anyway. The ballots in Florida were NOT confusing, and if people had checked them their would not have been a problem. When you have a reporter ask someone if they are sure who they voted for and the answer is, "No." The problem is with the voters, not the counting.
Where I vote there are clear instructions, and people who will show you how to vote (on a sample ballot) if you can't figure it out yourself. Maybe what we need is to spend some money educating voters instead of building more expensive, more easily corruptable voting apparatus.
The barrier has never been the physical difficulty of executing a warrant, it's the legal hoops to get one. Getting a federal wiretap order is anything but trivial. I don't want the FBI wasting resources installing difficult taps when they already have a warrant.
If you had a clue what you were talking about you would know that this is going to be an extension to 802.1X (Extensible Authentication Protocol) which has nothing whatsoever to do with routers or stateful inspection. With EAP, the supplicant (read computer) is forced to authenticate to the network (read switch) before it is allowed to pass traffic. If the supplicant fails to authenticate, the switch can either disable the port or assign it to a special VLAN.
EAP, PEAP, LEAP, etc. are already in wide use for securing WiFi and corporate LAN's. This will just extend the normal username/password or certificate exchange to include information about what AV/Patches/HIPS is running on the supplicant.
Bugger. I pasted in the wrong link. This is the correct one. Using "per capita" goes without saying.:-)
If you look carefully you'll see that the chart on the link you posted is using 1999 data for the US and 2000 data for the UK. Not really a fair comparison.
Sure. But it's not relevant to my initial point to an western poster (most likely American) who assumed that Nigeria is an unsafe place, a thought likely based somewhat in racism and ignorance.
Nigeria is in fact NOT a safe place. But that wasn't my point. My point was the irony of a Brit using the US as an example of a dangerous place. I know that's what your media tells you, and it's what our media tells us as well. Unfortunately too many people believe it.
I didn't have to try very hard at all, I just had to remember that the US has about 5 times the population of the UK and click the "per capita" link. If you look at the proper statistics, you'll note that while the UK isn't always at the top, you are usually above the US. There are only a couple of categories including rape and murder where the US beats the UK. This accounts for you beating us for total crimes per capita (the other link I posted that you conveniently ignored). I used the assault victim link because the assault link that you posted is comparing rates from two different years. Your murder stat is also misleading, since the difference between the US and the UK may be 23 slots ahead of the US the real difference is only.004% (that's 4 per hundred thousand) while the difference between the UK and the US on assault victims is 1.8%. You also seem to be missing the fact that the crime rate in the UK is rising, while the rate in the US is falling and all of those statistics are 3 years old.
I'm not sure what accounts for the flip flop between assaults and assault victims, but since the statistics are from different years a direct comparison isn't really valid. It's also possible that we have more repeat victims in the US due to gangs and such. What none of the statistics show is that you are more likely to be the victim of a crime (espescially violent crime) if you are a criminal yourself. This is true in te US, and I assume to a certian extent in the UK as well.
No nation bashing, but you brought up how dangerous the US is. Certainly you don't mind if I point out how dangerous your country is?
That's a good one. You obviously didn't spend much time at the site you linked to, because if you did, you'd see that the UK leads the world in assaults and total crimes per capita.
Men have pointed at Antarctica and yet do not own it.
You are wrong. Please read The Antarctic Treaty Make sure you pay attention to Article IV:
1. Nothing contained in the present Treaty shall be interpreted as:
(a) a renunciation by any Contracting Party of previously asserted rights of or claims to territorial sovereignty in Antarctica;
And indeed nations do still claim territory in Antarctica, for example British Antarctic Territory. These claims are frozen by the treaty, but it does not prejudice the claims themselves in any way. Also, the Antarctic treaty is in no way affiliated with the UN.
This is often called Imperialism and is generally frowned upon in civil societies.
I defy you to name a single "civil society" which does not engage in Imperialism.
Isn't DHS under the Executive? Our Constitution deliberately vested the power of the executive in a single individual. This wasn't accidental, and it's the only spot in our federal gov't that such a decision can be made by one person. We have checks and balances within the federal government to prevent a single branch from overreaching, but within the executive branch the President dosen't need to get anyone's permission to do anything.
IPv$oddnumber is reserved for non-public testing of the draft. Sort of like Linux. Things that end in even numbers are acceptible for the general public to use.
Can anyone back that up?
I suspect he just made it up. There was already an IPv5 (in commercial use no less), that's why IPng became IPv6. There are also existing proposals for IPv7 and IPv8. And whether or not IPv6 really is "acceptible for the general public" is still being debated.
Maybe you did? The FTC set up the national Do No Call Registry. This article is about the FCC and has nothing to do with the national registry, regardless of what the/. writeup says.
It doesn't have to be perfect. It just has to be better than the current paper based systems. All of the discusion seems to indicate that so far the computerized systems are MORE open to fraud than the current systems.
I'd also note that obviously vandalized records would lead to people being arrested, and quite possibly to the calling of a revote.
The Commission found that AT&T apparently made telephone solicitation calls to 29
consumers on 78 separate occasions after those consumers had requested that AT&T not call them again. The Commission therefore concluded that AT&T had apparently violated the FCC's company-specific Do-Not-Call rule, section 64.1200(e) of the Commission?s rules.
This is based on the rules that have long been in place that you can request that a company put you on their internal do not call list.
If you alternate through 3 spools of paper at random, or skip back and forth on the paper, there's no way to connect a voter with a vote after the fact.
What if I just walk up after they leave and look?
Thermal isn't really a good option either as it would be trivial to destroy the receipts.
So, you expect that they will allow you to compile the code yourself before you vote? Open source or closed source, it doesn't really matter does it if you don't know what's running on the voting machine.
Slashdot Mirror
You missed one really big detail: If it were possible to positively identify the real source of email, we wouldn't be in this mess.
Nobody is telling anyone what they can or can't put in an email
Actually, that's exactly what this bill does.
The law makes it illegal to send 'unsolicited commercial email'. Now, if I didn't send it (as you said - you are the one who sent it), what will they lock me up for, and what does having bogus WHOIS information have to do with it?
Actually, the bill makes quite a few things illegal, including registering domain names with false information if those domains are subsequently used in the from: address of UCE.
Do you understand how that relates to joe-jobs and bogus WHOIS information? Do you understand how putting those things together with the domain you registerd using 111 Main Street as your address and nobody@null.net as your email means I can set you up for a vacation in a federally funded resort?
All that matters is the probability is of an individual voter noticing a change, becuase that's the only vote you can dump. Even if you want to invalidate more, what is your threashold for invalidating a whole box, one bad vote, 10 bad votes? How does the judge know the voter is telling the truth when he says his vote was miscounted? If you invalidate an entire machine's votes based on X bad votes, you open yourself up to a DoV attack where voters could go into precincts where their opponent is likely to win and claim the machines printed out the wrong vote.
The special election in lew of a recount doesn't work. You cannot know who's votes were invalidated, so you have to do the whole thing over. How do you make sure all the voters who showed up on election day make it on revote day? How do you adjust for the fact that candidates get extra time to campaign in precincts with corrupted votes?
No. This is very, very, bad. I cannot believe that on /. where mistrusting the government is a tautology anyone would think this is a good idea. Do you realy want the government telling you what you can and can't put in an email? This bill will make it a FEDERAL OFFENSE punishable by _years_ in federal POUND ME IN THE ASS prison for registering domain names with fake contact information of they originate UCE. Has anyone here ever heard of a joe-job? Know all I have to do is make sure I find your domains with bogus WHOIS data (how many people use 111 Main St?) and spoof the from address. Now the FBI comes and takes YOU away.
Sure, the *vast* majority of people won't verify their ballots. But, if I've got a copy of the ballot that I turned in, and I *do* verify it, then I have *proof* of an error instead of just an accusation. Without knowing what ballots will be verified, there is no 'safe' way to falsify ballot information that is publicly viewable. If 1 in 100 check the recorded vote against their copy of the ballot (which they checked before turning in the other copy) you've got a statistically sound sampling of accuracy. If 1 in 10 of those votes doesn't match the corresponding paper ballot, you've got proof of an error in the system.
If 1:100 voters checks his ballot, and you only modify 1:10 ballots then the probability of a voter noticing a change is 1:1,000. So what do you do when the 1,000th voter's ballot doesn't match his vote? You can't invalidate the other 999 votes, that would be unconstitutional. Worst case, you can invalidate that vote and take that machine out of the system. Too bad you've already counted 99 bad votes.
If you did this with 1:10 machines, or even 1:100 that's a lot of bad votes that you can't invalidate. In a close race you could modify 1:100 ballots, and then probablity of detection goes down to 1:10,000. Even if the problem is detected after only 5,000 votes you still can only invalidate the ones you KNOW are bad. In many polling places a single machine won't even be used 1,000 times in a day.
4. Explain how you do this securely. How do you make sure that the judge doesn't wait until the user leaves and changes votes.
9. They would have to count all of the votes. If they are going to count all of the votes then why have the computer tally them in the first place. Remember from step 5 that we know the paper ballot reflects the voters intention. We do not know that the computer tally reflects the voter intention, therefore the paper ballot is the "real" vote. Why do we need the computers at all? Just to fill out the ballots?
10b2. Nope, sorry, not an option.
What is needed is a voter-verified paper ballot printout that goes into a separate locked ballot box. This way, after voting on the machine the voter can check the ballot to be sure that the voter's choice is correctly recorded.
If the paper ballot is used only as an audit trail then it is completely worthless. The voter has no way of knowing that what is on the paper acurately reflects what is tabulated. The obvious solution to this is that you actually count the paper ballots, but then the machines are just really expensive punch card punchers.
Anyone who thinks that voters are actually going to check their ballots is deluding themselves anyway. The ballots in Florida were NOT confusing, and if people had checked them their would not have been a problem. When you have a reporter ask someone if they are sure who they voted for and the answer is, "No." The problem is with the voters, not the counting.
Where I vote there are clear instructions, and people who will show you how to vote (on a sample ballot) if you can't figure it out yourself. Maybe what we need is to spend some money educating voters instead of building more expensive, more easily corruptable voting apparatus.
The barrier has never been the physical difficulty of executing a warrant, it's the legal hoops to get one. Getting a federal wiretap order is anything but trivial. I don't want the FBI wasting resources installing difficult taps when they already have a warrant.
If you had a clue what you were talking about you would know that this is going to be an extension to 802.1X (Extensible Authentication Protocol) which has nothing whatsoever to do with routers or stateful inspection. With EAP, the supplicant (read computer) is forced to authenticate to the network (read switch) before it is allowed to pass traffic. If the supplicant fails to authenticate, the switch can either disable the port or assign it to a special VLAN.
EAP, PEAP, LEAP, etc. are already in wide use for securing WiFi and corporate LAN's. This will just extend the normal username/password or certificate exchange to include information about what AV/Patches/HIPS is running on the supplicant.
Bugger. I pasted in the wrong link. This is the correct one. Using "per capita" goes without saying. :-)
If you look carefully you'll see that the chart on the link you posted is using 1999 data for the US and 2000 data for the UK. Not really a fair comparison.
Sure. But it's not relevant to my initial point to an western poster (most likely American) who assumed that Nigeria is an unsafe place, a thought likely based somewhat in racism and ignorance.
Nigeria is in fact NOT a safe place. But that wasn't my point. My point was the irony of a Brit using the US as an example of a dangerous place. I know that's what your media tells you, and it's what our media tells us as well. Unfortunately too many people believe it.
I didn't have to try very hard at all, I just had to remember that the US has about 5 times the population of the UK and click the "per capita" link. If you look at the proper statistics, you'll note that while the UK isn't always at the top, you are usually above the US. There are only a couple of categories including rape and murder where the US beats the UK. This accounts for you beating us for total crimes per capita (the other link I posted that you conveniently ignored). I used the assault victim link because the assault link that you posted is comparing rates from two different years. Your murder stat is also misleading, since the difference between the US and the UK may be 23 slots ahead of the US the real difference is only .004% (that's 4 per hundred thousand) while the difference between the UK and the US on assault victims is 1.8%. You also seem to be missing the fact that the crime rate in the UK is rising, while the rate in the US is falling and all of those statistics are 3 years old.
I'm not sure what accounts for the flip flop between assaults and assault victims, but since the statistics are from different years a direct comparison isn't really valid. It's also possible that we have more repeat victims in the US due to gangs and such. What none of the statistics show is that you are more likely to be the victim of a crime (espescially violent crime) if you are a criminal yourself. This is true in te US, and I assume to a certian extent in the UK as well.
No nation bashing, but you brought up how dangerous the US is. Certainly you don't mind if I point out how dangerous your country is?
That's a good one. You obviously didn't spend much time at the site you linked to, because if you did, you'd see that the UK leads the world in assaults and total crimes per capita.
Now show us the part with Gregory W. Nemitz's signature!
You are wrong. Please read The Antarctic Treaty Make sure you pay attention to Article IV:
And indeed nations do still claim territory in Antarctica, for example British Antarctic Territory. These claims are frozen by the treaty, but it does not prejudice the claims themselves in any way. Also, the Antarctic treaty is in no way affiliated with the UN.
This is often called Imperialism and is generally frowned upon in civil societies.
I defy you to name a single "civil society" which does not engage in Imperialism.
Isn't DHS under the Executive? Our Constitution deliberately vested the power of the executive in a single individual. This wasn't accidental, and it's the only spot in our federal gov't that such a decision can be made by one person. We have checks and balances within the federal government to prevent a single branch from overreaching, but within the executive branch the President dosen't need to get anyone's permission to do anything.
What about this makes you happy?
I suspect he just made it up. There was already an IPv5 (in commercial use no less), that's why IPng became IPv6. There are also existing proposals for IPv7 and IPv8. And whether or not IPv6 really is "acceptible for the general public" is still being debated.
Maybe you just crawled out from under a rock?
/. writeup says.
Maybe you did? The FTC set up the national Do No Call Registry. This article is about the FCC and has nothing to do with the national registry, regardless of what the
It doesn't have to be perfect. It just has to be better than the current paper based systems. All of the discusion seems to indicate that so far the computerized systems are MORE open to fraud than the current systems.
I'd also note that obviously vandalized records would lead to people being arrested, and quite possibly to the calling of a revote.
And how is that better than the current system?
Yes, but when some neutral agency went to pick up the receipts right after voting closed, they'd probably wonder why they weren't there.
They'd be there, they'd just be all black. And where are you going to find a "neutral agency" anywhere on the planet?
This is based on the rules that have long been in place that you can request that a company put you on their internal do not call list.
If you alternate through 3 spools of paper at random, or skip back and forth on the paper, there's no way to connect a voter with a vote after the fact.
What if I just walk up after they leave and look?
Thermal isn't really a good option either as it would be trivial to destroy the receipts.
So, you expect that they will allow you to compile the code yourself before you vote? Open source or closed source, it doesn't really matter does it if you don't know what's running on the voting machine.
In the event of a manual recount, allow any voter to demand to compare his receipt with that in the contingency ballot-box.
And you've destoyed the idea of the anonymous ballot.
So, when you go to vote, how do you know that the compiled code on the machine you are using came from the source you audited?