There's a Starcraft mission where you, playing Terran, get overrun by the Zerg right after you kill off the Protoss. I left one Protoss building standing until I was ready for the Zerg. "Ready" meant that I'd poured all remaining resources into planting siege tanks, bunkers of marines and a few turrets in the area where the Zerg usually attack. I finally knocked over the last Protoss building to win the mission. The story animation -- explaining that Kerrigan was being left at the mercy of the Zerg army -- lasted longer than the Zerg army did. If you didn't do something similar, you haven't played the game properly.
GTA3 had a cheat to make all pedestrians hate (and attack) you wherever possible. It made playing through the game much more of a challenge. There was another cheat to give the pedestrians weapons (including rocket launchers), which made it a bit too difficult for some missions.
And in all GTAs, it was possible to do a substantial number of the boring side-missions before the main story. Getting that 100th hidden package in GTA3 involved some tricky flying, but it had to be done. I still regret that there were 4 unique jumps in Vice City that I couldn't get at the start of the game.
In the Thief games, I liked to stack bodies (of course). I also liked to blackjack every human / kill every monster in an area, and then run around waving my sword for maximum visibility, setting off all the alarms.
"I dearly wish I could get CNN international because CNN U.S.
seems to be intentionally very dumbed down for an American
audience."
Weird. I wish I could get CNN U.S., because CNN international
seems to be intent on projecting an image of calm to the world
rather than exposing the incredible mess that is U.S. election
politics. From way over here in.ie, it seems like any fool
should be able to see that re-electing Bush would be an insane
choice. But clearly many non-foolish Americans disagree, and
I for one would like to know what they're being told that
we're not.
I don't agree that a tech would need a large conspiracy, or a lot of
time, or magic. He/she would need detailed knowledge of how the
machine works, a supply of fresh seals (genuine or counterfeit), and
an excuse to get physical access to the machine. Audit logs can be
suppressed or faked. It doesn't take a long time if you already have
the replacement components ready.
Of course, the mondo approach is to replace the entire machine with a
new one that looks the same and has the same serial number, etc. But I
expect that in any realistic case, it will be cheaper and easier to
replace only some components in the original machine.
I recommend Ross Anderson's Security Engineeringbook to anyone
who thinks that serial-numbered seals are effective protection against
tampering over the long term.
I have an idea. Why not adapt the ballots to the needs of the
humans who cast votes, and design the voting/counting machines to
cope with the ballots? You know, instead of adapting ballots to
the needs of the machines and asking the humans to cope with it?
ACM has a CHI [human-computer interaction] SIG, but voting system
vendors don't seem to have heard the term.
It records the last maintenance dates when the machine was opened
as well as the election day's use, so suspicious patterns of access
have a chance of being detected, and there are presumably people
who will ask why a particular machine was opened three times and
stayed open for 45 minutes when the record show all the maintenance
required was replacing an empty paper roll.
I'm interested in why you think that (a) the computer's printout of its last
maintenance date is necessarily correct, and (b) the maintenance tech didn't
swap an EPROM under cover of doing the official task.
That's the current line from the Irish Government, anyway.
They're hoping the commission which damned the e-voting system
will come to its senses when they complete more tests, and
that they will turn around and give it a big wet seal of approval.
Of course, since they've wasted^H^H^H^H^H^Hinvested over EUR50 million
on the system already, and our country is small enough that this isn't
small change, they're not exactly likely to own up and admit that they're
guilty of misappropriating public funds. At least not until after the
elections this June.
But anyway. My advice is to keep pushing the fact that computer
security experts are united and unequivocal in rejecting e-voting systems
unless they involve a voter-verified paper ballot (also called a
voter-verified audit trail). This is what seemed to have the most effect
in Ireland. Start with the
Association for
Computing Machinery, then
Dr Rebecca Mercuri,
then Bruce
Schneier, and so on...
It only takes a swing of 1-2 votes (not percent) in many cases, to
affect the outcome of an election. Ireland's constitution requires
a single-transferable vote procedure (and proud of it), but the
current rules follow the ancient Hare process, which introduces an
embarrassing amount of randomness to the counting process (and I
do mean randomness).
A better system would be Newland-Britain, or Meek, or even Warren (q.v.).
What I'm really getting at is that what Ireland needs is electronic counting,
not necessarily electronic vote-recording.
The system proposed for use in Ireland and dismissed by the
Commission's report today is the Nedap/Powervote system, variants
of which are used in the Netherlands and parts of Germany. It's a
kiosk-based DRE system which uses glorified memory sticks to store
ballot records. It was developed in apparent ignorance of the
voter-verification requirement.
Because the developers used the waterfall method, and didn't find out about
the audit requirement until customer acceptance testing, they baulked at
the idea of going back to the drawing board, and instead bolted on a useless
printout-of-ballot-module-contents facility, and called it an audit trail.
Their salesmen are very good, and the Irish Government agreed
to buy the system (total cost over 40 million euros) at the height
of the Florida debacle in late 2000. Since then there have been
reports, objections, and all manner of outcry from IT professionals
in Ireland. Even the entire Opposition (elected politicians not
belonging to the ruling coalition) opposed the system. The Government
maintained a constant mantra: the system is accurate, the system
is thoroughly tested, you're all a bunch of Luddites for thinking
differently. Eventually the Irish Computer Society joined in, and the
Minister promptly accused
them of being a front for the anti-globalisation movement.
The writing then being on the wall, the Government then appointed an
independent Commission to examine the system and its testing, hoping for
a graceful way out of the political corner. The Commission's report,
however, is rather more damning than they hoped. In my personal opinion,
this has more than a little to do with the fact that noted software
expert David Parnas assisted the Commission, and he's a good deal more
methodical and careful than Nedap/Powervote seem to have been.
Like, if voters carried their voting records around all the time, then if someone was really whining about how the government never listens to us, we could all whip out our voting records and say "let's see yours."
Plus, when you fill up your card with ten voting stamps, you qualify for a free extra vote.
What a great idea.
Also, why not allow the posting of comments about each
ad, much like the comments to the/. polls?
How terrified would advertisers be by the possibility
of public criticism (taste, truth, value for money, quality,
competition) of their ads being readily available to the
ad's audience?
I think a mandatory ID is a fine idea. It
won't hinder terrorists, but it would deter
crime (especially electoral fraud[1]).
ID cards, on the other hand, are
an expensive collection of risks. Between
forgery, card loss, private-sector abuse,
privacy, and administration cost, ID card
schemes have a lot to overcome before they
could be considered worthwhile.
So here's my idea:
Construct N databases around the
country for holding information about
people. One database per county should be fine. Every person is in exactly one
database (except unregistered births and
illegal aliens).
Each person must memorize some information
identifying their database (i.e. county name
for residents, INS for others) and some
information identifying them within the
database (i.e. full name, with ad-hoc
discriminants for duplicates).
Each department of government is
specifically prohibited from collecting,
aggregating, indexing or caching any
information held in any such database other
than its own. (This is intended to hinder
government abuse of the data, but citizen
vigilance is still necessary.)
Common procedures for handling access
requests and data requirements may be
dictated by a central administration, but
each database controller must be allowed to set its own implementation requirements.[2]
Every access to any database is
authenticated and logged with the accessor's
identity and the purpose of the access
(e.g. traffic stop, airport security).
Every purpose stated for access must come
from a list of purposes approved by the
legislature.
New criminal offenses: improper access to
a database; access to database by fraud;
use of data for unauthorized purposes;
failure to secure database against improper
access; and refusing to identify yourself to
a court[3].
In other words, use an online database
system instead of cards. Identity checking
is done by asking for name and county of
registration, retrieving the named person's
photo from the named database, and comparing
the photo to the real person. No forgery,
no card loss, no card printing costs. Plus,
the time it takes to check one person's
identity will discourage mass surveillance.
Distributing the databases reduces the risk
of compromised access, and prevents the
enumeration of undesirables by a central
repressive government.
Well, that's my idea. I repeat that it
would be foolish to believe that this (or
any other) ID scheme would have prevented
the 2001-09-11 terrorist attack.
[1] If you think the WTC atrocity was an attack on democracy, imagine the public
reaction to an attack on polling centres
during a national election.
[2] This is to prevent a central
government from secretly aggregating the
databases by specifying insecure
implementations under the guise of
standardisation.
[3] You can refuse to identify
yourself to the police, but they can drag
you into court if they can claim probable
cause to believe that you're an illegal
alien; at least the court's supervision
will help protect your rights.
The word "fatwa" is another popularly-misunderstood word;
apparently it means "legal opinion" (such as one from a
barrister or other authoritative figure). I wouldn't have
known this except for a fascinating Dimbleby program
shown on ITV (British TV).
I don't agree with the idea that the words have legitimately changed their meanings
through Western misunderstanding, any more than the idea
that meaning of "hacker" has changed through media
misunderstanding.</karmawhore>
Suppose you return some software to a store
because you didn't want to accept the license
terms (for whatever reason).
The store will refuse to give you a refund,
because there's nothing defective about the
product, and for all they know, you
just dd'd a copy for piracy purposes.
What can you do?
Use the software that you paid for, free of
licensing restrictions?
Or do you have to pursue the
{store,software-house} through the courts?
I believe that this is an important part
of the so-called duress that (according to
another poster) software licensees suffer.
Remember the tough experience of those who
tried to get a Windows refund!
There are
no ways to stop low
bandwidth information transfer.
This point isn't emphasized enough. The most
a surveillance state could do is try to keep a
list of all known cryptographic and steganographic
methods, automatically scan for them, and punish
anyone caught using an unlisted method.
But while Security requires a significant
investment, Obscurity is almost free.
Ad-hoc steganographic methods are easy to
devise (several/.ers have done so) and
impossible to detect computably.
Terrorists and other organized criminals
are highly likely to use them in addition
to traditional cryptography.
Conventional intelligence methods may
reveal the ad-hoc steganographic methods
given enough time, but it would be naive to
expect that a group of terrorists planning
a one-off attack would fail to agree a
brand-new method just for the attack in
question.
Widespread surveillance is unlikely to
help catch or detect them, and will only
aid the prosecution of inept terrorists,
unsophisticated criminals, and politically
disfavoured civilians.
Suppose the machine were to record a vote on your
magnetic card contrary to the way you instructed
it (i.e. you vote for party A and it secretly
records a vote for party B). How could you tell
that this had happened?
Suppose a terrorist
group claimed that they had replaced the voting
machines with trojans? How could you prove them
to be lying?
I can't help but think of new ways to hack an
election using electronic voting. My current
favourite is a video-cable dongle which swaps two
rectangles on the screen. How this might help one
candidate to illicitly obtain votes intended for
another is left as an exercise for the reader.
I'm all for computer-assisted vote counting,
but taking out the physical audit trail is reckless.
There's no way to know whether the voting machine
you're using will actually record your vote correctly.
The whole Florida episode led to plenty of allegations
of voting fraud; adding computer-mediated voting
would make those allegations impossible to disprove
and impossible to prove. Public confidence in the
integrity of the vote would suffer, and democratic
stability would suffer with it.
Bruce Schneier wrote an
article on electronic voting, which election
administrators should be urged to read before they
consider adopting any such system (whether GNU/Linux
or otherwise).
Ireland (my home) has started trying to get in
electronic voting as well. I'm trying to stop it,
but the reaction I've got from the legislators I've
talked to is that since it isn't on the network,
and the machines are locked away somewhere except
during election times, what could be the risk?
I am not convinced that no-one would dare tamper with them.
Eventually, someone will, if they can get away
with it. And they can.
Slashdot Mirror
There's a Starcraft mission where you, playing Terran, get overrun by the Zerg right after you kill off the Protoss. I left one Protoss building standing until I was ready for the Zerg. "Ready" meant that I'd poured all remaining resources into planting siege tanks, bunkers of marines and a few turrets in the area where the Zerg usually attack. I finally knocked over the last Protoss building to win the mission. The story animation -- explaining that Kerrigan was being left at the mercy of the Zerg army -- lasted longer than the Zerg army did. If you didn't do something similar, you haven't played the game properly.
GTA3 had a cheat to make all pedestrians hate (and attack) you wherever possible. It made playing through the game much more of a challenge. There was another cheat to give the pedestrians weapons (including rocket launchers), which made it a bit too difficult for some missions.
And in all GTAs, it was possible to do a substantial number of the boring side-missions before the main story. Getting that 100th hidden package in GTA3 involved some tricky flying, but it had to be done. I still regret that there were 4 unique jumps in Vice City that I couldn't get at the start of the game.
In the Thief games, I liked to stack bodies (of course). I also liked to blackjack every human / kill every monster in an area, and then run around waving my sword for maximum visibility, setting off all the alarms.
Now I feel like I've shared too much.
"I dearly wish I could get CNN international because CNN U.S. seems to be intentionally very dumbed down for an American audience."
Weird. I wish I could get CNN U.S., because CNN international seems to be intent on projecting an image of calm to the world rather than exposing the incredible mess that is U.S. election politics. From way over here in .ie, it seems like any fool
should be able to see that re-electing Bush would be an insane
choice. But clearly many non-foolish Americans disagree, and
I for one would like to know what they're being told that
we're not.
--Adrian.
Yes! The sub-orbital anvil launcher from X-Industries will be a reality!
I don't agree that a tech would need a large conspiracy, or a lot of time, or magic. He/she would need detailed knowledge of how the machine works, a supply of fresh seals (genuine or counterfeit), and an excuse to get physical access to the machine. Audit logs can be suppressed or faked. It doesn't take a long time if you already have the replacement components ready.
Of course, the mondo approach is to replace the entire machine with a new one that looks the same and has the same serial number, etc. But I expect that in any realistic case, it will be cheaper and easier to replace only some components in the original machine.
I recommend Ross Anderson's Security Engineering book to anyone who thinks that serial-numbered seals are effective protection against tampering over the long term.
I have an idea. Why not adapt the ballots to the needs of the humans who cast votes, and design the voting/counting machines to cope with the ballots? You know, instead of adapting ballots to the needs of the machines and asking the humans to cope with it? ACM has a CHI [human-computer interaction] SIG, but voting system vendors don't seem to have heard the term.
That would be (Y PHP) Hypertext Preprocessor.
#t
I'm interested in why you think that (a) the computer's printout of its last maintenance date is necessarily correct, and (b) the maintenance tech didn't swap an EPROM under cover of doing the official task.
That's the current line from the Irish Government, anyway. They're hoping the commission which damned the e-voting system will come to its senses when they complete more tests, and that they will turn around and give it a big wet seal of approval.
Of course, since they've wasted^H^H^H^H^H^Hinvested over EUR50 million on the system already, and our country is small enough that this isn't small change, they're not exactly likely to own up and admit that they're guilty of misappropriating public funds. At least not until after the elections this June.
But anyway. My advice is to keep pushing the fact that computer security experts are united and unequivocal in rejecting e-voting systems unless they involve a voter-verified paper ballot (also called a voter-verified audit trail). This is what seemed to have the most effect in Ireland. Start with the Association for Computing Machinery, then Dr Rebecca Mercuri, then Bruce Schneier, and so on...
--Adrian.
It only takes a swing of 1-2 votes (not percent) in many cases, to affect the outcome of an election. Ireland's constitution requires a single-transferable vote procedure (and proud of it), but the current rules follow the ancient Hare process, which introduces an embarrassing amount of randomness to the counting process (and I do mean randomness).
A better system would be Newland-Britain, or Meek, or even Warren (q.v.). What I'm really getting at is that what Ireland needs is electronic counting, not necessarily electronic vote-recording.
--Adrian.
Usually we just say "HOW DID THAT GOBSHITE GET ELECTED?"
The system proposed for use in Ireland and dismissed by the Commission's report today is the Nedap/Powervote system, variants of which are used in the Netherlands and parts of Germany. It's a kiosk-based DRE system which uses glorified memory sticks to store ballot records. It was developed in apparent ignorance of the voter-verification requirement.
Because the developers used the waterfall method, and didn't find out about the audit requirement until customer acceptance testing, they baulked at the idea of going back to the drawing board, and instead bolted on a useless printout-of-ballot-module-contents facility, and called it an audit trail.
Their salesmen are very good, and the Irish Government agreed to buy the system (total cost over 40 million euros) at the height of the Florida debacle in late 2000. Since then there have been reports, objections, and all manner of outcry from IT professionals in Ireland. Even the entire Opposition (elected politicians not belonging to the ruling coalition) opposed the system. The Government maintained a constant mantra: the system is accurate, the system is thoroughly tested, you're all a bunch of Luddites for thinking differently. Eventually the Irish Computer Society joined in, and the Minister promptly accused them of being a front for the anti-globalisation movement.
The writing then being on the wall, the Government then appointed an independent Commission to examine the system and its testing, hoping for a graceful way out of the political corner. The Commission's report, however, is rather more damning than they hoped. In my personal opinion, this has more than a little to do with the fact that noted software expert David Parnas assisted the Commission, and he's a good deal more methodical and careful than Nedap/Powervote seem to have been.
--Adrian.
Hmm, I think Jack has just hit on the magic formula to boost turnout. Now we just need a technology to clean the voting machines between "uses".
I'm not sure anyone would be willing to wave an RFID field over a suspect package, in case it contains a bomb and an RFID-tag trigger.
Tagging boarding passes might be more useful, to track down distrait passengers whose absence is delaying the flight.
--adrian.Plus, when you fill up your card with ten voting stamps, you qualify for a free extra vote.
What a great idea. Also, why not allow the posting of comments about each ad, much like the comments to the /. polls?
How terrified would advertisers be by the possibility of public criticism (taste, truth, value for money, quality, competition) of their ads being readily available to the ad's audience?
I think a mandatory ID is a fine idea. It won't hinder terrorists, but it would deter crime (especially electoral fraud[1]).
ID cards, on the other hand, are an expensive collection of risks. Between forgery, card loss, private-sector abuse, privacy, and administration cost, ID card schemes have a lot to overcome before they could be considered worthwhile.
So here's my idea:
In other words, use an online database system instead of cards. Identity checking is done by asking for name and county of registration, retrieving the named person's photo from the named database, and comparing the photo to the real person. No forgery, no card loss, no card printing costs. Plus, the time it takes to check one person's identity will discourage mass surveillance. Distributing the databases reduces the risk of compromised access, and prevents the enumeration of undesirables by a central repressive government.
Well, that's my idea. I repeat that it would be foolish to believe that this (or any other) ID scheme would have prevented the 2001-09-11 terrorist attack.
[1] If you think the WTC atrocity was an attack on democracy, imagine the public reaction to an attack on polling centres during a national election.
[2] This is to prevent a central government from secretly aggregating the databases by specifying insecure implementations under the guise of standardisation.
[3] You can refuse to identify yourself to the police, but they can drag you into court if they can claim probable cause to believe that you're an illegal alien; at least the court's supervision will help protect your rights.
The word "fatwa" is another popularly-misunderstood word; apparently it means "legal opinion" (such as one from a barrister or other authoritative figure). I wouldn't have known this except for a fascinating Dimbleby program shown on ITV (British TV).
I don't agree with the idea that the words have legitimately changed their meanings through Western misunderstanding, any more than the idea that meaning of "hacker" has changed through media misunderstanding.</karmawhore>
Suppose you return some software to a store because you didn't want to accept the license terms (for whatever reason). The store will refuse to give you a refund, because there's nothing defective about the product, and for all they know, you just dd'd a copy for piracy purposes.
What can you do? Use the software that you paid for, free of licensing restrictions?
Or do you have to pursue the {store,software-house} through the courts?
I believe that this is an important part of the so-called duress that (according to another poster) software licensees suffer. Remember the tough experience of those who tried to get a Windows refund!
Most factors in the WTC atrocity are things which the general public accept because everyone understands their usefulness (planes, knives, etc.).
Cryptography is something whose benefits to civilization aren't so clearly understood, so it's an easy target to blame.
This point isn't emphasized enough. The most a surveillance state could do is try to keep a list of all known cryptographic and steganographic methods, automatically scan for them, and punish anyone caught using an unlisted method.
But while Security requires a significant investment, Obscurity is almost free. Ad-hoc steganographic methods are easy to devise (several /.ers have done so) and
impossible to detect computably.
Terrorists and other organized criminals
are highly likely to use them in addition
to traditional cryptography.
Conventional intelligence methods may reveal the ad-hoc steganographic methods given enough time, but it would be naive to expect that a group of terrorists planning a one-off attack would fail to agree a brand-new method just for the attack in question.
Widespread surveillance is unlikely to help catch or detect them, and will only aid the prosecution of inept terrorists, unsophisticated criminals, and politically disfavoured civilians.
Suppose a terrorist group claimed that they had replaced the voting machines with trojans? How could you prove them to be lying?
I'm all for computer-assisted vote counting, but taking out the physical audit trail is reckless. There's no way to know whether the voting machine you're using will actually record your vote correctly. The whole Florida episode led to plenty of allegations of voting fraud; adding computer-mediated voting would make those allegations impossible to disprove and impossible to prove. Public confidence in the integrity of the vote would suffer, and democratic stability would suffer with it.
Bruce Schneier wrote an article on electronic voting, which election administrators should be urged to read before they consider adopting any such system (whether GNU/Linux or otherwise).
Ireland (my home) has started trying to get in electronic voting as well. I'm trying to stop it, but the reaction I've got from the legislators I've talked to is that since it isn't on the network, and the machines are locked away somewhere except during election times, what could be the risk? I am not convinced that no-one would dare tamper with them. Eventually, someone will, if they can get away with it. And they can.