Agreed. There are numerous known techniques that credit card companies could use that would prevent this type of theft and fraud.
Corporations manage to exchange lots of data without
it being routinely stolen: internal cost analysis, detailed
product analysis, planned bids on oil rights, plans on
how much they will pay for another company, real
estate investment plans, trade secrets on how their
products are built.
The very simple solution to making businesses treat
personal data as valuable is to make it valuable. Establish
a minimum amount as liquidated damages for
leaking someone's credit card (probably on the order of
replacing the account and a nuisance fee) and personal
data like social security number and birthdate (much
higher).
I believe we could trust the free market solution to
work out an efficient solution promptly. Once the
company that lost the data paid for the costs.
The greater vulnerability of Windows, as
compared to MacOS X or Linux, is more the
result of deliberately bad design.
Specifically, Windows makes it very easy
for routine users to install new features
and to have Microsoft applications plug
themselves in all over the place. And
surprise, surprise, that makes it easy
for other people to install software with
the full authority of the machine's owner
without really getting their consent.
Unix, Linux and MacOS X actually steer
the user away from operating with full
privileges. That makes them "less friendly",
but far more secure.
Any OS can be made far more secure
from viruse, spy-ware and trojan horses
by simply making it easy for the
user to determine what is installed, who
needs it (if it is not an end application),
and who installed it. Unix/Linux is clearly
the best on this front, with MacOS X being
almost as good. Windows is way behind.
That is a valid reason for any IT shop
to dump Windows. The valid alternatives
are to a) totally control the software
installed on each machine (not let end
users install software on corporate
machines) or b) design your network
security so that you don't care what
software is on each machine.
Networking Required is exactly the weakness here,
as it was with the original DIVX. The RFID is not
really a real improvement over the original scheme
of "marking" the DVD with some flaws out of the
normal reading range.
I see nothing inherently wrong with DRM schemes,
but they need to learn from iTunes. The market has
shown that a reasonable DRM that does not
interfere with how honest people will want to use the
content they are buying, will not meet with market
resistance.
One of the legitimate things I want to do with a
DVD that I bought legimitately is watch it on my
laptop while I'm on the road. I don't particularly
care to pay the hotel $11.95 so I can have wireless
so i can watch a movie that I own.
And that's just one example of a legitimate
use that is incompatible with network access. Not
providing a complete profile of which movies I
am watching when in perpetuity is another.
So it is your responsibility to make certain
that your computer isn't stolen?
And any fence who bought it with a freshly
wiped drive from someone who wasn't the
registered owner of the device, and bought
it in an alley for cash, is totally
blameless?
It's against the law to knowingly receive stolen
property. Period. That clearly applies here.
There is a legitimate to protect journalists
who receive stolen information that is
legitimately in the public interest
to have revealed. The Pentagon Papers would
be the obvious example.
But the press, whether print or electronics,
should be expected to have at least a good
faith believe that they are exposing something
that is in the public's interest to be disclosed.
Are any of these media companies arguing that
they don't have a right to have trade
secrets?
The material delivered in this case was
clearly confidential, and clearly Apple
was doing nothing wrong in concealing it.
If the press is given blanket immunity
to distribute any and all confidential
information the result will be to keep
information more secret with
corporations. That will make it easier
for unscrupulous executives to cheat
the employees, stockholders and/or the
public in general.
Your reasonsing is challenged by one important piece of data.
On a purely technical basis, cable modems are clearly superior to DSL modems. But nearly anyone who has used both will tell you that they had better service from their DSL provider.
My theory is that DSL customers can more quickly shift to a new provider, while Cable customers only have the option to shift to DSL.
In theory cable modem technologies would allow Cable Internet providers to have phenomenal download rates (easily 14 MBs or more) by simply using the capabilities inherent in HFC plants.
But the only incentive they have is to keep service good enough so that you don't actually shift service. Because changing service away from cable is a major decision it is less of an option.
The net effect, regulation promotes competition in the DSL industry. Not enough, mind you. But even a DSL industry dominated by the wire provider customers do have options. DSL providers cannot ignore that.
It's clearly an overstatement. The most they can claim is that it is immune to any known differential or linear cryptanalysis.
of course that only proves that their PR peson isn't a mathmatician.
This isn't an issue that requires direct oversight.
It requires clear labeling of products so people
know what they are buying.
One set of ISPs offers "Internet Service", by which they
mean access to the web, and then a collection of other
services that they will offer.
And there is nothing wrong with them offering that
service. It is what many, perhaps most, customers want.
The problem is that it is not the "Internet Service" that others want, including most slashdot readers presumably. Which is basically unrestricted access to the Internet with at most a total bandwidth constraint (and protect-the-net restrictions like no forged packets).
If an ISP is clearly labeled as providing "Internet Access" then they could not violate their service guarantees to you to favor their own traffic. If you want to use Vonage, host a server, select your own email provider, or any of a number of things that "power users" find desirable you would look for an "Access Provider".
If you only have a vague idea of what the difference between VoIP and email is, then you probably want a "Service Provider" who will provide you with services and take responsibility for integrating them.
The key problem right now is the ISPs are bluffing at providing open access to the Internet. There is probably a strong case that stealing from the common pool of "best effort" capacity without
explicit disclosure.
But the solution is not to restrict what business Service Providers go into, it's to make sure they clearly label what business they are in.
I agree that this is a well reasoned decision. Both sides were staking out nonsense positions, and the Judge found common
sense inbetween.
Making a distinction between "print" and "web" media would be absurd. It would only mean that all bloggers would have to print ten copies and hand them to be friends to qualify as "print" journalists."
Even more absurd would be a decision that essentially grant immunity anyone claiming to be a journalistic blogger immunity to take part in any and all violations of confidentiality.
All SEC rules could be evaded by simply leaking information through an obscure blog that only your co-conspirators knew about. They'd have to prove that you had planned what you were going to disclose their, which would be next to impossible.
All Non-disclosure Agreements would be useless. Similarly for all privacy restrictions. Could credit agencies just claim to be "journalists" who were "reporting on" your credit to subscribers?
The key distinction is whether the disclosed information is somehting that the recepient could honestly believe would otherwise have been improperly concealed from the public?
Or is this just leaking information that the leaker had no business leaking at all, that it is quite simply theft of intellectual property and/or confidential information?
We need to defend the ability of journalists to accept leaks of information that is being improperly withheld from the public. But it is time to stop allowing journalists to act as fences for stolen information or blatant end-runs around confidentiality requiremetns.
Trade secret leaks are actually minor here. The bigger abuse is prosecutors leaking information that they cannot bring. In these cases the disclosure is not in furtherance of public policy, but in fact directly contrary to it.
The bottom line is that journalistic privilege exists to facilitate release of information that should not have been concealed This is clearly a case where Apple's right to not disclose this information was never in question. The person leaking the information knew it was an improper leak, and the people receiving it knew or should have known.
I fail to see any benefit in protecting this type of "free speech". If this is protected free speech then there can be no confidentiality and no privacy.
Treason has a very specific definition under US Law that is far narrower than the moral usage.
For example, if you could prove that an American president deliberately lied to the public and Congress for the purpose of fraudulently leading them to approve offensive military action against another nation that would be a high crime, a war crime, many different felonies, but it would not be treason.
Clearly it would be against public policy for an employer to fire someone exercising their rights as a citizen to comment on matters of public interest.
But that does not mean they have to allow you to use the fact that you are an employee to abouse their trademark, disclose company secrets, or to violate SEC regulations.
So posing in your work uniform in a manner contrary to the company's advertising, or for that matter for any purpose that the company has not approved of, is clearly a very different matter than you expressing an opinion about an election.
Everyone knows that they are not allowed to call up the Wall Street journal and just give away company secrets (unless it is a revelation of wrongdoing that qualifies as whistle-blowing).
But it seems some people think that a blog is somehow not a public statement, despite the fact that it most deliberately is.
The on-line world can't have it both ways. It can't be "just as real" as print media when it's time to protect anonymous sources, and "really just the same as talking at a party" when you don't want your employer to react to what you posted publically.
The list is horribly tilted towards PC applications.
It does not deal with the important roles of networking, embedded computing or methodology except in token ways.
For example, including Booch as the sole methodologist
is absurd. What about Dijkstra? Wirth? Yourdon? Mellor?
The relational database and thrid normalized form also
seem to be totally overlooked, even though they made
the entire IT industry possible. How about Date?
Then there's networking itself. Where's Jon Postel?
It also favors originators over evolvers. K&R created
a cute little macro-assembler for PDP-11s called "C".
But Plauger had amore to do with its evoluation into
ANSI C, the truly usable portable language with well
documented and defined standard libraries.
The way you really form a list like this is you gather
a much larger list of top software developers, and
fight out who influenced *them*.
That's why I've also had problems with the
RIAA going after downloaders, rathr than
concentrating on those that made the
material available.
For one thing it is next to impossible to
prove intent to defraud when someone
downloads. Their intended use could
qualify as "fair use", or they might not
realize what they are downloading.
Most women wearing certain types of
attire and standing on street corners
are indeed engaging in prostitution,
but that doesn't mean we allow the
police to simply assume they are.
The RIAA and MPAA should have to
follow the same sort of rules, which
means they should concentrate on
those providing the files rather than
on those downloading them.
Particularly with movies, the decision
to offer multiple copyrighted movies
for others to download is hardly something
somebody could do without intent.
Perhaps the RIAA's actions are objectionable
not because they are protecting Intellectual
Property rights, but because they are using
illegal search techniques and shotgun accusation
techniques in a clumbsy attempt to do so.
I for one would have no objection to the MPAA
suing people whom they have determined are
offering copyrighted material for download based
upon public web pages or other public directories.
And where they have actually downloaded enough
of the file to verify that it is indeed the copyrighted
material and not just a matching file name.
You can maintain the structure of the real data
and still mask identifying data when you export
for debugging purposes.
If that fails, you might export the real database.
But that should be rare enough that it is worth
emphasizing to the receiving staff that this is
actual data and to be treated with the utmost
care.
This is obviously a case where someone in-house
failed to treat the data with proper care and simply
counted on a blanket NDA to cover their ass.
I would prefer to trust someone who has enough sense
not to provide confidential data to anyone that has not
been properly trained in its handling.
It is all too likely that the person that "released" the
data had no real understanding of whether the data
was real or what it meant.
This is just plain sloppy procedure. It doesn't matter
if the development staff is in-house, local out-sourced,
or out-sourced to the other side of the world -- they
still don't need the real data in order to develop code.
If this is in response to a specific problem, then the
data needs to be exported in a way that strips identities.
If they don't know how to do that then they haven't
done a proper problem definition, and there are
probably other security holes in the system just
waiting to be stumbled across.
Closing the issue is indeed a valid goal.
However, that is irrelevant when those filing
the patent knew, or should have known,
that there was relevant prior art.
Having a deadline for prior art that
was plausibly unknown to the filer
is a good idea.
But if you don't meet your obligation to
disclose known prior art then you should
have no rights at all. One of the most basic
principles of common law is that you cannot
benefit from an illegal act (at least once
the illegal act is caught).
Their president said the humans had weapons of mass destruction.
More seriously, if two species/races/nations have
no empathy for each other and one side views
conflict as inevitable then that side will attack as
soon as they can.
Why a paper trail is really needed
on
Cringley on E-voting
·
· Score: 4, Interesting
You cannot provide a paper record to the voter,
because it would undermine the ability to vote
anonymously. An employer/union/church/spouse/etc.
could demand it be provided as proof that you voted
correctly, not just that you voted.
When ballots were entirely paper there was a
practice called "chain balloting" where a loyal
party member would take their ballot out
of the polling place and allow their precint captain
to fill it in correctly. The next loyal party member
would then take that ballot in, place it in the box,
and take their ballot back out to the precint captain...
It was an illegal practice
The real reason that a paper trail is needed
is that unlike normal commercial transactions,
a voter must be able to vote when they show up
at the polling place. You can't give them a rain check
1 time in 1000, or even in 1 in 10,000 due to equipment
failure.
If we have a voting system that is dependent on power,
it won't be long before somebody deliberately triggers
a power failure in the portion of the state that was
going to vote the "wrong" way.
Realistically, the value of including the signature would
be to included in a "kind-of-white" list. Your email
filters would be configured to sort mail from unknown
senders with a signature into a different
folder than those without a signature.
If statistical analysis of the text can be omitted for
signed email there might not be a computational
burden. Of course the number of home mahcines
that are CPU bound while reading email is exceedingly
small.
Good point. A lot of "escrow" source code
solutions lack mechanisms to ensure that
the delivered binary was indeed made from
the alleged source code.
And anyone who believes that the escrow
source code will be religiously maintained
on a parallel path with emergency releases
distributed in binary probably spends all
day trying to help strangers from Nigeria
who sent them email requesting help.
There is also the possibility that the attacker
will infiltrate via the compiler itself, inserting
the code in the binary no matter what the
"source code" is. So if you really need to
audit your security, you need to have built
from scratch.
That said, you can have a complete
"build from scratch" solution that you purhcase
and is still subject to proprietary constraints.
Open Source of course gives you all of this
without having to negotiate it. But it is not
the only way to achieve these objectives.
But Homeland Security's focus is on
inter-agency co-operation. The federal
government and the state governments
are indeed distinct entities. That is
even more so when co-operating with
neighbors (Canada, Mexico), or allies
(NATO, etc.).
Slashdot Mirror
Agreed. There are numerous known techniques that credit card companies could use that would prevent this type of theft and fraud.
Corporations manage to exchange lots of data without it being routinely stolen: internal cost analysis, detailed product analysis, planned bids on oil rights, plans on how much they will pay for another company, real estate investment plans, trade secrets on how their products are built.
The very simple solution to making businesses treat personal data as valuable is to make it valuable. Establish a minimum amount as liquidated damages for leaking someone's credit card (probably on the order of replacing the account and a nuisance fee) and personal data like social security number and birthdate (much higher).
I believe we could trust the free market solution to work out an efficient solution promptly. Once the company that lost the data paid for the costs.
And it was quite successful in both cases.
You surely aren't implying that Rexx was the reason for either to be commercial failures?
The Amiga version was particularly successful, on technical merits. It was easy and common to perform custom integrations of multiple applications.
Rexx is very flexible, but not overly flexible (something that can become a nightmare with TCL).
It also does not suffer from bloated statements to accomplish simple things, the way that AppleScript does.
But is it so good that I would use it over a scripting language that a staff already knew? I doubt it.
The greater vulnerability of Windows, as compared to MacOS X or Linux, is more the result of deliberately bad design.
Specifically, Windows makes it very easy for routine users to install new features and to have Microsoft applications plug themselves in all over the place. And surprise, surprise, that makes it easy for other people to install software with the full authority of the machine's owner without really getting their consent.
Unix, Linux and MacOS X actually steer the user away from operating with full privileges. That makes them "less friendly", but far more secure.
Any OS can be made far more secure from viruse, spy-ware and trojan horses by simply making it easy for the user to determine what is installed, who needs it (if it is not an end application), and who installed it. Unix/Linux is clearly the best on this front, with MacOS X being almost as good. Windows is way behind.
That is a valid reason for any IT shop to dump Windows. The valid alternatives are to a) totally control the software installed on each machine (not let end users install software on corporate machines) or b) design your network security so that you don't care what software is on each machine.
Networking Required is exactly the weakness here, as it was with the original DIVX. The RFID is not really a real improvement over the original scheme of "marking" the DVD with some flaws out of the normal reading range.
I see nothing inherently wrong with DRM schemes, but they need to learn from iTunes. The market has shown that a reasonable DRM that does not interfere with how honest people will want to use the content they are buying, will not meet with market resistance.
One of the legitimate things I want to do with a DVD that I bought legimitately is watch it on my laptop while I'm on the road. I don't particularly care to pay the hotel $11.95 so I can have wireless so i can watch a movie that I own.
And that's just one example of a legitimate use that is incompatible with network access. Not providing a complete profile of which movies I am watching when in perpetuity is another.
So it is your responsibility to make certain that your computer isn't stolen?
And any fence who bought it with a freshly wiped drive from someone who wasn't the registered owner of the device, and bought it in an alley for cash, is totally blameless?
It's against the law to knowingly receive stolen property. Period. That clearly applies here.
There is a legitimate to protect journalists who receive stolen information that is legitimately in the public interest to have revealed. The Pentagon Papers would be the obvious example.
But the press, whether print or electronics, should be expected to have at least a good faith believe that they are exposing something that is in the public's interest to be disclosed.
Are any of these media companies arguing that they don't have a right to have trade secrets?
The material delivered in this case was clearly confidential, and clearly Apple was doing nothing wrong in concealing it.
If the press is given blanket immunity to distribute any and all confidential information the result will be to keep information more secret with corporations. That will make it easier for unscrupulous executives to cheat the employees, stockholders and/or the public in general.
So obviously we now just have to wait to hear exactly why SCO thinks it owns the FSF.
Your vehicle would have a unique identifier on it that anyone could read!
Get real. Save the outrage for RFIDs left active on consumer items that the typical consumer does not realize is a form of walking identification,
Your reasonsing is challenged by one important piece of data.
On a purely technical basis, cable modems are clearly superior to DSL modems. But nearly anyone who has used both will tell you that they had better service from their DSL provider.
My theory is that DSL customers can more quickly shift to a new provider, while Cable customers only have the option to shift to DSL.
In theory cable modem technologies would allow Cable Internet providers to have phenomenal download rates (easily 14 MBs or more) by simply using the capabilities inherent in HFC plants. But the only incentive they have is to keep service good enough so that you don't actually shift service. Because changing service away from cable is a major decision it is less of an option.
The net effect, regulation promotes competition in the DSL industry. Not enough, mind you. But even a DSL industry dominated by the wire provider customers do have options. DSL providers cannot ignore that.
It's clearly an overstatement. The most they can claim is that it is immune to any known differential or linear cryptanalysis. of course that only proves that their PR peson isn't a mathmatician.
This isn't an issue that requires direct oversight.
It requires clear labeling of products so people know what they are buying.
One set of ISPs offers "Internet Service", by which they mean access to the web, and then a collection of other services that they will offer.
And there is nothing wrong with them offering that service. It is what many, perhaps most, customers want.
The problem is that it is not the "Internet Service" that others want, including most slashdot readers presumably. Which is basically unrestricted access to the Internet with at most a total bandwidth constraint (and protect-the-net restrictions like no forged packets).
If an ISP is clearly labeled as providing "Internet Access" then they could not violate their service guarantees to you to favor their own traffic. If you want to use Vonage, host a server, select your own email provider, or any of a number of things that "power users" find desirable you would look for an "Access Provider".
If you only have a vague idea of what the difference between VoIP and email is, then you probably want a "Service Provider" who will provide you with services and take responsibility for integrating them.
The key problem right now is the ISPs are bluffing at providing open access to the Internet. There is probably a strong case that stealing from the common pool of "best effort" capacity without explicit disclosure.
But the solution is not to restrict what business Service Providers go into, it's to make sure they clearly label what business they are in.
I agree that this is a well reasoned decision. Both sides were staking out nonsense positions, and the Judge found common sense inbetween.
Making a distinction between "print" and "web" media would be absurd. It would only mean that all bloggers would have to print ten copies and hand them to be friends to qualify as "print" journalists."
Even more absurd would be a decision that essentially grant immunity anyone claiming to be a journalistic blogger immunity to take part in any and all violations of confidentiality.
All SEC rules could be evaded by simply leaking information through an obscure blog that only your co-conspirators knew about. They'd have to prove that you had planned what you were going to disclose their, which would be next to impossible.
All Non-disclosure Agreements would be useless. Similarly for all privacy restrictions. Could credit agencies just claim to be "journalists" who were "reporting on" your credit to subscribers?
The key distinction is whether the disclosed information is somehting that the recepient could honestly believe would otherwise have been improperly concealed from the public? Or is this just leaking information that the leaker had no business leaking at all, that it is quite simply theft of intellectual property and/or confidential information?
We need to defend the ability of journalists to accept leaks of information that is being improperly withheld from the public. But it is time to stop allowing journalists to act as fences for stolen information or blatant end-runs around confidentiality requiremetns.
Trade secret leaks are actually minor here. The bigger abuse is prosecutors leaking information that they cannot bring. In these cases the disclosure is not in furtherance of public policy, but in fact directly contrary to it.
The bottom line is that journalistic privilege exists to facilitate release of information that should not have been concealed This is clearly a case where Apple's right to not disclose this information was never in question. The person leaking the information knew it was an improper leak, and the people receiving it knew or should have known.
I fail to see any benefit in protecting this type of "free speech". If this is protected free speech then there can be no confidentiality and no privacy.
Treason has a very specific definition under US Law that is far narrower than the moral usage.
For example, if you could prove that an American president deliberately lied to the public and Congress for the purpose of fraudulently leading them to approve offensive military action against another nation that would be a high crime, a war crime, many different felonies, but it would not be treason.
Clearly it would be against public policy for an employer to fire someone exercising their rights as a citizen to comment on matters of public interest.
But that does not mean they have to allow you to use the fact that you are an employee to abouse their trademark, disclose company secrets, or to violate SEC regulations.
So posing in your work uniform in a manner contrary to the company's advertising, or for that matter for any purpose that the company has not approved of, is clearly a very different matter than you expressing an opinion about an election.
Everyone knows that they are not allowed to call up the Wall Street journal and just give away company secrets (unless it is a revelation of wrongdoing that qualifies as whistle-blowing). But it seems some people think that a blog is somehow not a public statement, despite the fact that it most deliberately is.
The on-line world can't have it both ways. It can't be "just as real" as print media when it's time to protect anonymous sources, and "really just the same as talking at a party" when you don't want your employer to react to what you posted publically.
The list is horribly tilted towards PC applications.
It does not deal with the important roles of networking, embedded computing or methodology except in token ways.
For example, including Booch as the sole methodologist is absurd. What about Dijkstra? Wirth? Yourdon? Mellor?
The relational database and thrid normalized form also seem to be totally overlooked, even though they made the entire IT industry possible. How about Date?
Then there's networking itself. Where's Jon Postel?
It also favors originators over evolvers. K&R created a cute little macro-assembler for PDP-11s called "C". But Plauger had amore to do with its evoluation into ANSI C, the truly usable portable language with well documented and defined standard libraries.
The way you really form a list like this is you gather a much larger list of top software developers, and fight out who influenced *them*.
That's why I've also had problems with the RIAA going after downloaders, rathr than concentrating on those that made the material available.
For one thing it is next to impossible to prove intent to defraud when someone downloads. Their intended use could qualify as "fair use", or they might not realize what they are downloading.
Most women wearing certain types of attire and standing on street corners are indeed engaging in prostitution, but that doesn't mean we allow the police to simply assume they are. The RIAA and MPAA should have to follow the same sort of rules, which means they should concentrate on those providing the files rather than on those downloading them.
Particularly with movies, the decision to offer multiple copyrighted movies for others to download is hardly something somebody could do without intent.
Just a thought for consideration.
Perhaps the RIAA's actions are objectionable not because they are protecting Intellectual Property rights, but because they are using illegal search techniques and shotgun accusation techniques in a clumbsy attempt to do so.
I for one would have no objection to the MPAA suing people whom they have determined are offering copyrighted material for download based upon public web pages or other public directories. And where they have actually downloaded enough of the file to verify that it is indeed the copyrighted material and not just a matching file name.
You can maintain the structure of the real data and still mask identifying data when you export for debugging purposes.
If that fails, you might export the real database. But that should be rare enough that it is worth emphasizing to the receiving staff that this is actual data and to be treated with the utmost care.
This is obviously a case where someone in-house failed to treat the data with proper care and simply counted on a blanket NDA to cover their ass.
I would prefer to trust someone who has enough sense not to provide confidential data to anyone that has not been properly trained in its handling.
It is all too likely that the person that "released" the data had no real understanding of whether the data was real or what it meant.
This is just plain sloppy procedure. It doesn't matter if the development staff is in-house, local out-sourced, or out-sourced to the other side of the world -- they still don't need the real data in order to develop code.
If this is in response to a specific problem, then the data needs to be exported in a way that strips identities. If they don't know how to do that then they haven't done a proper problem definition, and there are probably other security holes in the system just waiting to be stumbled across.
Closing the issue is indeed a valid goal. However, that is irrelevant when those filing the patent knew, or should have known, that there was relevant prior art.
Having a deadline for prior art that was plausibly unknown to the filer is a good idea.
But if you don't meet your obligation to disclose known prior art then you should have no rights at all. One of the most basic principles of common law is that you cannot benefit from an illegal act (at least once the illegal act is caught).
You could almost interpet this as criticizing Microsoft for not attempting to dominate the dialup market.
Their president said the humans had weapons of mass destruction.
More seriously, if two species/races/nations have no empathy for each other and one side views conflict as inevitable then that side will attack as soon as they can.
You cannot provide a paper record to the voter, because it would undermine the ability to vote anonymously. An employer/union/church/spouse/etc. could demand it be provided as proof that you voted correctly, not just that you voted.
When ballots were entirely paper there was a practice called "chain balloting" where a loyal party member would take their ballot out of the polling place and allow their precint captain to fill it in correctly. The next loyal party member would then take that ballot in, place it in the box, and take their ballot back out to the precint captain...
It was an illegal practice
The real reason that a paper trail is needed is that unlike normal commercial transactions, a voter must be able to vote when they show up at the polling place. You can't give them a rain check 1 time in 1000, or even in 1 in 10,000 due to equipment failure.
If we have a voting system that is dependent on power, it won't be long before somebody deliberately triggers a power failure in the portion of the state that was going to vote the "wrong" way.
Realistically, the value of including the signature would be to included in a "kind-of-white" list. Your email filters would be configured to sort mail from unknown senders with a signature into a different folder than those without a signature.
If statistical analysis of the text can be omitted for signed email there might not be a computational burden. Of course the number of home mahcines that are CPU bound while reading email is exceedingly small.
Good point. A lot of "escrow" source code solutions lack mechanisms to ensure that the delivered binary was indeed made from the alleged source code.
And anyone who believes that the escrow source code will be religiously maintained on a parallel path with emergency releases distributed in binary probably spends all day trying to help strangers from Nigeria who sent them email requesting help.
There is also the possibility that the attacker will infiltrate via the compiler itself, inserting the code in the binary no matter what the "source code" is. So if you really need to audit your security, you need to have built from scratch.
That said, you can have a complete "build from scratch" solution that you purhcase and is still subject to proprietary constraints. Open Source of course gives you all of this without having to negotiate it. But it is not the only way to achieve these objectives.
But Homeland Security's focus is on inter-agency co-operation. The federal government and the state governments are indeed distinct entities. That is even more so when co-operating with neighbors (Canada, Mexico), or allies (NATO, etc.).