[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips October 7, 2003
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;, BDean@xxxxxxx;, mguitonxlt@xxxxxxxxxxx;
- Subject: Clips October 7, 2003
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Tue, 07 Oct 2003 13:23:23 -0400
Clips October 7,
2003
ARTICLES
How Busy? Registrar Already Counting
Time to Recall E-Vote Machines?
Election Chief Is Ready, Wary
DISA reorganizes IT staff around net-centric programs
Ex-ViewSonic employee pleads guilty to hack
Measuring the impact of IT management reforms
Pentagon moves on massive HR system -- slowly
*******************************
Los Angeles Times
How Busy? Registrar Already Counting
Recall challenges include an expected high turnout, fewer polling places
and a different voting system.
By Stuart Pfeifer and Mike Anton
October 5, 2003
The recall campaign isn't over, but some votes are already being
counted.
In a warehouse at the Orange County registrar's office Saturday, dozens
of workers and volunteers sliced open absentee ballots, checked
signatures and fed them through scanners, hoping to get a jump on
Tuesday's election. Meanwhile, hundreds of voters streamed in through the
day to cast ballots early.
"Anything we can do to relieve pressure on the polling places on
Tuesday is a good thing," said interim Registrar Steve
Rodermund.
The recall election has presented a host of challenges for Rodermund's
office.
First, election officials expect turnout near that of the November 2000
presidential election, in which 73% of the county's registered voters
cast ballots.
Also, officials will count ballots with a system the county has never
used before. Voters will cast ballots with pen and paper, marking small
rectangles beside their choices. Those ballots will be counted by optical
scanners.
Officials said they chose the pen-and-paper ballots because the recall
election's condensed schedule left insufficient time to inform voters
about a newly purchased electronic voting system. The pen-and-paper
system will be accurate, Rodermund said, but counting the ballots will
take longer. Officials don't expect to finish counting until midmorning
Wednesday.
The abbreviated campaign also didn't allow enough time to set up as many
polling places. Just 476 polling places will be open Tuesday, compared
with more than 1,700 for the November 2002 election.
Voters can find their polling place address on their sample ballots, on
the registrar Web site,
http://www.oc.ca.gov/election
, or by calling the registrar's office at (714) 567-7600.
"As long as everyone understands that we are doing this in a very constrained time frame, it will go pretty well," Rodermund said.
Officials got a head start by processing absentee ballots in the past several days. By Saturday, 208,000 absentee ballots had been received, and Rodermund said all that arrive through Monday morning will be included in the vote count Tuesday night.
Other voters drove to the registrar's Santa Ana office and cast ballots in person. The office, at Grand and McFadden avenues, was open for seven hours Saturday and will be open from 8 a.m. to 2 p.m. today.
Oryden Gould, 52, of Orange voted in person Saturday but wouldn't say for whom.
"It's not just the governor all the politicians are responsible for the mess the budget's in," she said. "If I had my druthers, I'd impeach them all."
*******************************
Wired News
Time to Recall E-Vote Machines?
By Kim Zetter
As Californians head to the polls on Tuesday, voters in at least one county will cast their ballots electronically on machines that have been shown to be flawed.
Election officials around the country have been switching to new computerized polling machines with the hope of avoiding a repeat of the Florida debacle over punch-card voting that marred the 2000 presidential election.
But a training session for poll workers in Alameda County suggests problems other than hanging chads could surface this time around.
Alameda County uses 4,000 touch-screen voting machines manufactured by Diebold Election Systems. But last month, officials in Maryland released a report saying that the Diebold machines were "at high risk of compromise" due to security flaws in the software. Despite this, officials in Alameda County said their policies and procedures for using the machines will secure them against voting fraud.
However, information obtained by Wired News at a training session for Alameda County poll workers indicates that security lapses in the use of the equipment and poor worker training could expose the election to serious tampering.
Voting-machine experts say the lapses could allow a poll worker or an outsider to change votes in machines without being detected. And because other problems inherent in the software won?t be fixed before the recall, experts say sophisticated intruders can intercept and change vote tallies as officials transmit them electronically.
The training session revealed the following:
Officials leave voting machines at polling stations days before the election. The machines contain memory cards with ballots already loaded on them. This means before the election, someone could alter the ballot file in such a way that voters would cast votes for the wrong candidate without knowing it.
The memory card rests behind a locked door on the side of the voting machine. But supervisors receive a key to the compartment the weekend before the election. The same key fits every machine at a polling station.
Poll supervisors are selected with no background checks and are given keys to buildings where they can access the machines several days before the election.
The machines, worth around $3,000 each, are locked on a trolley at polling stations with only a bicycle lock. The combination, which anyone could crack in a couple of tries, is the same for every polling station in the county and is given to poll supervisors during their training.
Although the machines have two blue tamper-resistant ties threaded through holes in their carrying cases, the ties can easily be purchased on the Internet. Supervisors open at least one case the night before the election to charge the machine inside, which means the case remains unsealed overnight.
While leaving equipment unattended overnight might be fine if the county were using punch-card machines, experts say electronic machines raise the security risks tenfold because minor changes to the machines can result in changes to millions of votes.
David Dill, a computer science professor at Stanford University and critic of electronic voting machines that don't provide a verifiable paper trail, calls the information about the county's security "jaw-dropping."
"The Maryland study emphasizes page after page how essential physical security is to these machines. And yet people here are saying they're not worrying about it. We don't know everything there is to know about these machines and there are probably attacks to these machines that people haven't even thought of yet. It's very clear that there are serious problems here."
Alameda County, a Democratic stronghold that includes the cities of Berkeley and Oakland, converted to all-electronic voting last year at a cost of more than $12 million. In addition to Alameda, one other small county will be using 200 of the Diebold AccuVote-TS machines in the recall. Two other counties will use touch-screen machines from another manufacturer.
But three weeks ago, a report (PDF) commissioned by the state of Maryland found that flaws in the software could open an election to rigging.
While Alameda County couldn't fix problems with the software before the recall, Elaine Ginnold, the county's assistant registrar of voters, said after the report was released that the procedures for using the machines would protect the systems from tampering.
Those procedures did not appear to be in place last week.
The county has no plans to place tamper-resistant tape over memory card compartments on the machines, a step that authors of the Maryland report recommended. Therefore, anyone with access to the machines can pick the lock on the compartment or open it with a key.
Furthermore, security around passwords was lax. The password for the card used to close down a machine at the end of an election is printed in Diebold manuals, which workers keep in their homes over the election weekend. The password is the same easy-to-guess number that opens combination locks securing machines at polling stations.
"We have to have something that's easy for poll workers to remember," Ginnold said.
The training session for about 30 poll workers, held in an Oakland warehouse, lasted two-and-a-half hours. In a 20-minute, hands-on phase, workers practiced setting up machines, voting on them and shutting them down. But most of the workers didn?t have time to complete the sequence. Tom Wilson, a poll supervisor who attended the training, said he signed up to work in the polls because of problems in the last presidential race.
"I was appalled by what happened in Florida," he said. "I wanted to make sure that this time all votes would get counted."
But Wilson was concerned he did not have enough hands-on training with the machines to serve voters effectively.
"There was a lot of information, and I didn't get it all,? he said. ?Maybe my mind was wandering a bit."
He added, "I feel reasonably confident about myself, but not necessarily confident about every other supervisor. Given the level of training, there's still a lot of room for human error. But it does seem better than dangling chads."
That remains to be seen.
The way the election works is fairly simple. On election morning, supervisors print a vote tally from each machine to make sure that all the tallies are zero.
After a voter signs a roster, the supervisor slips a voter card into a voter card encoder, or VCE, a gadget slightly bigger and thicker than a credit card that enables the card for voting.
The voter inserts the card into a smartcard reader on the side of the machine. And once the ballot is cast, the machine disables the card and ejects it. The supervisor collects the card from the voter and slips it into the VCE to make it ready for the next voter.
At the end of the day, the supervisor inserts the supervisor card into the smartcard reader, enters the password and prints a receipt containing a sum of votes on the machine, which are checked against the number of voters signed in.
The supervisor removes the memory cards from the locked compartments and places them with the tally receipts in a plastic pouch, secured with a tamper-resistant tie. The pouch is hand-carried to a collection center, where the data is uploaded and sent electronically to the county courthouse.
But while the election process is very simple for the voter, poll workers have to remember a lot of details. This opens the way for things to go wrong.
At last week?s training session, the instructor repeatedly reminded workers to read all the directions before starting. However, none of them appeared to do so.
At least two groups mistook the supervisor card for the voter card and inserted the wrong one into the VCE, disabling the device. To address this problem, supervisors receive two VCEs on election day.
After last year's election, a number of supervisors failed to remove memory cards from the machines containing the votes.
Sandy Creque, registration division chief for the county, told a journalist that the cards were safe because they were still locked inside their machines.
?We were out picking them up all night long. Workers had to physically go to these sites to get them out of the machine," Creque said. The last cards were collected early morning the day after the election.
Any registered voter can become a poll worker or election supervisor. Wilson completed an application online. "They contacted me and said, ?Hey, how would you like to be an inspector?? I said fine. I wasn't really sure what that was," he said.
An inspector, or supervisor, manages the polling station. The others three workers at a station are called judges or clerks. The titles are misleading, though, because nothing distinguishes a supervisor from judges or clerks except two hours of training. Supervisors are required to train, while judges and clerks are not.
Although poll workers do not undergo background checks, Ginnold says she doesn't worry about the possibility that one will tamper with machines.
"The election process is mainly based on trust,? Ginnold said. ?We trust that poll workers are not going to be tampering with them.
"We feel the machines are pretty secure because in order to do anything with them, other than break them up with a hammer, you have to have a key to get into that memory card compartment."
The fact that supervisors do have a key to the memory-card compartment, didn't seem to worry her either. "Because what can somebody do with the machines?" she asked.
According to Adam Stubblefield, probably a lot.
Stubblefield, along with colleagues at Johns Hopkins and Rice universities, authored a report in July (PDF) that first detailed flaws in the Diebold software.
Stubblefield said Sunday that anyone with access to the memory card before an election could change the ballot definition file stored on the card so that voters cast votes for the wrong candidates. The only equipment the person would need is a laptop.
On a ballot, candidate names are listed numerically with, say, "1" next to Gary Coleman's name and "2" next to Arnold Schwarzenegger. In the ballot definition file, programmers define what those numbers mean so when a voter touches a box next to 1 on the screen, the vote gets tallied for Gary Coleman.
If someone changes the definition file to make 1 mean Schwarzenegger, the voter will see Coleman as number 1 on the ballot, but the machine will record the vote for Schwarzenegger. The voter would never know it's happening.
"In the version of the software that we saw, the protection on that file was woefully inadequate, so altering it would be easy," Stubblefield said.
One way to determine that a change was made would be to check the definition file after the election.
"But there's no reason why they would do that," Stubblefield said.
Another way would be to compare the printout of votes on the machine receipts at the end of the election with vote tallies at the courthouse. Although changing the ballot definition file changes votes in the memory card, Stubblefield says voters' real votes will register on the receipt. But he says it's unlikely officials will check 4,000 receipts, unless someone challenges the results. County officials were unavailable to confirm this.
The version of the software seen by Johns Hopkins/Rice researchers has been a point of contention with Diebold since researchers first obtained source code from an unprotected FTP server belonging to the company.
Diebold claims researchers saw an old version that hasn't been used in any elections. But the version written on the outside of Diebold cases in the Alameda warehouse was 4.3.1.1. The version viewed by researchers was 4.3 simulator code.
Stubblefield said software versions are only radically different if the first and second numbers are different. If the county used a version numbered 5.3, for instance, the software would differ greatly from the version researchers saw. But 4.3 compared to 4.3, Stubblefield said, tells him the code they saw is essentially the code on Alameda County's machines.
Judging by what he knows of the code, Stubblefield said another security problem arises for Alameda County during the vote transmission process.
Ginnold said data goes through a secure line that "connects a router and switch" to the courthouse through two firewalls.
Stubblefield said this probably means the county is using a leased, dedicated T1 or ISDN line that connects voting centers to the courthouse without going through the Internet. Sending data this way does provide some security, except that Ginnold says the data isn't encrypted.
Dan Wallach, a co-author of the Johns Hopkins report, said unencrypted data is open to attack.
"If someone can reprogram the phone switches, which is not impossible to do, then they can intercept the data,? Wallach said. ?If they're less sophisticated, then all they have to do is tap the phone line. This isn't hard to do. They just have to climb a telephone poll or go down a manhole and put alligator clips on the wire."
Then the intruder can intercept votes en route to the courthouse, change them with a prewritten program, and send them on their way. All the information needed to do this, Stubblefield says, is in the source code that was exposed on Diebold's FTP site.
"This is all the more embarrassing because modern cryptography technology completely eliminates the need to worry about this threat," Wallach said. "Yet Diebold is not using it at all."
Diebold did not respond to repeated calls for comment.
Alameda County does have one safeguard to determine if votes were intercepted in transit. Votes on machines are written to a memory chip in addition to the removable memory card. Once votes on memory cards are counted, the memory chips get counted as well.
"But even if they do this, you have succeeded in casting doubt on the election with the attack, and this raises the idea of a secondary attack as well," said Stubblefield.
Ginnold doesn't like to think about such scenarios.
"I could think about all these theoretical arguments ... and horror stories about what someone could do, but I'm not going to worry about that," she said. "You know, you might as well not have an election."
One California governor might not mind.
*******************************
Los Angeles Times
Election Chief Is Ready, Wary
By Tim Reiterman
October 7, 2003
Officials are making unprecedented preparations for California's historic recall election because of the challenges presented by the long gubernatorial replacement ballot, the use of new or antiquated equipment by many of the state's voters and the specter of litigation, Secretary of State Kevin Shelley said Monday.
Shelley is dispatching 50 monitors about six times more than usual around the state for today's balloting on the recall of Gov. Gray Davis. And Shelley has asked counties to increase staff at polling places and put additional workers on standby to help with any difficulties.
While Shelley was more optimistic than he was several weeks ago that the election would go smoothly, he added, "I can't assure you there will not be isolated problems."
State and local election officials have launched voter education campaigns, especially in Los Angeles and five other counties that will be using outdated punch-card ballot systems.
They are urging voters to fill out their sample ballots before they come to their polling place so they will not have difficulty navigating the field of 135 gubernatorial hopefuls.
"We don't want people, with long lines at polling places, to say, 'Wait, I can't find my candidate,' " Shelley said.
The secretary of state said he expects the turnout to be at least as high as November's governor's election, when it was about half of the registered voters, but he said it is impossible to predict how high it would go.
Shelley said that a semiofficial canvass consisting of votes cast on election day and 2.1 million absentee ballots already cast will be reported after the polls close at 8 p.m. through Wednesday morning.
Then Thursday morning, the official canvass begins with the counting of perhaps a million absentee ballots brought in on election day and unknown numbers of provisional votes cast by people who went to the wrong polling place.
Whether these votes can affect the outcome, Shelley said, will depend on how close the initial vote tally is.
Because many counties consolidated their polling places for the special election, he said, it's anyone's guess how many provisional ballots will be cast by voters who show up at the wrong polling place.
"I expect we will know the outcome, probably, within a day or two," he said.
But the results will not become official until the secretary of state certifies them. And that can legally take up to 39 days, including 28 days for local registrars to reconcile the number of people who come to polling places with the number of ballots cast and to hand count votes in 1% of the precincts.
Within five days of completion of the local canvass, any registered voter can request a recount, although he or she must pay for it according to a local fee schedule.
The secretary of state cannot certify the statewide election until he hears from all 58 counties.
But Shelley said he can certify the election, and in the event of a successful recall, a new governor could be sworn in, even while a recount continues.
If the recount changes the result, the governorship would pass to the new winner unless someone in another county requests a recount within 24 hours, officials said.
*******************************
Government Computer News
10/06/03
DISA reorganizes IT staff around net-centric programs
By Dawn S. Onley
The Defense Information Systems Agency has begun reorganizing its IT staff to put the focus on the Defense Department?s enterprise infrastructure efforts.
The overhaul results from applying what DISA has learned about joint IT acquisition and support during the Enduring Freedom and Iraqi Freedom operations, said Air Force Lt. Gen. Harry Raduege Jr., DISA?s director.
?We must continue to guarantee our forces global information dominance by providing interoperable, secure capabilities to our customers on a daily basis as we transform ourselves for future success,? he said.
DISA has created a new position, the component acquisition executive, and tapped Diane McCoy, the former principal director of the Applications Engineering Directorate, to fill it.
McCoy and Tony Montemarano, program director for the Global Information Grid-Bandwidth Expansion program, now report directly to Raduege.
DISA also has created three new units directly tied to GIG, the backbone for providing network-centric services to users DOD-wide:
Global Information Grid-Enterprise Services Engineering, headed by Dawn Meyerriecks, also DISA?s chief technology officer.
Global Information Grid-Combat Support, headed by Air Force Col. Stephen Lanning, former principal director for network services. This office will field and sustain network-centric services.
Global Information Grid-Operations, headed by Army Maj. Gen. Marilyn Quagliotti, former principal director for operations. This office will manage, operate and protect the infrastructure.
?We will now have an organizational structure that positions us to be the Defense Department?s provider of end-to-end global net-centric solutions,? Raduege said.
*******************************
CNET News.com
Ex-ViewSonic employee pleads guilty to hack
Last modified: October 6, 2003, 3:45 PM PDT
By Robert Lemos
Staff Writer, CNET News.com
A former network administrator for computer-monitor maker ViewSonic pleaded guilty Monday to illegally accessing a company server and deleting critical data two weeks after the firm had fired him, the U.S. Department of Justice said in a statement.
Andrew Garcia, 38, admitted to a Los Angeles district court that he caused more than $53,000 in damages and clean-up costs when he had shut down a key server and prevented ViewSonic's Taiwan office from accessing the business's data, said Wesley Hsu, an assistant U.S. attorney for the Central District of California.
While ViewSonic had locked his accounts, Garcia had used another employee's account to gain access, Hsu said. "He had, in the course of his employment, obtained other employees passwords," he said. Garcia's attorney wasn't available for comment.
Garcia administered ViewSonic's network at the company's Walnut, Calif., main office. On April 14, 2002, two weeks after Garcia was terminated, he logged into the system using another employee's passwords and deleted critical files, causing the server to crash, according to the Justice Department. ViewSonic's Taiwan office was unable to access the server for several days, the Justice Department said in the statement.
Garcia is scheduled to be sentence in the case on Jan. 12, 2004. He faces a maximum sentence of five years and a fine of $250,000.
*******************************
Federal Computer Week
Measuring the impact of IT management reforms
Oct. 6, 2003
Federal Computer Week surveyed by e-mail a random sample of 449 FCW subscribers to measure how much the Bush administration's information technology reforms have affected the way federal IT managers develop and manage projects and programs.
FCW teamed with Advantage Business Research Inc. (www. advantageresearch.com), a nationwide independent research company, which helped develop the survey and conducted fieldwork for it. The survey measured how much IT managers have adopted the initiatives that the Office of Management and Budget had created and pushed since June 2001, when Mark Forman became the federal government's first administrator of OMB's Office of E-Government and IT.
Those initiatives, some of which started during the Clinton administration, include:
* Building information security into information system development in the design phase, not after the system is completed.
* Encouraging IT managers to take training courses to become certified program managers.
* Developing business cases to show the returns on investments in information systems.
* Encouraging IT managers to look for existing information systems managed by other agencies that can provide the same function before building any information system.
* Encouraging investing in information systems that improve public services.
* Instituting enterprise architectures.
The survey was conducted entirely over the Internet between Aug. 19 and Sept. 4. Subsequent reminder e-mail messages were sent to nonrespondents Aug. 21, Aug. 25 and Aug. 28. As an incentive to participate, all respondents who verified their e-mail addresses at the end of the survey could direct $1 to one of four charitable organizations selected by FCW. The overall margin of error, based on 449 qualified respondents, is calculated to be no greater than +/- 4.7 percentage points.
*******************************
Computerworld
Pentagon moves on massive HR system -- slowly
Prime contractor chosen for $320M project two years after purchase of PeopleSoft apps
Story by Marc L. Songini
OCTOBER 06, 2003 ( COMPUTERWORLD ) - More than two years after it chose PeopleSoft Inc.'s software for a massive human resources system, the U.S. Department of Defense is finally ready to start development work on the $320 million-plus project. But it will take another four years to complete the rollout, military officials said.
The project, which is about 12 months behind schedule, will create a single system for HR and payroll operations across all branches of the armed forces, incorporating data on more than 3 million military personnel worldwide. The DOD paid PeopleSoft $48 million for an enterprise software license in August 2001, and last week it named Northrop Grumman Corp. as the prime contractor on the implementation under a nine-year, $281 million contract.
U.S. Navy Capt. Valerie Carpenter, the joint program manager, said the HR project will replace 79 systems within the DOD. She added that Pentagon officials in February plan to release projected ROI figures for the initiative, which is officially known as the Defense Integrated Military Human Resource System, or DIMHRS.
The DOD project will be the largest installation of PeopleSoft's human resources applications thus far by an order of magnitude, said Bruce Triner, director of defense special programs at the Pleasanton, Calif.-based vendor. It's also expected to be the first rollout by any user of the PeopleSoft 8.8 global payroll module, according to Carpenter.
But progress has been slow, even though the DOD's plan from the start was to configure the system so it would be in line with private-sector HR procedures and require a minimal amount of software customization. "We'd rather not reinvent the wheel and rewrite code," Carpenter said. "We're looking for PeopleSoft to be installed as much out of the box as possible."
PeopleSoft's applications were picked over rival products because IT officials at the Pentagon felt they would most closely support its needs, she added. But after the selection was made, the DOD did what it described as an "extensive fit-gap analysis" to further investigate how well the software met its requirements.
The DOD had planned to have part of the system in place by last fall, but Carpenter said the process of reviewing the prime contractor bids submitted by Northrop Grumman and other systems integrators took longer than expected because of the detailed nature of their proposals.
"I don't think anybody could have predicted the length of the [prime contractor] acquisition period," said Jon Jensen, a Northrop Grumman executive who led the Los Angeles-based company's effort to win the contract. "It was probably a disappointment for a lot of folks in terms of time frame." Jensen works at Northrop Grumman Information Technology, the Herndon, Va.-based operation that will manage the DIMHRS project.
Breaking It Down
Carpenter said that because of the project's uniqueness and complexity, military officials made the decision to separate development into two phases, the first of which involved the five systems integrators that were competing for the prime contractor's job. In September 2002, the Pentagon gave the companies small contracts to develop documentation and recommended system specifications.
The companies in December submitted implementation plans that weighed a combined total of 4,800 pounds, Carpenter said. Last week's choice of Northrop Grumman to manage the rollout signals the actual start of work on the system, which marks the beginning of Phase 2.
But Northrop Grumman still needs to finalize the technical design and a detailed rollout schedule, both of which are due within the next six months. The DOD hopes to get the U.S. Army online with DIMHRS by November 2005 and then add the other military branches over the following 24 months.
"It's not rocket science, but it's not as easy as it looks at first blush," Carpenter said.
Ray Bjorklund, an analyst at consulting firm Federal Sources Inc. in McLean, Va., predicted that the project's total cost could reach $500 million if administrative expenses and ongoing maintenance fees on some of the DOD's legacy systems are included. Pentagon officials declined to comment about his estimate.
Work on the project will be centered at a DOD IT facility in New Orleans. The Pentagon plans to run the PeopleSoft applications on IBM Unix servers and link them to a single logical database that will be built on IBM's DB2 software and contain consolidated information about all military personnel. The DOD will also install backup systems for disaster recovery purposes, Carpenter said.
*******************************