14-Mar-86 00:46:04-PST,6324;000000000000 Mail-From: NEUMANN created at 14-Mar-86 00:44:32 Date: Fri 14 Mar 86 00:44:32-PST From: RISKS FORUM (Peter G. Neumann, Coordinator) Subject: RISKS-2.26 Sender: NEUMANN@SRI-CSL.ARPA To: RISKS-LIST@SRI-CSL.ARPA RISKS-LIST: RISKS-FORUM Digest, Friday, 14 Mar 1986 Volume 2 : Issue 26 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Integrity of the Electoral Process (Mark Jackson) Ballot Secrecy (Lindsay F. Marshall) Nuclear waste-land (Jerry Mungle) Nuclear disasters (Lindsay F. Marshall) 103/212 modems (Ephraim) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@SRI-CSL.ARPA, Requests to RISKS-Request@SRI-CSL.ARPA.) (Back issues Vol i Issue j stored in SRI-CSL:RISKS-i.j. Vol 1: MAXj=45) ---------------------------------------------------------------------- Date: 12 Mar 86 11:39:29 EST (Wednesday) From: MJackson.Wbst@Xerox.COM Subject: Integrity of the Electoral Process To: RISKS@SRI-CSL.ARPA It seems to me that the discussion has strayed from the mark. No balloting procedure is completely unbreakable. Current systems appear to be reasonably secure, but this is primarily due to effective vigilance (e.g. poll watchers from each party). When enough of the "system" falls under the effective control of a single organization then fraud becomes possible, hence inevitable (e.g. Chicago under the Machine). The "risk" involved in computerization of the ballot collection and counting process is the centralization of much of the process under the control of a single organization (hardware and software system). The challenge is to assure that the resulting system is sufficiently distributed and subject to routine checks so that the potential for fraud is not increased. Apropos of this, it is not clear to me that the proposal for printing individual ballot hardcopies addresses what would otherwise be an *increased* risk. For example, with lever-type voting machines is some record kept beyond the candidate tallies read out when the polls close? Mark [Apparently no individual record is kept -- only the running totals. Fraud-prevention is largely dependent on the poll watchers. But it may be relatively easy to vote twice in a large and noisy room if your machine is facing away from the poll watchers back-to-back with another machine facing the other way -- unless the system is set up so that it has to be rearmed manually each time the exit-lever automatic vote recorder is triggered. There are always some vulnerabilities, as I noted in RISKS-2.23, including bribed officials. The recent election in the Philippines give us another datapoint. PGN] ------------------------------ From: "Lindsay F. Marshall" Date: Wed, 12 Mar 86 11:28:38 gmt To: risks@sri-csl.arpa Subject: Ballot Secrecy One of my regular grouses to Clerks at election time is that the Ballot is not actual secret. They always say "oh yes it is", but when you point out that each voting slip is stamped with a serial number (when you get the paper) which is recorded in such a way that it can be traced back to you, they then say "Oh, but that's in case there is any Ballot Rigging so that we can backtrack to find multiple votes etc.". The ballot in UK elections is most definitely not "secret" in the sense that most people assume, though there is no evidence that anyone is checking out how you voted (yet). ------------------------------ Date: 11 Mar 1986 06:26:43 PST Subject: Nuclear waste-land From: Jerry Mungle To: RISKS FORUM (Peter G. Neumann, Coordinator) Re: Nuclear power plant accidents... The explosion in the USSR was due to storage of nuclear waste, not a power plant accident. However, seems I recall there are some low probability (aren`t they all) accidents which can send a breeder reactor into a low yield explosion (probably *very* dirty, too). Two tangental comments - I live near TVA's Browns Ferry reactors. ALL of the operators failed NRC license tests(!) so BF has been shut down till 80% can pass. Is there a license for reactor control software, and if not, perhaps TVA might be a good place to test (worst case operator actions and all that)? Second, there is a siren to alert the population to a BF accident with a leak. Nearby is a state prison with an occasional leak. People have suggested a siren to warn of escapes, but the chance for confusion is high. Anyone know of a good way to spread an alarm when you have multiple risks?? (ps. smiley face to the TVA test suggestion....) ------------------------------ From: "Lindsay F. Marshall" Date: Wed, 12 Mar 86 11:24:01 gmt To: risks@sri-csl.arpa Subject: Nuclear disasters The last line was a joke - the problem with 2000ton reactor vessels dropping 18ft is not explosion but one of contamination. The radiation leakage would be huge and most of the South of Scotland and North of England would be affected. If it actually happened Newcastle might just as well have vanished...... ------------------------------ From: ucdavis!lll-crg!seismo!harvard!encore!vaxine!wanginst!wang!ephraim@ucbvax.berkeley.edu Date: Tue, 11 Mar 86 18:27:52 est To: ucdavis!risks Subject: 103/212 modems [Will the messages never cease?] In RISKS-2.24, Phil Ngai writes: > This is an often repeated wives tale by people who ought to know better... As it happens, I can testify that Phil's statement is not correct, or at least not universally so. On Sunday 3/9, I called the modem line of a friend using my Applemodem 1200. His modem was not ready, so he answered the call manually and said "hello" to get my attention. He tells me that my modem *did* produce carrier when he picked up the phone. Sorry, Phil. ------------------------------ End of RISKS-FORUM Digest ************************ -------