31 Years of the Digest ... founded August 21, 1981
The Telecom Digest for November 6, 2012
====== 31 years of TELECOM Digest -- Founded August 21, 1981 ======
Telecom and VOIP (Voice over Internet Protocol) Digest for the
Internet. All contents here are copyrighted by Bill Horne and
the individual writers/correspondents. Articles may be used in other
journals or newsgroups, provided the writer's name and the Digest are
included in the fair use quote. By using any name or email address
included herein for any reason other than responding to an article
herein, you agree to pay a hundred dollars to that person, or email address
Addresses herein are not to be added to any mailing list, nor to be sold or given away without the explicit written consent of the owner of that address. Chain letters, viruses, porn, spam, and miscellaneous junk are definitely unwelcome.
We must fight spam for the same reason we fight crime: not because we are naive enough to believe that we will ever stamp it out, but because we do not want the kind of world that results when no one stands against crime. - Geoffrey Welsh
See the bottom of this issue for subscription and archive details and the name of our lawyer, and other stuff of interest.
Date: Sun, 4 Nov 2012 20:33:13 -0400 From: Monty Solomon <firstname.lastname@example.org> To: email@example.com. Subject: Internet Voting in the U.S. Message-ID: <firstname.lastname@example.org> Internet Voting in the U.S. By Barbara Simons, Douglas W. Jones Communications of the ACM, Vol. 55 No. 10, Pages 68-77 10.1145/2347736.2347754 October 2012 The assertion that Internet voting is the wave of the future has become commonplace. We frequently are asked, "If I can bank online, why can't I vote online?" The question assumes that online banking is safe and secure. However, banks routinely and quietly replenish funds lost to online fraud in order to maintain public confidence. We are told Internet voting would help citizens living abroad or in the military who currently have difficulty voting. Recent federal legislation to improve the voting process for overseas citizens is a response to that problem. The legislation, which has eliminated most delays, requires states to provide downloadable blank ballots but does not require the insecure return of voted ballots. Yet another claim is that email voting is safer than Web-based voting, but no email program in widespread use today provides direct support for encrypted email. As a result, attachments are generally sent in the clear, and email ballots are easy to intercept and inspect, violating voters' right to a secret ballot. Intercepted ballots may be modified or discarded without forwarding. Moreover, the ease with which a From header can be forged means it is relatively simple to produce large numbers of forged ballots. These special risks faced by email ballots are in addition to the general risks posed by all Internet-based voting schemes.17 Many advocates also maintain that Internet voting will increase voter participation, save money, and is safe. We find the safety argument surprising in light of frequent government warnings of cybersecurity threats and news of powerful government-developed viruses. We see little benefit in measures that might improve voter turnout while casting doubt on the integrity of the results. Almost all the arguments on behalf of Internet voting ignore a critical risk Internet-based voting shares with all computerized voting-wholesale theft. In the days of hand-counted paper ballots, election theft was conducted at the retail level by operatives at polling places and local election offices. By contrast, introduction of computers into the voting process created the threat that elections can be stolen by inserting malware into code on large numbers of machines. The situation is even more dangerous with Internet voting, since both the central servers and the voters' computers are potentially under attack from everywhere. Despite the serious threats it poses to election integrity, Internet voting is being used in several countries and U.S. states, and there is increasing public pressure to adopt it elsewhere. We examine some of these threats, in the hope of encouraging the technical community to oppose Internet voting unless and until the threats are eliminated ... http://cacm.acm.org/magazines/2012/10/155536-internet-voting-in-the-us/fulltext http://cacm.acm.org/magazines/2012/10/155536-internet-voting-in-the-us/pdf ***** Moderator's Note ***** When the authors say "no email program in widespread use today provides direct support for encrypted email", I think they're wrong. Thunderbird, just as one example, requires only an X.509 certificate to send encrypted email. Mutt, an email client popular on Unix and Linux systems, has PGP support built-in. BTW, I oppose any kind of "distance" voting when not absolutely necessary. If people can't be bothered going to the polls, then they don't deserve to cast a vote. Bill Horne Moderator
Date: Mon, 05 Nov 2012 10:38:09 -0500 From: Barry Margolin <email@example.com> To: firstname.lastname@example.org. Subject: Re: Internet Voting in the U.S. Message-ID: <barmar-1333D6.email@example.com> In article <firstname.lastname@example.org>, Monty Solomon <email@example.com> wrote: > ***** Moderator's Note ***** > > When the authors say "no email program in widespread use today > provides direct support for encrypted email", I think they're > wrong. Thunderbird, just as one example, requires only an X.509 > certificate to send encrypted email. Mutt, an email client popular on > Unix and Linux systems, has PGP support built-in. According to this site: http://litmus.com/blog/email-client-market-share-stats-infographic-june-2 012/email-client-market-share-june-2012 Thunderbird is not in the top 11 of mail clients; it's just mixed in the "Other" category that counts for 3% of all uses. So it's arguable whether it would count as widespread enough to be relevant for something like this. > > BTW, I oppose any kind of "distance" voting when not absolutely > necessary. If people can't be bothered going to the polls, then they > don't deserve to cast a vote. How about this analogy: "I oppose any kind of distance banking when not absolutely necessary. If people can't be bothered going to a bank branch, then they don't deserve access to their money." I have no problem going to the polls myself; my polling place is only a couple of blocks from home, and there's never been a line of more than 2 people when I've gone. But I've heard of people waiting in long lines at the polls -- why should we have to do that if other technologies can make things more convenient? -- Barry Margolin, firstname.lastname@example.org Arlington, MA *** PLEASE post questions in newsgroups, not directly to me *** ***** Moderator's Note ***** I don't care about anyone's bank account but mine, whether accessed at a distance or otherwise. I care a LOT about the verifiability of the voting process, and my comment stands. We should have to wait in long lines because that's the price of Democracy. It doesn't happen often enough to change anyone's lives, and there are already provisions to bypass lines if you're crippled. Convenience has its place: I print out my bording pass at home when I'm going to fly somewhere, and I have an online banking account that allows me to schedule regular utility payments in advance, or to pay a bill electronically on the due date and thus avoid a late fee. Those are things that affect only me, not my neighbors or government. The voting process has to be believable and secure. If the electorate doesn't believe that all-those-other-fools voted the current officeholder in of their own free will, then we cease to have a democracy. Bill Horne Moderator
Date: 5 Nov 2012 23:01:51 -0000 From: "John Levine" <email@example.com> To: firstname.lastname@example.org. Subject: Re: Internet Voting in the U.S. Message-ID: <email@example.com> >> When the authors say "no email program in widespread use today >> provides direct support for encrypted email", I think they're >> wrong. ... Outlook and Outlook Express support S/MIME, but I would estimate that 0.001% of users actually have a certificate configured, so in practice the other 99.999% don't do encrypted mail. -- Regards, John Levine, firstname.lastname@example.org, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
Date: 05 Nov 2012 06:02:55 GMT From: Doug McIntyre <email@example.com> To: firstname.lastname@example.org. Subject: Re: Minneapolis police pushing for more license plate data privacy Message-ID: <email@example.com> Monty Solomon <firstname.lastname@example.org> writes: >Minneapolis police pushing for more license plate data privacy >Under Minnesota state law, all license plate reader data is public by default. >by Cyrus Farivar >Nov 1 2012 >Ars Technica >... > >http://arstechnica.com/tech-policy/2012/11/minneapolis-police-pushing-for-more-license-plate-data-privacy/ > >***** Moderator's Note ***** >Information about which license plate was seen where should be >public: it shows where the police were at that time, and thus gives >citizens information about which areas the police are patrolling. Although the Minneapolis police (probably the same as many other cities') has license place readers attached to fixed structures (ie. bridges, key intersections, etc) as well as patrol cars.
Date: Sun, 4 Nov 2012 09:36:02 -0800 (PST) From: HAncock4 <email@example.com> To: firstname.lastname@example.org. Subject: Re: When Hacking Was in Its Infancy Message-ID: <email@example.com> On Nov 2, 1:39 am, Monty Solomon <mo...@roscom.com> wrote: > > http://www.nytimes.com/2012/10/30/science/peter-g-neumann-and-the-hac > ... > -or- > > http://goo.gl/OsSAA > Richard Feynman in "Surely You're Joking", wrote of the desire to experiment with computing equipment (IBM tabulating machines) while at Los Alamos during WW II. After the war, Northrup engineers hooked up various IBM tab machines to create a crude computer to order to get desperately needed number crunching power. Their experimentation became the basis of the IBM CPC, which was a poor man's computer of the late 1940s and 1950s. IBM sold about a thousand of those at a time when there was only a handful of real computers. (Pugh, "Building IBM", Bashe, "IBM's Early Computers). As to malicious hacking, kids in high school were breaking into master accounts on time sharing systems in 1970. ***** Moderator's Note ***** If kids in high school were "breaking into master accounts" in 1970, I'd like to see the news reports and/or court records that show it. These vague claims don't cut it. Bill Horne Moderator
Date: Mon, 05 Nov 2012 10:40:17 -0600 From: firstname.lastname@example.org (PV) To: email@example.com. Subject: Re: When Hacking Was in Its Infancy Message-ID: <w9-dnXTosPBsdgrNnZ2dnUVZ_rqdnZ2d@supernews.com> HAncock4 <firstname.lastname@example.org> writes: >As to malicious hacking, kids in high school were breaking into master >accounts on time sharing systems in 1970. > >***** Moderator's Note ***** > >If kids in high school were "breaking into master accounts" in 1970, >I'd like to see the news reports and/or court records that show >it. These vague claims don't cut it. I don't know about 1970, but in 1977 or so, I was one of those kids. Our teachers were incredibly stupid with password security (one teacher kept a copy of the password written on a piece of paper stuck under her coffee cup with a piece of tape), and the students had the run of the timesharing system. We wrote some great games! As for news reports and court records - that stuff simply did not apply in the 70s. You had to something really outrageous to even get caught, let alone prosecuted in those days - some of the dumber phreakers got in trouble, but hackers, in the original sense of the word (you did NOT break stuff), no way. * -- * PV Something like badgers, something like lizards, and something like corkscrews.
Date: Mon, 5 Nov 2012 07:08:31 -0800 (PST) From: HAncock4 <email@example.com> To: firstname.lastname@example.org. Subject: Re: When Hacking Was in Its Infancy Message-ID: <email@example.com> > ***** Moderator's Note ***** > > If kids in high school were "breaking into master accounts" in 1970, > I'd like to see the news reports and/or court records that show > it. These vague claims don't cut it. This involved the time sharing systems of a school district where I was employed. The time sharing system of the time had a "chief executive account" which had the ability to create new signons, library size, and other maintenance and supervisory functions that regular users were not allowed to do. The kids involved were caught and punished; but there was no news reports nor court records as it was handled internally. Also, kids would find the logon of commercial accounts and use them to access other time sharing systems and snoop around libraries. The kids were curious about working with advanced functions other time sharing systems might offer. A year or so later the school district got an HP-2000 machine for BASIC timesharing which was supposedly hacker proof since chief executive functions were performed only by the computer's console, not by any account. However, the kids discovered a glitch in the software in which they could cause the computer to crash and shut down, and crashed it from time to time. The school district was not amused because service was disrupted. The kids were caught and punished, but again it was handled internally. I guess by today's standards it all doesn't seem like very much, but back then it was a big deal.
Date: Mon, 05 Nov 2012 08:59:23 -0500 From: Pete Cresswell <PeteCress@invalid.telecom-digest.org> To: firstname.lastname@example.org. Subject: Re: Did anyone else get a call from the Mitt Romney campaign? Message-ID: <email@example.com> Per Pete Cresswell: >***** Moderator's Note ***** > >Oh, please don't do that: if you don't like the calls, then all you >need to do is listen to the whole message. No matter how many trunks >they buy, their capacity is limited, and that means that if you tie >up a trunk and enough other voters do the same, then the system will >fail. > >Plus, hanging up quickly marks you as "already decided", and that fact >goes into a database which is used to decide how assets will be >allocated to the "not yet committed" voters. By listening to the >entire message, you divert resources away from others, and so dilute >the efforts directed at undecided votes. > >Bill Horne >Moderator Thanks for that insight. I've heard the same thing a few times before, but it never really sunk in. Now I'm a believer. - - Pete Cresswell ***** Moderator's Note ***** Hey, it's a game: I think we should show them the same civility and concern that they have for us! Bill Horne Moderator
TELECOM Digest is an electronic journal devoted mostly to telecom- munications topics. It is circulated anywhere there is email, in addition to Usenet, where it appears as the moderated newsgroup 'comp.dcom.telecom'. TELECOM Digest is a not-for-profit, mostly non-commercial educational service offered to the Internet by Bill Horne. All the contents of the Digest are compilation-copyrighted. You may reprint articles in some other media on an occasional basis, but please attribute my work and that of the original author. The Telecom Digest is moderated by Bill Horne.
43 Deerfield Road
Sharon MA 02067-2301
bill at horne dot net
This Digest is the oldest continuing e-journal about telecomm- unications on the Internet, having been founded in August, 1981 and published continuously since then. Our archives are available for your review/research. We believe we are the oldest e-zine/mailing list on the internet in any category! URL information: http://telecom-digest.org Copyright (C) 2012 TELECOM Digest. All rights reserved. Our attorney is Bill Levant, of Blue Bell, PA.
Finally, the Digest is funded by gifts from generous readers such as yourself who provide funding in amounts deemed appropriate. Your help is important and appreciated. A suggested donation of fifty dollars per year per reader is considered appropriate. See our address above. Please make at least a single donation to cover the cost of processing your name to the mailing list. All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization.