Robust McManlyPants on Average Display

Through a short but unexpected chain of relationships I was asked yesterday to appear this morning in a brief interview on Scott Fitzgerald’s show on WPTF 680 AM. To be honest, whether or not to say yes was something of a quandary. On the one hand, I couldn’t turn up anything specifically negative about the host and the chain of relationships involves a much-loved former boss; on the other, this is a right-wing AM talk radio station that plays Sean Hannity, for gods’ sakes.

After some thought and a discussion with The Boyf I decided that, given that the topic itself - securing credit card data and protecting personal information - is fairly apolitical and the tone of the thing seemed to be educational rather than advocating a particular point of view, well, what the hell, right? I did a little reading up on the big TJX breach, as that was apparently going to be the topic that morning, and wrote down a few thoughts in case my brain was fuzzy at 7:10am.

The experience itself was nice enough. The host was polite, the interview was brief, I didn’t say ‘um’ every other word and I got to say the thing that made me ultimately decide to do this: that there is no such thing as “security.” As I said to the host (after trying it out a couple of times on KJ, bascha and The Boyf last night), our society has become convinced that “security” is some attainable state of the absence of risk but in truth “security” is the ongoing process of trying to find a balance between risk and convenience.

It’s childish and silly of me but I really relished saying that to an audience of security-obsessed wingnuts.

The only thing I don’t understand is why the host asked me how 9/11 had changed network security. It hasn’t. I didn’t get a chance to bring this up but the truth is that 9/11 didn’t change a damned thing about network security - at least not in the markets where I’ve worked - because 9/11 was a physical attack, not an electronic one. The big engines of change have been government regulation, the very market interventions that free market righty types find so abhorrent. I’ve seen more clients make positive changes to their networks and their policies as a result of SarbOx, HIPAA and the FFIEC than anything else.

The host asked how a person can protect their credit card data and I said, in all honesty, that we can’t. The truth is that once your financial data is in a store’s hands it is out of yours. Period. If that data is compromised then they have to notify you but they don’t have to tell you how or by whom or anything else. In fact, there is a disincentive to inform. TJX’s (eventual) openness about how the theft was done led to lawsuit upon lawsuit. During the time span that the big, multi-store heist in question was being executed my bank sent me three (3) new copies of my credit card and I’ve never known exactly why. Was my information in that data? Probably so; I’ve shopped at Barnes & Noble plenty of times.

The example I gave them was that if one wants to make sure one’s credit or debit card data is never stolen from, say the grocery store, then one had better always pay in cash. It’s not that simple, though. Paying in cash means remembering to go to the cash machine and knowing exactly how much one will spend at the store. That also requires protecting one’s PIN from prying eyes at the ATM, keeping one’s wallet from ever getting stolen and then, even then, if one’s data is stolen directly from the bank, well… so much for all that effort.

The payment card industry has a set of protocols it requires called the PCI DSS (Payment Card Industry Data Security Standard). It’s a good start but it is only that: a start. It covers some basic common sense benchmarks but these are as basic as making sure default passwords aren’t left on vendor-provided cash registers and other equipment. It’s bare-bones at best. The truth is that payment data theft is a problem for which the market is not ever going to correct. The use of cards is way too profitable for everyone involved. Stores, the banks that issue the cards, the payment card providers themselves, payment processors, everyone involved makes way too much money off cards to ever give them up or to make them too inconvenient to use. No store is going to react warmly to someone walking in off the street and asking how that store protects credit card data. No store ever advertises that customer data is more secure with them than with their competitors.

So what do we do? There isn’t much we can do without accepting a high level of inconvenience. Sure, there are options - get prepaid cards to use for online shopping, but read up on the fraud protection for those cards first just in case it’s not as good as your normal credit card. Get a secured credit card. Get a credit card with your picture on it. Keep tabs on your account activity online - weekly, not monthly. Request a copy of your credit report once per year if not once per quarter. Write a check instead of using the card; check data can also be stolen but it’s harder to get at one’s cash with check data. Better yet, use cash. There are ways in which the TJX heist was very clever - they combined elements of physical theft (geographical proximity and physical access to the store) with an electronic intrusion (computer security is often contemplated only as a means of preventing distant attacks) - but ultimately war-driving and cracking WEP aren’t exactly innovations and the theft overall follows the same pattern used in all such cases: the thieves cast the widest possible net and took the easiest pickings. The only thing to do is to make one’s self a less attractive target surrounded by lower-hanging fruit.

None of these make the stores protect our data any better, though, and nothing ever will. Most of these ideas are only useful to protect against identity theft which could be much more easily and thoroughly protected by a couple of basic regulatory changes - require photos be included in credit reports and require automated notification if one’s credit report is accessed for any reason, two things that would cost the credit bureaus some money and save everyone else a lot of headache. Even regulation will at best discourage such carelessness in the retail sector. Ultimately the only option we have is to stare into the abyss and decide for ourselves how much we want that TV or that t-shirt.

So what do I do?

I use my card all the time. I hardly ever have more than a couple of dollars on me in cash. It’s just too convenient. I make up for it by monitoring my account and my credit record and trusting that I’ll be able to get refunds for any fraudulent activity. So far, so good. That’s “security” for me: the amount of risk I’m willing to tolerate balanced against the convenience I desire. Anyone who tells you “security” is anything else believes they can make a buck off it if they tell you enough times.

I just used my credit union’s car buying service website to ask them to find me a Prius with the options I want. Tomorrow morning I’m getting up early to go into my local branch because SECU just started a program to offer very low interest rate loans on hybrid vehicles.

Eek?

Last night The Boyf and I went to test-drive a little Saturn sedan. It was cute enough and it had some fun features - 5-speed, which we both prefer, a sunroof, etc. - but it just wasn’t what I was looking for (a cascade of car issues has us both looking for new cars while sharing mine). On our way across the lot to the car we had both spotted a used Prius with a big SOLD sign on the dash and shared some quiet lamentations. After the test drive, on the way back into the dealership to consider test-driving a little Solara coupe we’d also seen, The Boyf took a closer look at the Prius and then called me back to where he was.

“Is today the 28th?” he asked, then he looked at his phone. “Is it after 7pm?” I confirmed both of these were the case. “This car went back on sale nineteen minutes ago.”

It turned out that the car was being held for a potential transfer to another dealership but there was a timer on that hold and the timer ran out at 7pm last night. So, The Boyf and I had some thinkin’ to do.

Long story short, we didn’t buy it. The demand for the Prius is so high that used ones - even used ones for which the warranty on the hybrid components is about five seconds from running out and for which nothing else is under warranty at all - cost a pittance less than brand new ones. I couldn’t justify spending that much money for a car that might be really, really expensive to fix when I’ve already turned my nose up at a very reasonably priced very nice mid-’90s sedan from another company on the same grounds.

During the two hours it took us to hash out whether this would or would not be a good idea, though, I did the following:

• asked to borrow the salesman’s computer and in moments got past their feeble measures designed to keep people from accessing the internet so that I could read some reviews, which was just fun
• called mrh (a buddy from Unfogged) to chat with him about his Prius; he was unbelievably nice about being called out of the blue
• used my phone and The Boyf’s phone to hit different reviews sites at the same time and get estimated repair costs for various things

In the end I decided that with tremendous fiscal restraint I could save up enough to get a much smaller loan on a new one in six or eight months and would much rather my first hybrid have all the warranty in the world on it. So, we disappointed a friendly car salesman but life went on; while he was trying to write up our interest in the car he hit a stumbling block of his own in that someone in South Carolina was trying to buy it at the same time. Somebody’s going to buy that car today, I’m sure. He’ll make his sale.

This whole act of car shopping, I note, has been an act of setting goals and then immediately trashing them. My three big requirements were that any car I got had to be a stick (the Prius is automatic-only), had to have a sunroof (no sunroof!) and had to be used because, as I am fond of pointing out, any car loses a tremendous amount of value the moment the first owner signs the paperwork. So, did I just set a new goal to trash? Or did I just set a better goal to which I would rather aspire?

I have commented in the past - on Unfogged, no less, so that I apologized twice to mrh for this when discussing the Prius with him - that I think the Prius is an awesome car but not an attractive one. It is a car that looks a bit like a hamster, to be honest; my preference is not just for muscle cars but for cars that appear to be trapped for all time in the act of flexing. I said all of that before driving one. Driving one - just for five miles - completely changed my opinion of them. They aren’t just extremely comfortable or extremely quiet - they are, and at one point I murmured to The Boyf as we practically subvocalized our running commentary with the salesman sitting quietly in the back seat, “When was the last time we had a conversation this quiet in either of our cars?” - and they aren’t just loaded with features - the “base” model is priced lower because it lacks cruise control and heated fucking mirrors - they are also extremely neat. The gear shift is completely different from any other in a way that’s hard to describe. The thing is practically made of extra glove compartments. For a hatchback there’s pretty great visibility and the engine has remarkable pep for being so tiny. It took off at a faster trot than my Cherokee (yes, I am one of those people) and I passed someone assholishly to make sure it could be driven in the fashion I acknowledge that I prefer to drive.

The Boyf was reading a review as we sat in the sales guy’s office, later, and said, “Oh, it’s recommended that a Prius be driven for thirty continuous minutes at least once a week to make sure the batteries get completely topped off. So I guess we’re going to have to go for long, quiet drives in the country without using much gas.”

Oh darn.

I think I’m going to go transfer more into the Prius fund.

I am, again, the on-call.

Oh how I hate being the on-call. Oh how I wish I had some sort of terrible power - let’s say pyrokinesis - that I could unleash on them. Instead I will merely note the following very bad ideas.

If you want not to be hated by everyone, do not:

• upgrade your Exchange server on Super Bowl Sunday. What the fuck are you even thinking? Do you know whom I had to call about that? The only guy in our whole company who lives in Boston. During the Super Bowl. This Super Bowl. While he was hosting a party.
• make me spend weeks holding your hand, configuring your firewalls, smoothing all the wrinkles, learning your network, calling you every day like some lovelorn teen and then decide that even though what I’m doing is better than what you originally wanted it all needs to be scrapped because it’s not what you originally wanted. Do not then also gripe about getting something better even as you acknowledge that it is better.
• call in at nearly midnight, an hour after you’ve rebooted a firewall that’s acting wonky, and ask me to “fix” it. It isn’t broken anymore. What is there to fix? The only thing I can see that I could possibly want to fix are my hands around your throat. Oh, silly me, that’s fit or perhaps affix.

These simple tips will surely help your various IT staff and other such folks not kill you in the hallway. You can thank me later.

Mmmmm. So tasty. So sleek. I dig. OpenOffice barfs like crazy but who cares? I have Pages. Delicious, aromatic Pages.

So, I bought an iPhone. Setup was a dream, etc., etc. It took all of two minutes to activate it. Activating it through iTunes was a little weird - a little too tunnel-of-brand-identity for me - but whatever. The first time it synced it warned me that it was on version 1.0 of its firmware and to upgrade to 1.0.2 and doing so was a breeze. The interface is perfect, selecting what to sync was super-simple, using it with Wi-Fi is fantastic. I was an instant addict. I was already an AT&T customer so I already knew how my signal is. Where I am, the signal is great. No problem. No change there; if anything the iPhone gets better reception than my RAZR did.

Now, the problem: it wouldn’t receive calls. It would make them, sure, but the phone just would not ring. If I woke it up to look at it then it would say, hey! You missed some calls! At first I wasn’t sure I minded that, to be honest, but what if The Boyf needed to reach me in an emergency and what if if if, etc., so I called the AT&T store on Wednesday after having run some tests on it. Deadblob and Jos had listened to me bitch about this for some time and we’d read about it online and I wasn’t the only person with this problem. None of the suggested fixes seemed to work and so, it appeared, I had a dud iPhone.

I called the AT&T store to explain this to them and find out about doing an exchange. They cut me off immediately, put me on hold for a while and then came back and said I’d need to call the Apple store.

Fine, whatever.

I call the Apple store and the guy (a) listens to me and then (b) says, “OK, you just need to make an appointment with the Genius Bar and we’ll do an exchange. The AT&T store could do this for you, but they never do.” Point for Apple! They listened and they slagged on AT&T right out of the gate. As a former employee of Ma Bell, I can appreciate this.

Long story short, the Apple store did an exchange for me and tested the new one with me. It took - maybe at the outside - ten minutes to get everything taken care of and walk out with a new, activated, working phone.

So, I have mixed feelings. I’m not terribly surprised that the customer service experience at AT&T was less than stellar. Not terribly surprised at all. I’m not terribly surprised that the Apple store would just fix the problem without any hassle and stick around to make sure I was happy. It didn’t especially surprise me that I got a dud, either, to be absolutely honest; no technology is 100%. What did surprise me was the honest frustration with AT&T exhibited by every single Apple store employee with whom I spoke. What did surprise me is that the phone the AT&T store sold me was from launch. That 1.0 firmware? Yeah. I guess they really haven’t sold as well as hoped if the AT&T store at South Square is still sitting on launch-day inventory.

On the one hand, despite five of the seven days I’ve had an iPhone being filled with technical problems - the night before I exchanged it the phone also stopped syncing and stopped being capable of setting its clock correctly, coming up with random-ass times completely on its own - I wouldn’t go back to my RAZR for anything short of a small fortune. On the other hand, I wouldn’t recommend anyone pin much in the way of hopes and dreams to the iPhone. It’s awesome to use. I love mine. I also know that I’m not the only person who’s had the problems I’ve had and that the only reason I had any success getting my problems dealt with is that I live five minutes from an Apple store.

Thought #1:

I bought an iPhone yesterday. My much-loved RAZR v3xx up and died on me. I mean died. They told me it was going to take a warranty return to get a new one and that Motorola would mail me a new phone and I said to hell with it and got this. It is pretty ridiculously awesome.

Thought #2:

I am enjoying the Harry Dresden novels, which I’m currently reading, but Harry isn’t exactly the sharpest tack in the box. Still, it has the best description of magic that I’ve seen in pretty much any book. I dig.

Thought #3:

It occurs to me to wonder whether the relationship our society has with geeks, with people who really understand technology and are frequently called upon to correct or repair it, could be compared to the relationships of tribal societies to their shamans. I don’t know enough about traditional shamanism in various cultures to know if that’s a valid thought, though. I’ve read plenty of “modern shaman” books of theory but done nearly zero real scholarship of shamanism in the world. Still that angle of the geek being the outcast to be held in slight, continual suspicion as almost dangerously Other while being a vital healer and visionary and working to intercede to heal the rifts between the population at large and the world of almost-spirit which technology inhabits might be a useful angle to consider. If it’s true that society treats geeks in the way shamanistic societies have treated those healers then what does it say about our own culture’s latent animism and the human tendency to turn things into entities?

Thought #4:

I would really like to see a true-to-text film adaptation of The Long Goodbye with Vince Vaughn playing Marlowe.

I logged into my gallery today to check something and found that on Friday and Saturday I’d gotten a bunch of spam comments there. By “a bunch” I mean several thousand. I am not exaggerating. So, I turned off comments, which sucks. Congratulations, spambots, you win.

In related news, does anyone know of an anti-spam module for Gallery 2? I should specify that Captcha was installed and active but apparently did nothing. Gods, I know nothing about running Gallery anymore. I couldn’t even Google effectively about Gallery and spam. At this rate, I’m going to wake up Tuesday and be unable to find the power button on my computer. I’ll end up hiding in the under-eaves storage trying desperately to invent a word for the horseless carriages I’ll have spied outside my home.

This showed up in moderation as a comment on this post:

Bush goes ballistic about other countries being evil and dangerous, because they have weapons of mass destruction. But, he insists on building up even a more deadly supply of nuclear arms right here in the US. What do you think? How does that work in a democracy again? How does being more threatening make us more likeable?Isn’t the country with
the most weapons the biggest threat to the rest of the world? When one country is the biggest threat to the rest of the world, isn’t that likely to be the most hated country?
What happened to us, people? When did we become such lemmings?
We have lost friends and influenced no one. No wonder most of the world thinks we suck. Thanks to what george bush has done to our country during the past three years, we do!

Now, normally I’d completely buy that’s a real comment. Not here, necessarily, as time has revealed the “politics” category to get smaller and smaller as an overall percentage of what I post about. This is a blog that can get political not a political blog. Still, I’ve seen worse. The URL field for the comment gave it away as a spam comment, but this is what fascinates me: that spam would be so adaptive.

I know, I know, realizing them spammers are some clever chaps is so 1999. Still, I’m intrigued. Was there some enterprising spammer out there who wrote a commentbot and had it hit anything that turned up in, say, a Google search for “liberal blog?” Or - and this is what interests me more, though I’m not sure why - have the winds changed such that a spammer somewhere just wrote up a generic Bush-bashing comment and shotgun-blasted it in hopes it would be more successful than the usual “Nice post… !” spam commentary?

In other words, is it just clever targeting or a sign of the times?

Unrelated: Is it just me or have the Bush years just flown by compared to the Reagan era? It just seems like Reagan spent a lot more time bumbling around the Oval Office trying to find the corners so he could cut them, too. Bush seems so… fast. Of course, it could just be that I was in, um, elementary and middle schools for the Reagan administration whereas I’ve been a late-20’s/early-30’s person for the entirety of Bush.

OK, you must check it:  the new Mac Pro.

Buh…

Want!

WANT. 

Another awesome week at The Lake has passed, and I feel much refreshed.  My laptop died on Friday, with a series of grinds and screeches coming from the hard drive and the CD drive refusing to shut properly then refusing to open properly.  One sale item at Best Buy later, I am writing this on a new laptop that is scaled to my mobile needs - it can play games if it has to, but it would rather write.  This is a good thing.

Speaking of writing, the sad news from my laptop woes is that I lost a great character background I’d written for a new World of Darkness game and I lost the 2nd zombie story, which I worked on while at the lake but didn’t have a chance to offload anywhere given the lack of interwebs.  Ah, well, you win some, you lose some.  This just gives me a chance to rewrite it, after all.

So, the gubmint’s amassing a database of every phone call placed or received in the US.  I don’t mean they’re just curious as to whether you or I are calling the terr’ists, I mean they’re curious as to whether you or I are calling you or I.

Of course, only terrorists could possibly object, right?

Red-blooded Amurkins with nothing to hide have nothing they care to keep private, right?

This boils my mountain-born blood.  This is the sort of thing that could make me start to wonder whether those Libertarians have got something worth listening to.

And of course, President Smirk sits on his tall, white horse and shakes his itty fists and swears that they’re not just trolling for any ol’ information.  They’re trying to keep us safe!  We’re at war!  A War Preznit needs his powers of war, dang it, or the terr’ists have already won!  Only islamofascist running dogs of the brown-skinned extremists would possibly care whether anyone is keeping track of who calls whom, 24/7, domestic or international, local or long-distance.

And what makes me even more sick is that only Qwest had the gonads to stand up to them, to ask that they get a FISA warrant before they start handing over that information, and as soon as Qwest mentioned FISA then the NSA said, “Oh, well, we don’t know that they’d actually let us do this,” and then they walked away and never mentioned it again.

The only explanation I can come up with is that the people collecting this data are cowards and criminals who knew their request was unreasonable.

That is the only explanation.

If it were a reasonable request, it would have been a simple thing for them to get a FISA warrant.  It would have taken hours.

They didn’t even try.  They just clammed up and walked the second FISA got mentioned.

They are cowards and criminals.

But will anyone get impeached for this?  Will anyone be cost anything, politically?

I don’t think so.  I don’t think anything will happen in Washington.  I can’t imagine this playing very well among certain of my relatives, certain elements of my home town - that network of hills and hollows where families lurk for generations, where life and change are slow, where privacy is not some luxury reserved for times of peace but a basic requirement of life, where a respect for privacy is a fundamental element of sociable human behavior not a nicety.  But come November (’06, ‘08, forever) there will always be bigger, more hot-button issues that can be played to curry just enough favor, just enough less revulsion, to string votes out of expected constituencies so that real change - ever feared - is kept at bay.

And so my heart sinks just a little, and a little more of our privacy and our expectation that the government follows its own laws and my trust for authority are eroded away, and we all get used to one more thing the government shouldn’t be doing but is.  Sure, Congress could pass a law, but then Bush could just refute it with his signing statement and go about his merry way - or, hell, he could just ignore it altogether.  I am reminded of one of my favorite things The Boyf has ever said:  “As late as the 3rd or 4th century CE you could probably still find Senators who thought they ran the Roman Empire.”

The next person elected President is going to have to do something drastic in their inaugural speech.  I am serious when I say I want to see this, and I will vote for any candidate who promises to do so.  I want the next President, standing there on the stage, with Bush shaking off his DTs behind them and the nation watching, to say:  “Everything is going to change.  We are going to be more open.  Gitmo will be closed down.  Warrantless spying on our own citizens will stop.  The color-coded alert levels are over.  The Era of Fear is at an end, and we will be held accountable, and in addition we will hold an accounting of others.”

But will either party make that claim?  Is there any candidate interested in being President - for which, surely, a job requirement is a lust for power - who will look at all the crazy fucked-up shit Bush has gotten away with and then say to themselves, “No, I will not use this same power.  I will give it back, or give it up.  I will apply a brake to the Executive and I will not rule as a despot, but lead as a President?”

A part of me wishes it were so, and a part of me finds it doubtful.

All of a sudden I want to draft Jimmy Carter.

So, is anyone reading this knowledgeable about, or experimenting with, or curious about High Dynamic Range photography?  This is something I really, really want to try, just for the heck of it.  (If you ask me, it makes real subjects look like pre-rendered backgrounds in videogames, which is strangely beautiful).

Some samples can be found in the HDR Flickr pool, or in the blog post linked above (which also includes links to a tutorial).

I don’t have the full version of Photoshop CS 2, just Photoshop Elements 4.  However, Photomatix has a trial version available for download, and there are of course versions for both Mac and Windows.  I’ll probably download the OS X version tonight, then bust out the camera this weekend and see what I can produce.

In 2000, as I was standing in line to vote, a woman in front of me addressed those of us standing around her with this: “Why can’t I just do this online?” I should have kept my mouth shut, but I didn’t. “Because,” I said, “It would be too easy to hack.” After finding out I worked in network security, she went on to decide that it was somehow my fault that this hadn’t been figured out yet. While I certainly didn’t have the answer, I shared her frustration. A part of me relishes the civic cameraderie of standing in line to vote - how else would I have met that lady in ‘04 who told me her kids played soccer with the Bush twins in Texas years ago, and said “Laura is the biggest bitch you’ll ever meet,” without that experience? Still, online voting would make some things much easier.

And so, with that in mind, pretend for a moment that you and I are sitting in a bar. There is a large plate of cheese fries between us, with ample supplies of both ranch and honey mustard dressings. I have a Diet Coke (it counteracts the cheese fries, right?) and you have the beverage of your choice. You have just pulled out a pen and one of the bar napkins and said, “So how could it work and be safe?”

This is not a circumstance in which we are going to solve the problem from start to finish, but I do have a few ideas. I don’t know how feasible they are. I don’t even know if they’re truly secure, because encryption and authentication are not my specialties. I do network perimeters, though, so I do touch on authentication and encryption. I am not, however, a genius. I am a guy who is good enough at his job to keep doing it. Keep this in mind. I say this in part to excuse any gaffes and in part to make clear that criticism or other suggestions will not offend me. I am aware of my limitations! Anything we can come up with to improve on the following scenario is a good thing. I do not believe that in a day or a month or a decade the whole world will look back on this post as The Answer That Worked, but neither have I found much of anywhere that this is being discussed in a serious but casual and open way. So, we begin here, and see what happens.

The biggest issue with online voting is, how do we know your vote was cast by you? Online voting would, if dissected into an order of operations, look a great deal like voting in person, in part because that’s already the model that works, and in part because this can be translated into a friendly, tech-free presentation to the user that will make them comfortable with a new process by making it feel like the old process wherever possible. That means the first thing we have to do is check in at the front desk. So, we need to authenticate you. However, managing a national database of logins and passwords is impossible and, just as importantly, neither would it be anonymous. Confidential is not the same as anonymous (let’s hear it from the HIV-testing activists from ten years ago, people), and what we’re gearing for is authenticated anonymity. (I don’t even know if that’s a real term, but we’re too busy eating cheese fries to care. This is all just kicking the ball around.) You want to check in at the front desk but, after that, you do NOT want your vote in any way tied to your name. Remember, you don’t sign your ballot before you stick it in the box.

The second big question is going to be ensuring that your vote is not tampered with. In real life we do this by being alone in the voting booth and then putting the ballot in the box ourselves. Polling place workers do not take the ballots from our hands after they’re filled out. Instead, they are tucked away in the big, brown boxes for security’s sake. After that, we have to trust that the authorities are honest with their counting, but hey, we already do that. So far, so good. How to duplicate this online is going to be to use extra-strength encryption. I am not talking about 128-bit encryption you use to check your bank balance. Yes, that’s great, and the kid down the street sniffing your wireless link is not going to be able to crack that in a hurry, but we know someone can: the government. Rumor has had it for years that 128-bit is the industry standard because the average cracker can’t break it but the NSA can and in real time. Perhaps it is true that Uncle Frank is simply not going to care about that, but the geeks sure as heck will. If we’re going to sell online voting to anyone, we have to win over the geeks first. Then they can sell their Uncle Frank on it on their own time. Thus, I’m going to go out there and suggest 1024-bit encryption. It’s overkill, yes, but it is very, very safe, and all the nerds out there with GnuPG are going to like seeing that big number.

The third question is, how do we deliver it? The bottom line is that, like any question of voting equipment and processes, it’s going to be decided at the state and local-elections-board levels. Your town or county or city or whatever is going to have to keep a server where the votes are tallied. This is not hard, because the process of tallying votes is now largely computerized anyway. Butterfly ballots excluded, do you really think that here, in NC, when we complete the little arrow to the candidate’s name that someone is going through and checking those by hand? Those things are scanned and the results stored on a computer. We will store our results on the same computer. Voila.

“That’s a lot of nice talking,” you say to me around a mouthful of Beverage(tm), “But we already know all that.”

Too true! Here’s the tech part of it, and it’s very simple: one-time crypto keys.

Let’s say we have our system in place. I want to vote online because I am lazy and I could be sitting at home stuffing myself with my own plate of cheese fries rather than out standing in line. Thus, I appear at my local polling place and skip the line and go straight to the front table that’s next to the other front table. There is no line. I tell them who I am, and they check me off in the big book because I’m now saying that I have voted and I am not going to vote in person. The other front table checks me off, too. The nice people behind the table hand me a CD with the voting client software on it (a cosmetically modified VPN client that is light and simple and will uninstall the day after the election and a link to the page where I will vote, using a private IP address for which I’ll only have a route after the VPN client has bound to my network interface). Then, they reach into a big box next to them and pull out an envelope. It looks like a paystub - perforated edges on each end - and they open it. They toss the carbon-copy sheet in the middle, hand me one of the two pieces of paper inside, and take the other piece and stick it into a ballot box.

I have now, for the purpose of validating that as many votes were cast as voters showed up to vote, voted.

I go home. I start warming up the cheese fries.

While that’s happening, I pop the CD in and install the VPN client. It is quick and painless, and requires minimal user interaction. When it launches, I am asked for one thing: the string of letters and numbers printed on the otherwise blank sheet of paper I was handed at the polling place. That string is my key. I should note here that I don’t mean the actual encryption key, I mean something like a pre-shared secret - it’s not 1024 bits of characters, it’s just a random jumble of characters (let’s say 8 to 12 characters in length) that can be compared on the far side of my connection to verify that this is legit. Once I put that in, my browser launches and I am taken to a page that has the appropriate offices and candidates for my precinct/district/etc. I vote by clicking a few radio buttons. I click submit, which takes me to a listing of the votes I just cast. I am asked to review these votes and confirm them. Because this is just a simple page, my enhanced accessibility software for any disabilities I might have has no problem handling it - the page is read outloud, the text is enlarged, whatever. I click that I have verified this information, and tah-dah, I have voted.

The server on the far side marks my key as having been used. It can never be used again, not even next election.

I eat my cheese-fries.

That night, one candidate in a race asks for a recount. The number of votes cast is compared to the number of voters having shown up to vote, voted early or listed as voting online. The tallies are run again. There is no problem with online votes because they are, ultimately, every bit as secure as the output of a touch-screen machine that has no paper trail. So, OK, there are potential problems of the tallies having been tampered with, but these problems exist already in our system, so they are separate questions entirely.

Now, of course, there are problems with this. What about all those unused keys sitting in that box? They are thrown away. But what if someone decides to start opening them and checking off random no-shows in the voter roll and just voting for them? Well, that could already happen with blank paper ballots at any polling station. If we distrust the people running our elections, that is a separate question entirely and not of import to the technical matter of allowing secure, online voting.

But what, then, of Uncle Frank? He’s so bad with computers he tried to install iTunes and wiped his hard drive! He didn’t even know what iTunes was!

That, my friend, is Uncle Frank’s problem. Perhaps his geek niece will help him. Perhaps his geek niece will be so civicly minded that she sets up a local volunteer tech-support line for her precinct to help folks who aren’t sure what to do - staffed by both Democrats and Republicans, and endorsed by the local elections board after receiving election-staffing training. Perhaps she is supported entirely by one party or the other, like the many other programs the parties run on election day to assist voters by giving them rides to the polls, ringing doorbells to remind them it’s election day, all sorts of things.

But they could trick them into voting the wrong way! Yes, and so can phone-jamming schemes in New Hampshire prevent them from getting to the polls in the first place; the thing is, if it’s found out, it can be punished just as surely as any other form of election fraud.

Fine, Mr. Smarty Pants, what about spyware? Hackers? Key-stroke loggers? What about a virus that changes the local host file on Uncle Frank’s computer so that he gets redirected to a false website and his vote is stolen and he gives away his key to someone else to use? That? That I’m not so sure about. That’s partly a function of making sure your computer is safe in the first place and partly a function of threatening such voter fraud with the same punishments as any other form of voter fraud. It is, ultimately, a matter of law enforcement. I’m here to answer the technical matter of making the online voting happen as securely as possible, though, so I simply don’t have the technical answers other than to say that we all risk this every time we check our online banking or pay a bill. As such, Uncle Frank (or his geek niece) are going to have to take the same precautions they take every day, cross their fingers and hope for the best just like the rest of us.

So who’s going to pay for this? We are. We’re the taxpayers. The same budgets that pay for touch-screen voting machines will pay for the VPN equipment, and connections, and the perimeter security around the machines that handle tallying and the VPN concentrator itself, and on and on and on. Will it be expensive? Oh, you bet it will. It’ll be worth it, though, and heck, what we’re spending now on touch-screen devices is already pretty outrageous.

And yet, there are other problems, and other questions, and probably a whole slew of technical issues and hitches and hiccups that I just haven’t thought of. So what are they? It’s time to get cracking on this issue, because it’s going to happen one day, sooner or later, safe or not. We might as well start kicking around the best-case scenarios - not the worst-case, but the best-case - so that we can push for them early.

Now please, stop bogarting the honey mustard.

The Black Box Voting site has released initial findings from their study of the logs from the Sequoia brand touch-screen voting machines used in Palm Beach, FL, in the 2004 Presidential election. The results? Around 100,000 errors on the 40 machines they used.

100,000 errors on 40 machines.

In one county.

In one election.

(UPDATE: Five minutes after posting this I was convinced I’d misread it. I went back and checked. Nope! 100,000 errors on 40 machines. Just check out all those zeroes after that one. That’s a lot of zeroes. My head is still spinning.)

Some of the highlights from the report include:

• “several dozen voting machines with votes for the Nov. 2, 2004 election cast on dates like Oct. 16, 15, 19, 13, 25, 28 2004 and one tape dated in 2010″ (they report that machine-assignment logs indicate these balloting machines were not used for any early voting periods)
• “1,475 voting system calibrations were performed while the polls were open, providing documentation to substantiate reports from citizens indicating the wrong candidate was selected when they tried to vote” (yes, they had to open them up, mess around with the guts and then close them back up in the middle of election day, nearly a thousand and a half times)
• “[voting machine] logs rule out the possibility that these were Logic & Accuracy (L&A) test results, and verified that these results did appear in the final totals”

Here’s one of my favorite quotes:

Many of these machines showed unexplained log activity after the L&A test but before Election Day. In addition, many more machines without date anomalies showed this log activity, which revealed someone powering up the machine, opening the program, then powering it down again. In one instance, the date discrepancy appeared when someone accessed the machine two minutes after the L&A test was completed.

Voting machines are computers, and computers have batteries that can cause date and time discrepancies, but it does not appear that these particular discrepancies could have been caused by battery problems.

The evidence indicates that someone accessed the computers after the L&A and before the election, and that this access caused a change in the machine’s reporting functions, at least for date and time. Such access would take a high degree of inside access. It is not known whether any other changes were introduced into the voting machines at this time. As learned in the Hursti experiments, it is possible for an insider to access the machines and leave no trace, but sometimes a hasty or clumsy access (such as forgetting to enter a correct date/time value when altering a record) will leave telltale tracks.

Of course, when they asked the IT supervisor for the county elections board to name who had access to the machines, or whether they could set up a day to test the machines themselves, they say “the IT person, Jeff Darter, remained silent and never answered the question.”

Welcome to the 21st Century, folks. Want to vote? Don’t bother. It’s already taken care of.

If the whole idea of ~100,000 anomolies and errors in one county bothers you, or the idea of electronic voting with no paper trail and zero accountability bothers you - and they should - then consider doing something to help these folks out: NC VOTER, a grassroots group advocating for verified voting and against paperless electronic voting. I’ve talked to them at various things (Carrboro Day, for example) and they’re good peeps. If you’re in another state, look for a group there. This is a huge deal that I think a lot of people think doesn’t matter since it “fixes” the whole issue of butterfly ballots; the fact is, yeah, something may be getting “fixed” alright, but it’s not what we think.