Re: High hopes for unscrambling the vote

2004-06-08 Thread Roy M. Silvernail
R. A. Hettinga quotes Declan McCullagh:
 Bottom line:The technology is still in its prototype stage--but a bigger
obstacle may be whether notoriously conservative voting officials can be
convinced to try something new.
That's an interesting perspective, considering electronic voting already 
*is* something new.  A man with tinfoil inside his fez might wonder if 
this points to a greater conspiracy that hinges on the lack of a paper 
trail from the voting machines.

Speaking of which, this[1] Cringely column doesn't seem to have received 
much notice, even though it points out that the Diebold machines 
*already have a printer* built in.  While it's probably not equipped to 
do Chaumian voter receipts, it could certainly do the old-fashioned 
human-readable type.   That's a SMOP.
--
Roy M. Silvernail is [EMAIL PROTECTED], and you're not
Never Forget:  It's Only 1's and 0's!
SpamAssassin-procmail-/dev/null-bliss
http://www.rant-central.com

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


High hopes for unscrambling the vote

2004-06-08 Thread R. A. Hettinga
http://news.com.com/2102-1028_3-5227789.html?tag=st.util.print

CNET News
 http://www.news.com/


 High hopes for unscrambling the vote

 By  Declan McCullagh
 Staff Writer, CNET News.com
 http://news.com.com/2100-1028-5227789.html

 Story last modified June 8, 2004, 4:00 AM PDT


PISCATAWAY, N.J.--Computer scientists gathered here recently and bobbed
their heads into an odd-looking contraption for a glimpse of emerging
technology that might just help make the digital world safer for democracy.

 Beneath the viridian green glow of a viewfinder flowed an inch-wide strip
of paper that inventor David Chaum says will prove with mathematical rigor
whether a vote cast on a computer in a ballot box has been tampered with
after the fact.

 The system was demonstrated publicly for the first time at a Rutgers
University voting conference late last month. The technology builds on the
increasingly popular notion that computerized voting machines need to leave
behind a paper trail to safeguard against fraud--something that's lacking
in most current models and the subject of furious debate.
 News.context

What's new:
 Computer scientists are developing cryptography techniques that promise
powerful new tools for verifying computerized voting results.

 Bottom line:The technology is still in its prototype stage--but a bigger
obstacle may be whether notoriously conservative voting officials can be
convinced to try something new.

 More stories on this topic

 Chaum has raised the concept to an entirely new level, according to
electronic-voting experts, by including breakthrough cryptographic
techniques that will provide instant feedback on irregularities while
ensuring voter anonymity. While still a clunky prototype, the system could
represent the next evolutionary step in improving the security and
reliability of the voting process, some believe.

 The math is fine, said Ron Rivest, a professor of computer science at
the Massachusetts Institute of Technology and the co-creator of the popular
RSA encryption algorithm. I view this as the early days of the practical
applications...The paradigm is a new and interesting one. I'm optimistic.

 Chaum is not alone among researchers vying to better voting's state of the
art. Fed up with what they view as antediluvian punched cards and
mechanical lever systems--and with an eye to the problems of the 2000
Florida recount--scientists are borrowing from decades of academic work to
invent systems that are probably secure against malfeasance.   Their
inventions are also designed to one-up current electronic voting machines
that have limited audit capabilities and may include bugs that
surreptitiously alter vote totals.

 I'd like to think that we have some influence, said Josh Benaloh, a
cryptographer at Microsoft Research. All acting en masse, maybe we'll have
an impact.

 Encrypted receipts
 The leading contenders so far, independently created by Chaum and
mathematician Andrew Neff, represent two variants of a voting technology
that uses encrypted printed receipts to solve many of the problems that
have bedeviled existing hardware. These prototypes work in the lab. But one
obstacle may be whether notoriously conservative voting officials can be
convinced to try something new.

 The idea of having computerized voting machines produce paper receipts,
providing a physical record that can be audited, is belived among voting
experts to be a useful safeguard against fraud. But some counties that have
already installed printerless, computerized voting systems oppose any
requirement that they add new equipment to provide paper receipts of any
kind.

 Other proposals for providing paper receipts in computerized voting
systems include attaching printers to voting machines that spit out a hard
copy of votes recorded below a glass barrier.  Once voters reviewed the
receipts and confirmed that they were accurate, the receipts would be
placed in a secure box. If a recount were required, voting officials would
open the boxes and proceed to tally up the results by hand.

 Critics of this type of receipt argue that the end product is little
better than a punch card ballot, subject to many of the same kinds of
miscount problems that plagued the Florida election in 2000. Encrypted
systems like Chaum's, on the other hand, would not be vulnerable to many of
those flaws, because only the records that were tampered with would be
subject to verification in a recount. In addition, tampering could be
detected the moment a voter left the polling station.

 Chaum, who declines to give his age for privacy reasons, boasts a dazzling
resume as one of the brightest computer scientists of the 1980s, whose
ideas led to the creation of anonymous remailers, privacy-protecting Web
browsing techniques and secure electronic cash. He returned to the topic of
secure voting four years ago and came up with his crucial
innovation--encrypted receipts on plain paper--in late 2003. Chaum owns
patents covering the use of the 

RE: Passwords can sit on disk for years

2004-06-08 Thread jdean
And of course, the article didn't get it right.  Because of optimizing 
compilers, it is *not* trivial to zero passwords.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


W Post: US gets 126,000,000 intelligence intercepts a day?

2004-06-08 Thread Perry E. Metzger

[Forwarded on John's behalf...]

To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: W Post: US gets 126,000,000 intelligence intercepts a day?
Date: Wed, 02 Jun 2004 21:39:36 -0700
From: John Gilmore [EMAIL PROTECTED]

  The government receives 126 million intelligence intercepts a day.

I've never seen anyone bandy about a number for the total daily volume
of vacuum cleaner 'take' before.  Perhaps the author can point us to a
nice academic paper that breaks out the volumes that come from sigint,
'national technical means' imint, humint, open sources, traffic
analysis, pass-thrus from foreign governments, illegal US domestic
wiretaps, Patriot Act domestic wiretaps, etc?  Volume of faxes
vs. voice phone calls vs. emails vs. other sources?  Even a breakdown
of unencrypted vs. encrypted would be interesting.

The sentence is from a Washington Post op-ed suggesting rejection of
the well analyzed post-TIA data mining blue-ribbon panel study.  The
study recommended that the government not be permitted to search
through data about its citizens without a warrant based on individual
suspicion.  The quote is part of her argument that the gov't would be
paralyzed if it had to look at all that data and follow the
Constitution at the same time.  She doesn't follow that argument to
the obvious conclusion that it should perhaps collect less data, but I
digress.

The story is nominally buried behind a cookie/'free registration'
wall, which I don't choose to access because I support REAL web sites,
not consumer-tracking services.  But I found this equivalent 'real'
link to the story, on the author's web site:

  http://www.washingtonpost.com/ac2/wp-dyn?pagename=articlecontentId=A3521-2004May30

The article is by Heather Mac Donald, a fellow at the Manhattan
Institute, which seems to be in favor of greater economic choice,
individual responsibility, and totalitarianism.  Two out of three
isn't bad, and #1 and #3 suggest that she might have some good
friends in the Bush Administration.  Here's her page and many
writings:

  http://www.manhattan-institute.org/html/mac_donald.htm

Does Ms. Mac Donald know what she's talking about here?

John

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Security clampdown on the home PC banknote forgers

2004-06-08 Thread Axel H Horns
On 6 Jun 2004, at 15:30, R. A. Hettinga wrote:

 http://observer.guardian.co.uk/print/0,3858,4940746-102285,00.html
 
  Observer
 
 Security clampdown on the home PC banknote forgers
 
 Banks win EU support for software blocks to tackle the cottage
 counterfeiters Tony Thompson, crime correspondent Sunday June 6,
 2004
 
 The Observer
 Computer and software manufacturers are to be forced to introduce
 new security measures to make it impossible for their products to be
 used to copy banknotes.

Hmm hmmm ... and what about Open Source graphics software like Gimp?  

  http://www.gimp.org/   

Will Gimp be banned because of everybody can throw out the call to the
banknote detection routine?  

Will the banknote detection software be made publicly available to the
Gimp developer team?  

Questions over questions ...  

Axel H Horns


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Security clampdown on the home PC banknote forgers

2004-06-08 Thread bear


On Tue, 8 Jun 2004, Axel H Horns wrote:

Hmm hmmm ... and what about Open Source graphics software like Gimp?

  http://www.gimp.org/

Will Gimp be banned because of everybody can throw out the call to the
banknote detection routine?

Will the banknote detection software be made publicly available to the
Gimp developer team?

Questions over questions ...

Probably not; instead, the banknote detection stuff will probably be
pushed out to tamper-resistant hardware ROMs in the printers, where
it's *NOT* under the control of anything running on a general-purpose
computer.  Because, really, nothing prevents someone from building
their own electronic device from scratch and attaching it to the
printer. The logic has to be something you can't use the printer
without, and that means built into it.

This is actually a lot less annoying than something like Palladium,
where people want remote restriction on a general-purpose PC.  If
it's pushed out to the printing hardware, there's no need to restrict
the architecture of a general-purpose machine.

Of course, there is such a thing as money that really and truly
*can't* be counterfeited.  Elements such as gold, or other rare
commodities, for example, cannot be faked; something either is gold,
or it isn't.  Also, useful objects and consumables in general cannot
be faked; something either is useful, or it isn't.

Fiat currencies are based on artificially imposed rarity, and
increasingly people are able to overcome the artificial impositions.
Wouldn't it be a stitch if nations were forced to re-adopt the gold
standard (or adopt the chocolate standard) because all their bills
(and SmartCoins, and RFID tokens, and ) could be counterfeited?

Bear

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Security clampdown on the home PC banknote forgers

2004-06-08 Thread jedi
Quoting Axel H Horns [EMAIL PROTECTED]:


 Will the banknote detection software be made publicly available to the
 Gimp developer team?  
 

This makes the assumption that the gimp developers will include it into future
versions.  How will that make much of a difference?  A savvy coder will just go
in and rip the offending code out.


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Security clampdown on the home PC banknote forgers

2004-06-08 Thread jdean
It's time to start wearing t-shirts bearing the image of a banned banknote.
(To circumvent counterfeiting laws, wear the banknote of a foreign country).
Imagine the frustration of the police when they can't photocopy your picture.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]