Archive for August 2007

Nevada’s Middle Child: Is Reno Jan Brady?

August 29, 2007

Originally Published on, 8/29/2007 1:31:13 PM

We’re not Las Vegas. We’re not Elko. We are the middle child, neither as glitzy and sophisticated as our big sister to the south, nor as small and charming as our rural sisters.

Marcia, Marcia, Marcia!… or is Vegas, Vegas, Vegas a more suitable lament for Reno? Presidential candidates shower our big sister with attention, and feel the political imperative to court our rural sisters. But Reno often gets spouses and surrogates. And almost all of the candidates were quite comfortable passing up a uniquely formatted event in Reno last week, designed by the Brookings Institution and hosted at UNR. As originally conceived, the forum would have afforded each of the top four candidates in each party an uninterrupted half-hour to talk.

Mitt Romney skipped that event, but within 24 hours of it, he made an appearance at the Mount Rose ski lodge to cheer on the Reno-Tahoe Winter Games Coalition in its effort to win the 2018 Olympics. At that meeting, Romney offered a lyrical account of what it means to be an Olympic host city. (At least twice during his presentation, the Reasonable Reporter, who abhors crowds and cares nothing about sports, caught herself hoping fervently for a chance to be a volunteer ticket taker at the Reno-Tahoe games, or to be tasked with clearing snow from the bleachers, for the sheer experience of having played a tiny role in the Olympic tradition. Could this be an indicator of Romney’s ability to persuade less passionately partisan general election voters?)

From the Mount Rose meeting, Romney headed for a private Tahoe fund raising event. He had just been in Elko and Las Vegas, but no room on his calendar for the UNR forum. Marcia, Marcia, Marcia!

Just a few weeks back, Hillary Clinton was caught, in the moments following a public debate, in a still-audible, off-mic exchange with John Edwards about the need for an event that would free up the time used by the Gravels and Kuciniches, and allow the serious candidates – i.e. those with a prayer of winning — to thoroughly discuss the issues. The University of Nevada event was just such an opportunity, but it was not on her calendar either.

As the Reno forum unfolded, the Clinton campaign was instead off to see the rurals, with Terry McAuliffe at the helm. Rural organizers for Hillary began their McAuliffe tour at Jerry’s restaurant in Fallon, where a group of about 25 undecided Dems and committed Hillary supporters received a pep talk with special emphasis on the importance of showing up on caucus day. (A developing theme in all the campaigns. Anxiety about whether and how well Nevada will perform its early caucus role.)

McAuliffe rejected the notion that when candidates talk up the importance of Nevada in this race — and they always do — they are talking about Las Vegas. He reiterated the Clinton campaign’s strong commitment to the rurals. The Reasonable Reporter respectfully pointed out that Reno is not part of rural Nevada, and then proceeded to explain the format of the UNR event Mrs. Clinton skipped,   making reference, even, to Clinton’s own expressed desire for such an event.

McAuliffe pointed to Bill Clinton’s Reno appearance on Mrs. Clinton’s behalf the previous Friday, and to his own presence for the impending rural tour from Fallon to Elko. Nobody, said the Clinton campaign, can question Clinton’s commitment to Reno, although the Reasonable Reporter had, in fact, just done so.

And so it was that Bill Richardson and Joe Biden, who may in their own way bear some resemblance to Jan Brady, had the Democrats day of the Opportunity 08 Forum at UNR to themselves. And no Republicans showed up at all.


Campaign spouses in Reno: Mrs. Obama, Mrs. Edwards, and Mr. Clinton

August 21, 2007

Originally Published on, 8/21/2007 4:29:11 PM

Michelle Obama carries herself like the late Diana, Princess of Wales, but with more self-confidence. Crisply outfitted, tall and graceful, with an inner-humility that shines through. Elizabeth Edwards comes across as a gracious southern mom who just happens to have a law degree, and a husband running for president. Then there’s the Democratic party’s rock star, former president Bill Clinton. His reputation as a crowd pleaser precedes him.

All campaign spouses. All lawyers, though none currently practices. Each got an enthusiastic reception in Reno. Obama during a weekday lunch-time appearance at the Pioneer Center. Edwards, launching her husband’s Reno office one hot Sunday morning in July. Clinton, drawing the faithful at a commute-hour Hillary rally at the convention center.

The two women, who have radically different stumping styles, offered generously personal views of themselves and their families, and a dose of opinion about the state of the nation. They were impressive in a way presidential campaign spouses never have been. Mrs. Obama, with her relaxed brand of personal power, and a presentation style on par with her husband’s. Mrs. Edwards, with such devotion to her husband’s quest that she chooses, even in her current medical circumstances, to spend her precious days helping him pursue it. Each with keen intelligence, and each earnestly pitching her candidate as the right leader for the time.

The former president is familiar. Perhaps he, in turn, experienced the audience of Democrats as familiar. So familiar that communication should be effortless, by virtue of pre-existing relationship.

Clinton touted his own presidency relative to the current one. He made a few points about the Bush administration, using anecdotes about people he knows. A couple of his thoughts were incomplete, a couple of segues perplexing. But the crowd cheered, and was generally pleased.

The speech lacked any mention of family. Perhaps that’s by design, given what the country already knows about the Clinton family life. Nonetheless, providing a window on family life is incumbent upon the campaign spouse. Clinton made the important points about Hillary the Senator, and Hillary the Arkansas first lady, and Hillary the health care expert. No glimpse of Hillary, Bill’s wife or Hillary, Chelsea’s mom. He addressed the nagging question about whether she can win in a general election. And he gave her a ringing endorsement.

The Reasonable Reporter is not in the habit of fact-checking political speeches, but one of Clinton’s assertions struck an odd note.

“My wife is the only senator from New York to ever serve on the armed service committee,” he said. “And I can’t tell you the number of military officers who have told me she’s the most knowledgeable person in the Senate, in either party, on military affairs.”

Had Clinton named any of those military officers, they could be asked. But he didn’t, and they can’t. It’s hard to imagine, though, that those officers aren’t acquainted with another Democratic member of the Senate Armed Services Committee, James Webb of Virginia.

Webb has served as Secretary of the Navy, and as counsel to the house committee on veteran affairs. He graduated from the Naval Academy in 1968, as the Viet Nam war reached a crescendo. He chose marine service, and was first in his class at marine corps officer’s basic training school, according to his Senate bio. Webb worked as an instructor in tactics and weapons at marine corps officers candidate school. He’s been awarded a half dozen medals, including two purple hearts.

Then there’s the ranking member of the Senate Armed Services committee, Republican Senator John McCain. Need we waste space recounting McCain’s military history?

In all likelihood, Hillary Clinton has worked hard to achieve a good grasp of military affairs. One befitting an aspirant to the White House. But does her grasp outstrip that of Webb and McCain, or any of a number of other military veterans in the body?

This bit of hyperbole went presumably unnoticed, except in the fashion it was meant to be noticed. If Mrs. Clinton was already the Democratic nominee, however, such a statement would be probed for its source, and would be endlessly analyzed as a reckless statement at best, and for the hint disrespect it carries at worst.

Voting security: policies versus technologies

August 15, 2007

Originally Published on, 8/15/2007 2:59:41 PM

The Sequoia voting system is among “the most tested, secure, accurate, auditable and accessible voting systems in our nation’s history,” according to a statement on the company’s website.  Either that, or it’s a  product that could have been better engineered by any U. C. Berkeley student who did well in an undergraduate computer security class taught by Professor David Wagner.  Wagner was a team leader for the recent “top-to-bottom review” of California’s voting system security, and he’s fairly confident that a serious student in his course would have avoided many of the design flaws that showed up in the Sequoia system review.

Sequoia seems equally confident in its product, even after a long list of successful hacks were performed on it during the review, which was ordered by the California Secretary of State.  Scrutiny by teams of computer scientists revealed numerous deficiencies in the system, and a level of security one would expect “in a system where security just doesn’t matter,” by David Wagner’s account.

Sequoia Voting Systems, maker of Nevada’s election equipment, called the tests “irresponsible and misleading.”   The company’s primary assertion is that they were performed under unrealistic conditions. Sequoia claims the results of the tests are distorted, because of failure to include a defense team — “people, procedures, and processes”  to protect the system while the so-called Red Team was making hay with its technical vulnerabilities. Security threats to the system have therefore been overstated.

This is the central question.  To what extent should election security be assured by the design of the equipment, and to what extent by the people who run the elections?  As a general practice, information systems are protected through layers of technical features combined with elements of personnel and policy management.  Both are necessary, and this is Sequoia’s point.

But over-reliance on people and procedures could be fatal to security for a poorly-engineered system, according to U.C. Berkeley’s Wagner.  The human element is crucial, but it’s not sufficient.

“One reason our results are so worrying,” says Wagner, “is that we found that every single one of the technological defenses could be breached.  Because the security of the software is so weak, you’re completely reliant on poll workers and election officials… They have to work much harder to adequately protect elections than they otherwise would.

“Our current (election) procedures were designed under the assumption that the software was a lot more secure than it actually is,” Wagner continues. “That’s troubling because any procedural mistake at any point can have serious consequences for the integrity of the election.”

On this point Wagner gets a certain oblique agreement from Sequoia. In hearing testimony, the company offered a point-by-point refutation of some of the vulnerabilities ascribed to it, but not always on technical grounds.  Often, Sequoia’s recommended “fix” for a technical attack on the system is a people fix, suggesting that the system would be invulnerable, so long as the election workers are well-trained, ever-vigilant, and not corruptible.

The dreaded “yellow-button attack,” for instance, which has been a major source of buzz among election watchdogs.  The Sequoia voting machine can be switched to manual mode by simply reaching around to the back of the machine and pressing the activation button. This would allow a voter to vote repeatedly, rather than just once.

Sequoia recommends turning the machines around, so the back of the units faces the poll workers. This assumes that the poll workers will be consistently attentive throughout a long election day, never busy with other duties, and most important, not distracted by an accomplice whose job it is to chat up the poll workers while the yellow-button attacker does his work.

Repeatedly, Sequoia invokes personnel, procedure, and policy as a defense for the system’s known vulnerabilities. Audits, training, anti-virus and anti-spyware updates, secure storage of equipment, camera surveillance. Such measures are important, says Wagner.  But they don’t mitigate the system’s blatant flaws.

“I’m a little concerned that the response seems to be deny, deny deny,” he says. The design problems need to be acknowledged, and then they can be addressed.

Wagner suggests that the focus on people and policy is a way for Sequoia to shift blame to county election officers. Elections managers in both states, though, seem to be in verbal lockstep with the vendor, however, taking their talking points directly from Sequoia’s own statements.

Computer security professor: Sequoia voting system would get a D or an F

August 13, 2007

Originally Published on, 8/13/2007 2:59:58 PM

“It would be like giving someone the key to the bank, and the combination to the safe, then leaving them alone for months. You shouldn’t be surprised if the money is gone when you come back.”  This is the analogy repeated separately by various people who discount California’s security review of its electronic voting systems.  By this, the critics mean that teams of computer scientists who were able to hack the systems were armed with source codes, and had “unfettered access to the machines” — this is the other oft-repeated term  – for the four-month duration of the experiment.

Critics also point out that the tests were conducted in a laboratory setting, which did not recreate actual election day conditions. On election day, they say, there would be another team playing defense, which might prevent hackers from compromising the election.

Skeptics include Nevada’s election officials.  The Silver State uses the Sequoia system, not that it would matter.  All the systems in California ‘s test were hacked, including Sequoia.  The “keys to the bank and combination to the safe” analogy has been used by Washoe County Voter Registrar Dan Burk, and the Secretary of State’s Elections Deputy Matt Griffin.

Wrong analogy, says Dr. Matt Bishop of U. C. Davis, who led the so-called Red Team that  produced an extensive list of ways to penetrate the Sequoia electronic voting system.  A closer parallel would be the crash-testing performed on cars by the National Highway Traffic Safety Administration.  NHTSA, he says, is evaluating the limits of the machinery, not the conditions under which cars move around on the road with real people behind the wheel.  It’s an extremely rare driver who pushes the pedal to the metal, and drives, head-on, into a brick wall.  But such “laboratory” tests are useful because they document the machine’s behavior when it’s subjected to a crash, and the physical damage to the occupants.

And yes, says Bishop, the Red Team did have Sequoia’s source codes, allowing it, in effect, a guided tour of the software design, and an insider’s knowledge of how the system performs its functions.   Bishop believes an organized conspiracy to commit electronic voting fraud would also have the source codes.

The codes most likely would be leaked or stolen, since most information security breaches are committed with the help of insiders.  But source codes might be obtained in a variety of ways. Voting machines have been sold on eBay, for instance, by government surplus agencies, notably to a curious geek whose purchase was chronicled in Wired Magazine.  He promptly took the machines apart to figure out how they function.

Most information is out there, Bishop says, if you dig deeply enough. He cites several incidents involving national security, where classified information was unintentionally posted in a place where it could be viewed online by the public. The information was removed, but the bell can’t be un-rung after it’s had thousands of page views.

Source codes were given to the University of California teams primarily to help them meet the deadline imposed by the California Secretary of State.  Four months is a short period for the kind of work requested, and the source codes made the work go faster.  Without the codes, Bishop says, the team could have discovered and performed the same list of hacks, it would simply have taken longer.

The California test resulted in decertification of the Sequoia system as it is currently used in that state. In the same document, there is a long list of conditions Sequoia must meet in order for its system to be used in California’s upcoming primary, and a long list of new procedures that must be developed by each election jurisdiction.  In short, the recertification conditions create a large and expensive headache for everyone involved, with a short window for completion.

At this point, the only certain use of the Sequoia in the California primary will be for the disabled. Access for the disabled was among the original objectives of the “Help America Vote Act,” the law that spawned universal implementation of electronic touchscreen machines. The machines are wheelchair accessible, and are equipped with a listen-only ballot and headphone jack for blind voters.  Secretary of State Debra Bowen has ordered a single machine in each precinct for HAVA disabled compliance.

Nevada officials say they’ve watched the California tests with interest, as has the entire national community of election managers.  Both Washoe’s Dan Burk and State Elections Deputy Matt Griffin say they’ve read the reports issued to California’s secretary of state.  Griffin says the information will be used at the state level by Nevada election committees who have been assigned to make recommendations for various aspects of the election process. One of the committees is an IT committee, which will presumably study the technical exploits from California’s tests. The findings of the tests will be used by another committee to develop enhanced training for elections personnel.

In general, though, Nevada’s focus seems to be on policy and procedure, not on the shortcomings of the Sequoia system itself, which Matt Bishop says he would grade D or F if it were  submitted as a project in one of his computer security classes at U.C. Davis.

Hack the Vote!

August 7, 2007

Originally Published on, 8/7/2007 1:01:24 PM

Hack the Vote! Part 1

The report might have been titled “A Thousand and One Ways to Compromise an Election.” It was prepared for the California Secretary of State by a team of computer scientists acting as white-hat hackers, conducting penetration tests on various brands of electronic voting machines used in California. It was a collection of reports, actually, and the one of interest to Nevadans could have been called “A Hundred and One Ways to Compromise the Sequoia Voting System.” That’s the system used in Nevada elections.

Although the members of the Source Code Team from U.C. Berkeley claim they didn’t have enough time for a thorough review, they nonetheless compiled an enormous list of ways in which the Sequoia system is deficient on every level from the back end system to the hardware in the precincts.

A few of the findings: The “smart cards” voters insert into the machines can be altered using a laptop, as can the “results cartridges” that hold the tally of all the day’s voting for each machine. It’s possible for results affecting one precinct or multiple precincts to be changed without detection.

The tamper-evident seals that alert poll workers to an attack on the hardware, or the machine’s internal firmware, are irrelevant, since “the  testers were able to gain access to the internals of the systems by, for example, unscrewing screws…. Similarly, plastic covers that were protected by seals could be pried open enough to insert tools that could manipulate the protected buttons without damaging the seals or leaving any evidence that the security of the system had been compromised.”

Features that limit control of the WinEDS database are easily circumvented, according to the report. This means the people at every level who are involved in back-end operation, such as preparing ballots, configuring voting machines, and counting the ballots, can assign roles to themselves and gain access at a level they were never intended to have.

The results were no surprise to the broader community of tech intelligentsia, which collectively uttered one word when the story broke. “Duh.”

The number and severity of vulnerabilities in the systems led Secretary of State Debra Bowen to decertify the Sequoia machines on Friday, to meet a deadline related to the California primary, and re-certify them under more stringent conditions.

Sequoia hosted a user conference last week, the timing of which, deliberately or not, coincided with the release of the California test results. Election officials from across the country, including our own, attended. Security experts say all the companies whose machines were tested have an interest in discrediting the results, and indeed, when the testers gave their report at a hearing in Sacramento, it was vendors and county election officials who squared off with them.

Some at the county level, where jobs are made more difficult by the findings, accuse Secretary of State Debra Bowen of staging the test as an exercise in political theatrics. They may be right, but that doesn’t minimize the significance of the tests.



Hack the Vote! Part 2

First, we have to lose this romantic notion about the nature of cybercrime, deeply embedded after only a decade or so of Hollywood portrayals.   The Lone Gunmen of “X-Files” fame, or Chloe and Morris of “24” tear into the keyboard as the clock ticks. They’re under intense pressure, with lives in the balance. Their brows furrow and beads of sweat appear on their upper lips. Within minutes — hours if it’s a tougher assignment — there’s a blinking message window on the screen, signaling success.

Then there’s the swaggering, teen-aged “because-I-can” hacker, who operates from a bedroom in his parents’ home, altering school records or dropping dirty pictures onto the websites of prominent people, for laughs. In another era, he’d have been vandalizing parking meters. He’s real, but he’s not committing election fraud. Yet.

More recently, the public has begun to grasp the common criminality of hacking, as eastern European syndicates using stolen credit card numbers have been revealed to be a major source of cybercrime. This crime, motivated by money, is the closer to the worry at hand, but still not quite right.

Here’s a chilling paragraph from the U.C. Berkeley report:

“The high stakes of many elections can provide rich incentives for illegal abuse. The resources of this study were quite small compared with those that might be available to an organized criminal conspiracy to commit election fraud. In our professional opinion, it is likely that a sophisticated adversary who sought to subvert an election by technical means would be able to duplicate, and perhaps exceed, the attacks reported here, even without open access to source code. Our study should be regarded, at best, as identifying obvious weaknesses that an attacker might attempt to exploit.”

Get the picture? Cyberattacks on elections would be painstakingly planned, with a possible interval of four years to get it right. And lots of money would be available to people with the requisite combination of know-how, financial need and political disgruntlement. With regard to the categories of cybercriminal for which we have a frame of reference, they would fall into the column marked “none of the above.”

The Reasonable Reporter, having produced a five-part series on electronic voting machine security in the summer of 2004, is in contact with some folks who have spent a lot of years studying voting machines. More to follow.