Saturday, August 21, 2010

Are they playing Pacman with your vote?

Alex Halderman's group managed to get hold of some old Sequoia AVC-Edge voting machines, and without needing to tamper with the tamper-evident seals reprogrammed them to play Pacman.

Sequoia AVC-Edge voting machines are DRE (that's Direct Recording Electronic -- not digital rectal examination, which is perhaps equally pleasant). This means that the only way they capture a vote is electronically: if something goes wrong with the machine, there is no independent evidence of how the voters wished to vote. (This is in contrast with optical scan voting technologies where the voter, for example, fills in a bubble sheet, which is scanned in for ease-of-counting, but which also provides an independent, auditable, debuggable record of the vote.)

Halderman writes,
"The original election software used the psOS+ embedded operating system. We reformatted the memory card to boot DOS instead. (Update: Yes, it can also run Linux.) Challenges included remembering how to write aconfig.sys file and getting software to run without logical block addressing or a math coprocessor. The entire process took three afternoons."
There are three significant points here:
  1. It doesn't appear to be terribly technologically difficult to reprogram the machine. I'm sure that having worked out the process in 3 afternoons, it would take them about half an hour to run the same reprogramming process on the next machine.
  2. It is possible to do this reprogramming in an undetectable way -- i.e. without messing with the tamper evident seals.
  3. Given that the machine is DRE, vote tampering cannot be independently detected or recovered from.
Voting machines are often left on their own in unsecured locations. A motivated attacker in a district that uses these machines could prepare a vote-stealing program in advance, access the machine briefly, and load the program. Without leaving any noticeable evidence. A forensic analysis of the machine would probably detect the program, but without any obvious tampering, who'd bother? And by then, the damage might already have been done -- forensics after election day would detect the possibility of tampering but would not get back what the votes should have been.

I just explained this to Sidharta in about 5 minutes. He totally got it. How come most of our electorate doesn't?

Sunday, August 8, 2010

Mary Anning, Revisited

I just got done listening to another great audiobook: Remarkable Creatures, by Tracy Chevalier. A friend recommended it, and I'm so glad he did. It combines two themes dear to my heart: A Jane Austen set-up and, if you can believe it, the problems of women in science.

This is the story of icthyosaur and plesiosaur discoverer Mary Anning (1799-1847), of whom I wrote a while back. It is more-or-less a novelization of her life. That is to say, most of the events and characters in the book are historical, but the narrative alternates between first person accounts provided by Mary, herself, and her friend Elizabeth Philpot, an expert fossil hunter in her own right.

Elizabeth is a typical Jane Austen heroine: born into the gentry, but with a very meager inheritance of her own. Mary is accustomed to living hand-to-mouth, the daughter of a cabinet maker, who dies highly in debt when she is about 11. The two women met soon after Elizabeth and two of her unmarried sisters moved to Lyme Regis to live cheaply, after the marriage of their brother who held the bulk of the family's wealth. Elizabeth had become interested in fossil hunting and Mary, who was only about 10 at the time, contributed to the family's income by supplying a fossil knick-knack ("curie", short for curiosity) stand that the family ran alongside the cabinet-making business. Elizabeth encouraged her to get an education, and to take a scientific, systematic approach to documenting her finds. Over time, the two became friends, and apparently spent significant time together collecting and studying the fossils. Along the way, they developed connections with, and taught or led a number of the well-known geologists and biologists of the time, including apparently, Cuvier (one of the acknowledged pioneers of paleontology).

Of course, scientific expertise is no excuse for gender, and though their contributions were first rate, neither Mary nor Elizabeth were recognized by any of the scientific establishment, on anything but a personal level. They were friends with the "great men", they sold fossils to the men, they corresponded with the men on scientific matters, they led the men on fossil hunts, but they could not publish papers or attend scientific meetings. And Mary had the double whammy of being of a different social class, as well, and living on the brink of starvation for much of her life.

The story reads like a pure novel. The narrative is wonderful, as are the voices of the two women. (I will say, too, that as audiobooks go, this was a lovely one, with two readers who provide excellent voices of their own.) The historical events are woven in nicely with the plot. And throughout you feel all of the pathos of the difficulties faced by two serious scientists in the context of their gender, poverty and class.

My informant tells me that The Lady and the Unicorn is good, too. It's on my queue.

Tuesday, August 3, 2010

Fortune cookie wisdom may have guessed it by now...I like fortune cookies.

There were some good ones today.

I got one that read "Do it because you love it." All "between the sheets" jokes aside, I do try to live this. Or maybe I should say, I try to live a transposed version of it: "Because you love it, do it." It is important to make time for the stuff you love. Of course, this also means that my house isn't quite as clean as it would be if I loved cleaning.

Annapurna read her fortune, and immediately groaned, "oh, that's bad!" Then she cracked up. It read "Be broke, be wealthy, but don't accept mediocity". And, no, that's not my typo.