[continued from previous message]

system security by enabling public scrutiny of the software code,
surfacing bugs more quickly and thoroughly, and by increasing
transparency into the systems that count votes. This is not what has
occurred with the voting system breaches. We should still pursue
open-sourced voting systems, but that shouldn't preclude calling for a
vigorous and immediate investigation into the voting system breaches
and misappropriation of software by Trump allies and election
deniers. We can do both. We must do both. Susan Greenhalgh is the
senior advisor for election security at Free Speech For People

[I removed a slew of hot links for RISKS. If you would like to see a
clickable version, contact Susan. PGN]

[Thank you, Susan for staying with us on this issue. (NB: Her father
was a hightly respected long-standing voice in the earlier days of the
quest for greater integrity in elections). PGN]

------------------------------

Date: Mon, 11 Dec 2023 16:39:34 -0000 (UTC)
From: Thomas Koenig <tkoenig@netcologne.de>
Subject: Re: Experts Warn of 'Serious Threats' from Election Equipment
(Greenhalgh, RISKS-33.96))

Sounds reasonable so far, but here...

saying software breaches have "urgent implications for
the 2024 election and beyond."

I see a strong argument for security through obscurity, which
(as comp.risks readers are assumed to know) is the weakest of all
forms of security.

The basic premise seems to be that the software is buggy, and that
the bugs can be exploited by somebody who wants to falsify the
election results. In other words, that it contains backdoors,
intentional or unintentional.

This begs the questions:

- Why is this assumed to be the case? Was the software not written
to a standard that would make this unlikely/impossible?
[Yes. PGN. The standards are weak. PGN]

- Who has access to the software now?
[Apparently quite a few people. PGN]

- What safeguards are in place so make sure that people with
that access do not misuse these potential backdoors?
[Almost none. PGN]

- What would be the public/political reaction if such an assumed
backdoor was indeed found (as the authors of the letter seem to
assume can happen)? Would this actually put the integrity of
the last election into doubt, as well as that of the upcoming
election?
[Perhaps not. There was more oversight than ever before. PGN]

Following this discussion in the U.S. leaves me somewhat bewildered.
Germany has always had paper ballots, which are kept and which can be re-counted if necessary.

This does not preclude attempts to falsify the election by
presumably intentional miscounting (which has happened) or by pure
chaos, including more ballots cast than voters exist (like in the
last election), but at least it leaves a clear trail if anybody
wants to examine it.

[Unfortunately, the U.S. has a long history of proprietary commercial
systems with no incisive audit trails that defy scrutiny of the software --
and the hardware! Germany, The Netherlands, and other countries have been
much more proactive. PGN]

------------------------------

Date: Mon, 11 Dec 2023 12:41:44 -0500
From: Cliff Kilby <cliffjkilby@gmail.com>
Subject: Re: WeWork has failed, leaving damage in its wake
(Kruk and Baker, RISKS-33.96)

Mr Baker, Noting you've found capitalism to be akin to optimistic
concurrency, I would like to point to the known risks of that system. Once
it reaches a state where it should start deadlocking due to rule violations,
it starts a retry cascade. Retry cascades should eventually terminate in a well ordered system. I have not observed capitalism to follow the model of a well ordered system. Furthermore, mother nature's evolutional algorithm is most closely modeled by bogosort. In both, the cost of failure is total destruction, and there are many more failures than successes. Given this,
are you advocating for more severe punishments for companies which gamble
with other people's assets?

------------------------------

Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.

SUBSCRIPTIONS: The mailman Web interface can be used directly to

subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that

includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.

SPAM challenge-responses will not be honored. Instead, use an alternative

address from which you never send mail where the address becomes public!

The complete INFO file (submissions, default disclaimers, archive sites,

copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!

OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's

delightfully searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.

Special Offer to Join ACM for readers of the ACM RISKS Forum:

<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 33.97
************************

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)