RISKS-LIST: Risks-Forum Digest Sunday 21 Jul 2024 Volume 34 : Issue 36

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.36>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents: [Amid madness, way backlogged.]
CrowdStrike IT outage affected 8.5 million Windows
(BBC via Matthew Kruk)
A CrowdStrike update crashed the world's computers.
What comes next? (WiReD)
The MTA's Old Computer Technology Kept Going During
Today's MS-related Outrage (Curbed via Henry Baker)
Cyber Criminals Seek to Exploit Crowdstrike Outage
(Gabe Goldberg)
Re: Crowdstrike (Cliff Kilby)
Boeing and Failures (BBC viz Jim Geissman)
U.S. Gender Care Is Ignoring Science (Pamela Paul)
AT&T says hacker stole call records of ‘nearly all’ wireless customers
(WashPost)
Data breach exposes millions of mSpy spyware customers (TechCrunch)
Rite Aid says June data breach impacts 2.2 million people (Victor Miller)
What comes around: SSH CVE-2024-6387 (Qualys via Cliff Kilby)
Exim attachment flaw CVE-2024-39929 (Censys)
New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data
(geoff goodfellow)
German Navy still uses 8-inch floppy disks, working on
emulating a replacement (ArsTechnica)
Zombie browser says "what"? (Betanews)
You're holding your phone wrong? (WashPost)
In Ukraine War, A.I. Begins Ushering In an Age of
Killer Robots (The New York Times)
Perfect Apple Supply Chain Bug -- Millions of Apps at Risk of
CocoaPods RCE {Security Boulevard)
When AI tells you to verify (Lauren Weinstein)
In GA the Biggest Election Breach in History Has Gone Uninvestigated
(Notus via Susan Greenhagh)
OpenAI illegally barred staff from airing safety risks,
whistleblowers say (WashPost)
Drone photographer pleads guilty to Espionage Act charges
(The Verge)
Re: Voting in Switzerland (Rebecca Mercuri, Bertrand Meyer)
Re: Russian Disinformation (PGN)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

From: Matthew Kruk <mkrukg@gmail.com>
Date: Sat, 20 Jul 2024 13:34:52 -0600
Subject: CrowdStrike IT outage affected 8.5 million Windows
devices, Microsoft says (BBC)

https://www.bbc.com/news/articles/cpe3zgznwjno

Microsoft says it estimates that 8.5m computers around the world were
disabled by the global IT outage.

It's the first time that a number has been put on the incident, which is
still causing problems around the world.

The glitch came from a cybersecurity company called CrowdStrike which sent
out a corrupted software update to its huge number of customers.

[Almost all major airline computer systems were affected: Bruce Crumley,
Inc. 19 Jul 2024
https://www.inc.com/bruce-crumley/airlines-bear-brunt-of-global-crowdstre.html
-- although JetBlue evidently had zero problems because it does *not use*
the MS/Crowdstrike connection. I had two flights to get home, and
everything seemed to be running ahead of schedule! PGN]

------------------------------

Date: Fri, 19 Jul 2024 19:12:50 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: A CrowdStrike update crashed the world's computers.
What comes next? (WiReD)

Airports, banks, TV stations, health care organizations, hotels, and
countless other businesses are still reeling from widespread IT outages, leaving flights grounded and causing untold disruption. The cause? A
software update from cybersecurity firm CrowdStrike that crashed Windows machines across the globe.

Only a handful of times in history has a single piece of code managed to instantly wreck computer systems worldwide. This time, the ongoing digital catastrophe appears to have been triggered not by malicious code released by hackers but by the software designed to stop them.

Here’s how it happened, how it’s impacting the world, and where we go from here.

https://link.wired.com/view/5be9ddd83f92a40469eae33cliaml.2ptl/8d27d912

------------------------------

Date: Sat, 20 Jul 2024 00:35:34 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: The MTA's Old Computer Technology Kept Going During
Today's MS-related Outrage (Curbed)

FYI -- *diversity* in computer systems can provide more resilience...
Putting all your eggs in one basket risks putting egg all over your face!

https://www.curbed.com/article/mta-tech-outage-countdown-clocks-oldest-kept-going.html

The MTA's Old Computer Technology Kept Going During Today's Outage
Nolan Hicks, a longtime New York City politics and transit reporter

* On the website formerly known as Twitter, users (okay, me) jokingly
posted, "MTA this AM: Can't crash computers you don't have!" along with a picture of the Battlestar Galactica, the interplanetary aircraft carrier
that survived a rebellion led by sentient robots because it was the one
vessel that, lacking a computer network, couldn't be
hacked.

* Housing-policy expert Alex Armlovich joked that "the MTA's deeply
fragmented IT systems are so mutually incompatible that at least only half
the system crashes at one time."

[DIVERSITY is ironic here: This reminds me of Microsoft's response to the
Internet Worm in 1988: ``Our software was completely unaffected.'' Of
course that was true, because the Worm targeted only Unix systems.
Remarkable hyperbole. Hyperbolloxed? PGN]

[It seems more like DieVarsity, because scuttlebutt suggests that a
single unintentional button push caused the entire fiasco. There should
have at least been some sort of advisory warning such as "Do you really
want to let the wild rumpus roar worldwide? PGN]

------------------------------

Date: Fri, 19 Jul 2024 17:38:38 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Cyber Criminals Seek to Exploit CrowdStrike Outage

Organizations, including government and Public Safety agencies, are
reporting blue screen of death on systems with a CrowdStrike Update deployed last night. If you have CrowdStrike deployed in your environment, we suggest following the guidance provided by CrowdStrike: https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/

The VFC has received information that cybercriminals are exploiting this
event and posing as Crowdstrike support. Exercise caution and only speak
with legitimate Crowdstrike support personnel. The following are known, fraudulent pop up support partners claiming to be CrowdStrike support:

/crowdstrikebluescreen.com
/crowdstrike0day.com
/crowdstrike-bsod.com
/crowdstrikedoomsday.com
/crowdstrikedoomsday.com
/crowdstrikefix.com
/crowdstrikedown.site
/crowdstriketoken.com

https://fusion.vsp.virginia.gov/vfcshield/all-sector-specific-bulletin-update-cyber-criminals-seek-to-exploit-crowdstrike-outage/

------------------------------

Date: Fri, 19 Jul 2024 11:03:23 -0400
From: Cliff Kilby <cliffjkilby@gmail.com>
Subject: Re: CrowdStrike

I've used and rather like Crowdstrike. I specifically like that it has an auto-update policy available. https://medium.com/mii-cybersec/crowdstrike-falcon-series-deployment-to-maximum-protection-5ba791d33270
Any org I've worked with or any product I've worked with has to have the
option for N-1 deployment, or I've had to create one. Version N goes on a
few QA machines, and one or two employee machines (IT testers). N-1 goes on everything else. If there is an issue with N, we get a heads up. If there's
a vulnerability with N-1, we'd have the option to bypass auto update using normal patching process.

https://techcrunch.com/2024/07/19/banks-airlines-brokerage-houses-report-widespread-outages-across-the-globe/

If this outage was caused by a sensor update, I have questions about why
anyone would be running software that hasn't had some local testing first.
Just because there is an update, your environment is most likely unique,
with machines running between OS and App patch levels. Are these companies
also pulling in upsteam patches without any testing? https://www.theregister.com/2024/07/18/security_review_failure/
Oh. Oh dear.

Have fun with that.

APPENDED:

It seems that the defect was in a content update, not a sensor update.
There's no N rule for content deployment with CrowdStrike running auto
updates:

a defect found in a single content update of its software on Microsoft
Windows operating systems, according to a post on X from CEO George Kurtz.

My apologies for the miscommunication.

------------------------------

Date: Thu, 18 Jul 2024 11:25:59 -0700
From: "Jim Geissman" <jgeissman@socal.rr.com>
Subject: Boeing and Failures

https://www.bbc.com/future/article/20240718-how-ordinary-failure-could-have- a-seismic-effect-on-an-industrial-giant

How ordinary failure could have a seismic effect on an industrial giant

By John Downer is Associate Professor in Science and Technology Studies at
the University of Bristol, and the author of "Rational Accidents." <https://mitpress.mit.edu/9780262546997/rational-accidents/> A shorter
version of this story was previously published on MIT Press Reader.

------------------------------

Date: Sun, 14 Jul 2024 7:28:35 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: U.S. Gender Care Is Ignoring Science (Pamela Paul)

Pamela Paul, *The New York Times*, Sunday Opinion, 14 Jul 2024

Imagine a comprehensive review of research on a treatment for
children found ``remarkably weak evidence'' that it was effective.
Now imagine the medical establishment shrugged off the conclusions
and continued providing the same and life-altering treatment to its
young patients.

This is where we are with gender medicine in the United States.

... But there is no basis to rush putting kinds on an irreversible path of medicalization. With children's health and well-being at stake, effective evidence-based and compassionate health care must be accepted. It's one
thing to pursue medical path not knowing whether it's effective; it's quite another to persisst on that path with no solid evidence to support it.

------------------------------

Date: Fri, 12 Jul 2024 15:58:55 -0400
From: Monty Solomon <monty@roscom.com>
Subject: AT&T says hacker stole call records of ‘nearly all’ wireless
customers (WashPost)

The information could provide a roadmap for criminals who could impersonate
a friend or relative to trick a victim, experts warned. https://www.washingtonpost.com/business/2024/07/12/att-wireless-hacker-data-breach/

Hackers stole almost everyone’s AT&T phone records. What should you do? Hackers stole phone records from almost all AT&T wireless customers. What should you do if that includes you?

https://www.washingtonpost.com/technology/2024/07/12/att-data-breach-hack-calls-texts-what-do/

[Victor Miller spotted: AT&T says criminals stole phone records of 'nearly
all' customers in new data breach | TechCrunch
https://techcrunch.com/2024/07/12/att-phone-records-stolen-data-breach/
PGN]

------------------------------

Date: Sat, 13 Jul 2024 09:17:51 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Data breach exposes millions of mSpy spyware customers (TechCrunch)

A huge batch of mSpy customer service emails dating back to 2014 were stolen
in a May data breach.

https://techcrunch.com/2024/07/11/mspy-spyware-millions-customers-data-breach/

------------------------------

Date: Tue, 16 Jul 2024 16:06:55 +0000
From: Victor Miller <victorsmiller@gmail.com>
Subject: Rite Aid says June data breach impacts 2.2 million people

These are getting to be so common it's hardly worth reporting. :-(

https://www.bleepingcomputer.com/news/security/rite-aid-says-june-data-breach-impacts-22-million-people/

------------------------------

Date: Mon, 1 Jul 2024 15:26:31 -0400
From: Cliff Kilby <cliffjkilby@gmail.com>
Subject: What comes around: SSH CVE-2024-6387 (Qualys)

https://www.qualys.com/regresshion-cve-2024-6387/

As mentioned in the source, this is actually the reemergence of an older, previously resolved unauthenticated RCE, CVE-2006-5051.

Versions released for a period of about 4 years are affected. If you can't patch, mitigation outlined sets LoginGraceTime to 0 in the config file.
This may lead to denial of service conditions and patching is strongly
advised.

https://www.computing.co.uk/news/4329906/critical-vulnerability-openssh-uncovered-affects-linux-systems

------------------------------

Date: Fri, 12 Jul 2024 09:11:23 -0400
From: Cliff Kilby <cliffjkilby@gmail.com>
Subject: Exim attachment flaw CVE-2024-39929 (Censys)

https://censys.com/cve-2024-39929/

Due to a bug in header processing, Exim may ignore attachment rules
preventing executable or other attachment extension blocks.
Patch available in RC, but has not made GA yet. User education would be the only realistic mitigation for orgs running Exim until 4.98 goes GA.

[NOTE: As of 4 Jun 2024, there were 240,830 CVEs in the MITRE repository.
That is really scary, as the number just keeps growing. The previous
occasion on which I recorded the comparable number was 121,241 CVEs on 20
August 2019, so the number of CVEs has essentially doubled in less than
five years. To me that is a very scary factoid. PGN]

------------------------------

Date: Thu, 4 Jul 2024 07:22:29 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: New Intel CPU Vulnerability 'Indirector' Exposes Sensitive
Data ()

Modern CPUs from Intel, including Raptor Lake and Alder Lake, have been
found vulnerable to a new side-channel attack that could be exploited to
leak sensitive information from the processors.

The attack, codenamed Indirector by security researchers Luyi Li, Hosein Yavarzadeh, and Dean Tullsen, leverages shortcomings identified in Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) to bypass
existing defenses and compromise the security of the CPUs.

"The Indirect Branch Predictor (IBP) is a hardware component in modern CPUs that predicts the target addresses of indirect branches," the researchers
noted <https://indirector.cpusec.org/>.

"Indirect branches are control flow instructions whose target address is computed at runtime, making them challenging to predict accurately. The IBP uses a combination of global history and branch address to predict the
target address of indirect branches."

The idea, at its core, is to identify vulnerabilities in IBP to launch <https://thehackernews.com/2024/05/new-spectre-style-pathfinder-attack.html> precise Branch Target Injection (BTI) attacks -- aka Spectre v2
(CVE-2017-57= 15 <https://nvd.nist.gov/vuln/detail/cve-2017-5715>) -- which target a processor's indirect branch predictor

<https://nvd.nist.gov/vuln/detail/cve-2017-5715>) -- which target a
processor's indirect branch predictor <https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/retpoline-branch-target-injection-mitigation.html>
to result in unauthorized disclosure of information to an attacker with
local user access via a side-channel.

This is accomplished by means of a custom tool called iBranch Locator that's used to locate any indirect branch, followed by carrying out precision
targeted IBP and BTP injections to perform speculative execution.

Yavarzadeh, one of the lead authors of the paper, told The Hacker News that "while Pathfinder <https://thehackernews.com/2024/05/new-spectre-style-pathfinder-attack.html> targeted the Conditional Branch Predictor, which predicts whether a branch
will be taken or not, this research attacks target predictors," adding "Indirector attacks are much more severe in terms of their potential scenarios."

Indirector reverse engineers IBP and BTB, Yavarzadeh said, which are responsible for predicting the target addresses of branch instructions in modern CPUs, with an aim to create extremely high-resolution branch target injection attacks that can hijack the control flow of a victim program,
causing it to jump to arbitrary locations and leak secrets.

Intel, which was made aware of the findings in February 2024, has since informed other affected hardware/software vendors about the issue. [...]

https://thehackernews.com/2024/07/new-intel-cpu-vulnerability-indirector.html

------------------------------

Date: Fri, 12 Jul 2024 16:04:53 -0400
From: Monty Solomon <monty@roscom.com>
Subject: German Navy still uses 8-inch floppy disks, working on
emulating a replacement (ArsTechnica)

https://arstechnica.com/gadgets/2024/07/german-navy-still-uses-8-inch-floppy-disks-working-on-emulating-a-replacement/

REMINDER: San Francisco’s Train System Still Uses Floppy Disks --
(RISKS-34.19)

------------------------------

Date: Sun, 14 Jul 2024 10:04:05 -0400
From: Cliff Kilby <cliffjkilby@gmail.com>
Subject: Zombie browser says "what"? (Betanews)

Microsoft quit providing user access to Internet Explorer but the OS still
has it.

https://betanews.com/2024/07/10/resurrecting-internet-explorer-the-nasty-threat-impacting-potentially-millions-of-windows-10-and-11-users/

There are things you can do to prevent this.

Disable mhtml protocol https://learn.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-037

MSHTA isn't IE. It's IE with no sandbox and OS level WSH/JScript access.
It's probably the most dangerous path to IE available on Windows. You can prevent auto launch though.

Replace the mshta handler with something safer, like notepad. Or, cut it's network access using firewall rules. An example of this (and a bunch of
other hardening rules) is available from https://github.com/atlantsecurity/windows-hardening-scripts

I have personally had good luck with the Atlant scripts, but I would be
remiss if I didn't include: Do not run files if you do not know what they
are doing. Some of the hardening steps listed will disable insecure
features of Windows that are still in common use in large orgs. Manually editing the registry can brick your box.

------------------------------

Date: Fri, 12 Jul 2024 23:44:11 -0400
From: Monty Solomon <monty@roscom.com>
Subject: You're holding your phone wrong? (WashPost)

Since you're unlikely to use your smartphone less, try these adjustments to minimize hand and eye issues.

https://www.washingtonpost.com/technology/2024/07/11/holding-smartphone-wrong/

------------------------------

Date: Wed, 3 Jul 2024 14:24:14 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: In Ukraine War, A.I. Begins Ushering In an Age of
Killer Robots (The New York Times)

In a field on the outskirts of Kyiv, the founders of Vyriy, a Ukrainian
drone company, were recently at work on a weapon of the future.

To demonstrate it, Oleksii Babenko, 25, Vyriy’s chief executive, hopped on his motorcycle and rode down a dirt path. Behind him, a drone followed, as a colleague tracked the movements from a briefcase-size computer.

Until recently, a human would have piloted the quadcopter. No longer.
Instead, after the drone locked onto its target — Mr. Babenko — it flew itself, guided by software that used the machine’s camera to track him.

The motorcycle’s growling engine was no match for the silent drone as it stalked Mr. Babenko. “Push, push more. Pedal to the metal, man,” his colleagues called out over a walkie-talkie as the drone swooped toward
him. “You’re screwed, screwed!”

If the drone had been armed with explosives, and if his colleagues hadn’t disengaged the autonomous tracking, Mr. Babenko would have been a goner.

https://www.nytimes.com/2024/07/02/technology/ukraine-war-ai-weapons.html?smid=nytcore-ios-share&referringSource=articleShare&sgrp=c-cb

------------------------------

Date: Sun, 7 Jul 2024 18:54:32 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Perfect Apple Supply Chain Bug -- Millions of Apps at Risk of
CocoaPods RCE {Security Boulevard)

10-year-old vulnerabilities in widely used dev tool include a CVSS  10.0 remote code execution  bug.

CocoaPods, a dependency manager used by millions of Apple iOS and macOS
apps, suffered secret critical flaws since 2014. If they’d been exploited by hackers, the consequences could have been disastrous.

And maybe they were exploited. In today’s SB  Blogwatch, it’s hard to be
sure. [...]

Is the lesson that you should audit your dependencies? No way, thinks Martin Blank:

How do you reasonably do that? … The dependency stacks are so tall these
days that trying to audit the dozen libraries you call on (for a small
project) means auditing the dozens they rely on—and the hundreds that layer relies on. If you have a project with thousands of dependencies, it becomes impossible to vet them all, and it is impossible to recreate the
functionality in anything resembling an economically viable fashion without
a high risk of introducing your own vulnerabilities.

https://securityboulevard.com/2024/07/cocoapods-apple-vulns-richixbw/

------------------------------

Date: Fri, 5 Jul 2024 16:51:05 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: When AI tells you to verify

If an AI system's disclaimers tell you to verify through other sources
whether or not the AI system is giving you accurate answers to your
questions, then that AI system is, in essence, worthless as a question-answering tool. -L

------------------------------

Date: Thu, 18 Jul 2024 12:55:14 -0400
From: Susan Greenhalgh <segreenhalgh@gmail.com>
Subject: In GA the Biggest Election Breach in History Has Gone
Uninvestigated (Notus)

Here is an excellent summary of the failure to investigate the insider
voting system breaches in Georgia by Trump campaign operatives in 2021.
This breach was coordinated with and/or connected to other state breaches, spanning state lines yet there is still no evidence of any federal investigation.

In Georgia, the Biggest Election Breach in History Has Gone Uninvestigated
In 2020, a group of technicians accessed government election servers and
voting machines. The small town where it happened is still asking for
answers.

Jose Pagliery <https://www.notus.org/jose-pagliery>
July 18, 2024 05:30 AM | Updated: July 18, 2024 05:29 AM

------------------------------

Date: Sun, 14 Jul 2024 09:45:08 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: OpenAI illegally barred staff from airing safety risks,
whistleblowers say (WashPost)

OpenAI whistleblowers have filed a complaint with the Securities and
Exchange Commission alleging the artificial intelligence company illegally prohibited its employees from warning <https://www.washingtonpost.com/technology/2024/06/04/openai-employees-ai-whistleblowers/>
regulators about the grave risks its technology may pose to humanity,
calling for an investigation.

The whistleblowers said OpenAI issued its employees overly restrictive employment, severance and nondisclosure agreements that could have led to penalties against workers who raised concerns about OpenAI to federal regulators, according to a seven-page letter <https://www.washingtonpost.com/documents/83df0e55-546c-498a-9efc-06fac591904e.pdf>
sent to the SEC commissioner earlier this month that referred to the formal complaint. The letter was obtained exclusively by The Washington Post.

OpenAI made staff sign employee agreements that required them to waive
their federal rights to whistleblower compensation, the letter said. These agreements also required OpenAI staff to get prior consent from the company
if they wished to disclose information to federal authorities. OpenAI did
not create exemptions in its employee nondisparagement clauses for
disclosing securities violations to the SEC.

These overly broad agreements violated long-standing federal laws and regulations meant to protect whistleblowers who wish to reveal damning information about their company anonymously and without fear of
retaliation, the letter said. [...]

https://www.msn.com/en-us/news/other/ar-BB1pVgU8

------------------------------

Date: Fri, 12 Jul 2024 16:14:09 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Drone photographer pleads guilty to Espionage Act charges
(The Verge)

https://www.theverge.com/2024/7/12/24197356/chinese-national-graduate-student-espionage-act-drone-navy-shipyard-plea-guilty

------------------------------

Date: Sat, 13 Jul 2024 23:42:15 +0200
From: Bertrand Meyer <Bertrand.Meyer@inf.ethz.ch>
Suject: Re: Electronic voting (RISKS-34.35)

The previous post was evidently mistitled by PGN.

It should have been something like

Electronic voting from Switzerland to another country

------------------------------

Date: Sun, 14 Jul 2024 14:12:13 -0400
From: Rebecca Mercuri <notable@mindspring.com>
Subject: Re: Voting in Switzerland

The assessments of electronic voting risks by the many authors in Peter Neumann's newsletters are far from the "doomsday assessments" that you have characterized as such. I encourage you to break the hypnotic spell that you seem to have fallen into with respect to your recent experience with
electronic voting in the French legislative election, and consider the questions below.

Why do you believe that the crypto certificate accurately recorded your vote selections? Why do you believe that the tally of the votes that were cast electronically by each of the voters is a correct summation? Why do you
think that the crypto certificate assures correctness of the vote totals?
Why do you feel that having 44% of the voters lulled into using this system
is, in any way, a testimonial "to the broad success of the scheme"?

Indeed, a scheme is all that it is -- it is not a proof. Crypto voting is a charade that requires voters to have blind faith in the correctness and non-corruptability of mathematical formulae and software that they have not personally seen nor do they understand. What is the crypto certificate other than just a string of symbols? Only if each voter is able to validate for themself that their individual ballot has been recorded correctly, AND only
if there is a TRANSPARENT way by which all voters can be  assured THAT THEIR BALLOT CHOICES ARE CORRECTLY AGGREGATED INTO THE VOTE TOTALS can the
election results be trusted.

Unfortunately, for such transparency to occur with cryptographic voting,
there is a price -- everyone must be willing to cast their ballot PUBLICLY,
so that they cannot later claim that the totals generated by the
calculations are incorrect. If you'd like to give up privacy, then crypto voting is fine. But since there are a great number of reasons why citizens
want to cast private ballots, public ballot casting is not an appropriate method for government elections. As it turns out, the assurance of the correctness of vote totals (from encrypted or non-encrypted ballots) is an NP-Complete problem that takes longer to complete than the time needed to certify the election tallies (i.e. the time when the vote totals need to be announced). So the PROVABILITY of correctness of vote totals from non-public casting of encrypted ballots in large elections is infeasible.

You should be asking these questions: 1) Is speed an appropriate trade-off
for transparent assurance of correctness of ballot contents and vote
tallies? 2) Could votes be erroneously encrypted in such way that the
election results can be shifted? 3) Do you actually understand all of the
maths pertaining to how the crypto voting method works? 4) Do you trust the government (or those they paid to create the voting system) to have properly implemented this scheme? 5) Do you believe that this is a transparent and independently auditable voting method?

------------------------------

Date: Mon, 15 Jul 2024 10:47:49 +0200
From: Bertrand Meyer <Bertrand.Meyer@inf.ethz.ch>
Subject: Re: Voting in Switzerland

I almost stopped at "hypnotic spell" as I think there are enough places for gratuitous name-calling but RISKS is not one of them. All the more that, for
my part, I have followed some of Dr. Mercuri's pioneering work and respect
the major contributions it has made to our understanding of the field.

To answer Dr. Mercuri's questions: "1) Is speed an appropriate trade-off for transparent assurance of correctness of ballot contents and vote tallies?" I
do not see any tradeoff here as there is no evidence that correctness is
being sacrificed. Facts please. 2) "Could votes be erroneously encrypted in such way that the election results can be shifted?" I assume they
could. Also, when I order a box of paper clips on Amazon, my credentials
could be given to the Sicilian Mafia. 3) "Do you actually understand all of the maths pertaining to how the crypto voting method works?" No. I also do
not understand much about fluid mechanics and combustion engineering, but I travel on planes and drive cars.

On the side, when someone makes a comment about a field that I *do*
understand in depth, I refrain from using "do you understand the math?" (meaning: I do and you don't) as my killer argument to prove them
wrong. (What about, instead, perhaps, explaining?)

Beyond arguments of sheer expert authority, the last two questions are the
most important. "4) Do you trust the government (or those they paid to
create the voting system) to have properly implemented this scheme?". Yes, absolutely. France is a democracy with lots of checks and balances and counter-powers. The press is very nasty with the government and prompt to
catch any appearance of wrongdoing. In practice, many in the academic
community (the kind of people who do "understand the math") are viscerally opposed to the government. In social and psychological terms, a conspiracy
to skew the results algorithmically, one way or the other, is
unfathomable. And finally: "5) Do you believe that this is a transparent and independently auditable voting method?" Of course I do, otherwise I would
not be voting electronically. My understanding is that the scheme (the appropriate word, in its technical sense) was devised with advice from
people at INRIA, who is one of the best computer science research centers in the world, with internationally respected cryptographers. For some of their candid analysis see https://www.inria.fr/fr/vote-electronique-securite-numerique-confidentialite. It's as open and honest as you would expect from a scientific organization.INRIA was also involved in the app that steered France through Covid, and (whether or not we liked the idea) worked like a charm, with a particular attention to preserving users' privacy. Let me actually turn
Dr. Mercuri's do-you-know questions back: do you know of any computer
scientist who is an expert in the field, has studied the French setup, and uncovered actual risks?

We are not talking about a crazy out-of-the-blue experiment. People have
been discussing electronic voting, its risks and how to present them for a quarter century now, and we have the benefit of analyses by such experts as
Dr. Mercuri, who have considerably advanced our understanding of the field.

Now is not the time, with the current political mess in France, for anyone
on this side of the pond to start lecturing the other. But it is important
to note that unlike in the US -- where every election triggers numerous
stories of alleged fraud, and endless recounts -- vote counting in France is not a controversial topic. (Well, outside of Corsica.) The process is manual and trusted. Although I cannot find it in the archive I sent a post to RISKS some 24 years ago, at the time of the Gore-Bush Florida debacle, about assisting a vote counting effort in Paris (any registered voter can participate), all in a jovial atmosphere even between representatives of
rival parties. Everyone can check what is going on and the result is incontrovertible. No doubt it helps that elections there are usually about choosing *one* person, proposal or group, as opposed to the multiple
decisions required of US voters. But still there is a general feeling of

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)