[Cryptography] "we need to protect [our dox] by at least encrypting them"

Bill Frantz frantz at pwpconsult.com
Thu Nov 10 18:00:01 EST 2016 

[Reordered as there are two topics.]

On 11/10/16 at 6:59 AM, agr at me.com (Arnold Reinhold) wrote:

On Nov 9, 2016, at 8:38 AM, Ian G <iang at iang.org 
<mailto:iang at iang.org>> wrote:
>
>>1.  Hillary's use of private server was an attempt to deal with one threat, although what that was was
>never clear to me.  But it opened her up to another threat - 
>hacking.  At a simplistic level, I think the answer is clear - 
>don't do that.  At deeper level, we should be delivering 
>systems that don't lead the users to taking such drastic steps, 
>and then making their situation worse.
>
>The threat the private server was an attempt to deal with was 
>employees who have access to her emails leaking them to 
>political opponents. The security officers you suggest she 
>should have gone to are likely part of the threat, not the 
>solution. Hacking was a risk, but we know that the State 
>Department unclassified email system was hacked, while there in 
>apparently no evidence her servers were.  Of course a more 
>secure approach would be preferable.

Hillary's concern about the State Department employees seems 
quite rational to me. A technical solution to the problem is to 
build email servers where the admins can't read the emails. 
Encryption seems to be a logical tool to use. Such a solution 
would probably protect against outsiders as well.


On 11/10/16 at 6:59 AM, agr at me.com (Arnold Reinhold) wrote:

On Nov 9, 2016, at 8:38 AM, Ian G <iang at iang.org 
<mailto:iang at iang.org>> wrote:
>>
>>2.  The sense of Russians hacking the electoral process leads us to look at reliable voting systems.
>Thinking about our current infosec posture, that this is 
>something that cryptography can't provide the answer to, I 
>think we've got it wrong.  Because (a) if we don't secure the 
>voting system then someone else will hack it and steal it.  And 
>there's plenty of underground and anecdotal evidence that this 
>is going on.
>>
>>And (b) we need to get away from this impossibility thing.  Probability works for human systems, too.
>If we can make it improbable that a vote is tampered with, 
>that's still a win, for those times in the majority where we 
>got the true positive.
>>
>
>
>As for voting systems, where I live we have paper ballots that 
>are optically scanned. Results are available immediately after 
>the election but the paper ballots can be manually counted as a 
>check. A hack attack that targeted only a few machines would be 
>noticeable statistically if it was large enough to matter. An 
>attack that made small increments in many voting machines could 
>be caught be hand counting a few precincts. Best of all, a 
>paper system is understandable by the retirees hired to staff 
>the voting places. What is the point of going to an all 
>electronic system that only a few specialists can audit?

We use a similar system to the one Arnold uses here in Santa 
Clara County, California. Assuming a small percentage of the 
precincts are randomly selected for audit after the votes have 
been counted, it should be quite secure.

There is an organization working to make sure our voting systems 
can be audited, <https://www.verifiedvoting.org/>. People 
interested in this area should know about them.

I don't think we can get to 100% certainty in voting system, or 
any other systems for that matter. Attackers are just too 
resourceful. I remember as a child hearing of a voting attack 
using only paper ballots. The attacker was one of the vote 
counters. He had a pencil lead glued under a fingernail. When he 
counted a ballot for the "wrong" candidate, he used the pencil 
to mark the ballot so the vote for that race would be invalid 
(spoiled). I don't remember how the technique was discovered, 
but apparently it was quite effective.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | Ham radio contesting is a    | Periwinkle
(408)356-8506      | contact sport.               | 16345 
Englewood Ave
www.pwpconsult.com |  - Ken Widelitz K6LA / VY2TT | Los Gatos, 
CA 95032

More information about the cryptography mailing list