Shostack + Friends Blog Archive


Emergent Chaos endorses Wim Remes for ISC(2) Board

Today, we are sticking our noses in a place about which we know fairly little: the ISC(2) elections. We’re endorsing a guy we don’t know, Wim Remes, to shake stuff up. Because, really, we ought to care about the biggest and oldest certification in security, but hey, we don’t. And really, that’s a bit of […]


Chaos in Iran

Millions of people in Iran are in the streets, protesting a stolen election. Nate Silver, who did a great job on US election statistics has this: However, given the absolutely bizarre figures that have been given for several provinces, given qualitative knowledge – for example, that Mahdi Karroubi earned almost negligible vote totals in his […]


Facebook: Conform or else

Robert Scoble, discussing Facebook founder Mark Zuckerberg: He also said that his system looks for “outlying” behavior. He said if you behave like an average user you should never trigger the algorithms that will get you kicked off. Let’s be specific here: if you behave like the system’s Harvard undergraduate founders and primarily-male engineering staff […]


"Get FISA Right" Pointer

[Update: This got to #5 on’s list, and they’re now working to draw attention to the issue on] Jon Pincus has asked me for help in drawing attention to his “Get FISA Right” campaign to get votes on When I’ve tried to look at this, it’s crashed my browser. YMMV–I use a […]


Two Buck Barack

So the New York Times is breathless that “Obama Hauls in Record $750 Million for Campaign.” A lot of people are astounded at the scale of the money, and I am too. In a long, hard campaign, he raised roughly $2.50 per American, and spent slightly less than that. Unusually, he ended his campaign not […]


Elections Are Done For Me

Forty Percent of California voters are “permanent absentee” voters. Oregon runs entirely by mail-in votes. Other US states have some sort of mail-in or absentee status that people can assign themselves to. For those people, including me, elections are a slice of time that ends on election day. This isn’t new, until relatively recently, it […]


44 Years

Mary Dudziak posted the testimony of Fannie Lou Hamer before the credentials committee of the 1964 Democratic convention. It’s worth reading in full: Mr. Chairman, and to the Credentials Committee, my name is Mrs. Fannie Lou Hamer, and I live at 626 East Lafayette Street, Ruleville, Mississippi, Sunflower County, the home of Senator James O. […]


Diebold/Premier vote dropping

A voting system used in 34 states contains a critical programming error that can cause votes to be dropped while being electronically transferred from memory cards to a central tallying point, the manufacturer acknowledges. The problem was identified after complaints from Ohio elections officials following the March primary there, but the logic error that is […]


The Emergent Chaos of the Elections

First, congratulations to Barack Obama. His organization and victory were impressive. Competing with a former President and First Lady who was the shoo-in candidate is an impressive feat. I’d like to talk about the Obama strategies and a long chaotic campaign in two ways. First in fund-raising and second, on the effects of a long […]


Ohio Voters May Demand Paper Ballots

Ohio Secretary or State Jennifer Brunner announced yesterday that paper ballots must be provided on request. Poll workers won’t be told to offer the option to voters but must provide a ballot if requested to help “avoid any loss of confidence by voters that their ballot has been accurately cast or recorded,” a directive from […]


Vote Positively With Your Pocketbook

Adam Frucci at Gizmodo is calling for action, “Putting Our Money Where Our Mouths Are: Boycott the RIAA in March.” I don’t disagree with him on the basics. I believe that consumer revolt is a misunderstood power. If you don’t believe me, I can prove it with one TLA: DAT. If your response to that […]


A telling remark

In the “inconvenient coincidences” category, it seems that Al Sharpton’s great-grandfather was a slave owned by relatives of the late segregationist US senator Strom Thurmond. Thurmond’s niece, Ellen Senter (via an AP report) provides an interesting perspective: I doubt you can find many native South Carolinians today whose family, if you traced them back far […]


NIST and Voting Machines

Ed Felten points out that “NIST Recommends Decertifying Paperless Voting Machines:” In an important development in e-voting policy, NIST has issued a report recommending that the next-generation federal voting-machine standards be written to prevent (re-)certification of today’s paperless e-voting systems. … The new report is notable for its direct tone and unequivocal recommendation against unverifiable […]


More things to Do With the "Last 4"

Apparently, in Ohio, you’ll be able to vote if you know the last 4 digits of an SSN. As the Cleveland Plain Dealer reports: Voters who don’t have identification will be able to vote at next week’s election by presenting the last four digits of their Social Security number and casting a provisional ballot. Will […]


The Hugo Chavez Test for Voting Machines

At first I thought that the stories around Sequoia Voting Systems and Smartmatic having connections to Hugo Chavez were silly. I still do think that, but I also think that they’re coming out for an important reason: we have lost trust in the machinery of voting, and that is a criminal shame. The right to […]


Diebold goes open source

Well, not intentionally. Seems that multiple versions of source code (including the one used to run the 2004 primaries in Maryland) were delivered anonymously to a former legislator who has been critical of Diebold. Note that this is not the same source examined by Avi Rubin, et. al., and found wanting from a security perspective. […]


Detecting Election Fraud

Thanks to my lovely spouse, I came across a series of fascinating papers by Walter R. Mebane, Jr. a professor of Government at Cornell. These papers use statistics, specifically Benford’s Law, to detect election fraud. Now I know statisticians, and I am no statistician (and boy howdy is my higher level math rusty), but the […]


One For The Money, Two For The Show, Three For The Ballot

Ping over at Useable Security has a great analysis of Rivest’s ThreeBallot voting system. The delightful thing about ThreeBallot is that it should be incredibly easy to implement on a small scale and not much harder on a large scale and has in built in provisions to prevent voter error, counter fraud and vote buying. […]


Poll: 58% approval rating for Bush among voting machines

WASHINGTON – Despite mounting public criticism of his administration’s handling of Iraq and the war on terror, 58 percent of voting machines approve of the way Bush is handling his job according to the latest poll by Shamby and Associates. This is in contrast to the 42% approval rating he has among human beings from […]


Voting Registration Fraud

One of the motivators often discussed for voter ID card requirements is voter registration fraud. I believe that ID card requirements are like poll taxes, and are not justified. I believe that they’re not justified even if they’re free, because of personal privacy concerns, regarding addresses. You know, like Gretchen Ferderbar had before her 911 […]


Some Government-Issued-ID is More Government-Issued Than Others

So Representative Julia Carson discovered when she tried to use her United States House of Representatives ID card to vote: Carson’s card does not have an expiration date as the new law requires of valid voter IDs, and Indianapolis poll workers tried to reach election officials before allowing the five-term Democratic congresswoman to cast her […]