A CBS story gives a good example of physical ballot security failure in the US due to an election official gone bad. Apparently a poll worker disappeared from his post and threw documents for San Francisco elections into a local pond.

Approximately 75 voting ballots that disappeared when officials say a San Francisco polling inspector took off with them Tuesday have been found.

John Arntz, San Francisco’s director of elections, said Thursday the ballots were found floating in a pond at the Palace of Fine Arts in the city’s Marina neighborhood.

Arntz described the ballots as “waterlogged.” A memory pack that records information from the ballots, and a voting roster that also disappeared have not been recovered.

I guess you could say he tried to “duck” his responsibilities? Sorry, couldn’t resist.

Would there have been any better protection with electronic voting systems? He might have been less able to pick up a system and throw it into a pond. Then again, electronic voting systems are far more fragile than paper and many have been proven to fail under even the simplest attacks. Had it been electronic, and had he been able to pick it up, carry it and throw it into the pond, the damage probably would have been even higher (more votes per pound destroyed).

I have yet to see an electronic voting system designed to withstand a serious insider physical attack. Remember the results of the California security assessment a few years ago?

…the testers analyzing the Sequoia e-voting machine were able to gain physical access to the system by removing screws to bypass locks

This is much worse than with traditional voting systems, like this San Francisco incident. I mean removing “lose screws” actually could enhance paper ballot security.

Ha ha

Several news stories and discussions lately have said that cell phones were an important part of the parcel bombs. BBC News explains exactly why in a story called Yemen parcel bomb ‘was 17 minutes from exploding’

Both bombs were wired to circuit boards from mobile phones but did not contain the SIM cards needed to receive calls, US officials have said. This indicates the phones were to be used as timers.

I hope that helps clarify enough so people will stop saying that wireless networks and cell-coverage on planes are an unacceptable risk. The phones had timers not signals; so we might as well ban clocks and watches from airplanes if we are going to pretend that a technology ban makes us safer.

Next week, along with several others involved in the PCI Special Interest Group (SIG), I will try to help clarify the path forward for virtual infrastructure and compliance with Data Security Standard (DSS) version 2.0.

Our whitepaper is already available, as announced by HyTrust: Industry Leaders Publish Reference Architecture for PCI DSS 2.0 Compliant Clouds

Please join a special and highly informative webinar on Wednesday, November 10, 10:00 AM (PST), also at no charge to participants, that will bring together a top panel of experts from the PCI SSC Virtualization SIG to discuss the implications of PCI DSS 2.0 and offer specific practical guidelines that satisfy the requirements. Register Now: https://hytrustevents.webex.com/hytrustevents/onstage/g.php?t=a&d=660694896