Author: Andrew Appel
-
What an expert on seals has to say
During the New Jersey voting machines lawsuit, the State defendants tried first one set of security seals and then another in their vain attempts to show that the ROM chips containing vote-counting software could be protected against fraudulent replacement. After one or two rounds of this, Plaintiffs engaged Dr. Roger Johnston, an expert on physical…
-
The trick to defeating tamper-indicating seals
In this post I’ll tell you the trick to defeating physical tamper-evident seals. When I signed on as an expert witness in the New Jersey voting-machines lawsuit, voting machines in New Jersey used hardly any security seals. The primary issues were in my main areas of expertise: computer science and computer security. Even so, when…
-
Seals on NJ voting machines, October-December 2008
In my examination of New Jersey’s voting machines, I found that there were no tamper-indicating seals that prevented fiddling with the vote-counting software—just a plastic strap seal on the vote cartridge. And I was rather skeptical whether slapping seals on the machine would really secure the ROMs containing the software. I remembered Avi Rubin’s observations…
-
Seals on NJ voting machines, 2004-2008
I have just released a new paper entitled “Security seals on voting machines: a case study” and here I’ll explain how I came to write it. Like many computer scientists, I became interested in the technology of vote-counting after the technological failure of hanging chads and butterfly ballots in 2000. In 2004 I visited my…
-
Monitoring all the electrical and hydraulic appliances in your house
Dan Wallach recently wrote about his smart electric meter, which keeps track of the second-by-second current draw of his whole house. But what he might like to know is, exactly what appliance is on at what time? How could you measure that? You might think that one would have to instrument each different circuit at…
-
Unpeeling the mystique of tamper-indicating seals
As computer scientists have studied the trustworthiness of different voting technologies over the past decade, we notice that “security seals” are often used by election officials. It’s natural to wonder whether they really provide any real security, or whether they are just for show. When Professor Avi Rubin volunteered as an election judge (Marylandese for…
-
NJ court permits release of post-trial briefs in voting case
In 2009 the Superior Court of New Jersey, Law Division, held a trial on the legality of using paperless direct-recording electronic (DRE) voting machines. Plaintiffs in the suit argued that because it’s so easy to replace the software in a DRE with fraudulent software that cheats in elections, DRE voting systems do not guarantee the…
-
Court permits release of unredacted report on AVC Advantage
In the summer of 2008 I led a team of computer scientists in examining the hardware and software of the Sequoia AVC Advantage voting machine. I did this as a pro-bono expert witness for the Plaintiffs in the New Jersey voting-machine lawsuit. We were subject to a Protective Order that, in essence, permitted publication of…
-
Did a denial-of-service attack cause the flash crash? Probably not.
Last June I wrote about an analysis from Nanex.com claiming that a kind of spam called “quote stuffing” on the NYSE network may have caused the “flash crash” of shares on the New York Stock Exchange, May 6, 2010. I wrote that this claim was “interesting if true, and interesting anyway”. It turns out that…
-
Did a denial-of-service attack cause the stock-market "flash crash?"
On May 6, 2010, the stock market experienced a “flash crash”; the Dow plunged 998 points (most of which was in just a few minutes) before (mostly) recovering. Nobody was quite sure what caused it. An interesting theory from Nanex.com, based on extensive analysis of the actual electronic stock-quote traffic in the markets that day…