Wash Post Reporter Spent Hundreds of Hours at Walter Reed Hospital Without Drawing Suspicion

A Washington Post reporter who co-wrote the recent stories about mistreatment of vets at the Walter Reed Hospital told an audience of journalists today that she and a colleague spent months at the hospital without ever drawing suspicion.

Anne Hull said the Post stories began when her colleague Dana Priest received a simple tip from a source. After an initial visit to the hospital to observe the conditions and speak with patients, Hull and Priest launched their investigation, which had them on the hospital grounds for "hundreds and hundreds of hours" over four months without ever getting official permission to be there.

"We worked very stealthly and sort of under the radar," Hull said, noting that nobody ever asked who they were.

"It was an amazing, messed-up world," she said.

Hull, speaking to an audience at the American Society of Newspaper Editors conference in Washington, DC, also said that after the Post approached military officials for comment to the stories days before they published, the Pentagon responded by holding a press conference about the hospital without telling the Post reporters about it.

"It was essentially a pre-emptive strike to what we were doing," Hull said.

Justin.tv: Not Your Father's Privacy

Who needs privacy? Apparently not the iPod generation who have grown used to airing their entire lives online and would feel unplugged and out of touch if internet eyes weren't watching them. Case in point -- Justin.tv. Both the San Francisco Chronicle and The Age, in Australia, feature articles today about Justin Kan, a guy who walks around San Francisco all day with a camera strapped to his head broadcasting his life to a growing fanbase who try to influence what he does. (As I write this, at 10:20 on Friday morning, I'm watching Justin and his roommate discussing a blind date the previous night -- when the audio frustratingly cuts out.) It's the Truman Show, replete with product placement and sponsorships, but with full cooperation from the show's star. From the Chronicle piece:

Viewers seem to delight in playing along with their new online idol, cramming chat rooms and pulling pranks on him, first calling 911 to report a stabbing in the group's apartment (prompting some friends to give Kan a bullet-proof vest for the next time officers burst in, guns drawn), then reporting a fire there. San Francisco emergency dispatchers, leery of any more false alarms, now call to confirm there's an actual emergency before responding. So fans moved on to different sorts of pranks, such as ordering $63 worth of pizza to be delivered to Justin.tv's door.

. . .

To get an idea of what Justin.tv is all about right now, picture four guys gone wild in a two-bedroom apartment littered with disheveled furniture, empty beer cans, remnants of pizza crust and randomly strewn socks and shoes. On a giant white board is the show's apparent goal: Jay Leno, 30 days or less. . . .

. . .

When some of Vogt's friends from MIT show up, they can't believe the show is for real. So Kan tells viewers that if they send 100 e-mails in 20 minutes, the entire gang will dive into the swimming pool completely clothed. Kan clocks 300 messages.

With that kind of response, Kan says he has no intention of turning off the camera anytime soon. "We will keep going as long as it's fun and as long as it's relevant," he said. "I figure that will be for a long time to come. ..."

Justin.tv isn't a novel idea, of course. But, unlike the early internet age of the Jennicam when the idea of watching a woman in her room still felt like seedy voyeurism, YouTube and widespread broadband connectivity have made it seem prudish for people not to broadcast their life to strangers and for the rest of us not to watch when they do.

Andrew Keen, author of the upcoming book The Cult of the Amateur thinks this kind of digital narcissism offers a media fix to people who are bored with their lives and have come to count on the internet to entertain them 24 hours a day. The slogan of Justin.tv is "waste your life watching other people waste theirs."

Keen thinks the sorry fad won't last and that people will move on quickly once the net becomes saturated with Justin Kans and internet users go in search of their next media fix.

"This is the last gasp of the Web 2.0 boom," Keen told the Chronicle. "People are going to look back at this and say, 'This makes Second Life look like the BBC.' I think even Justin will look back on it and be embarrassed."

But Emily Nussbaum of New York magazine would probably say that Keen has stumbled into the generation gap and can't see that the future belongs to the uninhibited. In her great article about the unprivacy generation, she quotes Clay Shirky of New York University's Interactive Telecommunications Program.

"Whenever young people are allowed to indulge in something old people are not allowed to, it makes us bitter. What did we have? The mall and the parking lot of the 7-Eleven? It sucked to grow up when we did! And we're mad about it now." People are always eager to believe that their behavior is a matter of morality, not chronology, Shirky argues. "You didn't behave like that because nobody gave you the option."

None of this is to suggest that older people aren't online, of course; they are, in huge numbers. It's just that it doesn't come naturally to them. "It is a constant surprise to those of us over a certain age, let's say 30, that large parts of our life can end up online," says Shirky. "But that's not a behavior anyone under 30 has had to unlearn." Despite his expertise, Shirky himself can feel the gulf growing between himself and his students, even in the past five years. "It used to be that we were all in this together. But now my job is not to demystify, but to get the students to see that it's strange or unusual at all. Because they're soaking in it."

White House Uses Private E-mail to Evade Public Record Requests

It's been previously reported in other publications in bits and pieces, but Salon pulls it all together in a story today about how Karl Rove and others use non-federal e-mail accounts to avoid having their correspondence made public. From the Salon piece by Sidney Blumenthal:

The discovery of a hitherto unknown treasure-trove of e-mails buried by the Bush White House may prove to be as informative as Nixon's secret White House tapes. Last week the National Journal disclosed that Karl Rove does "about 95 percent" of his e-mails outside the White House system, instead using a Republican National Committee account. What's more, Rove doesn't tap most of his messages on a White House computer, but rather on a BlackBerry provided by the RNC. By this method, Rove and other White House aides evade the legally required archiving of official e-mails. The first glimmer of this dodge appeared in a small item buried in a January 2004 issue of U.S. News & World Report: "'I don't want my E-mail made public,' said one insider. As a result, many aides have shifted to Internet E-mail instead of the White House system. 'It's Yahoo!, baby,' says a Bushie."

The offshoring of White House records via RNC e-mails became apparent when an RNC domain, gwb43.com (referring to George W. Bush, 43rd president), turned up in a batch of e-mails the White House gave to House and Senate committees earlier this month. Rove's deputy, Scott Jennings, former Bush legal counsel Harriet Miers and her deputies strangely had used gwb43.com as an e-mail domain.

The production of these e-mails to Congress was a kind of slip. In its tense negotiations with lawmakers, the White House has steadfastly refused to give Congress e-mails other than those between the White House and the Justice Department or the White House and Congress. E-mails among presidential aides have been withheld under the claim of executive privilege.

When I worked in the Clinton White House, people brought in their personal computers if they were engaged in any campaign work, but all official transactions had to be done within the White House system as stipulated by the Presidential Records Act of 1978. (The PRA requires that "the President shall take all such steps as may be necessary to assure that the activities, deliberations, decisions, and policies that reflect the performance of his constitutional, statutory, or other official or ceremonial duties are adequately documented and that such records are maintained as Presidential records.") Having forsaken the use of Executive Office of the President e-mail, executive privilege has been sacrificed. Moreover, Rove's and the others' practice may not be legal.

The revelation of the gwb43 e-mails illuminates the widespread exploitation of nongovernmental e-mail by Bush White House officials, which initially surfaced in the investigations and trial of convicted Republican super-lobbyist Jack Abramoff.

TJX Breaks Record: 45.7 Million Card Numbers Stolen

The Boston Globe is reporting that the number of credit and debit card numbers stolen from TJX by hackers is now estimated to be at least 45.7 million, making it the largest breach reported to date of personal data stolen from one company. The card numbers were stolen over several years. From the story:

TJX, the Framingham discounter that operates the T.J. Maxx and Marshalls clothing chains, also reported in a regulatory filing yesterday that another 455,000 customers who returned merchandise without receipts had their personal data stolen, including drivers' license numbers. "It's the biggest card heist ever," said Avivah Litan, vice president of Gartner Inc. "This was obviously done over a long period of time, in many locations. It's done considerable damage."

Litan is a little off in her statement. What she should have said is that it's only the largest breach that we're aware of. It's only been in the last couple of years that companies have had to report these breaches to customers whose data was stolen. But as I reported in a recent three-part series on cybercrime for Wired News, the breaches were occurring long before laws passed requiring companies to report them. And many breaches are never discovered by the victim companies. You can read the cybercrime series here about the criminals behind the breaches and how their syndicates work:

Part I: I Was a Cybercrook for the FBI

Part II: Tightening the Net

Part III: Crime Boards Come Crashing Down

Sidebar: Tracking the Russians

ES&S Memo: Who Knew What When?

In talking with a number of people over the last week about the ES&S "smoothing filter" memo, some allegations have been raised by both sides which I'd like to address here. It might help clear up some unanswered questions such as -- who knew what and when did they know it?

If you've been following this story you'll know that the memo about the "smoothing filter" problem with ES&S machines languished unnoticed in cyberspace since last September. When the blogosphere picked up on it a few weeks ago, the Jennings camp seized it as "a smoking gun" and accused ES&S and Sarasota Elections Supervisor Kathy Dent of withholding the memo from them. Jennings' lawyers, as part of their lawsuit, had asked Dent's office for all correspondence pertaining to problems with the machines but had never received this memo. So why did Dent's office fail to hand over the memo and why did ES&S say in court that its machines had worked perfectly when it knew about an existing problem with the machines that had never been fixed?

Dent said that the memo was misfiled in her office and that she hadn't intended to withhold it from Jennings. She also said that it didn't matter that she hadn't given the memo to the Jennings camp because she says she had given them e-mail correspondence from ES&S discussing the smoothing filter problem with the machines, as well as e-mails between Dent and her employees discussing it. If Jennings' camp had read these e-mails, she said, they could have seen the same information that was in the missing memo. Here are two of those e-mails:

-----Original Message-----
From: Cihacek, Angela [from ES&S]
Sent: Thursday, August 24, 2006 9:59 AM
To: [Numerous Florida election officials deleted here]
Cc: Bennett, Linda; Buchanan, Janet
Subject: ES&S iVotronic 12 inch screen users

After a number of inquiries from several of our iVotronic 12 inch screen users that some of your screens are exhibiting slow response times. ES&S sent out a letter on 8-15-06 concerning the issue. Attached is a voting booth instruction sign for your use. If you have any questions, please call your customer service representative, Lora Peterson, at XXX-XXX-XXXX

<>
Angela Cihacek
Marketing Coordinator
Election Systems & Software
11208 John Galt Blvd.
Omaha, NE 68137
amcihacek@XXX.com
XXX-XXX-XXXX
XXX-XXX-XXXX Ext. XXXX

NOTICE: All mail sent to and from the office of the Supervisor of Elections is subject to the public record laws of Florida.

-----Original Message-----
From: Dent, Kathy
Sent: Thursday, August 24, 2006 10:21 AM
To: IT Department; Crete, Karen; Goodell, Tom; Bain, Barbara; Fowler, Cathy; Dingess, Traci; Powell, Terrina; Walker, Bobby
Subject: FW: ES&S iVotronic 12 inch screen users

As you know, 12" screens may have slower response times. I think that has happened in at least one of our machines. I need input from you all about whether we place this poster in each booth at this stage of the game. Since poll worker training is almost over, we will not be able to go back and talk about this with them.

I do know that ES&S is trying to getting a recertification to change this before November.

Give it some thought and let me know.

Thanks.
KD

When I spoke with Alec Yasinsac last week about the ES&S memo (Yasinsac was head of the team of computer scientists from Florida State University and elsewhere that examined the ES&S source code and produced a report saying the smoothing filter issue was not the cause of the undervotes) he asked me the same question -- why was the Jennings camp making such a big deal about the memo now when they knew about the information in the memo back in December? In fact, Yasinsac said that Dan Wallach, the Rice University computer scientist who is the Jennings technical expert, did have a copy of the memo in December and yet didn't bring up the issue of the smoothing filter problem during court hearings. Why accuse ES&S of not discussing the "smoothing filter" issue if Wallach didn't bring it up either? "Why don't you ask Dan Wallach that?" Yasinsac said.

So I did. Wallach says he didn't have a copy of the memo. He says he might have seen it pass by on a voting list back in August when the Florida activist first made it public. But a lot of things crossed that voting list that he glanced at quickly. And back in August the Jennings/Buchanan election hadn't occurred yet. The first time the memo came to his notice, he says, was when everyone else in the blogosphere became aware of it a couple of weeks ago.

As for the e-mails that discussed the memo, Jennings spokesman David Kochman tells me that Jennings' lawyers didn't receive the e-mails from Dent until January, long after the December hearing and only after several attempts to get them.

"There is no way we could have talked about the (smoothing filter) issue in court since we did not receive the Kathy Dent emails until January 25 -- more than a month after the court hearing and just a few weeks before the memo story broke in the press," Kochman wrote me in an e-mail. "It's also important to note that we had made several earlier public records requests and interrogatories that should have produced both the memo and the email. . . . Bottom line is, the state, the county, and ES&S all withheld the memo despite several efforts to obtain such information."

So who did have the ES&S memo besides ES&S, Kathy Dent and other election supervisors in the state who used the ES&S iVotronic machines? Computer scientist Alec Yasinsac says he and his FSU team had it when they examined the ES&S source code for the state and wrote their report.

"My experts, my folks that came here, had the letter and knew about the (smoothing filter) problem," Yasinsac told me. "We looked in the source code to try and find the way it worked. We found the way it worked, we addressed (the issue) extensively at two different places with technical findings in the report. We produced a conclusion that specifically said we believed (the smoothing filter) didn’t cause the problem (of undervotes), and that’s our answer."

The report, by the way, doesn't say that the researchers possessed the ES&S memo or that they learned about the smoothing filter problem from ES&S. It only mentions that the researchers were aware of rumors on the internet that the smoothing filter might have been the cause of the high undervote rate in the Jennings/Buchanan race.

The allegation has been floated on Internet newsgroups that the iVotronic touch screen filter could have caused the undervote. No explanation has been offered how the effect would confine itself to a single race on a single screen. The touch screen filter does not act differently on different screens. (p. 48 of the report)

How Not to Lose Your Marbles in an Election Audit

Princeton University computer scientist Andrew Appel offers a clearcut look at why a 1 percent audit of voting machines after an election isn't sufficient to catch fraudulent machines in all elections. His explanation involves marbles and beads.

In this pic, Appel explains, the 6,300 beads in the two tubes represent all of the precincts in an election for the New Jersey governor's race. Of those beads, 10 percent are blue, representing fraudulent voting machines. If you take out a 1 percent sample of the machines to audit (represented by the 63 beads on the side), Appel says the sampling is "extremely likely" to catch at least one fraudulent machine in the mix (the sample here caught 7 fraudulent machines).

But that won't hold true for the audit of a smaller election. Here, 100 marbles represent all the precincts voting in an election for city mayor. Here again the blue marbles (10 percent of the total) represent fraudulent voting machines used in the election. But take a 1 percent sample of these machines (represented by one marble) and Appel shows that it's unlikely the sample will include any fraudulent machines. In sum, he says, while a 1 percent audit "works well for statewide races, it does not suffice for local or legislative-district elections." (Photos: Alex Halderman)

Read Appel's report about what constitutes an effective audit here.

The See-Through Ceo: Corporate Nudity Is the New Black

Clive Thompson has a great article in the March issue of Wired magazine about the new trend toward company transparency. The See-Through Ceo argues that nudity (in terms of corporate and political shenanigans) is the new black -- meaning it's actually good for your company's bottom line and reputation to strip down and expose all your mistakes and shortcomings. Because if you don't do it first, somebody else will do it for you. And you'll look worse for the wear when they do. From the article:

Transparency is a judo move. Your customers are going to poke around in your business anyway, and your workers are going to blab about internal info - so why not make it work for you by turning everyone into a partner in the process and inviting them to do so

Thompson argues that in the Google world, you can't hide anything for long. So better not try. Some examples of those who've been burned by the net: Diebold, Microsoft, Eli Lilly, Jobster.com.

"Online is where reputations are made now," says Leslie Gaines Ross, chief reputation strategist - yes, that's her actual title - with the PR firm Weber Shandwick. She regularly speaks to companies that realize a single Google search determines more about how they're perceived than a multimillion-dollar ad campaign. "It used to be that you'd look only at your reputation in newspapers and broadcast media, positive and negative. But now the blogosphere is equally powerful, and it has different rules. Public relations used to be about having stuff taken down, and you can't do that with the Internet.

FSU Team Responds to ES&S Letter

I spoke with David Wagner of UC Berkeley who was on the Florida State University team that examined the ES&S source code used in the Sarasota machines. We played phone tag last week while he was in Washington, DC, giving testimony.

He said he had never seen the ES&S letter until it was posted here on Friday and that his team was not aware that it existed or that ES&S had sent it to the state elections office. He also said that neither ES&S nor the state elections office put pressure on the FSU team about what they could or could not say in their report. The FSU team instead adhered to their own statement of work, which they made publicly available on the state's web site last December.

"All the limitation on our work were set out in the publicly available statement of work," Wagner told me. "My assumption is that ES&S was trying to lobby the state, and the state rejected many of the recommendations. We were never given this letter. We were never instructed verbally about this. We never got any restraints that went beyond our statement of work."

I asked him if ES&S viewed their report before it was published and he said he didn't know.

"Our agreement said we would send the report to Florida state in advance of publication. They had maybe a week or two to review it. What they did with it I don’t know. But we didn’t send it to anyone other than the state. We weren’t allowed to discuss it with anyone."

FSU sent a preliminary draft and a final draft to the state. When I asked if his group was instructed to make any changes to the report either after sending the state the preliminary or final drafts he said the only changes they made were spelling and grammatical. "There were no substantive changes made," he said.
"As far as I know we got no comments or requests for changes or feedback or anything from the state on either of those drafts. So the final report we submitted to the state was what we published exactly."

The FSU team's statement is here.

I've placed a call to ES&S and will update with their response when I hear back from them.

Ohio SOS Issues Complaint Against Election Board

Ohio Secretary of State Brunner made good on her threat to air the dirty laundry of the elections board if the four members didn't resign last Wednesday. Two of the members -- both Democrats -- did resign. The holdouts are the two Republicans.

In Brunner's complaint, released Friday, she accuses board chair Robert Bennett and board member Sally Florkiewicz of violating state election law in five areas:

* Failure to adopt adequate procedures for election recounts resulting in the felony convictions of two board employees.
* Failure to manage competently the board's financial affairs.
* Failure to ensure the efficient administration of elections in 2004 through 2006.
* Failure to ensure an acceptable level of performance of voting equipment.
* Election administration in Cuyahoga County has led to a lack of public confidence in elections in the county.

A hearing is scheduled for April 2 to discuss the complaint if the two board members don't resign before then. Florkiewicz's term is supposed to end officially February 28, 2008, while Bennett's ends February 28, 2010.

Remember, this all stems from the 2004 presidential recount in Ohio. But problems with recount procedures in Cuyahoga continued after that election and were especially evident in the May 2006 primary, as described in two reports.

Source Says Second ES&S Letter Tried to Dictate What Florida Test Reports Could Say

After my story about the ES&S memo posted yesterday I heard from someone in Florida who sent me a copy of a second ES&S letter, this one sent to David Drury, who oversees voting system certifications for the state's Division of Elections. ES&S sent the correspondence on December 15 as state officials and Florida State University's SAIT Lab were preparing to conduct two examinations to test voting systems used in Sarasota county last November and do a source code review of the software. The testing was done to try to determine the reason that some 18,000 ballots didn't have any vote cast in the 13th Congressional District race.

The letter is a detailed list stating what the testing reports should and should not say. In the letter, ES&S refers to its list as "guidelines," but the instructions are extensive -- running a page and a half -- and make some pretty strong demands. Among them, that the report should make (the quotes are ES&S's):

* No statements about possible "vulnerabilities"
* No statements about the "style" of the source code
* No statements commenting on the use of less desirable techniques, instructions, or constructs
* No statements regarding conformance to source code standards of any type or kind
* No statements regarding ES&S hardware or software engineering practices or design methods
* No statements regarding the use of preferred or non-preferred data structures, data types, data formats, databases, storage methods
* No statements rendering opinions on security techniques employed or not employed
* No statements discussing presence or absence of cryptography or other security methods and techniques

The part about security techniques appears several times.

Anyone following the e-voting issue will recall how researchers examining machines made by Diebold in 2003 discovered the company had used outdated and insecure encryption techniques and had hard-coded a password into the code. Someone might say that ES&S is simply concerned about the security of the machines if descriptions about encryption used in its code is revealed. But the prohibitions against discussing desirable or undesirable constructs and "source code standards of any kind" give the impression that ES&S might be just as concerned that their programmers might be found to have overall bad coding practices.

The list goes on, with this statement at the end of it:

"The review is not a search for doubt, but rather needs to be a search for conclusive evidence of error or fraud. If no conclusive evidence is found then all other statements are not necessary."

The letter then says the testers should take for granted -- actually, the wording is a bit stronger and says that they must assume -- before they come to any conclusion about the machines that:

* All of the voting equipment and materials have been physically secured as they should be
* Physical chain of custody of the equipment and materials has never been compromised
* Only the best election administration practices and procedures have been employed with these systems

The source who sent me this noted that the Florida State University testers didn't completely adhere to this list of guidelines since they did discuss possible scenarios and vulnerabilities in their report. They dismissed them all as being a cause of the undervotes, however. As I mentioned in my last post, a couple of computer scientists are examining the FSU and Florida state reports and are expected to publish a paper on their take of the reports.

You can read the 3-page letter here, here, and here.

UPDATE: David Wagner, part of the FSU team that examined the source code, spoke with me about the letter and said his team never saw it and that no one tried to influence what they could and could not write in their report. You'll find his comments to me here.