May 2012
An Interesting Recount (15 May 2012
Another Company Doesn't Understand Phishing (18 May 2012
Update on Hand Recount (30 May 2012

An Interesting Recount

15 May 2012

An interesting election recount is about to take place in New York. The race itself is of little intrinsic importance — the legislative session ends June 21, and the seat itself has been redistricted out of existence — save for the oddity of a Republican apparently having won an election in Brooklyn, albeit by just 27 votes out of 22,137 votes cast. (The previous holder of the seat will be a guest of the Federal prison system for the next seven or so years…) What's really interesting, though, is that this will be the first manual recount of an election in New York City since it switched to optical mark scan paper ballots.

Many voting technologists favor such ballots, precisely because a hand recount is possible. But are they accurate, in the real world? Both the city and voters have had trouble with the machines in the past. I'll be curious to see what happens here, and even more curious to see what, if anything, is done to correct any flaws that are found.

Tags: voting

Another Company Doesn't Understand Phishing

18 May 2012

It's happened again: another reputable company just sent me an email with a link to click on, at which point I'm prompted for my login and password. This is exactly the sort of behavior that trains people to respond to phishing emails. I've complained about this sort of behavior before; I'm sure this won't be the last time I have to.

This time it was Nest: they want to "confirm" my email address. So — they sent me email with a link saying "Verify your email", at which point I'd be taken to some URL with a lot of random-looking characters in it. It was legitimate; it even used https so I could check the certificate. (Why did I even respond to an unsolicited email like that? The Nest app on my iToy started displaying a button "resend email verification message"; I tapped that to induce a second — and identical — message. Since I had initiated that request, the message was much more believable.) But I wasn't logged in, so I received a login prompt.

This is the wrong way to do things! The instructions in the email should have said "log in to your Nest account, then click this button" — and if you click it without being logged in, you should get a page without hyperlinks that says "please log in first and retry". That's a safe way to do things, and it doesn't teach people bad habits.

Tags: security

Update on Hand Recount

30 May 2012

A couple of weeks ago, I blogged about a hand recount of ballots in a very close State Senate race. According to press reports (though there's no official result from the Board of Elections), both the original winner and the margin seem to have held up quite well. Specifically, the Storobin margin going into the recount was 27 votes; if that report is accurate, at most only about a dozen votes shifted, and maybe less than that, for an error rate of .05%. That's astonishingly good. Of course, the press reports could be wrong, and I don't know if the Board will release detailed-enough information on the recount results to let us assess the performance of the machines; I'll post again if results warrant.

Update: A spokeswoman [sic] for the Board of Elections has confirmed that only eight ballots are still subject to review; the Board should decide on them today.
Tags: voting