President-elect Barack Obama's cell phone billing records were improperly accessed by employees of Verizon Wireless, CNN reported late on Thursday.
Obama's transition team was informed of the breach by Verizon Wireless representatives on Wednesday, team spokesman Robert Gibbs told the news agency. The Secret Service has been informed, Gibbs said.
The phone, a voice flip-phone with no e-mail access, is no longer active or being used by Obama, the report said. Lists of phone numbers and calls made by Obama could have been accessed, but "nobody was monitoring voicemail," Gibbs is quoted as saying.
Verizon Wireless has notified federal law enforcement authorities, Verizon Wireless President and Chief Executive Lowell McAdam wrote in an internal company e-mail distributed on Wednesday that CNN obtained. In a press statement, McAdam wrote:
"This week we learned that a number of Verizon Wireless employees have, without authorization, accessed and viewed President-Elect Barack Obama's personal cell phone account. The account has been inactive for several months. The device on the account was a simple voice flip-phone, not a BlackBerry or other smartphone designed for e-mail or other data services."
"All employees who have accessed the account - whether authorized or not - have been put on immediate leave, with pay. As the circumstances of each individual employee's access to the account are determined, the company will take appropriate actions. Employees with legitimate business needs for access will be returned to their positions, while employees who have accessed the account improperly and without legitimate business justification will face appropriate disciplinary action."
"We apologize to President-Elect Obama and will work to keep the trust our customers place in us every day."
Employees who viewed the records without authorization could be fired, McAdam said in the internal e-mail.
This is the latest in a string of technology-related security incidents to hit this election season. Earlier this month, Newsweek reported that PCs used by the campaigns of Obama and former Republican presidential candidate John McCain were compromised last summer.
In September, McCain's running mate Alaska Governor Sarah Palin had her Yahoo e-mail account broken into. And back in April, someone exploited a weakness in the Web site for Obama's campaign and redirected some visitors to then-Democratic presidential hopeful Hillary Clinton's site.
Regardless of whether you favor Barack Obama or John McCain, you have to admit that the next president will inherit a monumental mess.
Each candidate has been scrambling to explain how he plans to right the financial ship, reign in growing health-care costs, improve education, and balance the budget. Yikes!
As if this wasn't enough, the new president and Congress also have an obligation to figure out how to proceed with a strategic plan for IT and information security.
Now I understand that economic, social, and national security issues should have precedence, but the fact is that the federal government is sort of treading water on a number of highly visible strategic initiatives regarding information security. The issue here isn't new legislation or initiatives, however. It is finishing work that has already been started.
Here are a few examples:
1. The Comprehensive National Cyber Security Initiative (CNCI). This effort grew out of presidential and Department of Homeland Security directives with the goal of standardizing security practices and appointing DHS as the overseer of critical information security infrastructure across all federal agencies. It is estimated that CNCI will ultimately cost around $18 billion to $30 billion. But for now, DHS is asking for $200 million in 2009. As of this writing, these funds have not been allocated to the project.
2. The next revision of the Federal Information Security Management Act (FISMA) of 2002. Back in 2002, FISMA was passed in order to provide a set of guidelines and requirements for federal agencies. Each agency was then graded on a FISMA report card with the results presented to Congress and the public. Several agencies (alarmingly, including DHS) received an "F", while others saw FISMA as nothing more than a series of check boxes with no teeth. To improve the efficacy and benefits of FISMA, the Senate is currently working on the FISMA Act of 2008 (S.3474). As of now, this bill remains in committee.
3. A national information privacy act. The Personal Data and Privacy Act (S.495) has been languishing in the Senate for years. In lieu of national personal-privacy legislation, 42 states have enacted their own laws leading to a messy situation for any organization doing business across the country. Some states like Nevada and Massachusetts now mandate data encryption to protect data confidentiality, but individual laws remains vague and unique.
These examples pale in comparison to the federal train wreck around Homeland Security Presidential Directive 12 (HSPD-12), a well-intended but unfunded effort to standardize identity technologies for federal workers and contractors. In my opinion, the lack of federal funding has rendered HSPD-12 a bad joke inside the Beltway.
As a private citizen, I can't help but lament the tremendous amount of wasted effort here, especially in the face of increasingly dangerous information security threats. Bills are discussed but not passed. Some legislation gets passed and is either ignored or treated as a mere check-box item. Other bills are passed and never funded.
Unfortunately, these examples are a microcosm of a broken, wasteful system. Regardless of who becomes our next president, I'll judge progress in Washington by the government's ability to pass and fund legislation, meet regulatory compliance mandates, improve information security, and strive for constant improvement. I, for one, will be watching carefully.
SAN JOSE, Calif. -- California voters this year will be using paper ballots that will be optically scanned and manually audited to protect against fraud and problems that have marred elections conducted with electronic voting systems, California Secretary of State Debra Bowen said Wednesday.
Debra Bowen, California's secretary of state, speaks with CNET News after giving a keynote address at the Usenix security conference on the voting plan for the state.
(Credit: CNET News)In a keynote address at the Usenix security conference entitled "Dr. Strangevote or: How I Learned to Stop Worrying and Love the Paper Ballot," Bowen said optical scanning was a "pretty good, although not perfect alternative" to direct-recording electronic voting.
"I don't think a perfect voting system exists or can be created because for every brilliant idea that we execute perfectly we'll have an equally brilliant person figuring out a way around it," she said.
Optical scanning preserves the original ballot and allows the state to check the accuracy of results "through hand tallies of a meaningful percentage of randomly selected precincts after every election and for every contest," she added. "Hand tallies mean never having to say 'I trust you' to hundreds of thousands of lines of code."
Touchscreen systems don't have an original record or any way to reconstruct the voter's intent, Bowen said. Also, e-voting paper trails often are confusing to voters who are forced to verify their votes on paper that appear in a different format from what they saw on the touchscreen, she said.
Not only have outcomes with electronic voting systems been challenged and questioned in real elections, but numerous studies--including a thorough study Bowen commissioned last year--have shown that the e-voting systems can be tampered with, can have programming mistakes that record the wrong results or display the wrong ballot type, and choices can be altered or interfered with as a result of something as simple as barbeque sauce stuck to the touchscreen, according to Bowen.
The frailty of e-voting systems
Reviews of electronic voting systems have found that they are susceptible to virus attacks that can corrupt data and spread from one machine to every other machine in the jurisdiction, she said. Many electronic systems have been found to have hardcoded passwords or passwords that are easy to guess or the same in every machine, and vendors have systems where a single key opens any voting machine from that company, she said.
Bowen told of the ease with which researchers were able to defeat physical security features on e-voting machine, for instance by unscrewing housings to bypass a security seal and thus leaving no evidence that the box was tampered with.
A new report on the ES&S voting systems from a team at the University of Pennsylvania found numerous exploitable vulnerabilities in the system, including the ability to delete data using handheld devices and a small magnet, she said.
With systems that use paper trails combined with electronic ballots, research has found that it can be difficult to see the results on the paper through a plastic covering that they appear behind, and many voters don't bother to try to verify their results.
A paper ballot is a permanent record that is easy to audit, whereas electronic vote records and audit logs can be altered, she said. And many e-voting systems use Microsoft Access for tallying votes, which opens the system up to fraud, she added. "Votes can readily be moved from one column to another .... without being detectable."
California and West Virginia are the only two states that have a statutory requirement for random manual vote tallies, according to Bowen.
"I added requirements for additional manual tallies of 10 percent of precincts in any contest where the margin of victory is less than one half of one percent," Bowen said. If there is a problem with the scanning software for any reason additional audits can be done, she added.
VIDEO: Bowen tells CNET News what system will be used in the November elections and why she thinks it is better than relying on electronic voting systems that use paper trails.
- prev
- 1
- next
