Month: March 2012

Why did the media play naive?

From an earlier post seven days ago,

A lot of ink and broadcast bandwidth has been dedicated to 31,000 “complaints” filed with Elections Canada regarding the so-called Robocall Scandal. The opposition is trying to construct a media narrative of a broad orchestrated conspiracy. Elections Canada instead reports that 31,000 “contacts” have been reported. What’s the difference, you ask?

Well, let’s take a look at leadnow.ca’s petition. The second addressed recipient of the petition is William H. Corbett, Commissioner of Elections Canada. Today, Leadnow’s petition boasts 39,677. No small feat however, this petition was likely emailed out to leadnow’s list which has been built off of previous petitions (and campaigns). A signature petition to demand a public inquiry does not a specific complaint of voter suppression make. Indeed, for those looking for the truth in the matter, flooding Elections Canada’s inbox only makes it more difficult to find the needles of legitimate complaints (if they exist) in the ever-growing spamstack. Troubling has been the media’s tone and volume on these contacts as they are seemingly equating lazily clicking a mouse and joining (re-joining) leadnow’s mailing list with the effective filing of a police report.

And today we learn what we already knew,

Online form letters behind ‘majority’ of 31,000 robo-call complaints

Elections Canada says the bulk of the 31,000 messages it’s received from Canadians concerning fraudulent robo-calls in the 2011 ballot were merely form letters.

“The majority of those contacts were made via automated forms or online form letters,” agency spokesman John Enright said Monday.

Form letters such as those generated by activist website Leadnow.ca – which encourages Canadians to submit them – do not spell out an allegation about specific robo-calls but merely raise concern about the subject.

Who is Pierre Poutine?

John Ivison published an interesting piece in the National Post last week that breezed by what would have been technobabble to some,

Mr. Meier set out to follow the digital trail himself. Pierre Jones had covered his tracks sufficiently that a “burner” phone, PayPal account and the Gmail address he’d been using offered no clues. Mr. Meier spent hours piecing together a “session log,” breaking down when Pierre Jones used the RackNine system and what he did while on it. “We put it together one Lego block at a time. It pierces the veil to indicate who is using the system,” he said.

Mr. Meier said he had his “Eureka” moment at 3 a.m. one morning, and by 5 a.m. had written a 22 page report for Elections Canada. “He [Pierre Jones] screwed up. Just for a fraction of a second but it was enough for me to find him,” he said.

Let’s get right to the point.

A “cookie” in web browsing terms is a string of characters that is stored in a file on your computer that your computer relays back to a website when you’re browsing. For example, when you login to a website, the reason why you can go from one page to another is because of this file stored on the user’s computer. A secure site (e.g. gmail) asks the computer if it has any of that site’s cookies on its hard-drive. If so, what does the cookie say? If the cookie has the same encoded string common to what the site is expecting, the user can proceed to the next page, and the next without having to login for each new page.

Session are a bit different but are similar in tracking utility. From About.com,

Sessions are not reliant on the user allowing a cookie. They work instead like a token allowing access and passing information while the user has their browser open. The problem with sessions is that when you close your browser you also lose the session. So, if you had a site requiring a login, this couldn’t be saved as a session like it could as a cookie, and the user would be forced to re-login every time they visit.

So, Meier reconstructed the session log, and had a Eureka moment. This means that there was likely a common session linking two users. This likely means that one ‘client’ of Racknine’s logged out of Racknine’s web interface. Likely holding a session token on the same computer, another ‘client’ (Poutine) was logged in. Oops.

To see an example of this, logout of Facebook and look at the url. Logging in with new credentials can store the session key under the newly logged in user as well.

We can deduce that Pierre Poutine very possibly used the same computer as another legitimate user account on Racknine. Alternatively, a web url with a session key (e.g. racknine.com/menu.php?id=4due2sjdh29c809encgg) could have been shared from one user on one computer to another computer.