Citizen Input on Hart InterCivic Voting System Contract

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Mon Apr 26 2004 - 12:39:28 CDT

Gayle Mertz, my mom and OVC list subscriber, forwarded some voting
machine discussion coming out of Boulder County, Colorado. I don't
know much about Hart InterCivic as a proprietary vendor, but Lou Puls
certainly seems to understand the security issues with proprietary
software, and describe them in a helpful way:

> ----- Original Message -----
> From: Lou Puls
> Sent: Monday, April 26, 2004 12:00 AM
> To: commissioners@co.boulder.co.us
> Cc: cvv-discuss@coloradovoter.net
> Subject: Citizen Input on Hart InterCivic Voting System Contract
>
> Citizen Input on Hart InterCivic Voting System Contract
> To: commissioners@co.boulder.co.us
>
> ILLUSION AND REALITY
>
> It is an illusion that Boulder County is PURCHASING a voting system
> from
> Hart InterCivic. Only the hardware and services are being purchased -
> all the software is being LICENSED. The hardware is off-the-shelf
> equipment that should be leased under competitive bid from
> sub-contractors, not bought at inflated prices when upgrades are
> anticipated and inevitable. As is commonly done with proprietary and
> closed source software, there is no purchase involved, only a licensing
> for the use of the software - certainly not anything remotely
> resembling
> the rights, title and interest of a purchase.
>
> It is also an illusion that the voting system can have any semblance of
> security with respect to reliability, accuracy and honesty (regardless
> of its many admirable solutions to ballot ambiguity). The closed
> source
> code precludes any level of professional examination as to
> vulnerability
> to coding defects, which have become a challenge in recent years for
> prankster and outright malicious attacks via viruses, trojans, worms,
> and all the other malware that have wreaked havoc on much of the
> world's
> desktop, server and infrastructure computers. The voting software
> includes "Communication" software (at an exhorbitant cost of $10,000)
> which is required for Internet upgrading and remote network vote
> processing, and which will leave the voting system vulnerable to such
> malware and its destructive effects.
>
> There should be no illusion about the widely known failures of
> Microsoft
> Windows software, on which all of the voting application software is
> based. Only with heroic effort over the last year has Microsoft issued
> patches for a few dozen of the thousands of severe security defects (in
> the tens of millions of lines of their code) most of which took six or
> seven months to be released after becoming known, announced and
> admitted. Recently 15% of their code was pilfered and widely
> published on
> the Internet, making it far more available for hacking but not for
> officially sanctioned examination. To add to such a worst-case
> scenario, the pilfered code included all of their encryption module,
> whose security defects will be particularly vulnerable. There is no
> rational or conceivable way that Microsoft could provide full patching
> of these present and imminently discoverable defects in time for voting
> machine certification, much less in time for the elections.
>
> If accepted, these illusions lead to an overall illusion of
> trustworthiness in the Hart InterCivic voting system that is totally
> unwarranted, and can only lead to a further erosion of trust in our
> elections. Only open software (after thorough, ongoing, disinterested
> and professional examination) can be considered a candidate for
> trustworthiness in something as vital as a voting system. This
> proprietary voting software is closed and insufficiently examined and
> statistically can have no less than one severe security defect per ten
> thousand lines of unexamined code; thus, it will remain unpatched
> even more than by the inferior system that leads to patching Microsoft
> code. Again, MS Windows operating software is also proprietary and
> closed (except for pilfering), mostly unexamined, notoriously
> defect-ridden, and largely unpatched and unpatchable in any reasonable
> time-frame.
>
> The inevitable result of such a massive lack of digital security is
> that
> no voter can be assured of the reliability, accuracy, or ultimately the
> honesty of our election results. This system cannot be considered a
> credible candidate for a trustworthy voting sytem.
>
> Making the leap in logic that we can assume a remedy in the contract is
> possible to attain a trustworthy system, such a remedy should not
> include the PURCHASE, but rather the LICENSING/LEASING of all hardware,
> service, and software components, with the maintenance and renewal of
> such to be contingent on the following contract compliance and
> performance:
>
> 1. Sine Qua Non - provide open voting software code for critical
> examination;
> 2. Require satisfactory Mock Election performance prior to any
> licensing fee payment;
> 3. Require satisfactory security performance against specific defect
> attacks;
> 4. Require certification to include proof of software upgrades with
> all
> known patches;
> 5. Require recertification upon proof of software patching of all
> subsequent defects.
>
> If such modifications in the proposed contract terms are not carried
> out
> (if feasible), I submit that the alternative (in lieu of hand-
> counted and recountable paper ballots of record, scanned or otherwise)
> is going to involve months of protracted legal actions and injunctions
> in order to protest the possible subversion of our election process.
>
> Lou Puls
> 2565 Kenwood Drive
> Boulder CO 80305
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Fri Apr 30 23:17:19 2004

This archive was generated by hypermail 2.1.8 : Fri Apr 30 2004 - 23:17:29 CDT