Re: Need change to openvoting.org to help NIST comment

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Wed Apr 06 2005 - 15:18:19 CDT

Hi Ron,

These are good additional concepts. As background for others, I
suggested to Ron that we might be able to introduce an implied
refutation of the assumption "if it works in testing, it works during
voting" by way of some new definitions.

However, I think there are *too many* closely related terms here. The
glossary already has a tendency to have too much overlap in terms
(mostly because they come from different sources). I think proposing a
maximum of three terms would provide a clearer basis for future
elections discourse.

For example, I don't think we want to be in a debate about whether a
certain attack is hacking, manipulation, or subversion (choose one).
Especially if some state law governs one of the terms, but not the
others.

Trusted/untrusted persons seem good, and distinct. And Trojan Horse is
a specific concept worth drawing attention to. But I think
Hacking/Manipulation/Subversion should be reduced to one concept.
Perhaps the word for those is "Tampering".

> Hacking: The manipulation of a voting system (including, but not
> limited to, the introduction of a Trojan Horse) or any of its data by
> an untrusted person.
>
> Manipulation: The modification or accessing of a voting system or any
> of its data (a) with the intent to alter, or to permit the alteration
> of, the outcome of any election; or (b) to release, or to permit the
> release of, non-public data concerning an election to a person not
> authorized to receive it.
>
> Security Analysis: An inquiry into a voting system's vulnerability to
> hacking and subversion. Includes an analysis of the system's software,
> firmware, and hardware, as well as the procedures surrounding their
> production, deployment, and use. Security analysis may discover means
> of hacking and subversion invisible to testing, such as Trojan Horses
> programmed to operate only during an election, or only when a
> specified signal is broadcast via electromagnetic means such as WIMAX
> or power-line broadband.
>
> Subversion: The manipulation of a voting system (including, but not
> limited to, the introduction of a Trojan Horse) or any of its data by
> a trusted person.
>
> Trojan Horse: A piece of software intended to alter the outcome of an
> election, or to allow the release of non-public data concerning an
> election to a person not authorized to receive it. A Trojan Horse may
> alter the outcome of an election by modifying the presentation of
> information to the voter; by changing, adding, or deleting votes; by
> making it difficult or impossible to vote; or by any other means
> tending to achieve the desired outcome. A Trojan Horse may release
> non-public information concerning an election via networks, wireless
> devices, encoded printouts, or otherwise.
>
> Trusted person: A person who is authorized to create, modify, or
> otherwise handle a voting system, a component of a voting system (such
> as its software or hardware), and/or any portion of a voting system's
> data. A vendor's employee and an elections official are trusted
> persons, while a voter is not.
>
> Untrusted person: Any person who is not a trusted person.

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sat Apr 30 23:17:02 2005

This archive was generated by hypermail 2.1.8 : Sat Apr 30 2005 - 23:17:22 CDT