Re: Need change to openvoting.org to help NIST comment

From: Ron Crane <voting_at_lastland_dot_net>
Date: Wed Apr 06 2005 - 15:50:21 CDT

David,

I see wisdom in reducing the number of terms. Here's a new, trimmer
set. I've also added a clarification to "Trusted Person" definition.

-Ron

----------------

Security Analysis: An inquiry into a voting system's vulnerability to
tampering. Includes an analysis of the system's software, firmware, and
hardware, as well as the procedures surrounding their production,
deployment, and use. Security analysis may discover means of tampering
invisible to testing, such as Trojan Horses programmed to operate only
during an election, or only when a specified signal is broadcast via
electromagnetic means such as WIMAX or power-line broadband.

Trojan Horse: A piece of software intended (a) to alter, or to permit
the alteration of, the outcome of any election; or (b) to release, or
to permit the release of, non-public data concerning an election to a
person not authorized to receive it. A Trojan Horse may alter the
outcome of an election by modifying the presentation of information to
the voter; by changing, adding, or deleting votes; by making it
difficult or impossible to vote; or by any other means tending to
achieve the desired outcome. A Trojan Horse may release non-public
information concerning an election via networks, wireless devices,
encoded printouts, or otherwise.

Trusted person: A person who is authorized to create, modify, or
otherwise handle a voting system, a component of a voting system (such
as its software or hardware), and/or any portion of a voting system's
data. A vendor's employee and an elections official are trusted
persons, while a voter is not. A person may be trusted to perform one
function (e.g. the creation of a ballot form) but untrusted for others
(e.g. the modification of a voting system's software).

Untrusted person: Any person who is not a trusted person.

_________
On Apr 6, 2005, at 1:18 PM, David Mertz wrote:

> Hi Ron,
>
> These are good additional concepts. As background for others, I
> suggested to Ron that we might be able to introduce an implied
> refutation of the assumption "if it works in testing, it works during
> voting" by way of some new definitions.
>
> However, I think there are *too many* closely related terms here. The
> glossary already has a tendency to have too much overlap in terms
> (mostly because they come from different sources). I think proposing
> a maximum of three terms would provide a clearer basis for future
> elections discourse.
>
> For example, I don't think we want to be in a debate about whether a
> certain attack is hacking, manipulation, or subversion (choose one).
> Especially if some state law governs one of the terms, but not the
> others.
>
> Trusted/untrusted persons seem good, and distinct. And Trojan Horse
> is a specific concept worth drawing attention to. But I think
> Hacking/Manipulation/Subversion should be reduced to one concept.
> Perhaps the word for those is "Tampering".
>
>> Hacking: The manipulation of a voting system (including, but not
>> limited to, the introduction of a Trojan Horse) or any of its data by
>> an untrusted person.
>>
>> Manipulation: The modification or accessing of a voting system or any
>> of its data (a) with the intent to alter, or to permit the alteration
>> of, the outcome of any election; or (b) to release, or to permit the
>> release of, non-public data concerning an election to a person not
>> authorized to receive it.
>>
>> Security Analysis: An inquiry into a voting system's vulnerability to
>> hacking and subversion. Includes an analysis of the system's
>> software, firmware, and hardware, as well as the procedures
>> surrounding their production, deployment, and use. Security analysis
>> may discover means of hacking and subversion invisible to testing,
>> such as Trojan Horses programmed to operate only during an election,
>> or only when a specified signal is broadcast via electromagnetic
>> means such as WIMAX or power-line broadband.
>>
>> Subversion: The manipulation of a voting system (including, but not
>> limited to, the introduction of a Trojan Horse) or any of its data by
>> a trusted person.
>>
>> Trojan Horse: A piece of software intended to alter the outcome of an
>> election, or to allow the release of non-public data concerning an
>> election to a person not authorized to receive it. A Trojan Horse may
>> alter the outcome of an election by modifying the presentation of
>> information to the voter; by changing, adding, or deleting votes; by
>> making it difficult or impossible to vote; or by any other means
>> tending to achieve the desired outcome. A Trojan Horse may release
>> non-public information concerning an election via networks, wireless
>> devices, encoded printouts, or otherwise.
>>
>> Trusted person: A person who is authorized to create, modify, or
>> otherwise handle a voting system, a component of a voting system
>> (such as its software or hardware), and/or any portion of a voting
>> system's data. A vendor's employee and an elections official are
>> trusted persons, while a voter is not.
>>
>> Untrusted person: Any person who is not a trusted person.
>
> _______________________________________________
> OVC discuss mailing lists
> Send requests to subscribe or unsubscribe to
> arthur@openvotingconsortium.org
>

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sat Apr 30 23:17:02 2005

This archive was generated by hypermail 2.1.8 : Sat Apr 30 2005 - 23:17:22 CDT