Re: vendors vowing to cooperate with disclosure?

From: Richard C. Johnson <dick_at_iwwco_dot_com>
Date: Mon Apr 23 2007 - 14:30:10 CDT


Open Voting Solutions believes that there are Linux drivers for most of the COTS hardware needed for a decent precinct scanner system. In our case, we expect that the scanner will be controlled by an open source driver; the scanner driver is a key piece which we want to be open source.

I don't think that there are any other drivers that touch the actual voting process remaining in our Linux-based system. We use COTS hardware...a PC, a printer (for posting precinct results), and a Kodak i40 scanner. We use Linux (open source) drivers for all PC parts.

But we have no BillWare anywhere (no Microsoft software) and we do not believe that COTS software is needed. If it were, we would be inclined to use Oracle in our system as a database. Then, we would have taken a step away from Open Source software...something we don't really want to do without good reason. The reason would be increased flexibility of legitimate access without sacrificing security. Oracle would help auditability as well. I am unaware of any such benefits from the other pieces of COTS software mentioned.

The upshot is simply that allowing COTS software in databases, crucial drivers, or operating systems is not necessary. IMHO.

-- Dick

Karl Auerbach <> wrote: Nancy Tobi wrote:

> Sorry for being such a johnny come lately -but can you please tell me
> what you believe is the intent of CA law for COTS?

It is a bit of recognition of the reality that modern software systems
are really layers upon layers upon layers.

People forget, for example, that inside many CPU's is a firmware engine,
i.e. software, that mechanizes the machine instructions. And a lot of
input/output is processed by controllers that contain embedded software.

The COTS mechanism is to create a presumption of non-hostility on the
part of software that was created without the knowledge that it would be
used for voting, that it is used for a myriad of non-voting purposes by
a broad variety of people.

It's far from perfect, but it does make sense. And it creates a
substantial barrier and requires an amazing amount of foresight on the
part of an attacker to embedded a voting-specific flaw into a COTS
system. (That said, it would not be that strange to see a
non-voting-specific flaw/backdoor in such software.)

Given the huge amount of software, particularly embedded software in
what we think are chips and controllers, we could end up spending years
spinning our wheels, probably without benefit, dredging into the COTS
software used at those levels.

As compared to deeply embedded code, the scale tips a bit more in favor
of inspection for operating systems. But even then we have to recognize
that if we take a position that we absolutely require, in all
circumstances and all cases, inspection of broadly used operating
systems (e.g. Windows CE) that we might end up burning our limited
energies and make more distant the date when we have decent voting
machinery and processes.

As Napoleon (or someone) said - we should be careful about the battles
we pick.


OVC-discuss mailing list

OVC-discuss mailing list

= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Mon Apr 30 23:17:13 2007

This archive was generated by hypermail 2.1.8 : Mon Apr 30 2007 - 23:17:16 CDT