Re: vendors vowing to cooperate with disclosure?

From: Nancy Tobi <ntobi_at_democracyfornewhampshire_dot_com>
Date: Tue Apr 24 2007 - 07:43:05 CDT

Of course, this is the EAC Ponzi Scheme. There will never be equipment that
meets the EAC standards.

http://www.democracyfornewhampshire.com/node/view/3571

On 4/24/07, Doug Kellner <dkellner@elections.state.ny.us> wrote:
>
> We should not lose sight of the fact that there is no voting system that
> has been certified to the 2005 VVSG, and the work that we have been doing in
> New York shows that even those systems certified by NASED to the 2002 VSG
> have subsequently been shown to have features that are not in compliance
> with the 2002 standards.
>
> The simple answer is that there is no voting device or scanner on the
> market that I know about that currently conforms to all of the standards.
> If there were, New York would buy it.
>
> Douglas A. Kellner
> Co-Chair
> New York State Board of Elections
>
> Tel. (212) 889-2121
> Fax (212) 684-6224
>
> ------------------------------
> *From: *Nancy Tobi <ntobi@democracyfornewhampshire.com>
> *Reply-To: *<ntobi@democracyfornewhampshire.com>, Open Voting Consortium
> discussion list <ovc-discuss@listman.sonic.net>
> *Date: *Mon, 23 Apr 2007 15:48:29 -0400
> *To: *<dak@khgflaw.com>, Open Voting Consortium discussion list <
> ovc-discuss@listman.sonic.net>
> *Subject: *Re: [OVC-discuss] vendors vowing to cooperate with disclosure?
>
> If federal legislation offered NO COTS exemption but rather required full
> source code disclosure, would there be voting equipment available for
> purchase for the 2008 elections, and if so, what would it look like, cost,
> etc?
>
> I am looking for a practical answer on the IMPLEMENTABILITY of a full
> disclosure requirement.
>
> ~Nancy
>
>
>
>
> On 4/23/07, *Richard C. Johnson * <dick@iwwco.com> wrote:
>
> Nancy,
>
> Open Voting Solutions believes that there are Linux drivers for most of
> the COTS hardware needed for a decent precinct scanner system. In our case,
> we expect that the scanner will be controlled by an open source driver; the
> scanner driver is a key piece which we want to be open source.
>
> I don't think that there are any other drivers that touch the actual
> voting process remaining in our Linux-based system. We use COTS
> hardware...a PC, a printer (for posting precinct results), and a Kodak i40
> scanner. We use Linux (open source) drivers for all PC parts.
>
> But we have no BillWare anywhere (no Microsoft software) and we do not
> believe that COTS software is needed. If it were, we would be inclined to
> use Oracle in our system as a database. Then, we would have taken a step
> away from Open Source software...something we don't really want to do
> without good reason. The reason would be increased flexibility of
> legitimate access without sacrificing security. Oracle would help
> auditability as well. I am unaware of any such benefits from the other
> pieces of COTS software mentioned.
>
> The upshot is simply that allowing COTS software in databases, crucial
> drivers, or operating systems is not necessary. IMHO.
>
> -- Dick
>
>
> *Karl Auerbach <karl@cavebear.com >* wrote:
>
> Nancy Tobi wrote:
>
> > Sorry for being such a johnny come lately -but can you please tell me
> > what you believe is the intent of CA law for COTS?
>
> It is a bit of recognition of the reality that modern software systems
> are really layers upon layers upon layers.
>
> People forget, for example, that inside many CPU's is a firmware engine,
> i.e. software, that mechanizes the machine instructions. And a lot of
> input/output is processed by controllers that contain embedded software.
>
> The COTS mechanism is to create a presumption of non-hostility on the
> part of software that was created without the knowledge that it would be
> used for voting, that it is used for a myriad of non-voting purposes by
> a broad variety of people.
>
> It's far from perfect, but it does make sense. And it creates a
> substantial barrier and requires an amazing amount of foresight on the
> part of an attacker to embedded a voting-specific flaw into a COTS
> system. (That said, it would not be that strange to see a
> non-voting-specific flaw/backdoor in such software.)
>
> Given the huge amount of software, particularly embedded software in
> what we think are chips and controllers, we could end up spending years
> spinning our wheels, probably without benefit, dredging into the COTS
> software used at those levels.
>
> As compared to deeply embedded code, the scale tips a bit more in favor
> of inspection for operating systems. But even then we have to recognize
> that if we take a position that we absolutely require, in all
> circumstances and all cases, inspection of broadly used operating
> systems ( e.g. Windows CE) that we might end up burning our limited
> energies and make more distant the date when we have decent voting
> machinery and processes.
>
> As Napoleon (or someone) said - we should be careful about the battles
> we pick.
>
> --karl--
>
>
>
>
>
> _______________________________________________
> OVC-discuss mailing list
> OVC-discuss@listman.sonic.net
> http://lists.sonic.net/mailman/listinfo/ovc-discuss
> <http://lists.sonic.net/mailman/listinfo/ovc-discuss><http://lists.sonic.net/mailman/listinfo/ovc-discuss>
>
>
>
> ------------------------------
> _______________________________________________
> OVC-discuss mailing list
> OVC-discuss@listman.sonic.net
> http://lists.sonic.net/mailman/listinfo/ovc-discuss
>
> _______________________________________________
> OVC-discuss mailing list
> OVC-discuss@listman.sonic.net
> http://lists.sonic.net/mailman/listinfo/ovc-discuss
>
>

-- 
Nancy Tobi
Co-Founder, Democracy For New Hampshire
Chair, NH Fair Elections Committee
Legislative Coordinator, Election Defense Alliance
nancy.tobi@gmail.com
www.DemocracyForNewHampshire.com
603.315.4500

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Mon Apr 30 23:17:14 2007

This archive was generated by hypermail 2.1.8 : Mon Apr 30 2007 - 23:17:16 CDT