Re: SB 1376 passes senate...

From: David Jefferson <d_jefferson_at_yahoo_dot_com>
Date: Wed Aug 18 2004 - 11:21:19 CDT

On Aug 18, 2004, at 8:55 AM, Joseph Lorenzo Hall wrote:

> I understand, Dave... but it does increase the access to the software
> allowed by the SoS... which means that he can, as a part of getting a
> system approved, fund consultants and even red team excercises to do a
> better job at testing than the ITAs. So, the software is not *as
> secret* as it was before and the SoS seems to have wide latitude with
> respect to access. Considering how little we know about the hardware
> in most electronic voting systems, I consider this to be a big step.

It appears to only allow this during the time the system is under
consideration for certification--not after it is certified unless a
problem is identified, i.e. there is an "investigation or prosecution".
  And as I said, it appears to apply only to the "vote tally software",
not the vote capture "firmware" in the DREs themselves.

The whole concept of "escrow" is wrong-headed, implying that the
default situation is for the SoS not to have access to the code. I do
not like that concept reinforced in public law--it will reduce the SoS
leverage in arguing that he should have permanent and total access to
the code.

> I would urge you to suggest and even pressure the SoS to order
> evaluations of certain software systems (the big 4 vendors first, then
> as needed) or as a part of state certification. Those evaluations
> should be made public as much as possible (at least an exec. sum.
> listing possible vulnerabilities, etc. should be available to the
> public... maybe not highly detailed software structures, etc.)

I am working on this every day, believe me.

David

>> The Secretary of State should have a full copy of all voting system
>> software for any analytical purposes he wishes, at the very least.
>> (Of
>> course, in my opinion and yours it should all be public source.)
>
> I think, with SB 1376, he has exactly this.
>
> the relevan part is here (19103(c)):
>
> (c) The Secretary of State shall have reasonable access to the
> materials placed in escrow, under the following circumstances:
> (1) In the course of an investigation or prosecution regarding
> vote counting equipment or procedures.
> (2) Upon a finding by the Secretary of State that an escrow
> facility or escrow company is unable or unwilling to maintain
> materials in escrow in compliance with this section.
> (3) In order to fulfill the provisions of this chapter related to
> the approval of voting systems.
> (4) In order to verify that the software on a voting system,
> voting machine, or vote tabulating device is identical to the
> approved version.
> (5) For any other purpose deemed necessary to fulfill the
> provisions of this code or Section 12172.5 of the Government Code.
>
>
> --
> Joseph Lorenzo Hall
> UC Berkeley, SIMS PhD Student
> http://pobox.com/~joehall/
> blog: http://pobox.com/~joehall/nqb2/
>
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue Aug 31 23:17:15 2004

This archive was generated by hypermail 2.1.8 : Tue Aug 31 2004 - 23:17:23 CDT