Re: does Diebold have 'quadruple redundancy'?

From: Richard C. Johnson <dick_at_iwwco_dot_com>
Date: Wed Aug 17 2005 - 09:01:30 CDT

Karl's comment is spot on. The exact problem with Diebold-type DRE machines is just this capability of replicating error in an illusion of backup or duplication. I myself have backed up a corrupted disk...
 
The paper generated by Diebold remains to be seen how separate a data path it has, how subject to voter verification it is, and thus how much claim Diebold has to even a redundancy factor of two, when faced with machine error or malicious manipulation. A copy of a corrupted vote is unable to correct that vote, simple as that.
 
Cheers!
 
-- Dick
 

Karl Auerbach <karl@cavebear.com> wrote:

On Mon, 15 Aug 2005, Kathy Dopp wrote:

> He is claiming that Diebold DREs have "quadruple redundancy" - that there are
> 3 computer chip records of every vote plus the paper trail.

Redundancy is a slippery concept. For example, one might store data in
several different places, but if there is an error induced at the original
source of that data, or along the common conduits through which that data
flows, then the redundancy is not of the original data but instead of the
errored data.

I got clobbered by this just the other day. I built a pair of new servers
with RAID-1 (mirrored) disk drives. And in a moment of stupidity I did
not use error correcting memory.

So, as it came to pass, I got a bad memory chip that was not detected.
And unfortunately linux was using that chunk of memory as cach buffers in
the linux disk cache.

So previously perfectly good data and directories getting corrupted - and
the corruption was being perfectly replicated by the redundant RAID
drives. It was a mess.

(The machines now have ECC memory.)

Redundancy is not a yes-I-have-it or no-I-don't condition. Redundancy is
only as good as the separation of data pathways and the protection of
those pathways.

Thus, if a brand-D machine were to misread a vote, the fact that that
misread vote is stored in umpteen different places adds not one whit to
the overall trustworthyness of the system.

Similarly, if there are not distinct means (using distinct paths) to reach
each of the separate copies, then any corruption on the common read path
would render the redundancy useless.

If redundant copies conflict with one another then what happens? One way
to attack a voting system is to induce conflicts into any of the redundant
storages, and thus invalidating the votes, in precincts that are likely to
have more vote undesireable to the attacker.

This is what makes paper ballots so wonderful - we humans have very nice,
very reliable sensory organs that we can use to bypass all of those
invisible computer mechanisms and storage media.

--karl--

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Wed Aug 31 23:17:27 2005

This archive was generated by hypermail 2.1.8 : Thu Sep 15 2005 - 11:44:12 CDT