Re: Fw: Meet the $499 Mac.

From: Richard C. Johnson <dick_at_iwwco_dot_com>
Date: Fri Aug 26 2005 - 19:45:15 CDT

Ron,
 
Paper ballots, like digital ones, sometimes get lost, strayed, or stolen, or even generated from the legions of the dead. Neither will ever generate trust by mere existence. Both require you, even if you trust, to verify through cross checking, procedural safeguards, poll watchers, locked ballot boxes, encrypted data lines, and so forth.
 
I believe firmly that there is no necessary safety in paper ballots, that such ballots need to be subject to security procedures. And I believe that there is no necessary lack security in digital votes, just a crying need for cross-checking with voter verified paper ballots and for the procedures and checks and observers that make it very difficult to cheat or to propagate error.
 
I trust no one with my ballot, suspect everyone, and want all the checks and balances and security procedures I can get. Paper alone, however, does not inspire trust. A securely engineered combination of digital and paper voting, however, comes closer to earning my trust than anything else I know.
 
Trust little, verify much.
 
-- Dick

Ron Crane <voting@lastland.net> wrote:
charlie strauss wrote:

>...It's possible, likely I guess, that when macs go to Intel they will also go to trusted platform computing. While that's a controversial topic for some people, I think it's something the voting community should embrace as one more layer of security that begins to address the one topic we have left uncovered. How do you know the binary you are running is the one you think you are running...
>
If "you" is an average voter, you don't: you have to trust the "experts"
-- elections officials, vendors, and (if you're lucky) a savvy activist
or two. That, in itself, is an excellent reason to abandon e-voting for
precinct-based hand-counted paper. The voting system is our republic's
basis, and must therefore be effectively supervised by ordinary
citizens. And ordinary citizens understand squat about software in
general, let alone about computer security.

>And how do you establish a secure connection to the video screen that can't have a man in the middle? Trusted platform computing along with the new HD video screens address these issue. Not neccessarily perfectly, but with a very solid layer we lack right now.
>
>
What's "solid" about it? Why should I trust it? What prevents the vendor
from installing a malware loader in its firmware? What prevents the
vendor from hiding a wireless or BPL device (getting smaller all the
time) somewhere in the system, then using it to convey triggers and/or
cheating code on election day? How would I ever detect the presence of
such malicious firmware? And when the computers are recycled into the
general school population (and then back for voting machines in the next
election -- yikes!) what prevents whoever uses them (or the vendor via
regular "updates" or "service") from installing malicious code in their
firmware, and malicious devices in their hardware?

>Also I'd like to point out that there is a LINUX BIOS avaliable. Developed I believe at Los Alamos National Lab. Use that instead of the regular bios and you can scrap the boot loader. It's open source.
>
>
That might solve one problem. Maybe. Quite aside from the "Reflections
on Trusting Trust" problem, it'll be difficult enough getting
pollworkers properly to check that the correct voting application is
loaded (i.e. to check the cryptographic signature with a piece of
software not provided by the vendor or a vendor's associate). I'm sure
getting them to flash the firmware properly'll be a blast. In any case
the "Linux BIOS" addresses only mainboard BIOS issues, not those in the
video BIOS, nor in any system-management firmware, nor in any hidden
trap-door firmware, nor in malicious hardware.

There are just too many ways to cheat with computers, and the number
(and deviousness) of cheats increases daily.

-R

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Wed Aug 31 23:17:32 2005

This archive was generated by hypermail 2.1.8 : Thu Sep 15 2005 - 11:44:12 CDT