Re: Fw: Meet the $499 Mac.

From: Ron Crane <voting_at_lastland_dot_net>
Date: Fri Aug 26 2005 - 20:20:27 CDT
Paper is certainly susceptible of various kinds of fraud. We also know most of them, because we've used paper for a long time, and (unlike computers) it is not infinitely malleable. The mechanisms for ensuring chains of custody are well-known, and an ordinary member of the public effectively can supervise every one -- given appropriate official cooperation.

Voter verification, as I have pointed out many times, is a half-measure of doubtful efficacy. I have asked, and asked, and asked again for a cite to a study confirming its efficacy, and every time my request has been met with booming silence. But even assuming some voters "catch" a cheating voting station by verifying their ballots, what then? Will they bother to report it? Or will they just leave in disgust? If they report it, what will the pollworkers do? Cancel their ballot and let them re-vote -- because it's a "glitch", right? But even if the pollworkers want to take it seriously, what do they do? Report it to their superiors, right? And what do the superiors do? Ignore the problem? Conclude that the voters don't know what they're talking about? Call the vendor? Turn off the machines and break out the paper ballots, leaving an unknown amount of fraud uncorrected? Cancel the election and reschedule it? It's hard even to determine an appropriate response, let alone to implement one.

But even were someone magically to solve every e-voting security issue once and for all, an average member of the public cannot, and never will be able to, competently supervise a voting process that uses it. That, in and of itself, makes its use contrary to the checks-and-balances-by-citizens principle at our republic's core. I  suspect that Jefferson and Madison (and possibly even the anti-democrat Hamilton) would scream if they knew we were using a voting system that average citizens cannot effectively supervise.

-R

Richard C. Johnson wrote:
Ron,
 
Paper ballots, like digital ones, sometimes get lost, strayed, or stolen, or even generated from the legions of the dead.  Neither will ever generate trust by mere existence.  Both require you, even if you trust, to verify through cross checking, procedural safeguards, poll watchers, locked ballot boxes, encrypted data lines, and so forth. 
 
I believe firmly that there is no necessary safety in paper ballots, that such ballots need to be subject to security procedures.  And I believe that there is no necessary lack security in digital votes, just a crying need for cross-checking with voter verified paper ballots and for the procedures and checks and observers that make it very difficult to cheat or to propagate error.
 
I trust no one with my ballot, suspect everyone, and want all the checks and balances and security procedures I can get.  Paper alone, however, does not inspire trust.  A securely engineered combination of digital and paper voting, however, comes closer to earning my trust than anything else I know.
 
Trust little, verify much.
 
-- Dick

Ron Crane <voting@lastland.net> wrote:
charlie strauss wrote:

>...It's possible, likely I guess, that when macs go to Intel they will also go to trusted platform computing. While that's a controversial topic for some people, I think it's something the voting community should embrace as one more layer of security that begins to address the one topic we have left uncovered. How do you know the binary you are running is the one you think you are running...
>
If "you" is an average voter, you don't: you have to trust the "experts"
-- elections officials, vendors, and (if you're lucky) a savvy activist
or two. That, in itself, is an excellent reason to abandon e-voting for
precinct-based hand-counted paper. The voting system is our republic's
basis, and must therefore be effectively supervised by ordinary
citizens. And ordinary citizens understand squat about software in
gener! al, let alone about computer security.

>And how do you establish a secure connection to the video screen that can't have a man in the middle? Trusted platform computing along with the new HD video screens address these issue. Not neccessarily perfectly, but with a very solid layer we lack right now.
>
>
What's "solid" about it? Why should I trust it? What prevents the vendor
from installing a malware loader in its firmware? What prevents the
vendor from hiding a wireless or BPL device (getting smaller all the
time) somewhere in the system, then using it to convey triggers and/or
cheating code on election day? How would I ever detect the presence of
such malicious firmware? And when the computers are recycled into the
general school population (and then back for voting machines in the next
election -- yikes!) what prevents whoever uses them (or the vendor via
regular "updates" or "service") from installing malicious code in t! heir
firmware, and malicious devices in their hardware?

>Also I'd like to point out that there is a LINUX BIOS avaliable. Developed I believe at Los Alamos National Lab. Use that instead of the regular bios and you can scrap the boot loader. It's open source.
>
>
That might solve one problem. Maybe. Quite aside from the "Reflections
on Trusting Trust" problem, it'll be difficult enough getting
pollworkers properly to check that the correct voting application is
loaded (i.e. to check the cryptographic signature with a piece of
software not provided by the vendor or a vendor's associate). I'm sure
getting them to flash the firmware properly'll be a blast. In any case
the "Linux BIOS" addresses only mainboard BIOS issues, not those in the
video BIOS, nor in any system-management firmware, nor in any hidden
trap-door firmware, nor in malicious hardware.

There are just too many ways to cheat with computers, and the ! number
(and deviousness) of cheats increases daily.

-R

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org

_______________________________________________ OVC discuss mailing lists Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Wed Aug 31 23:17:32 2005

This archive was generated by hypermail 2.1.8 : Thu Sep 15 2005 - 11:44:12 CDT