Re: logic and accuracy tests

From: Ron Crane <voting_at_lastland_dot_net>
Date: Sat Aug 26 2006 - 18:59:20 CDT
Your original conclusion was that "L&A tests and even parallel testing cannot reveal the presence of Trojan Horse software" and that "There is no possibility of uncovering inserted software that is designed to permit manipulation of the legitimate functions." That is incorrect, as you now seem to have acknowledged by stating that, "I'd agree that parallel testing could determine whether a given machine flipped votes from candidate A to candidate B...."

As for what you missed, I never said or implied that L&A testing and parallel testing can assure that a machine does not contain any malicious software, only that testing can discover some kinds of malicious software under some circumstances.

For the record, I am firmly opposed to the use of DREs and DRE-like voting equipment (including ballot printers) because (1) they're highly vulnerable to malicious software, firmware, and hardware; (2) it's difficult to discover many such attacks, and it will become more difficult as technology advances; (3) the lackadaisical formulation and use of procedures that often characterizes election operations seems unlikely to change; (4) it's difficult (I think next to impossible) to sustain the use of adequate procedures over the long term, even assuming we manage to institute them over the short term; and (5) only a tiny sliver of the general public has even the possibility of effectively supervising these kinds of systems.

-R

 Jerry Lobdill wrote:
My conclusion is wrong? Tell me more.

I'd agree that L&A testing has the purpose you state. I'd agree that parallel testing could determine whether a given machine flipped votes from candidate A to candidate B by comparing the ballots the testers voted with the "ballots" the machine recorded.

But why do you think that  L&A testing and parallel testing can assure  that a machine's software has no Trojan Horse? Have I missed something?

Jerry


At 02:00 PM 8/26/2006, you wrote:
Content-Transfer-Encoding: 7bit
From: Ron Crane <voting@lastland.net>
Precedence: list
MIME-Version: 1.0
To: Open Voting Consortium discussion list <ovc-discuss@listman.sonic.net>
References: <mailman.24.1156532404.19263.ovc-discuss@listman.sonic.net>
         <6.2.3.4.2.20060825164006.0451d280@pop.charter.net>
In-Reply-To: <6.2.3.4.2.20060825164006.0451d280@pop.charter.net>
Date: Fri, 25 Aug 2006 15:31:57 -0700
Reply-To: Open Voting Consortium discussion list
         <ovc-discuss@listman.sonic.net>
Message-ID: <44EF7A5D.7090003@lastland.net>
Content-Type: text/html; charset=ISO-8859-1
Subject: Re: [OVC-discuss] logic and accuracy tests
Message: 2

Jerry Lobdill wrote:

At 02:00 PM 8/25/2006, you wrote:

 
      

From: Paul Malischke
<malischke@yahoo.com>
Date: Aug 24, 2006 8:11 PM
Subject: logic and accuracy tests

Hello,
One major arguement that the clerks make against post-election
audits of vote counts is that they do logic and accuracy
pre-tests.  How can we counter this argument?
       
            

To me the best answer to this is that L&A tests and even parallel 
testing cannot reveal the presence of Trojan Horse software. 
Tests--of any kind--can only test the advertised functionality of 
software. There is no possibility of uncovering inserted software 
that is designed to permit manipulation of the legitimate functions. 
It's like trying to prove a negative--it can't be done.

  
Your conclusion is incorrect. But L&A testing is not security testing, and is unlikely to discover a competently-designed fraud, such as one engineered to operate only on election day. Parallel testing can do better, since it is performed on election day and is meant to determine whether the machines are cheating. For example, parallel testing could determine whether a given machine flipped votes from candidate A to candidate B by comparing the ballots the testers voted with the "ballots" the machine recorded. That said, there are a host of ways a well-designed attack might try to escape detection during parallel testing, most of which involve determining whether the machine is, in fact, being tested. Unless the testers are exceedingly careful to make the testing exactly simulate actual voting -- from randomly selecting the machines to test right before the polls open, to casting a realistic assortment of votes at a realistic rate, to using varying amounts of pressure on the touch-screen to cast them, etc. -- it's quite likely that some well-designed attacks will escape detection during parallel testing.

Post election audits are conducted to ascertain whether any kind of 
irregularity occurred in the election. This is a completely different 
function than testing.  
  
Both audits and parallel testing aim to find irregularities and fraud. L&A testing mostly aims only to discover whether the machines appear to be setup correctly (e.g., to display the appropriate races and to allow voters to select the right number of candidates).

-R

(In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. ProgressiveNews2Use has no affiliation whatsoever with the originator of this article nor is ProgressiveNews2Use endorsed or sponsored by the originator.)

"Go to Original" links are provided as a convenience to our readers and allow for verification of authenticity. However, as originating pages are often updated by their originating host sites, the versions posted on ProgressiveNews2Use may not match the versions our readers view when clicking the "Go to Original" links.


_______________________________________________ OVC-discuss mailing list OVC-discuss@listman.sonic.net http://lists.sonic.net/mailman/listinfo/ovc-discuss

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Thu Aug 31 23:17:10 2006

This archive was generated by hypermail 2.1.8 : Thu Aug 31 2006 - 23:17:10 CDT