Re: OVC-discuss Digest, Vol 22, Issue 30

From: Jerry Lobdill <lobdillj_at_charter_dot_net>
Date: Sun Aug 27 2006 - 15:45:27 CDT

At 02:00 PM 8/27/2006, Ron Crane wrote:

>Your original conclusion was that "L&A tests and even parallel
>testing cannot reveal the presence of Trojan Horse software" and
>that "There is no possibility of uncovering inserted software that
>is designed to permit manipulation of the legitimate functions."
>That is incorrect, as you now seem to have acknowledged by stating
>that, "I'd agree that parallel testing could determine whether a
>given machine flipped votes from candidate A to candidate B...."
>As for what you missed, I never said or implied that L&A testing and
>parallel testing can assure that a machine does not contain any
>malicious software, only that testing can discover some kinds of
>malicious software under some circumstances.

Whew! OK, I'm glad you made that clear. What I meant was that if
there is risk that there is Trojan Horse software (and I don't think
anybody thinks there is no risk of that) designed to remain quiescent
until late in the election process it would not be detected by any
preelection tests or parallel testing that did not continue through
election day and involve enough test votes to exceed the threshold
for Trojan Horse activation. There may be other clever ways to
trigger awakening of the TH that might not be detected by these
tests. These "tests" cannot guarantee that there is no clandestine
malicious code in the machines. They can only report that no
malicious activity occurred during the tests.

I wasn't aware that any of the proponents of L&A and parallel testing
were touting those methods as an effective defense against malicious code.

>For the record, I am firmly opposed to the use of DREs and DRE-like
>voting equipment (including ballot printers) because (1) they're
>highly vulnerable to malicious software, firmware, and hardware; (2)
>it's difficult to discover many such attacks, and it will become
>more difficult as technology advances; (3) the lackadaisical
>formulation and use of procedures that often characterizes election
>operations seems unlikely to change; (4) it's difficult (I think
>next to impossible) to sustain the use of adequate procedures over
>the long term, even assuming we manage to institute them over the
>short term; and (5) only a tiny sliver of the general public has
>even the possibility of effectively supervising these kinds of systems.

Well said. I would prefer paper hand marked ballots and ballot boxes
with public hand counting of the votes. I don't see any alternative
that is anywhere near as secure as that so long as proper chain of
custody procedures are followed and the process is made as public as possible.

OVC-discuss mailing list

= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Thu Aug 31 23:17:10 2006

This archive was generated by hypermail 2.1.8 : Thu Aug 31 2006 - 23:17:10 CDT