Re: code validation?

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Tue Feb 22 2005 - 17:03:07 CST

On Feb 22, 2005, at 5:45 PM, Ron Crane wrote:
> Unless "all those people out there" are able quickly to stop elections
> officials from using the compromised code, their findings are
> interesting, and meaningful for future elections, but are likely to
> allow at least one fraudulent election to occur and its result to be
> certified in the interim.

No, no, no.

Here's the steps.

(1) Date 0: The OVC "build maven" releases code and build instructions
to the wider software and elections community. This includes the
instruction: "This code, when compiled/assembled/linked/processed
should hash to ..."

(2) Date 0-N: The community checks the "release candidate" code. Such
checks include both the mechanical check of crypto stuff (hashes and/or
other things, public-key etc.) and examination of the underlying code.

(2a) Date 0-N: If problems are encountered (bugs, failed hashes, etc.),
restart the process.

(3) Date N+1: The hash codes for the final "this year's election" OVC
code are published in the relevant newspapers, websites, etc.

(4) Date N+M: Hold the election. Poll workers compare the hashes on
the CDs they receive to those widely published and accepted by the
community of evaluators[*].

---
[*] The poll workers need to be trained to do something like the 
following:
   - Insert the CD into an independent, separate computer (i.e. not 
running the OVC CD itself).
   - Type something like 'sha voting-station' (or click on something to 
do the same thing).
   - Hold the local newspaper that pre-published the correct hash in 
their hand.
   - Look at the hash displayed on screen.
   - Make sure the newspaper looks like the screen.
I don't think those steps are self-evident.  But I think people can be 
reasonably trained to perform them, even non-technical people.
---
Now sure... this doesn't mean nothing can possibly ever go wrong.  
Maybe a CD is switched or damaged on the way to a polling place, either 
inadvertently or through malice.  Maybe the polling place burns down 
the night before the election.  Maybe the hardware malfunctions.  Etc.
_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Sun Feb 27 17:17:10 2005

This archive was generated by hypermail 2.1.8 : Sun Feb 27 2005 - 17:17:13 CST