Re: code validation?

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Tue Feb 22 2005 - 17:03:07 CST

On Feb 22, 2005, at 5:45 PM, Ron Crane wrote:
> Unless "all those people out there" are able quickly to stop elections
> officials from using the compromised code, their findings are
> interesting, and meaningful for future elections, but are likely to
> allow at least one fraudulent election to occur and its result to be
> certified in the interim.

No, no, no.

Here's the steps.

(1) Date 0: The OVC "build maven" releases code and build instructions
to the wider software and elections community. This includes the
instruction: "This code, when compiled/assembled/linked/processed
should hash to ..."

(2) Date 0-N: The community checks the "release candidate" code. Such
checks include both the mechanical check of crypto stuff (hashes and/or
other things, public-key etc.) and examination of the underlying code.

(2a) Date 0-N: If problems are encountered (bugs, failed hashes, etc.),
restart the process.

(3) Date N+1: The hash codes for the final "this year's election" OVC
code are published in the relevant newspapers, websites, etc.

(4) Date N+M: Hold the election. Poll workers compare the hashes on
the CDs they receive to those widely published and accepted by the
community of evaluators[*].

[*] The poll workers need to be trained to do something like the 
   - Insert the CD into an independent, separate computer (i.e. not 
running the OVC CD itself).
   - Type something like 'sha voting-station' (or click on something to 
do the same thing).
   - Hold the local newspaper that pre-published the correct hash in 
their hand.
   - Look at the hash displayed on screen.
   - Make sure the newspaper looks like the screen.
I don't think those steps are self-evident.  But I think people can be 
reasonably trained to perform them, even non-technical people.
Now sure... this doesn't mean nothing can possibly ever go wrong.  
Maybe a CD is switched or damaged on the way to a polling place, either 
inadvertently or through malice.  Maybe the polling place burns down 
the night before the election.  Maybe the hardware malfunctions.  Etc.
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Sun Feb 27 17:17:10 2005

This archive was generated by hypermail 2.1.8 : Sun Feb 27 2005 - 17:17:13 CST