Re: code validation?

From: Edward Cherlin <cherlin_at_pacbell_dot_net>
Date: Thu Feb 24 2005 - 22:15:16 CST

On Wednesday 23 February 2005 09:03, Ron Crane wrote:
> Eek! Such a proliferation of vendors will fragment the
> open-source review community and thereby make it much more
> likely that there won't be enough interested people available
> to know about and review every change. And law is often a
> remarkably weak tool to enforce compliance with complex
> procedures. How would you write a statute requiring a vendor
> to incorporate all significant security fixes? How would the
> enforcement clause read? Could you get a TRO (temporary
> restraining order) forcing the inclusion of a fix? Is a judge
> going to understand what the hell you're talking about, or
> will she refuse the TRO and let the case go to trial – behind
> 2 years' worth of criminal docket?

In 2000 we saw the courts handle the election cases quite
expeditiously.

> Speaking of which, will
> there be criminal penalties? Will they really be enforced?

Wrong lever. Instead of mandating a development procedure, you
put in a standard and mandate compliance. The software has to
pass the standard test suite, including all known attacks, or it
doesn't qualify for government purchase. If somebody discovers
and publishes a new attack, all vendors must submit to public
testing by anybody who feels like making the effort.

So the security problem must be solved, whether or not the vendor
chooses to use somebody else's published fix. A vendor that
mucks up on security will also find that all of the known
attacks on its code go into the test suite for the next cycle.

Just imagine if Internet Explorer/Outlook/Microsoft Exchange
Server had to pass such tests to qualify for government
purchases. How fast do you think Microsoft would clean up its
act?

> The question of legal enforceability is far from a theoretical
> issue. During Ohio's presidential recount, local boards of
> elections violated the recount statutes in numerous important
> ways, yet, because of timing, the lack of appropriate
> enforcement provisions, and/or the lack of certain public
> officials' will to enforce the law, nothing was done about it.
> The result was that "randomly" (as in "randomly choose which
> precinct to recount") was defined as "whichever one we
> choose", "recount" was defined as "run through the tabulator
> as many times as is necessary to get the result to match the
> election day total", "observe" (as in "citizen observers") was
> defined as "be locked out of the building where the tabulation
> occurred", etc. Many of these violations are felonies under
> Ohio law, but I haven't heard a peep about prosecutions.

The biggest flaw in the entire system. State governments hate to
prosecute their own officials, especially those of the same
party. Only public pressure can make it happen, and we don't
have enough of it in Ohio.

> Basically you have to trust the vendor to incorporate
> suggested changes.

Don't trust, verify.

> And while I might trust OVC to do so – or
> at least be able to raise a stink if it doesn't – I don't
> trust, can't check on, and can't raise a stink about tens of
> vendors playing around with the software.

-- 
Edward Cherlin
Generalist & activist--Linux, languages, literacy and more
"A knot! Oh, do let me help to undo it!"
--Alice in Wonderland
http://cherlin.blogspot.com
_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Sun Feb 27 17:17:12 2005

This archive was generated by hypermail 2.1.8 : Sun Feb 27 2005 - 17:17:13 CST