Re: draft of text for new OVC-sponsored bill

From: Ronald Crane <voting_at_lastland_dot_net>
Date: Mon Jan 19 2009 - 17:09:30 CST

Jim March wrote:
> ...One of the advantages to this FOSS election system process is that
> both the source and executable code will be readily reviewable by
> everyone. This gives us the ability to make sure the code (and final
> configuration) is good, AND the ability to make sure what's in the
> field is the same stuff as what was certified - even if that cert
> process is seriously stripped down from the current norms
Executables aren't really reviewable with current (or foreseeable)
procedures. Assuming the system boots from a CD-ROM (or is that a CD-RW
or CD-R? Do officials know the difference?), will officials really let
individuals stick the thing in their laptops to compute the hashes?
Should they? After all, a CD-RW or an unclosed CD-R can be rewritten. (I
am not sure whether it's possible to replace the current session on a
closed ("disc at once") CD-R; it shouldn't be, but who knows?) Also,
some people are really good magicians, and could swap the official disc
with a hacked disc without the officials noticing.

 From the original bill:
> (f) The Secretary of State does not need to certify a specific make or
> model of hardware to be used with the open source software. Instead,
> the system certification will describe a class of hardware with which
> the software may be used.
>
You're betting that attackers won't instrument the systems' firmware.
That's a bad bet. While that can still happen even with "certified"
hardware; it's easier with a large hardware selection than with a small
one. Also, there's a greater likelihood that uncertified hardware will
contain potentially hazardous communications devices, and the loaders
needed to use them to cheat.

-R
_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Thu Jan 7 00:09:45 2010

This archive was generated by hypermail 2.1.8 : Thu Jan 07 2010 - 00:09:57 CST