Re: Integrating two solutions (related to the Calif. bill thread)

From: Ronald Crane <voting_at_lastland_dot_net>
Date: Sat Jan 24 2009 - 15:20:35 CST
Edward Cherlin wrote:
On Thu, Jan 22, 2009 at 11:01 AM, Ronald Crane <> wrote:
That's good. But at least one concern -- the question of class certification
-- is more pointed for the ballot-printer architecture than for the
hand-filled-paper-ballot-with-open-source-scanner architecture. This is
because class certification makes firmware-based attacks easier to mount
than does individual-hardware certification, and such attacks are more
difficult to detect in the ballot-printer architecture than in the scanner
architecture, because the latter's results (the counts) can be effectively
audited, while the former's (due to, e.g., presentation attacks, DoS
attacks, etc.) are much less amenable to meaningful audits.

I can't make out what you think you are talking about. What do you
mean about a lack of meaningful auditability in ballot printers, where
you audit _the paper_, not just the machines? No matter what you might
in theory be able to hack in the hardware, if it produces correct
paper printouts showing the voter's intended votes there is no
problem, and if it doesn't, its failure can easily be detected by
voters with no technical knowledge.
I guess you didn't read my messages concerning DoS attacks, presentation attacks, selection attacks, and social engineering attacks. All of those attacks -- which can originate in software -- occur before a ballot is generated, thus an "audit" of "the paper" can't detect (let alone defeat) them. As for voters otherwise detecting these attacks, even assuming that they do, it doesn't do much good for the election under attack unless (1) many voters detect the attacks; (2) officials take them seriously (none of this "it's voter error" or "it's a glitch" crap); and (3) officials fallback all polling places to hand-filled paper immediately. Even so, it's likely that the attacks will have affected hours' worth of voting. And it's likely that officials won't do the right thing to root out the attacks post-election, either.


OVC-discuss mailing list
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Thu Jan 7 00:09:51 2010

This archive was generated by hypermail 2.1.8 : Thu Jan 07 2010 - 00:09:57 CST