"E-voting security: getting it right." not

From: Edward Cherlin <cherlin_at_pacbell_dot_net>
Date: Fri Jul 16 2004 - 23:33:53 CDT

E-voting security: getting it right.

The basic thesis here is that access to source code is the vital
piece once physical security can be achieved. In this view paper
is irrelevant if the source code passes inspection and testing,
and we can be sure that the certified code is running on the
machines at the polls. However, this assumes that all procedures
are carried out correctly. There are a number of attacks that
could circumvent such controls, both malicious and inadvertent,
so we need the extra protection of paper to be sure. "Trust but
verify" applies in full.

"Connecting printers to these poorly secured machines is fixing
the wrong thing. However, there's no shortage of other things
that do, in fact, need fixing. For example, there are inadequate
physical security protocols, with vendor representatives and
service personnel installing software patches and swapping out
hardware after certification."

Yes, those are also problems that need fixing.

"The problem with DRE gear is that it's prone to tampering."

That, too. But the real problem with DRE gear is that you have no
reason to trust results that you cannot inspect.

The rest of the article enumerates many problems that do need
fixing, but never examines the fundamental issue of

" it is crucial that there be an independent testing and
certification authority, and that it be in possession of all
source code, compilers and firmware, to verify that the
equipment works properly, and to guard against vendor backdoors
and default admin passwords, etc."

Necessary but not sufficient. Nowhere near as good as Open

Edward Cherlin
Generalist & activist--Linux, languages, literacy and more
"A knot! Oh, do let me help to undo it!"
--Alice in Wonderland
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Sat Jul 31 23:17:05 2004

This archive was generated by hypermail 2.1.8 : Sat Jul 31 2004 - 23:17:15 CDT