Re: Avante Releases White Papers on AVVPAT...

From: Joseph Lorenzo Hall <joehall_at_gmail_dot_com>
Date: Sun Jun 13 2004 - 11:37:27 CDT

Alan wrote:

> The task of verifying that the certified software version claimed to have
> been running on the voting machine on Election Day was the correct one has
> nothing to do with open/closed source. The fact that someone could easily
> change the source code is meaningless. The modified version of that
> software would not pass any reasonable inspection (e.g., checksum) against
> the certifed version. The argument also ignored the fact that the
> architecture of the main organization promoting the open source mode for
> election administration (the OVC) has adopted an architecture that has the
> software burned on to a CD that becomes a permanent part of the audit trail.

So, to play the devli's advocate: In the recent Miami-Dade County
report that Doug Jones authored, he said, "There are unsolved
technical problems involved in actually determining, to any degree of
certainty, what software is actually running on an arbitrary
computer." (page 8).

I understand that some method of checksumming (like Eric Raymond's
source code tool "comparator" written specifically to address the SCO
fiasco) on the source will catch deviations from any versions
checksummed and logged at an earlier stage in the process (say
certification by ITAs).

So was Prof. Jones comment targeted specifically at object code? That
is, checksumming will not work for object code because it is unique
for each computer (because it holds things like the name of the
computer, or what-have-you)?

Is this a place that Trusted Computing (a/k/a NGSCB, a/k/a Palladium)
could help specifically in the context of elections systems?

-- 
Joseph Lorenzo Hall
UC Berkeley, SIMS PhD Student
http://pobox.com/~joehall/
blog: http://pobox.com/~joehall/nqb/
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Wed Jun 30 23:17:14 2004

This archive was generated by hypermail 2.1.8 : Wed Jun 30 2004 - 23:17:30 CDT