Re: Avante Releases White Papers on AVVPAT...

From: Douglas W. Jones <jones_at_cs_dot_uiowa_dot_edu>
Date: Mon Jun 14 2004 - 08:42:23 CDT

On Jun 13, 2004, at 8:00 PM, David Mertz wrote:

> (1) Elections workers inspect voting stations to see that they are
> apparently the specified hardware. This isn't impossible to fool, of
> course.

It's very different to inspect it to assure yourself that the BIOS is
the right one. Sadly, a modern PC BIOS is big enough to do harm.
Still, the BIOS is far removed from the application, and adding code
to the BIOS to recognize and attack the voting application may be hard.

Furthermore, our VVPT model makes most such attacks far less potent.

> (2) Elections workers inspect machines to make sure that the IS NO
> harddisk drive inside the chasis. Probably it takes someone with a
> bit of extra training to know what a harddisk looks like; but it ain't
> rocket science.

This is getting harder. Flash memory is becoming more and more
common, and it's very hard to recognize.

> (3) Elections workers open the sealed envelope ...
> (4) With observers looking over their shoulders, an election worker
> takes the CD-R to one machine, say a Windows system, and checks the
> MD5...
> (5) With observers still watching, some other election worker carries
> the same CD-R to a different system, say a OpenBSD system, and ...
> (6) Now, for the first time, the election workers actually *run* the
> software on the CD by carrying it over to voting station, and booting
> from CD-ROM device...

Now, imagine you're, say, Miami-Dade County, with over 7000 voting
machines and over 700 precincts. You have a warehouse full of voting
supplies. Think about how this procedure works in that context.

                        Doug Jones
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Wed Jun 30 23:17:15 2004

This archive was generated by hypermail 2.1.8 : Wed Jun 30 2004 - 23:17:30 CDT