RE: Avante Releases White Papers on AVVPAT...

From: John Payson <jpayson_at_circad_dot_com>
Date: Tue Jun 15 2004 - 17:18:35 CDT

-----Original Message-----
From: John Payson [mailto:jpayson_at_circad_dot_com]
Sent: Monday, June 14, 2004 8:24 PM
To: 'voting-project@lists.sonic.net'
Subject: RE: Avante Releases White Papers on AVVPAT...

>>
The difficulties in determining running software are not TECHNICAL, but
PROCEDURAL. Miami-Dade did not follow best practices in terms of
chain-of-custody, running checksums, verifying signatures, and so on.
Object code can easily have 'md5sum' run against it, as can source
code.
<<

Actually, the difficulties are technical. Suppose the software in question is
being run on a 16-bit computer that uses e.g. a 1024Kx16 SRAM. It would be
possible for someone with a few million dollars [and turning a major election
would be worth a lot more than that!] to produce a chip package which looked
like a 1024Kx16 SRAM but which also contained a 'piggyback' processor that
would watch the memory bus for certain code sequences and behave
'interestingly' when those sequences were discovered. If the code that was
going to be used was open-source, it would likely be quite feasible to figure
out trappabale code sequences that could be used for this purpose.

>>
> Is this a place that Trusted Computing (a/k/a NGSCB, a/k/a Palladium)
> could help specifically in the context of elections systems?

No, no, no, no, NO!!

The ENTIRE purpose of Palladium is to prevent Free Software from
running on machines--or at the least introduce new layers of
incompatibility between Microsoft's monopoly OS and third party (Free
or proprietary) software. Even in jest, or as devil's advocate, we
should not suggest Palladium would solve any security or anonymity
issues.
<<

Actually, it's worse than that. One of the fundamental PURPOSES of Palladium
is to obscure what code is actually running on the processor. I don't know the
exact details, but I believe this design includes the ability to watch for
arbitrary instruction sequences and trigger special handling.

No system running Palladium should be trusted for any purpose whatsoever.
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Wed Jun 30 23:17:16 2004

This archive was generated by hypermail 2.1.8 : Wed Jun 30 2004 - 23:17:30 CDT