Re: Avante Releases White Papers on AVVPAT...

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Tue Jun 15 2004 - 20:57:05 CDT

On Jun 15, 2004, at 6:18 PM, John Payson wrote:
> Actually, the difficulties are technical. Suppose the software in
> question is
> being run on a 16-bit computer that uses e.g. a 1024Kx16 SRAM. It
> would be
> possible for someone with a few million dollars [and turning a major
> election
> would be worth a lot more than that!] to produce a chip package
> which...

Which is exactly why we need PROCEDURES around chain-of-custody and the
like. Just like Doug or John, I can easily invent fancy attacks on
electronics hardware using covert components. But they're all a bit
silly under the OVC model, especially if computers are dual-use like
Alan wants.

I know elections are worth millions to hijack--after all, wannabe
Senators spend about $20M to become actual Senators... so it's worth at
least that much (per race). But even all those millions aren't going
to manage to get hacked RAM chips into every public library and school
computer (especially without detection of a very large conspiracy that
would be required). And even if you managed to ship millions of
specially hacked RAM to millions of general purpose computers, it's
unlikely the hack would keep working once OVC upgraded from version
10.3 to version 10.4 of its voting software (not because extra
safeguards were implemented even, just because the hack has to look for
fairly narrow tags like byte sequences... and changes made for
completely unrelated reasons are likely to change those).

In contrast, hacking the proprietary machines is much more
straightforward. Having a whole chain of closed-hardware to run
close-software means that you can quite narrowly target your tampering
to fix exactly the election you want fixed.

>> The ENTIRE purpose of Palladium is to prevent Free Software from
>> running on machines--or at the least introduce new layers of
>> incompatibility between Microsoft's monopoly OS and third party (Free
>> or proprietary) software. Even in jest, or as devil's advocate, we
>> should not suggest Palladium would solve any security or anonymity
>> issues.
> Actually, it's worse than that. One of the fundamental PURPOSES of
> Palladium
> is to obscure what code is actually running on the processor. I don't
> know the
> exact details, but I believe this design includes the ability to watch
> for
> arbitrary instruction sequences and trigger special handling.
> No system running Palladium should be trusted for any purpose
> whatsoever.

Amen!
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Wed Jun 30 23:17:16 2004

This archive was generated by hypermail 2.1.8 : Wed Jun 30 2004 - 23:17:30 CDT