Re: Avante Releases White Papers on AVVPAT...

From: Douglas W. Jones <jones_at_cs_dot_uiowa_dot_edu>
Date: Wed Jun 16 2004 - 08:58:51 CDT

On Jun 15, 2004, at 8:57 PM, David Mertz wrote:

> On Jun 15, 2004, at 6:18 PM, John Payson wrote:
>> Actually, the difficulties are technical. Suppose the software in
>> question is
>> being run on a 16-bit computer that uses e.g. a 1024Kx16 SRAM. It
>> would be
>> possible for someone with a few million dollars [and turning a major
>> election
>> would be worth a lot more than that!] to produce a chip package
>> which...
> Which is exactly why we need PROCEDURES around chain-of-custody and
> the like. Just like Doug or John, I can easily invent fancy attacks
> on electronics hardware using covert components. But they're all a
> bit silly under the OVC model, especially if computers are dual-use
> like Alan wants.

But the entire dual-use model remains open to question. At this point,
people on the voting-project list are talking about building a voting
machine that's more cumbersome than many current models, involving a
table with a cut-out and a wire cage underneath to hold things, and
stuff like that. Once you build that animal, the marginal cost of
permanently integrating a computer into the machine will almost
be smaller than the cost, at each election, of pulling dual-use machines
from the library, school, or senior center, testing them for safety and
installing them in the voting machines.

So, pending an economic analysis of that mess, we don't really know that
the OVC software will run on commodity machines dedicated to elections
or that it will run on commodity machines that are dual use.

There are also chain-of-custody issues. Dual-use machines are outside
the election department's chain of custody while they are in their other

There are also product lifecycle issues. Dual-use machines are likely
to be considered useless if they are not replaced or seriously upgraded
every five years, while dedicated-use voting machines are likely to last
from 10 to 30 years. This means that software maintenance costs --
dominated by adapting the software to the newest generation hardware,
will go up for the dual-use environment.

(If you're curious about product lifetime, ES&S says their iVotronic
is designed for a 15-year life. My county uses Optech II mark-sense
scanners, and two Optech I scanners, that are all about 20 years old.
They work well, but are not up to current voting system standards, so
must be replaced in the next two years. Well-built electronics lasts,
and if it won't run the latest re-release of Quake, this is not problem
for voting applications.)

                Doug Jones
