Re: Diebold on eBay

From: Douglas W. Jones <jones_at_cs_dot_uiowa_dot_edu>
Date: Fri Jun 16 2006 - 16:38:43 CDT

On Jun 16, 2006, at 4:17 PM, Jim March wrote:

> 32746.html
> 1) The "ABinterp" files were analysed. That's the Accubasic
> interpreter. The interpreter is banned,

No, there's wiggle room in the voting system standards that
exempts interpreters from the ban if the interpreter does not
process source code. Since the AccuBasic interpreter processes
bytecodes, it comes under this exemption.

However, the fact that it executes from removable media ought
to raise red flags. The standards certainly mention the need to
block installation of non-certified software, but they don't ask
testable questions about this.

HOWEVER (loudly), the specific itemized security defects found
in the AccuBasic interpreter by Jefferson et al were mostly buffer
overflow errors and unchecked pointer faults. Each of these is a
direct violation of a direct and testable requirement of the 2002
standards. The ITA should have caught every one of these if their
source code examination was halfway competent.

> ... but they examined it and passed
> it. In the Bowen hearing of 3-29-06 the Wyle reps denied this - they
> claimed that Accubasic had mistakenly been declared "COTS".

This, of course, remains very suspicious.

> 2) What's not in there is any mention of examining customized Windows
> CE
> code. Bev Harris, myself and Doug Jones and God knows how many others
> have been screaming about Windows CE since 2003.

Windows 95 since 1997, since that's what the original I-mark system
used. The problems were pretty obvious back then, and nothing has
gotten better. See my 2001 testimony before the House Science
Committee, where I explicitly mentioned the grave problems caused
by the COTS exemption -- I'd found a system that managed to get
through the ITA because of a legitimate case of Windows 95 being
COTS, where a change to Windows led to a voting system that directly
revealed to each voter how the previous voter had voted! It was all
on the up-and-up, nobody had any evil intent, and yet the COTS
exemption led to a complete failure of one of our basic requirements
for voting systems.

                Doug Jones

OVC-discuss mailing list
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Fri Jun 30 23:17:07 2006

This archive was generated by hypermail 2.1.8 : Fri Jun 30 2006 - 23:17:12 CDT