Re: [OVC-discuss] [bytesforall_readers] EVMs and FOSS

From: Edward Cherlin <echerlin_at_gmail_dot_com>
Date: Sun Jun 21 2009 - 03:27:45 CDT

Please copy to India-egov@yahoogroups.com, of which I am not a member.

Anybody who would like to examine this source code for creating
ballots, voting, and counting ballots (canvassing) is free to do so.

http://www.openvoting.org/blog/2008-apr-08/new_ovc_demo_disk_ready_to_show

A new version of the OVC demo disk is available for download. Previous
demos have been very encouraging, and we really enjoy doing them.

If you have already tried our previous demo, you might want to
download this one to see how we are progressing. If you haven't tried
our demo disk yet, please download it and try it out. Let me know if
you need help, or read some of the notes about it we have on our
website.

Here's the url for the download:
http://www.openvotingconsortium.org/ad/ovcdemo5.iso

2009/6/20 vinay ವಿನಯ್ <vinay@itforchange.net>:
> http://www.hindu.com/2009/06/17/stories/2009061755160900.htm
>
> Subramian Swamy speaks of rigging EVMs and speaks of how using FOSS may
> be 1 way to prevent EVM rigging.
>
> /...A better way, it is argued in the IEEE article I have cited, is to
> expose the software behind electronic voting machines to public
> scrutiny.

> The root problem of popular electronic machines is that the
> computer programmes that run them are usually closely held trade secrets
> (it doesn’t help that the software often runs on the Microsoft Windows
> operating system, which is not the world’s most secure). Having the
> software closely examined and tested by experts not affiliated with the
> company would make it easier to close technical loopholes that hackers
> can exploit. Experience with web servers has shown that opening software
> to public scrutiny can uncover potential security breaches.

Necessary, but not sufficient. Full public scrutiny is also required,
but not sufficient without adequate security design competence.

> However, as
> the /Newsweek/ article points out, the electronic voting machine
> industry argues that openness will hurt the competitive position of the
> current market leaders. A report released in April by the Election
> Technology Council, a U.S. trade association, says that disclosing
> information on known vulnerabilities might help would-be attackers more
> than those who would defend against such attack../

Security by Obscurity has been thoroughly discredited. Arthur Keller,
David Mertz, and I discuss this in the paper cited below.

> *Are electronic voting machines tamper-proof? * Subramanian Swamy
> / No, argues the author, because each step in the life cycle of a voting
> machine involves different people gaining access to the machines, often
> installing new software. But there are many ways of preventing EVM fraud. /

OVC begins by using Electronic Ballot Marking Systems, not EVMs. The
printed paper ballot is not subject to overvoting or stray marks. It
is further secured using cryptographic hashes to generate checksums of
each ballot and of larger aggregations from polling places, districts,
etc. This makes it effectively impossible to add, remove, or replace
ballots undetected.

Thus hacking the voting machines is not enough to change the vote.
Voters can tell if their votes are not recorded correctly on the
printout, both in print and in the barcode. Barcode readers at polling
places should use code not created by the voting machine vendor.

There are other security concerns. The OVC design addresses known
concerns. Further development will include a detailed security audit,
with public comment and opportunities to try to compromise the system.

> Is there a possibility of rigging electoral outcomes in a general
> election to the Lok Sabha? This question has arisen not only because of
> the unexpected number of seats won or lost by some parties in the recent
> contest. It is accentuated by the recent spate of articles published in
> reputed computer engineering journals and in the popular international
> press, which raise doubts about the integrity of Electronic Voting
> Machines (EVMs).

Ballot fraud has occurred in every country that has elections at one
time or another.

> For example, the respected /International Electrical & Electronics
> Engineering Journal/ (IEEE, May 2009, p.23) has published an article by
> two eminent professors of computer science, titled “Trustworthy Voting.”

http://www.cs.bham.ac.uk/~mdr/research/projects/09-VotingProject/VotingProject.pdf

Trustworthy Voting: From Machine to System
Nathanael Paul, Vrije Universiteit
Andrew S. Tanenbaum, Vrije Universiteit

> They conclude that although electronic voting machines do offer a myriad
> of benefits, these cannot be reaped unless nine suggested safeguards are
> put in place for protecting the integrity of the outcome.

OVC suggests further safeguards.

> None of these
> nine safeguards, however, is in place in Indian EVMs. Hence, electronic
> voting machines in India today do not meet the standard of national
> integrity or safeguard the sanctity of our democracy.
>
> /Newsweek/ (issue of June 1, 2009) has published an interesting article
> by Evgeny Morozov, who points out that when Ireland embarked on an
> ambitious e-voting scheme in 2006, such as touch-screen voting machines,
> the innovation was widely welcomed. Three years and 51 million euros
> later, the government scrapped the entire initiative. What doomed the
> effort was a lack of people’s trust in the machines. Voters just didn’t
> like that the machines would record their votes as mere electronic
> blips, with no tangible record.
>
> Mr. Morozov points out that, as most PC-users know, computers can be
> hacked. While we are not unwilling to accept this security risk in
> banking, shopping, and e-mailing (since the fraud is at the micro-level
> and of individual consequence, which in most cases is rectifiable), the
> ballot box is sacred. It needs to be perfectly safeguarded because of
> the monumental consequence of a rigged or faulty vote recording. It is
> of macro-significance, in the nature of an /e-coup d’etat/. At least
> that’s what voters across Europe seem to have said loud and clear.
>
> Thus, a backlash against e-voting is brewing across the European
> continent. After nearly two years of deliberation, Germany’s Supreme
> Court ruled last March that e-voting was unconstitutional because the
> average citizen could not be expected to understand the exact steps
> involved in the recording and tallying of votes. Ulrich Wiesner, a
> software consultant who holds a Ph.D. in physics and who filed the
> initial lawsuit, said in an interview with the German magazine /Der
> Spiegel/ that the Dutch Nedap machines used in Germany were even less
> secure than mobile phones!
>
> In fact, the Dutch public-interest group ‘Wij Vertrouwen Stemcomputers
> Niet’ (‘We Do Not Trust Voting Machines’) produced a video showing how
> quickly the Nedap machines could be hacked without voters or election
> officials being aware (it took just five minutes). After the clip was
> broadcast on Dutch national television in October 2006, the Netherlands
> banned all electronic voting machines from use in elections.
>
> Numerous electronic voting inconsistencies in developing countries,
> where governments are often all too eager to manipulate votes, have only
> fuelled the controversy. After Hugo Chavez won the 2004 election in
> Venezuela, it came out that the government owned 28 per cent of Bizta,
> the company that manufactured the voting machines. On the eve of the
> 2009 elections in India, I raised the issue at a press conference in
> Chennai, pointing out that a political party just before the elections
> had recruited those who had been convicted in the U.S. for hacking bank
> accounts on the Internet and credit cards.
>
> In the U.S. too, there is a significant controversy on EVMs. In fact,
> the Secretary of State of California has set up a full-fledged inquiry
> into EVMs, after staying all further use.
>
> Why are the EVMs so vulnerable? Each step in the life cycle of a voting
> machine — from the time it is developed and installed to when the votes
> are recorded and the data transferred to a central repository for
> tallying — involves different people gaining access to the machines,
> often installing new software. It wouldn’t be hard for, say, an election
> official to paint a parallel programme under another password on one or
> many voting machines that would, before voters arrived at the poll
> stations, ensure a pre-determined outcome.
>
> The Election Commission of India has known of these dangers since 2000.
> Dr M. S. Gill, the then CEC, had arranged at my initiative for Professor
> Sanjay Sarma, the father of RFID software fame at the Massachusetts
> Institute of Technology (MIT), and his wife Dr Gitanjali Swamy of
> Harvard, to demonstrate how unsafeguarded the chips in EVMs were. Some
> changes in procedure were made subsequently by the EC. But the
> fundamental flaws, which made them compliant to hacking, remained.
>
> In 2004, the Supreme Court’s First Bench, comprising Chief Justice V. N.
> Khare and Justices Babu and Kapadia, directed the Election Commission to
> consider the technical flaws in EVMs put forward by Satinath Choudhary,
> a U.S.-based software engineer, in a PIL. But the EC has failed to
> consider his representation.
>
> There are many ways to prevent EVM fraud. One way to reduce the risk of
> fraud is to have machines print a paper record of each vote, which
> voters could then deposit into a conventional ballot box.

+1

> While this
> procedure will ensure that each vote can be verified, using paper
> ballots defeats the purpose of electronic voting in the first place.

Not so. Paper adds security and auditability, while electronic voting
adds accessibility and the prevention of many kinds of voter error.

> Using two machines produced by different manufacturers decreases the
> risk of a security compromise, but doesn’t eliminate it.
>
> A better way, it is argued in the IEEE article I have cited, is to
> expose the software behind electronic voting machines to public
> scrutiny.

+1, but not enough by itself.

> The root problem of popular electronic machines is that the
> computer programmes that run them are usually closely held trade secrets
> (it doesn’t help that the software often runs on the Microsoft Windows
> operating system, which is not the world’s most secure). Having the
> software closely examined and tested by experts not affiliated with the
> company would make it easier to close technical loopholes that hackers
> can exploit. Experience with web servers has shown that opening software
> to public scrutiny can uncover potential security breaches.
>
> However, as the /Newsweek/ article points out, the electronic voting
> machine industry argues that openness will hurt the competitive position
> of the current market leaders.

It is funny to hear that we should not compete with existing companies
from so-called Free Marketers.

> A report released in April by the
> Election Technology Council, a U.S. trade association,

which thus has no technical credibility

> says that
> disclosing information on known vulnerabilities might help would-be
> attackers more than those who would defend against such attacks. Some
> computer scientists have proposed that computer codes should be
> disclosed to a limited group of certified experts.

No, no, the entire public. Web sites are not less secure for running
FOSS Apache rather than proprietary Microsoft IIS. Cryptographic
systems can only be made reasonably secure by full public disclosure,
so that the weak systems can be weeded out.

> Making such
> disclosure mandatory for all electronic voting machines will be a good
> first step for preventing vote fraud. It will also be consistent with
> openness in the electoral process.
>
> Now several High Courts are hearing PILs on the EVMs. This is good news.
> I believe the time has arrived for the Supreme Court to transfer these
> cases to itself, and take a long, hard look at these riggable machines
> that favour a ruling party that can ensure a pliant Election Commission.
>
> Else, elections will soon lose their credibility and the demise of
> democracy will be near. Hence evidence must now be collected by all
> political parties to determine the number of constituencies in which
> they suspect rigging. The number will not exceed 75, in my opinion. We
> can identify them as follows: any 2009 general election result in which
> the main losing candidate of a recognised party found that more than 10
> per cent of the polling booths showed fewer than five votes per booth
> should be taken, prima facie, as a constituency in which rigging took
> place. This is because the main recognised parties usually have more
> than five party workers per booth, and hence with their families will
> poll a minimum of 25 votes per booth for their party candidate. If these
> 25 voters can give affidavits affirming who they voted for, the High
> Court can treat this as evidence and order a full inquiry.

Statisticians and auditing experts have found many more reliable
indicators of fraud.

> (/The writer is a former Union Law Minister./)

The writer of this reply is a current Founding Member of the Open
Voting Consortium, which is creating FOSS voting software. He is also
a co-author of the paper, A Deeper Look: Rebutting Shamos on e-Voting,
by Arthur M. Keller, Ph.D., Edward Cherlin, David Mertz, Ph.D.

http://www.vocomp.org/papers/shamos-rebuttal.pdf

> --
>
> Vinay Sreenivasa
> IT for Change
> 91-98805-95032
> vinay@itforchange.net
>
> http://itforchange.net
> http://public-software.in
>
>
>
>
> ------------------------------------
>
> Yahoo! Groups Links
>
> <*> To visit your group on the web, go to:
>    http://groups.yahoo.com/group/bytesforall_readers/
>
> <*> Your email settings:
>    Individual Email | Traditional
>
> <*> To change settings online go to:
>    http://groups.yahoo.com/group/bytesforall_readers/join
>    (Yahoo! ID required)
>
> <*> To change settings via email:
>    mailto:bytesforall_readers-digest@yahoogroups.com
>    mailto:bytesforall_readers-fullfeatured@yahoogroups.com
>
> <*> To unsubscribe from this group, send an email to:
>    bytesforall_readers-unsubscribe@yahoogroups.com
>
> <*> Your use of Yahoo! Groups is subject to:
>    http://docs.yahoo.com/info/terms/
>
>

-- 
Silent Thunder (默雷/धर्ममेघशब्दगर्ज/دھرممیگھشبدگر ج) is my name
And Children are my nation.
The Cosmos is my dwelling place, The Truth my destination.
http://earthtreasury.org/worknet (Edward Mokurai Cherlin)
_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss  list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at  http://gnosis.python-hosting.com/voting-project/
Received on Tue Jun 30 23:17:05 2009

This archive was generated by hypermail 2.1.8 : Tue Jun 30 2009 - 23:17:20 CDT