Non-member submission from [Rudy de Haas <rudy@edpstaff.com>]

From: Arthur Keller <arthur_at_kellers_dot_org>
Date: Fri May 28 2004 - 04:19:28 CDT

--- begin forwarded text

Date: Thu, 27 May 2004 18:23:13 -0400 (EDT)
From: Rudy de Haas <rudy_at_edpstaff_dot_com>
Reply-To: Rudy de Haas <rudy@edpstaff.com>
Subject: Re: "Using Tech To Fix Elections"
To: voting-project@lists.sonic.net, voting-project@gnosis.cx
Cc: murph@www.winface.com

While I ("Paul Murphy" is a psuedonym) am not on your list I was glad
to get your note. There are several things worthy of comment here:

1- As I said in the column, politics will drive this process to disaster. It is
possible to fix it in time, but action is not probable. I plan,
however, to make
sure the chair of all of the congressional committees investigating the
2004 presidential election get copies - -:)

2- Sunray pricing is both absurd and confusing. The store.sun.com price
is the public dissuasion price, like the $300 SCSI terminator (for the 3310),
aimed (I think) at establishing an inclusive base price for pentagon
buyers. In
reality, the 1g (the first "smart display" Sunray and quite different from
earlier models) runs around $359 plus monitor so $650 is quite
realistic and not
actually a discounted price; merely a real world one. In reality you'd probably
get 19" flat screens with them with the kind of volume this contemplates.

3- the snippy version of my response to the comment about sunrays is that
I've used PCs but you haven't used a 1g, have you? The more realistic
response is twofold:

3.a - first, anything you can show on a PC, I can do on a 1g - and I do mean
anything since you can use them to show wintel services too. Sun recommends
citrix for that; I use VNC, either way the underlying issue is ms licensing,
not technology.

3.b second, from a security and audit perspective the key issue that
the simpler
you make things, the fewer things that can go wrong - accidently or
otherwise. I
really like the idea of open source PC voting software - it's more likely
to get used than my idea - but that PC is dangerous whether it runs
some windows
brand OS, Linux, BSD, or even Solaris. Fundamentally it's not transperent and
the sunray is because there's nothing there for anyone to bugger around with -
and there are lots of reasons for thinking that getting at the data after
the sunray transmits it will be almost impossible. Check next week's column
for details.

You have a comment about my taking networking for granted. I am - sort of. You
can use sunrays on PC networks, but its a bad idea. In my approach
the local server will connect to a hub (a dumb hub) which will fan out to
the local sunrays as well as pass a connection to the local school net. All
traffic to/from that net is automatically encrypted; all local traffic can
be but doesn't have to be. The actual load on the school's connection to the
internet is small, but there's no doubt that this will be the most common
point of failure. On the other hand implementation won't happen this
year - and getting it in by 2008 will allow for a month or two of set-up,
testing, and debugging!

And, finally, you have a comment about timestamps and local law. There are
at least three thousand sets of bylaws, real laws, and opinions on these
issues. In principle federal legislation can over ride them all; in practice
that would take leadership empowered by an understanding of what can, and
should be done. It's not there yet.

>Mime-Version: 1.0 (Apple Message framework v618)
>Content-Transfer-Encoding: 7bit
>Cc: murph@www.winface.com
>From: David Mertz <voting-project@gnosis.cx>
>Subject: "Using Tech To Fix Elections"
>Date: Thu, 27 May 2004 14:08:43 -0400
>To: voting-project@lists.sonic.net
>
>On May 27, 2004, at 1:37 PM, Alan Dechert wrote:
>>> <http://www.linuxinsider.com/story/34032.html>
>> He's got some good commentary until he arrives at his proposed
>> solution,
>> which suffers from the "pretend politics doesn't matter and everyone
>> just
>> does as I say" syndrome.
>
>Paul Murphy also gets some technical details wrong. In the same ways
>some very smart people have, so there's no shame in that. I don't
>really get the fixation on Sun, maybe he owns stock in them. But if
>Sunray's with 17" touchscreens really are $650, that's a nice price
>compared to those people have mentioned recently.
>
>He's also a little too sanguine about local for my tastes, but that's
>not wrong per se. Well, maybe more than just a little too much. And
>why he always refers to the interface as a "web page" is mysterious,
>since it isn't on "the Web." Probably HTML is the wrong display
>technology, as list readers know, but even if it weren't, the casual
>mention of "web page" conflates issues.
>
>Where Murphy really goes wrong is in not understanding the anonymity
>constraints:
>
>> Election officials at the polling place login each smart display using
>> an assigned ID that identifies the device. Both the Sunray and local
>> Web services are handled by a nearby server, but ballot submissions
>> are automatically routed to state servers, where they are added to
>> transaction tables defined by unique ballots. As will be noted in next
>> week's column on the software for this, serialization will replace the
>> timestamp for audit purposes to break the link between the time the
>> voter leaves the booth and the voting record compiled at the state
>> level.
>
>I've discussed the "covert-videotaping-voters" attack many times.
>Sequence information still compromises anonymity. I think Murphy
>intends to address that by having an elaborately networked (i.e.
>crackable/interceptible) scheme to dump everything in central
>databases, thereby making the sequence attack more difficult. It just
>screams "fragile" at so very many levels. But even apart from that,
>the sequence masking doesn't really work if ballots can be reassociated
>to particular precincts, which is very often the case because of
>per-precinct ballot customization (different places have different
>collections of contests).
>
>It's kinda the "fresh faced engineer" approach, even if his picture
>suggests he's a bit older than "fresh faced" suggests :-). As Alan is
>often good at pointing out, the problem isn't one for engineers (at
>least not in isolation).
>
>Apart from the anonymity attack, Murphy runs afoul of the law. In a
>way I did not know until Doug Jones recently pointed it out on the
>list. Vote timestamps are REQUIRED, but as the time of casting a vote
>only, not the vote content. Murphy's idea isn't entirely inconsistent
>with this, he just needs to quickly start adding more layers to address
>the law, once he finds out about it. There would be lots more layers
>he'd discover if he started following the OVC list, until eventually he
>arrived at a Sun-powered Rube Goldberg voting station.
>
>I do want to compliment Alan, yet again, for managing to strip away
>complexities, and get at the core issues. I have a set of minor
>divergences from Alan on OVC design--as Karl or Arthur has slightly
>different ones--but at heart it's a remarkably elegant concept.
>

Rudy de Haas
www.edpstaff.com
1-519-896-2560 (EST)

Author (As Paul Murphy) of:
LinuxInsider.com column on Unix and Telecom
The Unix Guide to defenestration (see www.winface.com )
Multiple Linuxworld.com Series on Linux and business issues

--- end forwarded text

-- 
-------------------------------------------------------------------------------
Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Mon May 31 23:18:10 2004

This archive was generated by hypermail 2.1.8 : Mon May 31 2004 - 23:18:17 CDT