Re: Crypto question: Hashing ultimate output for localuse

From: Ed Kennedy <ekennedyx_at_yahoo_dot_com>
Date: Mon May 02 2005 - 17:36:58 CDT

Hello David:

OK, I'm basically satisfied on this issue. I think that the software
documentation should point out that final users of a suspicious nature
should try and read the ballot definitions. Two issues remaining:

1. The 'front end' or ballot design is where election officials or
consultants are going to set election parameters outside of the EVM core
right?. I'm talking about things like IRV, whether party line votes are
permitted, how the machines are initialized for each voter especially during
a primary and what sort of output is desired (SPB or Mark Sense--also OCR
versus bar code). These parameters have to be passed back to the core
right? I don't see this as a weakness, I just want to understand how this
will work. So much of this is not about actual security issues but about
the perception of security.

2. How were you planning to handle write in ballots? Yes, I understand
that there will be a pop up, on screen keyboard that can be invoked by
pushing 'Write In' on the screen. How will these special ballots be
recorded and tabulated? Will there be an in machine summary or will this be
analyzed later from both the paper ballots and the electronic ballot images?
Again, I'm not pointing out a security problem here, this is just one of
those details that needs to be worked on. I know we have discussed this
before but I'm having trouble finding the references.

Please remember that my nominal role here is that of the well educated and
aware lay person who doesn't necessarily have your specialized background.
It is my hope that I can get folks to explain themselves clearly my asking
questions. If this isn't a satisfactory approach, feel free to make
suggestions. I'll actually listen.

-- 
Thanks, Edmund R. Kennedy
Always work for the common good.
10777 Bendigo Cove
San Diego, CA 92126-2510
USA
I blog now and then at: <http://ekennedyx.blogspot.com/>
----- Original Message ----- 
From: "David Mertz" <voting-project@gnosis.cx>
To: "Open Voting Consortium discussion list" <ovc-discuss@listman.sonic.net>
Sent: Monday, May 02, 2005 1:47 PM
Subject: Fwd: [OVC-discuss] Crypto question: Hashing ultimate output for 
localuse
>> That's good and it's clear.  However, what if the local vendor/customizer 
>> decides to add some malware to one or both of the two new files?
>
> The files added are human-readable XML.  The added files ARE NOT (and 
> cannot be) executable in any way.  The thousand concerned per-county 
> downloaders/citizens should examine those files as part of building their 
> testing of the combined ISO.  Being XML, there's really nowhere for 
> anything malicious to hide--and NO REQUIREMENT to trust anyone.
>
> I think, Ed, you keep wanting to make this seem like something much more 
> complex than it is.  The hashing procedure is, instead, enormously simple 
> and entirely transparent.  It's something I can easily explain to any 
> intelligent 12 y.o.
>
> For example, in the article I wrote about the XML format used in the OVC 
> demo, I showed what might be a ballot definition format.  See 
> http://www-128.ibm.com/developerworks/xml/library/x-matters36.html.  Do 
> not get too hung up by the exact spelling of the tag names in the below 
> snippet; but the concepts in the eventual standardized format will be 
> similar.  E.g.:
>
> <ballot election_date="2008-11-04" country="US" state="CA"
>         county="Santa Clara County" precinct="2216">
>   <contest ordered="No" coupled="Yes"
>            allow_writein="Yes" name="Presidency">
>     <selection party="Reform"
>                name="President">Martin Luther King</selection>
>     <selection party="Reform"
>                name="Vice President">John Anderson</selection>
>     <selection party="Workers"
>                name="President">Helen Keller</selection>
>     <selection party="Workers"
>                name="Vice President">Amelia Earhart</selection>
>     <selection party="Socialist"
>                name="President">V. I. Lenin</selection>
>     <selection party="Socialist"
>                name="Vice President">Karl Marx</selection>
>   </contest>
>   [...]
>
> The added files will look something like that.  And there's REALLY nowhere 
> to hide anything nasty in there.  Sure, a ballot definition probably 
> requires examination--a candidate name could be changed or the like.  But 
> anything wrong is easily detectable.
>
> _______________________________________________
> OVC discuss mailing lists
> Send requests to subscribe or unsubscribe to 
> arthur@openvotingconsortium.org 
_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Tue May 31 23:17:13 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT