Re: Secure logging - explained

From: Jim March <jmarch_at_prodigy_dot_net>
Date: Wed Nov 10 2004 - 04:16:21 CST

Ed Kennedy wrote:

> Hello Fred and Charlie:
>
> Just in case you weren't aware of this, there is a Searchable
> correspondance archive
> http://gnosis.python-hosting.com/voting-project/ . If OVC has
> previously discussed a subject like this, that is where you will find
> it. BTW, I don't understand the issue. Could you please clarity it
> for this simple minded civil engineer?
>
> Thanks, Ed Kennedy

Ed, the issue is that every time votes move into the central tabulator
computer (one big PC per county that adds up the vote) there needs to be
an audit log entry performed. Every time those votes are "processed" in
any way, there needs to be an entry. That means reports created, data
added, data deleted because it was accidentally entered twice, a new
precinct's worth of stuff brought in, and MANY other operations each
need an "audit trail item" created.

These audit trail items track what was done, WHEN it was done (date/time
stamp), who did it (by username), etc.

The audit trail concept is borrowed from professional bookkeeping
practice (more or less) and is analogous to how a bank tracks taking in
and processing money. The principles of tracking such money flow have
been understood for more than 300 years, were perfected by Wells Fargo
back when they were still famous for stage coaches as a sideline and
have been extensively codified - it's part of what a CPA knows how to do
in his/her/it's sleep. Bev Harris' position (and mine) is that we
should directly borrow from that CPA "playbook" and treat votes as
directly analogous to money. This is a minority opinion in the
electronic voting community so far but one that I think can be supported
- it's not expensive and the "R&D" is all basically done and long since
public domain.

Diebold's simplistic audit trail (nowhere near CPA best practices to
start with) has each audit trail item added to an MS-Access database
table(!). This table can be edited by...well, by anybody. With
MS-Access (full copy, not runtime) it's dead simple. Failing that being
available, you can write Visual Basic scripts to do it (controlling the
MS-Access "runtime" (a sort of brainless "mini-Access") included with
the Diebold software package) or with a regular text editor like Windows
NT/2000/XP Notepad(!) if you know what you're doing. It's ridiculous.
Hell, it's so simple Bev Harris hired some dude to teach Baxter to do
it. Baxter was paid in Menthos, dunno what flavor - he's a freakin'
CHIMPANZEE!

The resulting video is hilarious:

http://www.blackboxvoting.org/baxter/baxterVPR.mov

(Errr...we're having an ISP problem as I write this...try tomorrow.
Quicktime required.)

Anyways.

What's not funny is that we now have proof this "audit trail editing"
happened in a live election...King County WA, this year's primaries,
three hours missing on election night. Not funny AT ALL.

We're trying to sort out how to create an audit log that CANNOT be
edited for the OVC system.

One option is to print it on a continuous cash register tape. Low tech,
but hey, not a crazy idea. Another is to burn it to CD-ROM or DVD-ROM,
some physical media that cannot be erased under computer control.
Slightly more expensive BUT I believe a bit more reliable. A third is
to go ahead and write it to a hard disk sorta like what Diebold does
(shudder) except use hardcore encryption and redundent copies to make
sure it doesn't go away. And an auto-backup to CD-write-once mebbe?

Come to think...there are companies selling USB2.0 external memory chip
"hard disks" of 512meg - 1gig or more range that have onboard hardware
heavy-duty encryption that can be set to prevent erasure. Might have
potential as an audit trail encoding device...one that should survive
the computer having a fairly major crash?

Point is, we can do one HELL of a lot better than Diebold with any of
several options...but then again, so can a trained Chimpanzee so that
ain't saying much...

Jim
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue Nov 30 23:17:23 2004

This archive was generated by hypermail 2.1.8 : Tue Nov 30 2004 - 23:17:44 CST