Re: Secure logging

From: Keith Copenhagen <k_at_copetech_dot_com>
Date: Wed Nov 10 2004 - 17:25:29 CST

I'll admit to agreeing with Jim,

While I don't know what is in the audit trail, or what threats we need
to address, I'll go with a concept that includes an audit CD into a
physically locked drive during operation.

I can even imagine a CD-Only DRE That boots off a CD, has the ballot
definition xml on that same CD, and audit logs back to that CD, talk
about unambiguous traceability, its all there, period. The size could
force the choice from CD-RW to DVD-RW.

-Keith

Alan Dechert wrote:

>We've discussed this at some length over the last year or so.
Opponents of
>the paper printout like to carry around this 56 inch 2.5 in. tape
(which is
>about what you'd need in some jurisdictions with very long ballots --
e.g.,
>Bernalillo in NM 78 contests, bi-lingual). I showed how the longest
ballot
>anyone every came up with could be formatted on one side of a legal
sized
>sheet. Tapes are very bad from a handling view point -- for recounts
and
>such. You can put the rolls so that the paper is not cut (reel to
reel) a
>la the Sequoia system in NV, but preserving the order of the vote is
widely
>thought to be a no-no.
>
>Alan D.
>

Alan, I think we're on different pages here.

We're discussing how the central tabulator needs to keep an uneditable
audit log. There's three competing proposals:

1) Paper log (cash register tape type).

2) Write it to a read/write device (hard disk, USB memory stick, etc)
and use strong crypto to prevent it's being edited/erased.

3) Write it to a write-once medium that physically can't be erased, such
as a standard CD or DVD burner.

I like number three, myself. ALL are better than Diebold's "write it to
a hard drive and cripple what security MS-Access provides, which wasn't
much to start with...". Diebold's audit log process is going to get
serious scrutiny as people realize we've got a documented case of it
being edited on election night (three hours smoked!) in King County WA.

I recommend OVC have some sort of "official take" on audit logs handy in
case the King County/Diebold situation grows wings.

Jim
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue Nov 30 23:17:25 2004

This archive was generated by hypermail 2.1.8 : Tue Nov 30 2004 - 23:17:44 CST