Re: Secure logging - explained

From: Fred McLain <mclain_at_zipcon_dot_net>
Date: Wed Nov 10 2004 - 19:18:37 CST

Hi Jim,

I'd strongly call into question your belief that CDR would be more
reliable then a register tape. I believe that some (most?) bank
machines also uses these sorts of tapes for their audit logs. Thermal
printers should not be used because they are susceptible to erasure
though heat but ink based printer output can last for decades and even
longer with the right type of paper.

CDs have recently been shown to have a far shorter shelf life then
originally imagined due to oxidation of the underling aluminum foil.
They start pitting after time and can be quickly made entirely
unreadable. A small scratch on the top side of a CD (where the foil is)
will kill the entire CD whereas a mark on a strip of paper only obscures
what is under the mark. Recordable multi session CDs are usually only
"reliable" on the drive that recorded them, another issue. Also think
about the number of recordable CDs that turn out to be "spoiled" -
hardly the medium for a real time log.

        -Fred-

On Wed, 2004-11-10 at 02:16, Jim March wrote:
> Ed Kennedy wrote:
>
> > Hello Fred and Charlie:
> >
> > Just in case you weren't aware of this, there is a Searchable
> > correspondance archive
> > http://gnosis.python-hosting.com/voting-project/ . If OVC has
> > previously discussed a subject like this, that is where you will find
> > it. BTW, I don't understand the issue. Could you please clarity it
> > for this simple minded civil engineer?
> >
> > Thanks, Ed Kennedy
>
>
> Ed, the issue is that every time votes move into the central tabulator
> computer (one big PC per county that adds up the vote) there needs to be
> an audit log entry performed. Every time those votes are "processed" in
> any way, there needs to be an entry. That means reports created, data
> added, data deleted because it was accidentally entered twice, a new
> precinct's worth of stuff brought in, and MANY other operations each
> need an "audit trail item" created.
>
> These audit trail items track what was done, WHEN it was done (date/time
> stamp), who did it (by username), etc.
>
> The audit trail concept is borrowed from professional bookkeeping
> practice (more or less) and is analogous to how a bank tracks taking in
> and processing money. The principles of tracking such money flow have
> been understood for more than 300 years, were perfected by Wells Fargo
> back when they were still famous for stage coaches as a sideline and
> have been extensively codified - it's part of what a CPA knows how to do
> in his/her/it's sleep. Bev Harris' position (and mine) is that we
> should directly borrow from that CPA "playbook" and treat votes as
> directly analogous to money. This is a minority opinion in the
> electronic voting community so far but one that I think can be supported
> - it's not expensive and the "R&D" is all basically done and long since
> public domain.
>
> Diebold's simplistic audit trail (nowhere near CPA best practices to
> start with) has each audit trail item added to an MS-Access database
> table(!). This table can be edited by...well, by anybody. With
> MS-Access (full copy, not runtime) it's dead simple. Failing that being
> available, you can write Visual Basic scripts to do it (controlling the
> MS-Access "runtime" (a sort of brainless "mini-Access") included with
> the Diebold software package) or with a regular text editor like Windows
> NT/2000/XP Notepad(!) if you know what you're doing. It's ridiculous.
> Hell, it's so simple Bev Harris hired some dude to teach Baxter to do
> it. Baxter was paid in Menthos, dunno what flavor - he's a freakin'
> CHIMPANZEE!
>
> The resulting video is hilarious:
>
> http://www.blackboxvoting.org/baxter/baxterVPR.mov
>
> (Errr...we're having an ISP problem as I write this...try tomorrow.
> Quicktime required.)
>
> Anyways.
>
> What's not funny is that we now have proof this "audit trail editing"
> happened in a live election...King County WA, this year's primaries,
> three hours missing on election night. Not funny AT ALL.
>
> We're trying to sort out how to create an audit log that CANNOT be
> edited for the OVC system.
>
> One option is to print it on a continuous cash register tape. Low tech,
> but hey, not a crazy idea. Another is to burn it to CD-ROM or DVD-ROM,
> some physical media that cannot be erased under computer control.
> Slightly more expensive BUT I believe a bit more reliable. A third is
> to go ahead and write it to a hard disk sorta like what Diebold does
> (shudder) except use hardcore encryption and redundent copies to make
> sure it doesn't go away. And an auto-backup to CD-write-once mebbe?
>
> Come to think...there are companies selling USB2.0 external memory chip
> "hard disks" of 512meg - 1gig or more range that have onboard hardware
> heavy-duty encryption that can be set to prevent erasure. Might have
> potential as an audit trail encoding device...one that should survive
> the computer having a fairly major crash?
>
> Point is, we can do one HELL of a lot better than Diebold with any of
> several options...but then again, so can a trained Chimpanzee so that
> ain't saying much...
>
> Jim
>
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue Nov 30 23:17:26 2004

This archive was generated by hypermail 2.1.8 : Tue Nov 30 2004 - 23:17:44 CST