Re: inspection and testing [Re: OVC-discuss Digest, Vol 37, Issue 7]

From: Fred McLain <mclain_at_zipcon_dot_net>
Date: Fri Nov 02 2007 - 22:02:25 CDT

Responses in line below, truncated to get to the points.

On Nov 2, 2007, at 2:08 PM, Hamilton Richards wrote:

>> As I said before, we can simply require DO-178B level A certification
>> as well as Common Criteria SA-2/3 security analysis on these systems.
>> The open source aspect is an additional benefit and provides for more
>> public confidence.
>
> How much does such intense testing add to the software's cost? I
> don't have the number, but I'd guess it's at least a factor of 10.
> For software that's controlling an airplane in which I'm flying, of
> course, it's worth the cost, but there's a good chance that it would
> price election systems out of reach for most counties.

It takes about 2 to 3 times as much work to do test certification as
it does to develop the software. I don't see this as a high hurtle
given how important voting is to our democracy. I would place secure
voting right up there with managing nuclear weapons or aircraft
safety. We can afford level A certification for this stuff if an
airline can. The base software could be certified on a national level.

<trimmed/>

> For flight-control software, nothing analogous to voter-verified
> paper ballots is available, so we make do with testing [aside: formal
> verification is finding niches here and there, but in the highly
> conservative software industry its progress is painfully slow].

Actually we have these things we call Black Box Recorders, which are
absolute recordings of what happened on the airplane. This isn't a
system where the submitter is a "intelligent voter", but it is better
then what we have in voting. Admittedly the airplane doe not review
the records/ballot, but you get the point that are there is an audit
trail. None the less, these standards can be applied to how voting
machines are certified and monitored. Even if a machine is involved,
I like the idea of giving the voter a printed ballot to be hand cast
and at least has the potential to be verified by the voter.

>> I'm also in favor of this approach. The risk is that you are
>> introducing a vast amount of code that never will be used. Some
>> would
>> say source inspection is impossible because of the millions of lines
>> of OS code. When you write the code from scratch all you really
>> reproduce from the OS are a few drivers and some basic libraries.
>
> The argument that "source inspection is impossible because of the
> millions of lines
> of OS code" makes sense if you believe in source inspection.

Who is it that said, "Keep it as simple as possible, but no simpler"?

>
>
> Which I don't.
>
> Regards,
>
> --Ham
>
> --
> ------------------------------------------------------------------
> Hamilton Richards, PhD Department of Computer Sciences
> Senior Lecturer (retired) The University of Texas at Austin
> ham@cs.utexas.edu hrichrds@swbell.net
> http://www.cs.utexas.edu/users/ham/richards
> ------------------------------------------------------------------
> _______________________________________________
> OVC-discuss mailing list
> OVC-discuss@listman.sonic.net
> http://lists.sonic.net/mailman/listinfo/ovc-discuss
> By sending email to the OVC-discuss list, you thereby agree to
> release the content of your posts to the Public Domain--with the
> exception of copyrighted material quoted according to fair use,
> including publicly archiving at http://gnosis.python-hosting.com/voting-project/
>

Instant Messaging (IM) Addresses:
Jabber: mclain@jabber.org
Yahoo: appworx_fred, schemalogic_fred
MSN: appworx_fred@hotmail.com, schemalogic_fred@hotmail.com
AIM: mclain98021
ICQ: 6947005
GTalk (Jabber): mclain98021@gmail.com
Skype: fmclain

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Fri Nov 30 23:17:06 2007

This archive was generated by hypermail 2.1.8 : Fri Nov 30 2007 - 23:17:31 CST