[OVC-demo-team] Security and closed source

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Thu Jan 29 2004 - 16:55:09 CST

> Speaking of OS platforms, are you targeting a final product able to
> run fully
> on Win32? I'm thinking of how unsuccessfull it would be trying to
> promote
> this system to county governments and explain that they'll need to
> migrate
> their voter registration office desktops to Linux.

Voting stations will be specific and dedicated pieces of hardware, so
the OS run on office desktops (even by voter registration officials) is
quite unrelated. Possibly tabulation software or the like would run on
Win32, but I have doubts there as well.

For voting stations, Windows operating systems would simply not be
acceptable, IMO. While this is my opinion, it is one shared by
elections technology expert Dr. Doug Jones who has contributed greatly
to this project. Proprietary components open MAJOR vulnerabilities in
not being publicly auditable. The EVM system should be open source
(and ideally Free Software), from top to bottom... all the way down to
the device drivers. Actually, since tabulation is an awfully important
part of the process, the same reasoning applies to the machine the
tabulation software runs on.

While OVC does not yet have a formal specification to the effect I
describe, I personally would probably be very unhappy if this direction
was not followed. That said, the formal security analysis will be led
Dr. Amit Sahai, and will presumably also involve Dr. David Jefferson
(both well-respected figures in the computer security community--as is
Doug Jones).

Yours, David...
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Thu Apr 1 02:40:13 2004

This archive was generated by hypermail 2.1.8 : Thu Apr 01 2004 - 02:40:36 CST