Re: Fwd: ITA testing would detect Hursti attack, ballot programming errors, etc.

From: charlie strauss <cems_at_earthlink_dot_net>
Date: Sun Sep 03 2006 - 00:10:45 CDT

kathy, every voting system that has an error was inspected by the ITA. isn't that proof enough?

Maybe you are hoping for two much when you say "if conducted decently". Here's an example of a hardware hack that should have been painfully obvious, but passed right through the system like castor oil.

http://vvnm.org/wiki/bevhacked.html

-----Original Message-----
>From: "Douglas W. Jones" <jones@cs.uiowa.edu>
>Sent: Sep 2, 2006 8:26 PM
>To: Open Voting Consortium discussion list <ovc-discuss@listman.sonic.net>, Joan Krawitz VTUSA <jkrawitz@votetrustusa.org>, kathy@electionarchive.org
>Subject: Re: [OVC-discuss] Fwd: ITA testing would detect Hursti attack, ballot programming errors, etc.
>
>
>On Sep 1, 2006, at 9:26 PM, Kathy Dopp wrote:
>
>> Can anyone please help me to verify or refute these claims ... ?
>
>>> From: Joan Krawitz VTUSA <jkrawitz@votetrustusa.org>
>>> Date: Sep 1, 2006 7:56 PM
>>>
>>> Federal testing if conducted decently can and should find
>>> the kind of problems that have been reported with the Hursti
>>> hack, the ES&S ballot programming and similar system design
>>> defects.
>
>This is basically true. The VSTAAB review of the AccuBasic
>interpreter reveals numerous flat-out violations of the FEC
>2002 guidelines. If the California VSTAAB could do it, the
>ITAs could have done it. The basic problem exposed by Hursti
>I and II is also very obvious -- the ability to inject
>executable code into a voting system is clearly covered under
>the intent of the FEC 2002 guidelines concerning protection
>against viruses and malware.
>
>However, I see no evidence that the ITAs have been effective in
>detecting these problems. I've read the current ITA reports,
>and they're no better than the ones I used to read when I was
>an examiner for Iowa. My confidence is not raised by anything
>I've seen recently. Just because the ITA process has the
>potential to do better should not be taken as evidence that
>it is doing better.
>
>As an aside, I've read ITA source code review reports from
>Wyle, Ciber and SysTest. Ciber reports are, overall, the
>least informative. SysTest reports contain enough text that
>I can get into the head of the source code examiner and see
>what they're looking for and how they're going about it.
>Wyle is in between.
>
> Doug Jones
> jones@cs.uiowa.edu
>
>_______________________________________________
>OVC-discuss mailing list
>OVC-discuss@listman.sonic.net
>http://lists.sonic.net/mailman/listinfo/ovc-discuss

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sat Sep 30 23:17:03 2006

This archive was generated by hypermail 2.1.8 : Sat Sep 30 2006 - 23:17:08 CDT