Problem (was: Re: need help with tool requirement)
Kevin D. Clark
kdc at rcn.com
Wed Apr 21 09:58:00 EDT 2004
bmcculley at rcn.com writes:
> Here's the real problem description.
>
> Electronic voting machines are feared to be vulnerable to
> hidden malicious code ("Easter eggs") that could subvert voter
> intentions and deliver votes to the wrong candidates. One
> proposed solution is to require paper ballots be produced by
> electronic voting machines, but this creates other problems.
I would contend that an audit trail is worth any minor "problems".
> There is also a practical constraint that retrofitting
> existing systems for paper output will not be feasible in the
> timeframe required for the upcoming election, for a variety of
> reasons (simple installed base logistics among them).
Adding a printer to these systems is surely easier than auditing all
of the code that comprises these systems.
[snip]
> It seems that the ideal solution would allow retrospective as
> well as prospective validation (i.e. validate copies of
> software obtained from deployed systems as well as validating
> pre-release software). For one thing this could be a strong
> anti-fraud deterrent. This is not an absolute requirement
> however.
I disagree with your labeling of this solution as "ideal".
I'm not even being an idealist -- I'm being realistic. A paper record
is realistic and practical.
> As an alternative, assume that source code is available for
> review and compilation. Since the code is proprietary it will
> need to be handled according to NDAs, which seems not a
> serious restriction.
Maybe my taxes shouldn't be used to purchase software which is
encumbered by an NDA, especially if this software helps comprise
something as important as a voting machine.
> What approach would provide sufficient assurance that the code
> does not contain any "Easter eggs" or trap doors to allow
> future egg-laying?
That's a tough question, but any solution that doesn't include a
non-corruptible audit trail (paper) is flawed.
--kevin
--
"I am committed to helping Ohio deliver its electoral votes to the
president next year."
-- Walden O'Dell
More information about the gnhlug-discuss
mailing list