[ale] hack challenge for electronic [v]oting system

Jeff Hubbs hbbs at comcast.net
Sat Aug 23 21:17:52 EDT 2003 

Jonathan, there's nothing to keep the B1 certification from being as
much of a sham as the machines could be.  Actually, the more
"certifications" - and certifications for the certifications, etc. - the
less trustworthy the whole situation is.  If you accept that there are
people in this country who seek to manipulate elections - and there
appears to have been plenty of evidence solid enough to at least put the
idea on the table - then it follows that the more any such manipulation
could be obscured, or, alternately, if the opportunities for any such
manipulation are made more numerous, the more reasonable it is for such
manipulation to work and work undetected.  

This sums up my objection to the current state of the art regarding
electronic voting.  It has become a "black box" that has become much
more opaque than any election mechanism that has come before.  How can
we, as technologists, take seriously any election governance body that
purports to certify election results compiled in this manner??  They
know little if anything more than we do - or the voters do - about the
machines.  

The whole idea of open elections falls on its face if we cannot trust
the election mechanism, or, by extension, if the election mechanism DOES
NOT LEND ITSELF TO THE EVALUATION OF ITS TRUSTWORTHINESS.

I would actually feel better if a team from some other country could
come here and institute a simple, auditable voting mechanism and carry
out the elections.

- Jeff

On Sat, 2003-08-23 at 18:11, Jonathan Rickman wrote:
> On Saturday 23 August 2003 16:37, Jeff Hubbs wrote:
> > I'm going to set forth here what I think would be meaningful ground
> > rules and goals for such a "hacking demonstration."
> 
> I don't think this kind of thing should be handled this way at all, upon 
> further reflection. These systems need to be accredited just like any 
> sensitive government computer. After giving it much thought, I feel that 
> the TCSEC B1 level is the minimum that should be allowed. The reference 
> (Orange Book) is available in HTML format here:
> 
> http://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.html#HDR3.1
> 
> ...or if you prefer an offline copy in original format, you can get it at my 
> site: http://xcorps.net/ftp/pub/papers/government/rainbow/5200.28-STD.pdf
> 
> While the TCSEC has mostly been sidelined in favor of CCEVS 
> (http://niap.nist.gov/cc-scheme/index.html), I find it more useful in a 
> setting such as this. It certainly is applicable and it should be used to 
> ensure system integrity. This will help mitigate the risks involved with 
> giving every potential attacker (insiders included) physical access to the 
> machine, which we all know is a bad thing. I'm not certain that access to 
> the source code is required for accreditation at the B level, but complete 
> documentation of all system features is required, and backed up by a court 
> order to ensure that the process has teeth...it might suffice.
-- 
Jeff Hubbs <hbbs at comcast.net>

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list