[ale] Its over. Maybe

Thu Nov 4 18:58:16 EST 2004

Michael D. Hirsch wrote:
> On Thursday 04 November 2004 09:17 am, Geoffrey wrote:
> 
>> George Carless wrote:
>> 
>>> If there *are* situations where FOSS is not the solution, this is
>>>  absolutely not one of them.  What possible legitimate reason is
>>> there for keeping the voting system secret and proprietary?
>> 
>> I can easily suggest a solution where we can all vote in
>> confidence.
> 
> Boy, we're different.  I think I disagree with most of these points.
> 
>> First, voting devices should not be monopolized, in the case of the
>>  Diebold systems, they are.
> 
> Ordinarily, I agree.  In this case, however, I don't think I do.  We
> are talking about defense from attack.  With multiple suppliers there
> are more opportunity for attack.  Of course, that would mean any
> single attack would be less pernicious, but I'm not sure where I'd
> want to fall on that one.

I'm not suggesting that there should be 10 vendors building voting 
machines, what I'm suggesting is that all electronic voting machines 
should be reviewed by someone other than parties who have a vested 
interest in said company.  You can attack a monopoly on either axis.

>> Second, the systems should be reviewed by non-partisan technically 
>> capable people.
> 
> Obviously correct.
> 
>> Third, voting devices such as these should be randomly seized and a
>>  complete verification of the system be completed, again by a 
>> non-partisan group.  That's to say, they could walk into a polling 
>> place, anywhere in this country, select a machine and after
>> protecting the existing votes on that device, proceed to validate
>> and verify that it is functioning correctly.
> 
> That's crazy.  Even just considering the technical aspects, how does
> one "validate and verify".  If we knew how to do that we wouldn't
> have security problems any more.  I believe there is a meta-theorem
> which says you cannot validate a sufficiently complex system--and
> these are more than sufficently complex.

If they are that complex, they should not be used.  It's not bloody 
rocket science, you're counting votes.

> The whole point of a paper trail is that it protects against unknown
> attacks. Even if the bad guys come up with a diabolically clever
> attack which avoids detection by looking at the system, the
> electronic and paper ballots will not agree.  The attackers would
> have to subvert the hard copies, too, which we have a lot of
> experience preventing.  Furthermore, electronic fraud is done 
> wholesale and paper fraud is retail--it would be extremely difficult
> to get them to agree.

I'm also concerned with an inside job.  Sure, you get a paper trail of 
how people voted, but is that compared to the electronic totals?  How do 
you know the machine is tallying the same way it's printing?

-- 
Until later, Geoffrey