[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Welcome to the bcv list

To: Boulder County Voting Email List <bcv@xxxxxxxxxxx>
Subject: Re: Welcome to the bcv list
From: Christian Rudolph <reindeer@xxxxxxxxxx>
Date: 13 Oct 2003 02:16:32 -0600
Delivered-to: mailing list bcv@booyaka.com
In-reply-to: <Pine.LNX.4.44.0310130018020.20395-100000@utopia.booyaka.com>
Mailing-list: contact bcv-help@booyaka.com; run by ezmlm
References: <Pine.LNX.4.44.0310130018020.20395-100000@utopia.booyaka.com>

Paul,

Thank you for taking action on the listserv idea.

I plan to attend tomorrow's presentation.
I hope to see some others there as well.

I came late to the presentations on Saturday, so I did not
get a chance to evaluate all of the systems.

My background:
I am a programmer and a software quality assurance engineer.
I have worked for companies like Sun Microsystems.
I have worked with computing machines for 23 years.
I run Linux and Mac OS X at home.


Some brief notes of my impressions:
--------------------------------------------------------------
First, let me state that I will not consider Diebold as a contender
because the executives of Diebold have seen fit to contribute money to
Republican party campaigns, which I see as a serious conflict of
interest:  
http://www.portclintonnewsherald.com/news/stories/20030827/localnews/140871.html
"Wally O'Dell, CEO of Diebold Inc., this week sent out letters to
central Ohio Republicans asking them to raise $10,000 in donations in
time for a Sept. 26 Ohio Republican Party event at his home."
"In his invitation O'Dell states his support for the Republican Party
and notes he is "committed to helping Ohio deliver its electoral votes
to the President next year." "

To me, this indicates a bias that I just can't stomach, no matter
how good the technology is.
They have disqualified themselves, and they are being sued for their
conflict of interest.
I can only say that it shows that Boulder County clerk officials have
not read up on Diebold.  I plan to educate them.

I don't like that two of the vendors, Diebold and Avante' both
use Microsoft Windows 2000 as their operating system.

I have personally read and logged bugs on some of the 7 million lines
of code that is Windows NT (on which Windows 2000 is based).
Windows 2000 has many problems with it that are known exploits.
Microsoft acknowledges these numerous security bugs, but refuses to fix
some of them.  

Microsoft has a cultural bias against security in general.
As an example of this, unless a Windows server is set up to use the NTFS
file system, passwords are commonly sent down the wire as plain text
for anyone to read with standard network monitoring tools.
Many administrators don't use NTFS and instead use FAT for compatibility
reasons.
This is but one example of many.

For that reason, both  Diebold and Avante' systems are a security risk.
Many thousands of programmers like me have also been exposed to the
Windows source code, and could easily exploit it's many security holes
to gain high level access.
The John Hopkins study revealed this glaring flaw.

I also did not like that the Avante' machines completely erase the
voting smart card at the end of voting.
A blank card is considered to be proof that you voted, according to
Avante'.
Smart cards can easily be erased by high power magnets, like those found
in department stores.
If someone were to erase your card before voting started, how would you
prove that you didn't vote?  "You can't", said the Avante' rep.
This could potentially take away your vote, and create confusion.
Unlikely, maybe, but possible.  Some of the best hacks are the simplest.
Sequoia systems rewrite the card, showing proof that a voter has cast a
vote, 
This also prevents a voter from reusing the card to vote again and
again.
The Avante' system could create some confusion, causing some to 
not have a vote counted at all.
It's much harder to spoof a card that has data on it, than one that is
completely blank.

I saw a presentation for Sequoia systems, and I
was impressed with their machine, which has it's own proprietary OS.
Their level of detail and their security measures went far beyond
Avante' or Diebold's, and left the possibility of hacking mostly in the
realm of using social engineering hacks, like guessing passwords or 
engaging in fraud through non-electronic means.
The fact that there is no concurrent paper trail is troubling to me.
However, the Sequoia rep said that a printer could be purchased to make
a printout available to the voter, which I plan on recommending to the
elections officials.

I did not get a chance to talk with the folks from Hart/Intervic yet.
Their system uses a proprietary wheel interface, which makes hacking
the user interface much more difficult and highly unlikely.
I heard that they use their own OS, although I am not sure of this.
Hopefully I will get to see their presentation.
I hope to learn more.

My girlfriend Oni looked at the Hart system, and said that the user
interface was clunky, but seemed to work ok once you understood it.
I think that if this is for the blind or physically impaired, that it
should be very intuitive, so I will have to see for myself.

At this point, I am still undecided, but the Sequoia system seems to me
to be the most promising at the moment.
Sequoia has local offices in Denver to service the machines also.
For me, the choices are down to Sequoia or the Hart/Intervic system.

-Christian

References:
- Welcome to the bcv list
  - From: Paul Walmsley

Prev by Date: Next meeting: today from 1PM to 5PM
Next by Date: Re: Welcome to the bcv list
Previous by thread: Welcome to the bcv list
Next by thread: Re: Welcome to the bcv list
Index(es):
- Date
- Thread