[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Jan 22: Hart to demo to commissioners; Questions

To: bcv <bcv@xxxxxxxxxxx>
Subject: Jan 22: Hart to demo to commissioners; Questions
From: Neal McBurnett <neal@xxxxxxxxxxxxxxxxx>
Date: Mon, 5 Jan 2004 19:29:43 -0700
Cc: Paul Tiger <volunteer@xxxxxxxxxxxxxxxxx>
Delivered-to: mailing list bcv@booyaka.com
List-help: <mailto:bcv-help@booyaka.com>
List-post: <mailto:bcv@booyaka.com>
List-subscribe: <mailto:bcv-subscribe@booyaka.com>
List-unsubscribe: <mailto:bcv-unsubscribe@booyaka.com>
Mailing-list: contact bcv-help@booyaka.com; run by ezmlm
User-agent: Mutt/1.4.1i

See below for Paul Tiger's mail about a Jan 22 presentation by
Hart Intercivic to the commissioners.

I think the citizens should get a presentation from Hart before they
come up before the commissioners.

There are some questions from the John's Hopkins researchers - the
most expert security folks that have looked at these systems that I
know of - at:

  http://avirubin.com/vote/questions.html

I've adapted them a bit, and suggest that we could discuss them and
send them to Hart in the next few days.

 * Has your system been reviewed by a large number of outside
   security experts?
      + If so, who?
      + What are their credentials?
      + Do their areas of expertise cover a wide area of specialties
	within the discipline of cryptography and computer security?
      + Can we see an executive summary of their reports?
 * Do you allow the public to review the security and reliability of
   your voting system's source code?
      + Is the security of your system dependent on your source code
	being secret?
      + If so, how do you address the fact that the source code could
	leak to the public (or to well-funded adversaries)?
      + And how do you address the fact that an attacker might be an
	insider who knows the source code?
 * Would you be willing to have a panel of outside security experts
   review the source code for your system?
      + Would you allow them to publish an executive summary of their
	findings?
      + If not, why not?
 * Who designed and developed the source code used in your systems?
      + What are their credentials with respect to cryptography and
	computer security?
      + Where were they trained?
      + Have these developers worked on cryptography and computer
	security in other systems outside of voting software?
 * How confident are you in the security and reliability of your
   product? Will you "certify" the security and reliability of your
   product?
      + Will you offer compensation if somebody
	purchases your equipment and later find that it is vulnerable
	to certain types of attacks? (Which types of attacks?)
      + Will you offer compensation if after an
	election it is determined that more votes were collected than
	people who voted (on a given terminal), but that it cannot be
	determined which were the legitimate votes?
      + Will you offer compensation if after an
	election it is determined that your machines reported an
	inaccurate total (either because of an attack or a system
	glitch)?
      + Will you offer compensation if after an
	election it is determined that voters' anonymity was
	compromised, allowing votes to be bought and sold?
      + Under what other situations would you offer compensation?
 * In your system, what can voters do if they feel that their votes
   were not recorded properly?
      + Are there any mechanisms for voters to verify their votes are
	correct?
      + What happens in the case of a dispute?
      + Is a manual recount (i.e., not requiring any computer
	software) possible?
 * Does your system conform to the requirements of the Holt bill?
   Details can be found at
   [7]http://holt.house.gov/issues2.cfm?id=5996.

References

   5. http://avirubin.com/vote.pdf
   6. http://avirubin.com/vote/response.html

Neal McBurnett                 http://bcn.boulder.co.us/~neal/
Signed and/or sealed mail encouraged.  GPG/PGP Keyid: 2C9EBA60

----- Forwarded message from Paul Tiger <LegislativeDirector@xxxxxxxxxxxxxx> -----

From: "Paul Tiger" <LegislativeDirector@xxxxxxxxxxxxxx>
Subject: Hart to demo to commissioners

...
Neal [from Hart Intercivic] and Tom have set a date for the 22nd to
demonstrate Hart equip to the commissioners. This will be a public
hearing. The time is tentatively set for 11am.
I was present when this date was made and expressed a concern about timing.
The commissioners will be addressing land mergers at 10am and they usually
take lunch at 11:30. While Neal may feel that this is enough time for his
presentation, I hardly feel that it is enough time for public input and
interaction.

Watch for an announcement from Tom or Jim Burrus, but keep in mind that
unless the commissioners re-arrange their schedules on the 22nd, that we
will likely not have much open hearing time. I have serious doubts that they
will change the scheduled time of the land use property mergers hearing.
That issue has them embroiled in a number of current lawsuits and other
citizen-activists that need a voice.

Paul Tiger

----- End forwarded message -----

Prev by Date: Re: CVV January Update
Next by Date: Boulder County sets voting system public hearing
Previous by thread: RE: CVV January Update
Next by thread: Boulder County sets voting system public hearing
Index(es):
- Date
- Thread