[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Excellent, Mr. Paul Tiger

To: cvv-discuss@xxxxxxxxxxxxxxxxx
Subject: Re: Excellent, Mr. Paul Tiger
From: Paul E Condon <pecondon@xxxxxxxxxxxxxxxx>
Date: Fri, 31 Mar 2006 14:19:19 -0700
Delivered-to: mailing list cvv-discuss@coloradovoter.net
In-reply-to: <ho1q225li4q2mlmb1g4bblc85e5gkdrece@4ax.com>
List-help: <mailto:cvv-discuss-help@coloradovoter.net>
List-post: <mailto:cvv-discuss@coloradovoter.net>
List-subscribe: <mailto:cvv-discuss-subscribe@coloradovoter.net>
List-unsubscribe: <mailto:cvv-discuss-unsubscribe@coloradovoter.net>
Mail-followup-to: cvv-discuss@xxxxxxxxxxxxxxxxx
Mailing-list: contact cvv-discuss-help@coloradovoter.net; run by ezmlm
References: <LMEKKBDBOIGELJEIKJKEGEIEDNAA.delta@deltatech.com> <NDBBLNCOIGKCHPKLEIPFOENHHHAA.someguy@paultiger.com> <ho1q225li4q2mlmb1g4bblc85e5gkdrece@4ax.com>
User-agent: Mutt/1.5.9i

On Fri, Mar 31, 2006 at 04:04:12AM -0700, Ralph Shnelvar wrote:
> On Wed, 29 Mar 2006 04:57:08 -0700, you wrote:
> 
> >More like old hack. Back in 03 when some of us were invited to work on the
> 
> [snip]
> 
> 
> Let me add that Open Source code will not fix any of these problems.  One
> could pour over the code line-by-line but if the computer uses a chip that
> contains some of this back-door modem code then the machine can be hacked.
> It might be difficult to do but given that elections sometimes control a few
> billion dollars, difficulty is not an obstacle.
> 

I think that this is an unrealistically pessimistic view of Open
Source.  If one means Open Source in the hands of incompetent boobs,
you are correct.  But paper ballot elections run by incompetent boobs
also suffer serious problems. Making source available for visual
inspection is not Open Source. More important is giving people 
copies that they can use and modify and test. Copies that they can
use to demonstrate errors. 

I also think Paul T. is extreme in saying any system can be hacked. I
think, for example, of the computers at Lawrence Livermore National
Lab. that are used for H-bomb design calculations. These are not
easily hacked. The reason they are not is that serious people have
thought seriously, and sweated the details of stopping intruders, and
stopping goof balls who don't care about security. Finding such people
and paying enough to be serious is expensive, but affordable,
considering that the alternative is letting outside people messing
with national security.

Now, for elections: The techniques used at LLNL have been described in
the open literature and can provide the basis for a discussion of
using computers in elections. Election officials can use them without
paying royalties or license fees. But they will have to pay for
implementing them. 

An important aspect of the secure use of computers is to carefully
restrict the role they play to something that can be put in a secure
enclosure, and guarded all the time.

I can see using computers to scan paper ballots, but with important
caveats. Among the conditions that must be met are:

 It is done in a secure location with strict and orderly procedures
for the physical handling of the ballots. 

 The paper must be of a high enough quality that it can be put through
the scanners (note the plural) more than once. Much more than once.

 There are no legal restrictions on how often the ballots are
rescanned. But they never leave the secure area, and they are never
abused by careless handling. 

 The first result of the scan must be a collection of ballot image
files that must be publicly available for inspection and computer
analysis by all interested, and disinterested, parties.

 Message Digests of these files must also be available, so that users
of these files can verify that they have true copies of the originals.

 The software that analyzes the images and counts voting marks on the
ballot is also Open Source, and can be run by interested parties on
the publically available scanned images.

The full list goes on and on. This is just a beginning. 

With a computer system that is properly designed and secured. A
recount would be much easier to organize and execute than a recount of
a hand counted election. If it discovered an error, that error would
be located in a very specific place in the chain of custody of the
data, and if a crime had been committed there would be good legal
evidence.

Hand counted paper ballot elections would be much cheaper, I'm sure.
But a recount of a hand counted election would be a big deal. 
If it lead to a different result, the paper trail would probably not
be useful in prosecuting any criminal activity.

Design of such a computer system, if it is to be done, must be an open
activity.  The model for such open design that I think of is the
design of the newest revision the a Data Encryption Standard. Everyone
who cared to follow that work was able to do so. There were no
secrets. Some ideas were too difficult for most people to understand,
but no one was kept from understanding by lack of a security
clearance.

-- 
Paul E Condon           
pecondon@xxxxxxxxxxxxxxxx

Follow-Ups:
- Re: Excellent, Mr. Paul Tiger
  - From: Ralph Shnelvar

References:
- RE: More reasons to avoid electronic voting!
  - From: Delta
- RE: More reasons to avoid electronic voting!
  - From: Some Guy
- Excellent, Mr. Paul Tiger
  - From: Ralph Shnelvar

Prev by Date: Re: paul w
Next by Date: RE: Excellent, Mr. Paul Tiger
Previous by thread: Excellent, Mr. Paul Tiger
Next by thread: Re: Excellent, Mr. Paul Tiger
Index(es):
- Date
- Thread