Re: Excellent, Mr. Paul Tiger

[Ralph Shnelvar <ralphs@xxxxxxxxx>]

Dear Paul:

I happen to agree with you except for one detail.

Everything you have written demonstrates to me that if the process is open
that Open Source is unnecessary since the process can be repeated with a
variety of counting systems.  If all the systems (Open Source, Closed,
sorta-open, hand-counted, etc.) all agree within a small margin of
difference, then one would have a high degree of comfort that the ballots
were counted correctly.

Then diligence would transfer from the computers to the physical security of
the ballots.

Ralph Shnelvar



On Fri, 31 Mar 2006 14:19:19 -0700, you wrote:

>On Fri, Mar 31, 2006 at 04:04:12AM -0700, Ralph Shnelvar wrote:
>> On Wed, 29 Mar 2006 04:57:08 -0700, you wrote:
>> 
>> >More like old hack. Back in 03 when some of us were invited to work on the
>> 
>> [snip]
>> 
>> 
>> Let me add that Open Source code will not fix any of these problems.  One
>> could pour over the code line-by-line but if the computer uses a chip that
>> contains some of this back-door modem code then the machine can be hacked.
>> It might be difficult to do but given that elections sometimes control a few
>> billion dollars, difficulty is not an obstacle.
>> 
>
>I think that this is an unrealistically pessimistic view of Open
>Source.  If one means Open Source in the hands of incompetent boobs,
>you are correct.  But paper ballot elections run by incompetent boobs
>also suffer serious problems. Making source available for visual
>inspection is not Open Source. More important is giving people 
>copies that they can use and modify and test. Copies that they can
>use to demonstrate errors. 
>
>I also think Paul T. is extreme in saying any system can be hacked. I
>think, for example, of the computers at Lawrence Livermore National
>Lab. that are used for H-bomb design calculations. These are not
>easily hacked. The reason they are not is that serious people have
>thought seriously, and sweated the details of stopping intruders, and
>stopping goof balls who don't care about security. Finding such people
>and paying enough to be serious is expensive, but affordable,
>considering that the alternative is letting outside people messing
>with national security.
>
>Now, for elections: The techniques used at LLNL have been described in
>the open literature and can provide the basis for a discussion of
>using computers in elections. Election officials can use them without
>paying royalties or license fees. But they will have to pay for
>implementing them. 
>
>An important aspect of the secure use of computers is to carefully
>restrict the role they play to something that can be put in a secure
>enclosure, and guarded all the time.
>
>I can see using computers to scan paper ballots, but with important
>caveats. Among the conditions that must be met are:
>
> It is done in a secure location with strict and orderly procedures
>for the physical handling of the ballots. 
>
> The paper must be of a high enough quality that it can be put through
>the scanners (note the plural) more than once. Much more than once.
>
> There are no legal restrictions on how often the ballots are
>rescanned. But they never leave the secure area, and they are never
>abused by careless handling. 
>
> The first result of the scan must be a collection of ballot image
>files that must be publicly available for inspection and computer
>analysis by all interested, and disinterested, parties.
>
> Message Digests of these files must also be available, so that users
>of these files can verify that they have true copies of the originals.
>
> The software that analyzes the images and counts voting marks on the
>ballot is also Open Source, and can be run by interested parties on
>the publically available scanned images.
>
>The full list goes on and on. This is just a beginning. 
>
>With a computer system that is properly designed and secured. A
>recount would be much easier to organize and execute than a recount of
>a hand counted election. If it discovered an error, that error would
>be located in a very specific place in the chain of custody of the
>data, and if a crime had been committed there would be good legal
>evidence.
>
>Hand counted paper ballot elections would be much cheaper, I'm sure.
>But a recount of a hand counted election would be a big deal. 
>If it lead to a different result, the paper trail would probably not
>be useful in prosecuting any criminal activity.
>
>Design of such a computer system, if it is to be done, must be an open
>activity.  The model for such open design that I think of is the
>design of the newest revision the a Data Encryption Standard. Everyone
>who cared to follow that work was able to do so. There were no
>secrets. Some ideas were too difficult for most people to understand,
>but no one was kept from understanding by lack of a security
>clearance.
>