[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Excellent, Mr. Paul Tiger

To: cvv-discuss@xxxxxxxxxxxxxxxxx
Subject: Re: Excellent, Mr. Paul Tiger
From: Ralph Shnelvar <ralphs@xxxxxxxxx>
Date: Tue, 04 Apr 2006 07:46:03 -0600
Delivered-to: mailing list cvv-discuss@coloradovoter.net
In-reply-to: <20060403035402.GA17973@big.lan.gnu>
List-help: <mailto:cvv-discuss-help@coloradovoter.net>
List-post: <mailto:cvv-discuss@coloradovoter.net>
List-subscribe: <mailto:cvv-discuss-subscribe@coloradovoter.net>
List-unsubscribe: <mailto:cvv-discuss-unsubscribe@coloradovoter.net>
Mailing-list: contact cvv-discuss-help@coloradovoter.net; run by ezmlm
References: <LMEKKBDBOIGELJEIKJKEGEIEDNAA.delta@deltatech.com> <NDBBLNCOIGKCHPKLEIPFOENHHHAA.someguy@paultiger.com> <ho1q225li4q2mlmb1g4bblc85e5gkdrece@4ax.com> <20060331211919.GC20585@big.lan.gnu> <f60032lalgrah5gib350ufj07m21lsa8vd@4ax.com> <20060403035402.GA17973@big.lan.gnu>
Reply-to: ralphs@xxxxxxxxx

Dear Paul C. and all:

Since I write proprietary software for what is laughably called a living, it
hardly behooves me to bad mouth it.

What I'm trying to get at is that secret and proprietary software is
perfectly OK as long as the original (paper) data is available for counting
and processing.  Then if a variety of (independent!) techniques are used to
analyze the data then one will have a high degree of faith that the counts
are correct.

That's what auditing is supposed to be about: an independent sampling of the
data to determine if the original mechanism is correct.

Ralph Shnelvar


On Sun, 2 Apr 2006 21:54:02 -0600, you wrote:

>On Sun, Apr 02, 2006 at 10:55:03AM -0600, Ralph Shnelvar wrote:
>> Dear Paul:
>> 
>> I happen to agree with you except for one detail.
>> 
>> Everything you have written demonstrates to me that if the process is open
>> that Open Source is unnecessary since the process can be repeated with a
>
>Perhaps Open Source is unnecessary, but there is a real big problem
>for verifiability if people in charge of the software claim a right to
>secrecy about the details of the software. If this right has legal
>standing, there will always be legal process for 'balancing' right to
>openness vs. rights to secrecy. For true verifiablity, I believe that
>anyone who cares to ask should get an open and honest answer to their
>question. It need not be an answer that they are willing to deal with,
>but there needs to be full answer available to anyone. This sort of
>verifiability is not part of the legal structure of Intellectual
>Property Law in USA. So I opt for Open Source, not as a Holy Mission,
>but as a practical way through our legal system to our common goal of
>openness.
>
>The people who actually design and write the software would have to be
>paid, but payment would be by salary from an organization that has 
>contracted to write the software, not from license fees generated
>through ownership of copyrights or patents. Open Source is about how
>people get access to the software, not about getting software from
>screwballs and flakes. Its about getting a chance to test the software
>BEFORE YOU BUY. 
>
>This issue doesn't matter to you today as much as some other issues,
>but I think it will become a bigger deal as we make progress on your
>other issues.
>
>> variety of counting systems.  If all the systems (Open Source, Closed,
>> sorta-open, hand-counted, etc.) all agree within a small margin of
>
>Of course Open Source has nothing to do with hand counting. It comes into
>play if one argues for hand counting by bad mouthing proprietary software.
>
>
>
>> difference, then one would have a high degree of comfort that the ballots
>> were counted correctly.
>> 
>> Then diligence would transfer from the computers to the physical security of
>> the ballots.
>> 
>> Ralph Shnelvar
>> 
>> 
>> 
>> On Fri, 31 Mar 2006 14:19:19 -0700, you wrote:
>> 
>> >On Fri, Mar 31, 2006 at 04:04:12AM -0700, Ralph Shnelvar wrote:
>> >> On Wed, 29 Mar 2006 04:57:08 -0700, you wrote:
>> >> 
>> >> >More like old hack. Back in 03 when some of us were invited to work on the
>> >> 
>> >> [snip]
>> >> 
>> >> 
>> >> Let me add that Open Source code will not fix any of these problems.  One
>> >> could pour over the code line-by-line but if the computer uses a chip that
>> >> contains some of this back-door modem code then the machine can be hacked.
>> >> It might be difficult to do but given that elections sometimes control a few
>> >> billion dollars, difficulty is not an obstacle.
>> >> 
>> >
>> >I think that this is an unrealistically pessimistic view of Open
>> >Source.  If one means Open Source in the hands of incompetent boobs,
>> >you are correct.  But paper ballot elections run by incompetent boobs
>> >also suffer serious problems. Making source available for visual
>> >inspection is not Open Source. More important is giving people 
>> >copies that they can use and modify and test. Copies that they can
>> >use to demonstrate errors. 
>> >
>> >I also think Paul T. is extreme in saying any system can be hacked. I
>> >think, for example, of the computers at Lawrence Livermore National
>> >Lab. that are used for H-bomb design calculations. These are not
>> >easily hacked. The reason they are not is that serious people have
>> >thought seriously, and sweated the details of stopping intruders, and
>> >stopping goof balls who don't care about security. Finding such people
>> >and paying enough to be serious is expensive, but affordable,
>> >considering that the alternative is letting outside people messing
>> >with national security.
>> >
>> >Now, for elections: The techniques used at LLNL have been described in
>> >the open literature and can provide the basis for a discussion of
>> >using computers in elections. Election officials can use them without
>> >paying royalties or license fees. But they will have to pay for
>> >implementing them. 
>> >
>> >An important aspect of the secure use of computers is to carefully
>> >restrict the role they play to something that can be put in a secure
>> >enclosure, and guarded all the time.
>> >
>> >I can see using computers to scan paper ballots, but with important
>> >caveats. Among the conditions that must be met are:
>> >
>> > It is done in a secure location with strict and orderly procedures
>> >for the physical handling of the ballots. 
>> >
>> > The paper must be of a high enough quality that it can be put through
>> >the scanners (note the plural) more than once. Much more than once.
>> >
>> > There are no legal restrictions on how often the ballots are
>> >rescanned. But they never leave the secure area, and they are never
>> >abused by careless handling. 
>> >
>> > The first result of the scan must be a collection of ballot image
>> >files that must be publicly available for inspection and computer
>> >analysis by all interested, and disinterested, parties.
>> >
>> > Message Digests of these files must also be available, so that users
>> >of these files can verify that they have true copies of the originals.
>> >
>> > The software that analyzes the images and counts voting marks on the
>> >ballot is also Open Source, and can be run by interested parties on
>> >the publically available scanned images.
>> >
>> >The full list goes on and on. This is just a beginning. 
>> >
>> >With a computer system that is properly designed and secured. A
>> >recount would be much easier to organize and execute than a recount of
>> >a hand counted election. If it discovered an error, that error would
>> >be located in a very specific place in the chain of custody of the
>> >data, and if a crime had been committed there would be good legal
>> >evidence.
>> >
>> >Hand counted paper ballot elections would be much cheaper, I'm sure.
>> >But a recount of a hand counted election would be a big deal. 
>> >If it lead to a different result, the paper trail would probably not
>> >be useful in prosecuting any criminal activity.
>> >
>> >Design of such a computer system, if it is to be done, must be an open
>> >activity.  The model for such open design that I think of is the
>> >design of the newest revision the a Data Encryption Standard. Everyone
>> >who cared to follow that work was able to do so. There were no
>> >secrets. Some ideas were too difficult for most people to understand,
>> >but no one was kept from understanding by lack of a security
>> >clearance.
>> > 
>>

Follow-Ups:
- Re: Excellent, Mr. Paul Tiger
  - From: Paul E Condon

References:
- RE: More reasons to avoid electronic voting!
  - From: Delta
- RE: More reasons to avoid electronic voting!
  - From: Some Guy
- Excellent, Mr. Paul Tiger
  - From: Ralph Shnelvar
- Re: Excellent, Mr. Paul Tiger
  - From: Paul E Condon
- Re: Excellent, Mr. Paul Tiger
  - From: Ralph Shnelvar
- Re: Excellent, Mr. Paul Tiger
  - From: Paul E Condon

Prev by Date: Re: Excellent, Mr. Paul Tiger
Next by Date: Re: Excellent, Mr. Paul Tiger
Previous by thread: Re: Excellent, Mr. Paul Tiger
Next by thread: Re: Excellent, Mr. Paul Tiger
Index(es):
- Date
- Thread