[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Weak Security of Voting Machines

Rivest is no lightweight.  If anyone cares, Rivest is the "R" in RSA
Security.  

http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214273,00.html

RSA is the method used to secure much/most internet transactions.

Ralph Shnelvar



On Mon, 25 Sep 2006 03:50:06 -0600, you wrote:

>---------- Forwarded message ----------
>From: Roland Blasini <profecon@xxxxxxxxx>
>Date: Sep 24, 2006 8:02 PM
>Subject: Weak Security of Voting Machines
>To: Margit Johansson <margitjo@xxxxxxxxx>, CFVI Announcement List <
>cfvi_announce@xxxxxxxxxxxxxxxxxxxxxxxx>
>
>
>
>
>Avi Rubin's Blog
>http://avi-rubin.blogspot.com/
>
>
>Welcome to my blog. Here, I will post items of
>interest to me most likely focusing on:
>  Electronic Voting Security
>  Computer and Network Security
>  Independent Security Evaluators
>  Sports: Soccer, tennis, golf, football, Michigan
>sports
>
>
>
>
>
>
>Friday, September 22, 2006Rivest on audit size
>estimation
>
>Ron Rivest has a draft of an excellent paper on
>estimating the number of items (e.g. voting machines)
>that need to be audited to discover whether or not the
>machines are cheating. The paper assumes that there is
>a reliable way to manually check whether a machine is
>cheating. For example, if every machine had a
>corresponding paper trail that had been verified by
>voters, then one could count the papers by hand and
>check them against the machine.
>
>Rivest has once again dazzled us with his creativity.
>He presents a simple rule of thumb that can be
>calculated with a calculator or in one's head for
>determining how many machines to audit, using what he
>terms the "rule of 3". Appendix A is especially useful
>for people who do not follow the technical details. It
>shows the number of machines to audit based on the
>number of bad ones that exist and based on the
>confidence level one wants to achieve. So, for
>example, in appendix A, you can see that if you have
>1,000 machines, and there are 50 "bad" ones, then to
>have 95% confidence that you have discovered at least
>one of the bad ones, you must audit at least 57
>machines. This, as compared to the rule of thumb which
>produces the number 59. Amazingly, the rule of thumb
>is so elegant, and yet it always comes close, and
>always errs on the side of being a little
>conservative, meaning that it will never recommend
>auditing too few.
>
>Rivest has not published this draft, and he is still
>seeking comments, so if you have any suggestions after
>reading his paper, he would appreciate it if you could
>send them.
>
>I now quote from the last section of the paper, where
>I think this work can have tremendous impact:
>
>"We hope that the rules presented here will provide
>useful guidance for those designing sampling
>procedures for audits...it would probably be best to
>merely mandate a sample size sufficient to detect,
>with a specified level of confidence, any election
>fraud sufficient to have changed the outcome."
>
>
>
>I often meet with legislators at the state and federal
>level to discuss voting issues, and I will be pointing
>them to this work from now on. Thank you Ron Rivest
>for once again contributing something elegant,
>practical and long needed!
>
>
>
>
>
>
>
>
>
>
>
>
>------------------------------------------------------
>
>
>
>
>
>DIGITAL DOMAIN
>The Big Gamble on Electronic VotingBy RANDALL STROSS
>Published: September 24, 2006
>Diebold declines to let Princeton researchers test the
>latest voting machine, which uses a standard
>industrial part to protect the door to its memory card
>slot.
>
>
>
>
>
>
>---------------------------------
>Add fun gadgets and colorful themes to express
>yourself on Windows Live Spaces