Re: rfc: evoting dead in 20 lines
- From: "Bishop" <The Bishop@xxxxxxxxxxxxxx>
- Date: Wed, 01 Mar 2006 01:07:33 GMT
On 28-Feb-2006, tjab@xxxxxxxxxxx (tjab) wrote:
All memory is removeable in anything. But anyway........so WHO changes the "cards"?hi folks
i have skinned this argument to the bone. please let me know what you
think. seems here that use of proprietary voting software is blocked
by
the 14th amendments equal protection clause.
proprietary election software is created in two stages called
programming.
the first stage is writing the human language source code. this stays
private as an intellectual property. that lets the programmer write
hidden instructions into the source code for her own secret votes to
be
counted in an election.
the second step is translating human readable source code into
"machine
language" aka; usable software. because humans can't reasonably read
machine language compiling as well as the hiding of source code needed
to
protect it's property value as private property makes the existence of
the
programmers ballots secret.
from when a programmer begins writing the source code until that code
is
compiled, her computer's an uber ballot box that she can use as a
secret
polling place. same goes for updates and bug fixes.
i can't cast multiple votes by secret ballot. but using "closed
source"
the programmer can. so the state's giving her preference over other
voters.
The 'Lectric Law Library's Lexicon On
"EQUAL PROTECTION CLAUSE - Portion of the Fourteenth Amendment to the
U.S.
Constitution that prohibits discrimination by state government
institu~tions. The clause grants all people "equal protection of the
laws," which means that the states must apply the law equally and
cannot
give preference to one person or class of persons over another. "
Well, being a programmer myself, what you postulate is silly. First of
all everyone knows who wrote the code. It is brain dead simple to track
invalid data back to the hack.
Secondly, all programs and code go through unit test, QA test, and
integration testing. For bugs and performance. This means that
everyone on the project would have to be in on the scam.
First, the source code is analyzed by security programmers before the
software is used. Second, how does the programmer vote for an election 8
years from now when he doesn't even know the candidates? He would have
to
access the program, and that would be detected. Using your argument, the
guy who wrote the ATM bank machine source code must really really rich.
Are you responding to me, or the original poster? Either way, tell me all
about "security programmers". Being in the business for 25 years, this is
a new one to me.
I was responding to the original poster. However, the Diebold software,
which the original poster is referring to, was reviewed and audited by
independent software programmers and the software programmers of the
municipalities that were purchasing the software to make sure there were no
bugs or security deviations like the one the original poster is talking
about.
Integrity of E-Balloting System Still in Doubt
Los Angeles Times, Feb 23, 2006. pg. C.1
...
But the experts were plainly troubled by flaws in Diebold's systems. The panel, which
included David Jefferson of Lawrence Livermore National Laboratory and David Wagner of
Berkeley, observed that the removable memory cards used by Diebold were vulnerable to
undetectable acts of tampering.
Is it RAM, ROM....?
The panel found 16 software bugs that could cede "complete control" of the system to
hackers who might then "change vote totals, modify reports, change the names of
candidates, change the races being voted on," and even crash the machines, bringing an
election to a halt. Hackers wouldn't need to know passwords or cryptographic keys, or
have
access to any other part of the system, to do their dirty work. Voters, candidates and
election monitors wouldn't necessarily know they'd been rooked.
The bugs lead some computer professionals to believe that Diebold's software designers
never treated security as a high priority. "It's like they were making a mechanical
device, and never heard of computer security," says David Dill, an expert in electronic
voting at Stanford University who wasn't on the panel.
The bugs pale next to another discovery by the panel. This is the presence of a
cryptographic key written into the source code, or basic software, of every Diebold
touch-screen machine in the country. The researchers called this blunder tantamount to
"a
bank using the same PIN code for every ATM card they issued; if this PIN code ever
became
known, the exposure could be tremendous."
Here's the punch line: The Diebold key became known in 2003, when it was published by
researchers at Johns Hopkins and Rice universities. It can be found today via a Google
search. What's worse, the key was first identified in 1997 by a University of Iowa
researcher, who promptly warned the manufacturer of the flaw, apparently to no avail.
Do you have a cite or url for this?
.
- Follow-Ups:
- Re: rfc: evoting dead in 20 lines
- From: tjab
- Re: rfc: evoting dead in 20 lines
- Prev by Date: Re: rfc: evoting dead in 20 lines
- Next by Date: Re: Property division in NJ prior to divorce
- Previous by thread: Re: rfc: evoting dead in 20 lines
- Next by thread: Re: rfc: evoting dead in 20 lines
- Index(es):
Relevant Pages
|
