[E-voting] Re: FC: Electronic voting in Irelandencounterscriticism

adam beecher lists at spamfilter.cc
Thu Jun 5 16:16:31 IST 2003


> How many desktop computers were infected by ILY - a trojan developed
> by individuals with no funding?  How many eggs are in one basket wrt
> OS software and application software?  How easy is it to get arbitrary
> code running on a large number of desktop systems?  How easy is it to
> hide that code so it doesn't do anything stupid 'til the appropriate
> time?  How easy is it to mask the origin of that code?
>
Aren't these questions proving my point? Haven't we come full circle, back
to mindset? I mean, sure, you can look at this from a purely technological
point of view, you can blame the software and Microsoft's OS monopoly, but
how do you propose to fix that? You /can/ fix it, of course. You can lock
down development processes, clean-room code, audit it line-by-line, try to
underrun and overrun the buffers, etc. You won't catch absolutely
everything, but you should be able to get five nines.

But what happens when your software leaves the clean-room? What will the OEM
do to it? What about the user? Ok, so we have to DRM our code to make sure
it can't be hax0red. Lock it down. And lock down the operating system too,
so the hax0rs can't install reverse-engineering tools and the like. Load the
OS into ROM, so it can't be modified. DRM it. Lock down the hardware, put it
in a sealed titanium box. No USB ports, we can't trust the user. No DVD or
CD ROM's. Hardwire the monitor. Forget the snazzy soundcard, you'll take
onboard sound and like it.

Forget about Linux, and FreeBSD, and all the other wonderful OS's that have
been thrown at us for free. Forget about the tools at the very core of our
network: Apache, sendmail, and bind. PHP and Perl and Python are all gone.
Qmail and Exim, procmail and SpamAssassin, emacs and vi, MySQL and Postgres,
all dead. You can't have them. I'm not exaggerating here, that's what you
have to do if you want a secure system, and /even then/ there's an element
of risk, because you didn't throw one particular string at the code in the
clean-room; and oops, you've got an underrun, j00r 0wn3d. Unlikely, but
possible.

Do we really want that flavour of security, everyone with the same box, the
same software? And it won't be open source or free software mind, it'll be
proprietry, because as soon as you lock those systems down, you lock open
source and free software developers out of their trade. Bill will own you.
And of course that introduces further risk, because you've got one entity
holding all the keys. Again though, that's not a technological issue, that's
a societal issue. It's not technology owning you, it's the guy that owns the
technology.

Again, I'm not saying we /should/ do remote electronic voting now, I'm
saying we can. Technologically, it's possible. It's our current society that
prevents it. We need to change the way society perceives electronic
security. We need to get "journalists" to stop using the work "hacker" when
they mean "cracker". We need people to understand that security is about
perception, about paranoia, about assuming the worst. We need them to
understand that when their computer is broken into, 90% of the blame lies
with them, not the people that wrote the software. THEY opened the email
attachment, not Microsoft.

> > There are technological ways around this, for example by
> > automatically closing - maybe evening uninstalling - the voting
> > application as soon as someone has voted.
>
> And this does what?
>
I would have thought it was obvious: It prevents people proving who they
voted for.

> Or they set up an unofficial polling station in some CyberCafes, or
>
You have the same difficulties, as this would be fraud on a grand scale. You
don't get a couple of hundred people gathering in one spot to be threatened
or cajoled out of their vote without someone talking about it.

> they set up a mechanism to transfer voting credentials so that they
> can act as proxy voters.  Not all of the attacks here assume a hostile
> target.  We are not just talking about vote rigging, but also
> vote selling.
>
Voting credentials here are keys though, and again, this is a societal
thing. You don't give your front door key to every Tom, Dick and Harry that
asks for them or threatens you for them. We need to give people keys and
teach them how to use them, teach them that they're the electronic
equivalent of house keys, which need to be kept safe and secure. And sure,
houses do get robbed occasionally, but to have a significant affect on an
election, you need access to thousands, tens of thousands of votes. Again,
we're talk and risk and effort, and society and mindsets.

> > This one is the most troublesome for me, although I think that
> > a properly implemented system with trusted oversight shouldn't
> > need second channel
> > verification.
>
> Do you know what all of the software on your computer does?  I don't.
>
Depends on your definition of "does" in this case. If you mean, do I know
exactly what the bits and bytes on my rig do when I open an app or change
something, then no, of course not; I'd imagine there are only a few hundred
people in the world that run systems they can understand from the On button
up. If your meaning is more basic though, then yes, of course I do.
Everybody should.

I can see where you're going with this, but to be perfectly frank I'm not
going to answer an unasked question.

adam




More information about the E-voting mailing list