[E-voting] UK govt circular mentions open-source e-voting

David GLAUDE dglaude at poureva.be
Thu Jul 21 21:42:56 IST 2005


In Belgium we have access to what is suppose to be the source code of
the election...

Almost no one look at it and those who do find bugs or problem in it or
find it uggly.

Those bug are either:
* silently fixed without acknoledgement
* not fixed
* not fixed and refuted by the expert who obviously did not get the point

The official analyse of the code (paid by the state) was shown to the
official expert under non disclosure agreement...

Those official expert say that one of the bug we have encounter and
could have make some vote not beeing counted was known by the testing
company, not documented and not fixed by the vendor dispite the fact
that expert asked the result to be double checked.

David GLAUDE

cansbro at eircom.net wrote:
> Some of the problems could only be revealed by a forensic examination of
> hardware or memory cards.  Do you really think any jurisdiction is going to
> do a forensic examination of all hardware and software for every election? 
> Points have recently been raised at BBV (where horrendous memory card
> exploits have been demonstrated) that show that it's not even enough to do
> a forensic examination of memory cards after an election, but one would
> also have to do the same to some unused memory cards because there are ways
> of tampering that can disappear after use.

A bit more on the "media" used to boot the system or to authorise the
voter to vote or to collect the result of the vote...

We use magnetic card so there is no fear of having a new software in the
magnetic card... however a card with special content could trigger a
special behaviour.

That floppy (unique except for the backup that is not in use) used to
boot the system is set to NOT write protect and boot the electronic
ballot box, then 5 of 6 voting machine, then return to the electronic
ballot box at the end of the day to store the result.

Since we have official expert, they take copy of the floppy durring the
day of the election and compare to the reference binary code.

In 2004 I meet with the president of the expert and told him that the
content of the copy of the floppy they take in the middle of the day
might be different that the content of the floppy in the morning before
the ballot box was booted.

It took him minutes before he could understand that the encryption and
the security code that the president has to encode at the first boot was
useless against someone that had access to the floppy and could replace
it with some other content.

Obviously:
* read only media should be used to boot the system.
* write once media should be used to store the result.

For some reason (maybe economical) most of the system do not work like that.

David GLAUDE



More information about the E-voting mailing list