[E-voting] Third party code

Marian Beddill beddill at nas.com
Thu Jun 2 18:04:25 IST 2005


At 6/2/2005  09:43 AM, you wrote:

>On Thursday 02 June 2005 13:40, Brian O'Byrne wrote:
> > Within that there are lots of subtleties and opportunities for
> > mischief. You could, for example, rewrite the device driver that
> > mediates between the OS and the memory cards, so that reading the
> > same memory card on two different machines (or with two different
> > programs) could give different results.
> > There is almost no chance that sort of tampering would be caught by
> > a code review, because the code review would almost certainly
> > assume device drivers behave as expected.
>
>On this note: Does anyone remember from previous documentation how
>much of the delivered system originates with third parties?
>I know I had the link to the machine specs, but can't find it now.
>
>For example: we know the count machines run an operating system and
>database application provided by Microsoft.
>The keyboard on the voting machines is proprietary, so presumably
>there must be a device driver for it. Did that originate with NEDAP
>or a third party? Similarly the device driver for the memory modules.
>I remember there was Roxio CD burning software mentioned in the spec
>for the count machines, so that is another third party source of
>code.
>
>Brian.
>--
>Brian O'Byrne, Statesoft Ltd.
>Tel: +353 1 4100 993, +353 86 240 4719
>http://www.statesoft.ie/


Exactly a point which I and many experienced computer professionals have 
been saying.  The front-end code, that the ordinary user sees and 
considers, is only one part of the system.  Drivers, compilers, firmware, 
data transfer tools, and the OS are just as subject to errors or malicious 
changes as the commonly-recognized code which adds up numbers from a 
dataset and displays those totals on-screen or on paper.

The only known verification process which runs completely and securely from 
the intent of the voter - to the published and certified totals which 
determine an election winner, is a voter-verifiable paper ballot, used 
properly in a mandatory double-check of the reported results.  See 
http://NoLeakyBuckets.org .  The discussion may revolve around how much of 
the result to audit, and how to randomly select sets and races to be 
audited, but never to miss doing an audit.

Marian Beddill
Washington State, US


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.322 / Virus Database: 267.3.3 - Release Date: 5/31/2005





More information about the E-voting mailing list