[Fwd: Re: [E-voting] About Estonian e-voting]

Colm MacCarthaigh colm at stdlib.net
Tue Oct 25 09:21:30 IST 2005


On Tue, Oct 25, 2005 at 03:07:52PM +1000, Craig Burton wrote:
> >>Hackers will employ the law of least effort.  This helps us determine 
> >>where to look for hacks.  
> >
> >Of all of your bizarre arguments, this is perhaps the most flawed. 
>
> A system bug or flaw can be anywhere.  A hack has a purpose and it can't 
> do anything from anywhere on the machine.  A good search heuristic is to 
> look where the hack can most likely be executed, be least likely to be 
> found and yet most likely to achieve its purpose.  The BIOS is a good 
> place to hide, but something has to call the BIOS code to get it 
> executed after the boot sequence.  Better to trojan a common 
> executable.  I could argue about microcode but this has even more 
> constraints as a hack has to be prepared further in advance.

This assumes the a) attackers are not clever enough to make those same
judgements about were you look, and b) non-malicious errors are not a
problem. 

> >It would be relatively trivial to achieve either.
>
> Please provide examples or evidence that backs this assumption.  

I already have: attack the input/output layers. You're not even
understanding the well-known basic points here, I'm not investing my own
time coming up with specific examples for you. 

> Both are very hard, the JVM possibly being more plausible.  

They are not at all hard. As I said, relatively trivial.

> Still, this doesn't help remote voters: some sort of remote service for 
> VVAT has to provide the equivalent oversight.

There is no help for remote voters. Remote voters will always be prone
to vote-buying, intimidation and impersonation. Large-scale remote
voting is not compatible with safe democracy.

> >Thankfully, we don't have FPP.
>
> If the US wasn't FPP, Kerry would have got Nader's votes and left (ish) 
> majority would have won as they should have.   The ramifications of the 
> US FPP voting system are global.

I don't care, I don't live in the US.

-- 
Colm MacCárthaigh                        Public Key: colm+pgp at stdlib.net



More information about the E-voting mailing list