[E-voting] details about ClearVoting
Patrick J Kobly
patrick at kobly.com
Fri Aug 31 22:56:37 IST 2007
Once again... From http://www.clearvoting.com/detail_software_en.php
> ClearSoftware is a method of _writing, producing, publishing,
distributing, installing and running
> software_ that ensures the easy detection of any computing tricks
that could produce unwanted
The use of the word "ensure" here is unsupported hyperbole.
> ClearSoftware is not only applicative software but also the whole
operating environment in which
> applications are executed.
Okay... One step forward. You're starting to try to look at the full
(technical) context. You do, however, ignore firmware and hardware in
this situation. Certainly, BIOS, drive firmware, bus firmware have the
capacity to modify contents of data read into memory. Whether or not we
have observed malware in the wild doing this is thoroughly irrelevant.
Thought experiment. Consider installing your solution in a VMWare
virtual machine? Could the VM be subverted to subvert your
application? If so, why could hardware / firmware not be subverted in
the same way?
> We could trust results of an applicative software if we could:
> trust the applicative software
> trust the operating system in which the applicative software runs
> trust that nothing else runs in the computer
> test ourselves all the software on our computers
Indeed, I would concur with this. Your proposed solution does not
satisfactorily address any of these.
goal how ClearSoftware fulfils the goal
trust the applicative software
* applicative software is 100% Open Source coded in human-readable
text files that, without any need of compilation,
[PK] Sheer and utter nonsense. The reason Thompson focusses on
compilation is solely because interpreted languages were not as
important when he wrote the Turing award lecture as they are now. From
an information perspective, the challenge with code is not compilation
per se, but translation. Just as with compiled code, something is
needed to interpret the "human-readable text" and implement it in terms
of machine operations. In many cases, interpreted languages are much
_less_ safe than compiled languages. (Google "phpbb vulnerability" if
you don't believe me)
* are executed by some of the base services of the operang system
(database, browser, server httpd...)
[PK] Heh. If you believe a DBMS, browser and web server are base
services of the operating system... Again, search CERT/CC for vulns in
MySQL/PostgreSQL/PHP/FF/Apache. Further, how do you verify that the
httpd running is the one publicly available? That's right, you can't.
trust the operating system
* the operating system is an Open Source operating system downloaded
from the Internet
[PK] Which cannot be verified
* customizations of the operating system are only well-documented
human-readable text files
[PK] Which customizations still need to be interpreted through something
in a machine language.
trust that nothing else runs in the computer
* the software is distribuited in the form of read-only media
[PK] Define read-only. Is a CD-R read-only? a pressed CD? A USB
drive with the read-only switched locked on? All of these can be
modified. None of this even matters if you can't trust that the system
reads the media accurately anyway.
* the installation of the media automatically
o formats all disks of the computer
[PK] Define "format"
o installs the Open Source operating system
[PK] Sourced from where? How is its integrity verified?
o installs tthe Open Source applicative software
o boots the newly installed system
o runs the Open Source applicative software
test ourself the software on our computers
* the ISO file of the self-installable media is distribuited on the
[PK] And again, how do we verify this is what's running on the
actual systems used in the election?
Please watch the ClearSoftware animation
To be ClearSoftware compliant, any software must adhere to the following
<Snip bunch of stuff reiterating the above table>
* the text file ClearSoftware.txt that must contain the full
identification of the orignal operating system and all the
info about its customization, as it follows:
o identity of the original operating system (name,
version and release)
o URL from which the ISO of the orignal operating system
has been downloaded
o date and time when the orignal operating system has
o MD5 or similar check of the orignal operating system
o full path of the "A" and "B" folders
o full path of all the files of the orignal operating
system that have been customized but could not be
placed in folder "A"
[PK] And what happens if this text file is modified or intercepted? How
do you verify its integrity?
1. the final distro must be published on the Internet in the form of
ISO file together with its MD5 (or similar) checksum so that
anybody can download the final distro and install it on his/her
computer to analise and test it
[PK] Again, MD5 only verifies something about the data on a particular
media. Nothing about the data actually being used.
1. since latest release of any operating system may have problems
still to be discovered, it is
Better to have an older version with problems already discovered?
1. wise to download from the Internet an older release. It doesn't
matter if it has known bugs, as far as they don't impact on our
application (like bugs related to devices we don't have or related
to base services we don't use).
It doesn't matter if there's a bug in the installed sendmail daemon,
because this machine doesn't use a mail server. Riiiiiight. Come on!
1. Using an old release also ensures that nobody may have hacked it
long ago to alter the behaviour of our today's ClearSoftware
Only if you can verify that what's being run is actually the old
version. Which you can't.
1. As an example, the applicative software can be a WEB application
that is written in PHP <http://www.php.net> and it uses a MYSQL
In addition, it is _very_ bad form to specify specific implementation
technologies in a methodology specification.
1. the final distro can undergo a process of mass duplication or
replication. A logo may be impressed on each CD (or DVD) to
certify it's original.
And you can start a process of mass-fabrication of the hardware /
firmware and all of its components too... Chip fabs aren't that
1. anyboy can verify the content of each CD (or DVD) simply computing
its MD5 (or similar) checkum and comparing it with the one
published on the Internet
Steps to creat a ClearSoftware distro
1. code the applicative software
2. choose the Open Source operating system to be used to run the
3. download from the Internet the ISO file of the chosen Open Source
4. create the file structure of the final distro adding to the
operating system the folders "A" and "B" and the text file
5. burn the master CD (or DVD) of the final distro
6. publish on the Internet the ISO file of the final distro and its
MD5 checksum (or similar)
1. Collect Underpants
What for ?
Most of the times we don't need to know in detail the software we use
because we simply compare its output with the expected one (e.g. we move
the mouse and we check if the pointer actually goes where it should).
But same times we deal with unverifiable input data or with event that
must follow a given law (usually the law of equal chance) in a term that
is too long for us to verify it. For examples:
* voting. Nobody can ask voters whom they voted for, so nobody can
verify if the vote recorded in each elector's behalf is true or
not. Electors must trust the way their votes are collected and counted
* gambling. To be fair, gambling must be based on truly random
events, but no single gambler can verify it, unless he gambles for
days and days without a rest. Thus gamblers must trust the way
such events are generated
[PK] Gambling is a much simpler problem. The characteristics of the
game are much better understood and verifiable (we know how often
triple-7's should come up on a slot machine), audit trails need not be
anonymized or disassociated from time. Yet, still, there are huge
vulnerabilities discovered from hidden code in electronic gaming
machines. Conflating these two problems is thoroughly inappropriate.
Thus fairness of elections and gambling can be ensured only by means of
public and verifiable procedures. It is not by chance that fairness of
elections has been based upon ballot papers publicly managed and counted
and that fairness of gambling has been based upon cards publicly
shuffled and dice publicly thrown.
I'm not aware of people complaining about the undisclosed software
running on gambling machines, but it's quite obvious that for voting no
undisclosed software should ever be used.
[PK] Then you haven't been following media coverage of gaming
Open Software is often proposed as a safe way to use computers in
voting. But Open Software by itself is not enough because:
* it's practically impossibile to verify that the program being run
in all polling stations is really the one originating from the
compilation of the verified Open Source sources
* rigged alterations to the results could also derive from
fraudulent modifications of compilers, operating systems, system
libraries, interfaces and other high level applications
ClearSoftware addresses all the above points in a simple, cheap and
[PK] ClearSoftware addresses neither of these two points.
An example of ClearSoftware application
Here it follows an example of a ClearSoftware application.
It uses a web browser to interact with users and a mysql database to
access data. Both are part of the Open Source operating system
downloaded from the Internet, thus only the applicative software
(yellow) must be really coded. Applicative software is written in any
interpreted language that doesn't need any compilation (PHP
<http://www.php.net> in the example), thus it's easy to review it for
bugs or hacking.
[PK] Okay, you _clearly_ have not been involved in _any_ serious
maintenance of PHP applications.
No other part of the system (light blue) needs to be reviewed since they
all come from the Linux distribution downloaded from the Internet.
[PK] *cough* Are you ^*&%ing serious? Are you insane?
an example of ClearSoftware application
As you can see on my site www.electronic-vote.org
<http://www.electronic-vote.org> I'm one of the most heated and radical
opposers to electronic voting as it is presently intended and proposed.
[PK] Seriously, go read Jason Kitcat's writing on why he shut down the
GNU.FREE open source voting software project that he started up.
Recently this deep-seated aversion, together with over twenty years
experience as a computer technician, has led me to work out
ClearSoftware <http://www.clearvoting.com/intro_software_en.php> and
ClearVoting <http://www.clearvoting.com/intro_voting_en.php> that
overcome all the limitations of current electronic voting systems.
[PK] When you consistently use hyperbole like "overcome all the
limitations of current electronic voting systems," you will certainly
invoke the ridicule of a large number of serious security folks. You
don't know what you're talking about and you don't provide sufficient
support for your arguments. Your snake oil is getting tiresome.
I'm looking for companies willing to invest in the new voting system,
thus interested companies please send me a message
[PK] Advice to prospective investors - Do your own due diligence.
Besides which, there's nothing to invest in. No working system
protected by copyright. Nothing patentable. Just a trademark with no
reputation. Good luck.
More information about the E-voting