lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0409281314360.861@shishi.roaringpenguin.com>
Date: Tue, 28 Sep 2004 13:22:34 -0400 (EDT)
From: "David F. Skoll" <dfs@...ringpenguin.com>
To: Adam Jacob Muller <adam@...linux.us>
Cc: bugtraq@...urityfocus.com
Subject: Re: Diebold Global Election Management System (GEMS) Backdoor Acc
 ount    Allows Authenticated Users to Modify Votes


On Tue, 28 Sep 2004, Adam Jacob Muller wrote:

> At a recent family gathering I spent about an hour trying to explain to
> various people why "open source" voting machines are more secure.

But security of voting machines is not (or should not be) the issue.

The issue is that we live in a democracy, and unless the average person
is able to satisfy for him/herself that the voting machinery is fair,
then it makes no difference whether it's open- or closed-source.

I'm an open-source advocate, but I think *any* kind of computerized
voting machine is disastrous.  Maybe a select few among us can verify
that the circuitry of the machine is OK, analyze the source code to verify
that it's OK, analyze the cryptography to verify that it's based on sound
principles, and analyze the binary code to verify that it came fom the
purported source code.

But that's not good enough.  Anyone capable of voting is capable of
understanding how to mark an X on a ballot, and the process of
securing, counting and validating the votes.  (This is the system we
use in Canada.)  And I direct complaints from anyone who says it will
take forever to count millions of votes to /dev/null.  People in a
vote-counting tree can count N votes in O(log N) time.

*Any* use of advanced "voting technology" is a step back for
democracy, because not only does it open the system up to fraud, but
it also disenfranchises the majority of the population who are now
unable to understand how their votes are counted and secured, and how
the counts are verified.

> I simply don't understand why a company doesn't do open source voting
> machines...

Because it's a non-solution to a non-problem:  Electronic voting machines
are not only unneccessary, they're harmful.

--
David.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ