lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 28 Sep 2004 18:16:04 -0700
From: Craig Paterson <craigp@...pett.com>
To: Adam Jacob Muller <adam@...linux.us>
Cc: bugtraq@...urityfocus.com
Subject: Re: Diebold Global Election Management System (GEMS) Backdoor Acc
 ount    Allows Authenticated Users to Modify Votes


Adam Jacob Muller wrote:

> At a recent family gathering I spent about an hour trying to explain 
> to various people why "open source" voting machines are more secure.
> Everyone perceived "open" as being able to go in and change votes...
> The fact that I was trying to explain the open source model for the 
> first time did not help...


Therein lies the issue. Understanding the (possible) benefits of 
open-source voting machines, and how computerized voting systems might 
or might not be reliable and verifiable has two big problems:

i) it's obscure
ii) it's boring

It's obscure because at the least you need a grasp of various concepts 
of computers and software to understand the terminology, let alone 
decide on the relative merits of different approaches. It's boring 
because people who don't know those things on the whole really don't 
want to, especially given faith that "someone else is checking" and that 
elections "don't get tampered with in the West" (etc.)

Paper votes are slow to count and may be spoiled. Ballot boxes may be 
lost. But the basics can be grasped by just about anyone, and from there 
much of the detail understood. It's a piece of paper, somehow marked to 
indicate preference. Those pieces of paper are counted, and that count 
decides who won (whether it's first past the post, STV, ATV or 
whatever). Even the complicated stuff is understandable. That's why the 
obvious compromise is a paper audit trail: the machines can count the 
votes very quickly, but if there's a problem you can do it the 
old-fashioned way, and everyone can understand the old-fashioned way.

Craig.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ