lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040929075917.GA13769@float.lefant.net>
Date: Wed, 29 Sep 2004 09:59:17 +0200
From: float@...ant.net
To: bugtraq@...urityfocus.com
Subject: Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes


> How do you know that the software generating the audit trail is playing 
> fair if it's closed source?
> 
> Sometimes, IMHO, there's just no alternative to pen and paper.  Surely 
> the manual method of ticking a box and having multiple human vote 
> counters checking ballots is the best option going, even if it is more 
> expensive.  (I confess I've no idea what costs are involved either way.)

i don't think that you can save a lot of money, if you implement the
same 'security' and 'auditability'. i've monitored two elections in an
east european country this year. people's confidence into democracy
isn't very strong in this country and there might have been some
incidences that you wouldn't expect within long established democracies
but in general the premisses are the same.

from my point of view you cannot guarantee any human auditability
without a paper trail, in the form that the voting machine prints a
ballot that will be put into a ballot box within public sight, meaning
that independent monitors can see that everybody throws exactly one
ballot into that box. thus you will need some kind of election comitee
in every polling station that takes care of those ballot boxes (seals
them after the vote and securely transports them to the next authority).
like this you will maybe save on the counting, but with voting districts
not bigger than 2000 people human counting took no longer than 3 hours
and you will not save on bureaucratic processes that account the proper
procedures with sealing and handing over the ballot boxes.

from my expirience with voting in not so established democracies it
becomes clear that the whole voting process has to be understandable by
everybody not only some tech geeks and crypto specialists. because if
some provincial politicians are not able to verify the fairness of the
vote they will call for a recount. OOS even with Open Source Hardware
(yes who tells me that Party A's votes don't get counted by a chip that
calculates 1+1=3) with Public Records cannot be sufficient for that.
Because if Joe and Jane Average don't understand the process the same
way Bruce Schneier does they have the right for a manual recount and
than we haven't saved any money. That's democracy.

Not everything that can be done by machines is automatically better, as
if we would do it by hand.

float 
-- 
-----------------------------------------------------------------------
                       _        |    .''`.Florian Klinglmueller   
ASCII ribbon campaign ( )       |   : :'  :debian-ppc user        
 - against HTML email  X        |   `. `'`                      
             & vCards / \       |     `- float@...ber.org          
------------------------------------------------------------------------


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ