lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040928001512.GA24358@carbon.redbrick.dcu.ie>
Date: Tue, 28 Sep 2004 01:15:12 +0100
From: Colm MacCarthaigh <colmmacc@...brick.dcu.ie>
To: Nicholas Knight <nknight@...awaynet.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: Diebold Global Election Management System (GEMS) Backdoor Account    Allows Authenticated Users to Modify Votes


On Sun, Sep 26, 2004 at 10:16:09AM -0700, Nicholas Knight wrote:
> Paper trails are a safeguard to be used in the event the system doesn't
> work, but they're *less accurate* than a *working* electronic voting
> system would be. 

Firstly, I'm not certain there is basis for this claim. Most human
counting problems are caused by a lack of clarity on the original
record, be it pencil-marks or chads. Since any useful voter-verified
audit-trail is likely to consist of simple clearly-printed preferences,
which have been verified by a voter before being cast, there is every
reason to believe that accurate counting with good transparent human
counting procedures are implementable. 

Secondly, how does one determine if the system has or has not worked
without checking the audit trail? If the electronic result says
candidate A beat candidate B, how do you know if that is accurate without
performing a comparison?  

Since this comparison is the key to any successful integrity check, it 
seems that we still need a transparent, human-auditable counting system
anyway - to verify the veracity of any electronic results.

There is, as yet, no credible mechanism by which an auditor can decide
- merely on the numbers - whether an electronic result is likely to be
erroneous or not. Opinion and exit polls are frequently wrong, and an
electronic system may be as likely to mis-count one vote as a thousand.
What mechanism can be proposed?

> We have an unprecedented opportunity here to count every vote with
> perfect precision through electronic voting systems.  Unless every
> aspect of those systems is open to public review, we're throwing that
> opportunity away.

Electronic systems are not open to non-destructive or unassisted review, 
their implementation is sub-microscopic. 

-- 
Colm


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ