Navigation
Topics
Log In
Log Out
:
Special Search
New Today
New This Week
Advanced Search
Tree View
Your Account
Edit Profile
Register
Forgot Password
Tools
Help/Instructions
Policies
CLICK STATE TO SEE:
"WATCH LIST"
Marked with: 
"OPEN & HONEST"
Marked with: 
...
|
| Holt response re: COTS language for d... |
|
| Author |
Message |
    
Bev Harris
Frequent Voting Rights Forum Participant
Username: Site_admin
Post Number: 633
Registered: 10-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, February 10, 2007 - 2:44 pm: | 
|
Complaint #7 as published here:
http://www.bbvforums.org/forums/messages/1954/46667.html
and discussed in more detail here:
http://www.bbvforums.org/forums/messages/46591/46613.html
Language on disclosed source contains an error in that it doesn't deal with COTS. This is a bill-killer.
COTS stands for Commercial Off-The-Shelf software, i.e., a commercial software product.
Holt office response to #7:
If the vendors’ interesting in protecting the proprietary code outweighs their interest in serving the public, that would be a debate they’d "love to have" on the Hill.
This provision should also be a boon for Open Source, whose code is by nature public
From BBV: Okay. That means dumping all Sequioa, ES&S, Diebold and Hart Intercivic systems, all of whom use undislosed COTS firmware and software. I'm looking for the funding for that...withholding further comments for now
Public comment welcome below. (NOTE:: You have to log in to comment. If you are not registered, just use the link in the left column.) |
Bev Harris
Frequent Voting Rights Forum Participant
Username: Site_admin
Post Number: 640
Registered: 10-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, February 10, 2007 - 4:35 pm: |
|
Upon further reading of this, I'm really concerned. It doesn't sound like Holt's office understands what COTS is. It isn't the vendors like Diebold, ES&S that would refuse to disclose. The issue is that all current equipment on the market contains third-party components, and the voting machine vendors have no authority to tell a third party to disclose, nor is there the ability to remove all third party items. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 3641
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, February 10, 2007 - 5:37 pm: |
|
I agree, Bev, I don't think they understand how far this issue goes.
Additionally, the fact that some legislators might love to have a certain debate doesn't mean an outcome of such a debate is likely to benefit the citizens. |
Jim March
Frequent Voting Rights Forum Participant
Username: Jimmarch
Post Number: 147
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, February 10, 2007 - 8:12 pm: |
|
Oh, the issue is a lot more fundamental than that.
See...we've given these legislators (and as a practical day-to-day matter, their staffers) the power to legislate all sorts of matters, technical and otherwise.
Clearly, somebody has mixed up "power to" legislate with ABILITY TO do so. Which in this case is lacking.
Lacking.
That doesn't really cover it.
The technical ability shown here is "lacking" to the same degree Anna Nichol Smith's self control and self image was "lacking".
Sheesh.
The question now is, can they be educated. |
Bev Harris
Frequent Voting Rights Forum Participant
Username: Site_admin
Post Number: 645
Registered: 10-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, February 10, 2007 - 8:19 pm: |
|
By ability to legislate, are you saying that they would need to require some manufacturers of components in, say, Taiwan or China to cooperate with disclosing the source code for voting machine components?
I'm wondering, Jim, with those outstanding photographs you took of the Diebold TSx motherboard, is there a way to put a circle around components that Diebold doesn't manufacture, and therefore can't release code on (because they neither have it nor possess authority to compel it)?
Would that be a quick and painless way to educate legislators on the difficulty of what they are asking? |
Jim March
Frequent Voting Rights Forum Participant
Username: Jimmarch
Post Number: 148
Registered: 05-2006
Best of Black Box? 
Votes: 1 (A keeper?) | | Posted on Saturday, February 10, 2007 - 9:52 pm: |
|
By "ability to legislate", I simply mean that they CAN pass laws! They're legislators, they have that ability - legally.
They do NOT have that ability "technically".
In other words...suppose a law was passed that you, Bev Harris, MUST be allowed to drive an Indy car in the 500. M'kay? You'd have that legal "ability". But...I've seen you drive  . You're not bad, but you wouldn't last the first lap before something both entertaining and horrifying went on...  .
You'd have the legal ability but not the technical ability. And you'd be in a world of hurt.
THAT is the position of the legislators and their staffers, and they're too brain-dead or too egotistical to understand when they're in over their heads and get competent advice.
So we ALL end up at 200mph, sliding sideways, they're behind the wheel and all we can do is...
-------
As to your suggestion: HELL YES we can do that. Let's see...where'd I put those...
(Message edited by jimmarch on February 10, 2007) |
Jim March
Frequent Voting Rights Forum Participant
Username: Jimmarch
Post Number: 149
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, February 10, 2007 - 11:21 pm: |
|
OK, here's a first draft in both PDF and JPG - Bev, feel free to transfer these up to the BBV domains and re-do these links...I'm just using equalccw to transfer the stuff (about 2megs per file):
--- DONE -- link to pdf is a few posts down now -- from Bev
I did some google lookups on some of the chips to confirm function, esp. the three graphics chips.
The PDF is kinda crude, first time I've used CUPS-PDF. It works though and when you zoom in the text cleans up pretty good. Basic composition was in "The Gimp", a Photoshop near-clone I'm not real good with yet...
(Note to all: I've completely abandoned MS-Windows and run Linux exclusively for the last six months - Fedora Core 6 lately. Love it. Best thing I ever did to a PC...) |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 3651
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, February 11, 2007 - 3:37 am: |
|
Jim, thanks for those wise words.
In my own words, what you're saying is they have the legal power, authority (and perhaps legal obligation) to do something, but individually and collectively they lack the technical skills and experience required to do this competently.
The legislation would inevitably produce a nightmare of incompetent actions because legislators and their staff are dictating technical "solutions" in areas outside their area of technical expertise.
The people who do have the technical expertise, who may be advising them, may have vested interests. |
Bev Harris
Frequent Voting Rights Forum Participant
Username: Site_admin
Post Number: 646
Registered: 10-2006
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Sunday, February 11, 2007 - 8:54 am: |
|
STRONGLY RECOMMENDED whether you are a tech or not:
One-page picture "show and tell" that anyone can understand showing why the language, as written, seems to say computers must be used but computers can't be used:
The bill says all software and firmware source code must be released.
The picture shows that vendors don't even have it and won't be able to get it, due to use of third party components, many from foreign countries.
This means the whole system would need a top-to-bottom redesign (unfunded mandate to the tune of what -- $5 billion?). If it's even possible. |
Bev Harris
Frequent Voting Rights Forum Participant
Username: Site_admin
Post Number: 647
Registered: 10-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, February 11, 2007 - 8:56 am: |
|
The above picture "show & tell" by Jim March. It's linked above in his post, but the link I just posted is a smaller file size. |
Jim March
Frequent Voting Rights Forum Participant
Username: Jimmarch
Post Number: 150
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, February 11, 2007 - 11:25 am: |
|
Yes, Bev's version is a much cleaner (and smaller) PDF file. Other than that, no changes. I'll delete the links to the originals on my personal site now...whoops, forum software won't let me.
Bev: yank the links in my doc and put in the new link on BBV to the smaller edition...thanks...
(From Bev - done - and Thanks, Jim! The one-page show and tell is very well recieved and I have already faxed a copy to Rush Holt's office for educational purposes.) |
Udar Koschka
Voting Rights Forum Participant
Username: The_zapkitty
Post Number: 1
Registered: 02-2007
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Sunday, February 11, 2007 - 11:58 am: |
|
(The zapkitty practices hit-and-run posting -er- parallel parking...)
Just a note while browsing "Holt II" stuff.
The basic assumption here is incorrect, tho it's not obvious. Not all firmware is proprietary, and there is no requirement in the bill to use extant Diebold machines... or any other extant EVM.
A variety of firmware exists that is open source and that is COTS-compatible. Many of the chipset functions on a standard PC board can be covered by open-sourced firmware... but not all.
I don't know that the missing pieces to exactly duplicate the COTS PC motherboards that the EVM corporations hacked to make their wares can be written up, tested, and burned in either of the specified time frames.
I think that either a simplified, specialized PC board with just the required peripherals and booted by custom chips will be needed, or the "Holt 2" provision will still be a no-go.
The starting point would be, by default, OpenFirmware.
http://www.openfirmware.org/
And as noted above there is actually no time to build and test such a thing...
The bill as a whole is obviously a patchwork, with measures shoved in by both pro-EVM and con-EVM parties and none of it thought out or coordinated. But I think this bit was written by a well-meaning someone on "our side"... someone with that creeping "implicit faith that e-voting can be done right" mindset...
And as a parting shot:
Open Source is not a panacea for e-voting's fatal flaws.
Open source code can be and has been exploited daily. Open source code tends to be better and more secure than proprietary code... but better is not good enough with this much at stake.
(The zapkitty drives off... carefully feeling the way with his cane... ) |
Bev Harris
Frequent Voting Rights Forum Participant
Username: Site_admin
Post Number: 650
Registered: 10-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, February 11, 2007 - 12:19 pm: |
|
Udar,
You see, to deal with this, the Holt Bill would reveal an even BIGGER unfunded mandate -- the need to replace every voting machine currently in use in America.
Election officials are not pleased that there is still some $900 million from the original HAVA they haven't been able to get compensation for. Holt allocates a grand total of $300 million -- and says that is for the text converter, which our figures indicate will really cost over $1 billion.
When you add in the requirement for public source code on subcomponents, as Jim says, it requires a total redesign, which means ditching all current voting machines and getting new ones, which haven't yet been developed.
It starts to sound like an ADDITIONAL $5 billion unfunded mandate, and at this time it mandates a product that doesn't yet exist.
I wouldn't call this lipstick on a pig. I think it's beginning to look more like lip GLOSS on a pig.
It glosses over the implementation issue to make it either unenforceable or a giant unfunded mandate. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 3659
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, February 11, 2007 - 12:33 pm: |
|
And in addition to the budgetary problems of "a giant unfunded mandate" there are the problems that accompany a massive, dictated IT project--especially one with a tight time frame for completion. Hasn't worked, won't work. This would be massive waste of public funds, though a windfall for certain companies and individuals. |
Jim March
Frequent Voting Rights Forum Participant
Username: Jimmarch
Post Number: 151
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, February 11, 2007 - 12:35 pm: |
|
Yes, the Openfirmware and LinuxBIOS projects are trying to solve this stuff, and you're right: the main motherboard BIOS *can* at present be opened up. The LinuxBIOS pages take you to links to manufacturers actually building PC motherboards with it now.
But that doesn't solve the issue of subsystem firmware down to the disk controller and I/O levels...not all anyways.
http://linuxbios.org/Welcome_to_LinuxBIOS
http://linuxbios.org/index.php/Supported_Motherboards
The Tyan motherboards in particular are ready to go right now for central tabulator use... |
Bev Harris
Frequent Voting Rights Forum Participant
Username: Site_admin
Post Number: 651
Registered: 10-2006
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Monday, February 12, 2007 - 5:24 am: |
|
HEADS UP: If you want public disclosure of code, be aware that the language in the Holt Bill regarding disclosed code -- if it survives at all -- may be gutted later on in the legislative process. There are two things in the ACCURATE Annual Report that merit increased vigilance on the part of the citizenry.
ACCURATE is a group of scientists and public policy professionals funded by the National Science Foundation. ACCURATE members have been contributing advisory information to legislators behind the scenes, and because of their stature as experts are likely to have more influence than the citizenry.
The ACCURATE Annual Report indicates that (1) ACCURATE is not in favor of public disclosure of the code and (2) ACCURATE is in the process of, but has not completed, an analysis of the legality and constitutionality issues.
Here are two sections from the ACCURATE Annual Report that apply:
http://www.bbvdocs.org/US/ACCURATE.pdf
(238 KB)
1) ACCURATE's assessment of the advisability of public disclosure of code:
quote:
We examined the potential role of source code disclosure and open source code requirements in promoting technical improvements and increasing transparency of voting systems. We described the gradual decrease of transparency surrounding voting technology that occurred over the course of United States' electoral history, the implications that source code disclosure has for transparency, the negative effects that enclosing transparency has had at different levels and the regulatory and legislative efforts to increase access to source code. We then looked at the benefits and risks of open and disclosed source code regimes for voting systems, efforts to provide open source voting systems, existing open source business models that might translate to the voting systems context, regulatory and market barriers to disclosed or open source code in voting systems and alternatives that might exist outside of public disclosure of source code. We concluded that disclosure of full system source code to qualified individuals would promote technical improvements in voting systems while limiting some of the potential risks associated with full public disclosure.
1) ACCURATE's unfinished assessment of the legal issues of public disclosure of code:
quote:As a follow-on to this policy analysis, we are in the early stages of writing a paper entitled, "Legal Barriers to the Disclosure of Voting System Source Code" that more fully sets out the various legal hurdles and issues involved with source code disclosure. An important branch of this research involves analyzing whether compelling unwilling vendors to disclose source code raises constitutional concerns. Beyond this, however, we will examine legal issues that arise if voting system vendors are willing to disclose source code, but other parties — such as election officials — might not be. In addition to more fully articulating the legal landscape surrounding disclosure of voting system source code, this research will also examine voluntary and mandated source code disclosure in other sectors to gain additional perspective and guidance. We intend to make work accessible to policymakers, election officials, vendors and advocates who seek to gain a richer understanding of the legal consequences of disclosed source code, while also advancing the state of legal scholarship in this area.
The Holt Bill begins its public disclosure section with a statement that the code is to be disclosed to the state; tagged on at the end is a requirement that the EAC disclose to the public on request. There may be a reason those two requirements are disjointed. Black Box Voting has received information that after the initial language was written recommending disclosure to the state, Brad Friedman went to bat behind the scenes for the public's right to know.
Here's the language in the current rendition of the Holt Bill regarding disclosed code:
quote:(9) PROHIBITION OF USE OF UNDISCLOSED SOFTWARE IN VOTING SYSTEMS.—No voting system used in an election for Federal office shall at any time contain or use any software not certified by the State for use in the election or any software undisclosed to the State in the certification process. The appropriate election official shall disclose, in electronic form, the source code, object code, and executable representation of the voting system software and firmware to the Commission, including ballot programming files, and the Commission shall make that source code, object code, executable representation, and ballot programming files available for inspection promptly upon request to any person.
Some citizens involved in election integrity recommend sticking with the Holt Bill and addressing its problems through amendment or a new version in the Senate. It's true that changes can still be made.
"Changes" can work both ways. "Changes" will certainly represent the advocacy of several interests, not just those of the citizenry.
Given the ACCURATE position on nondisclosure of code to the public, citizens who want disclosed code should be aware that two forces -- industry, with its powerful legal teams, and ACCURATE, with its powerful bloc of scientists and public policy advisors -- may be advising against public disclosure.
Possible changes to restrict disclosure to "qualified individuals" were telegraphed in the Feinstein Hearing last week, where Brit Williams and Dan Wallach batted the birdie back and forth across the net. Dr. Williams cautioned strongly against public disclosure, and Senator Feinstein responded with something like "but you wouldn't be averse to having someone qualified, like Dr. Wallach, examine the code." Dr. Williams agreed that would be satisfactory.
Someone qualified. Not the public. |
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 1185
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, February 12, 2007 - 10:44 am: |
|
I think this basically shows that if you want a bill that says what you want, you'll have to write it yourself. Especially since the devil is in the details. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 3664
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, February 12, 2007 - 10:48 am: |
|
Like Pat said. . . We have to write it ourselves. |
Rodger Silvers
Voting Rights Forum Participant
Username: Walker
Post Number: 1
Registered: 04-2007
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, April 10, 2007 - 4:15 am: |
|
Great thread! --But sad. Any advocate for transparency could read it and weep.
Can we get language included requiring conformance to an ANSI or NIST standard--which may or may not exist? Afterall, we're talking about early model machines here. The Feds should require simplicty in order to achieve accuracy. For example, I question the need and safety of having both PCMCIA AND smartcard slots in the same machine as shown in the picture.
The Feds have put some excellent standards out there? How about one addressing hardware validation in e-voting machines? |
Udar Koschka
Voting Rights Forum Participant
Username: The_zapkitty
Post Number: 27
Registered: 02-2007
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, April 21, 2007 - 8:01 am: |
|
Rodger,
These machines are just standard PC mainboards kludged together into an "e-voting machine". Thus they have many built-in functions... and vulnerabilities... that they should not have.
As for your wishes for a sensible hardware standard: that was supposed to be the job of the Election Assistance Commision but the EAC was so busy playing patticake with the e-voting corporations and so busy playing extremely partisan voter-disenfranchisement games with the powers granted them by HAVA that they failed to accomplish their missions in every respect...
...that is, they have failed in their actual chartered missions without exception. I'm sure that certain parties are very happy with what the EAC has otherwise done to American elections. |
|
|
A picture of third-party firmware in current voting machines
