Forum Navigation
Topics
Log In
Log Out
:
Forum Search
New Today
New This Week
Advanced Search
Tree View
Forum Account
Edit Profile
Register
Forgot Password
Forum Tools
Help/Instructions
Policies
CLICK STATE TO SEE:
"WATCH LIST"
Marked with: 
"OPEN & HONEST"
Marked with: 
...
|
| (US) 11/06 - Open Source Software for... |
|
| Author |
Message |
    
Thomas White-Hassler
Voting Rights Forum Participant
Username: Twhitehassler
Post Number: 1
Registered: 11-2006
Best of Black Box? 
Votes: 4 (A keeper?) | | Posted on Sunday, November 5, 2006 - 1:03 pm: | 
|
Subject: Open source software development needed
Dear Black Box Voting, I can think of no area of computer use in our society more in need of open source software development than that of voting machine software. If the code used to operate voting machines was open to everyone then any security holes and/or other buts WOULD be known by everyone and everyone could fix them and know that they were indeed fixed.
If you're unfamiliar with open source let me give a quick example. Microsoft has developed a computer operating system called Windows (there have been many different versions, Windows XP being the most recent), and the computer program statements that make the system work are proprietary, i.e., no one outside of Microsoft can see them. When security holes are discovered in Windows (remember we are talking about millions of lines of computer code) Microsoft is the only one who can fix them, and there have been occasions when the company has attempted to gag the users who discovered and reported the problems until Microsoft has had time to work out a remedy (and perhaps to do PR damage control).
Another operating system, Linux, was developed by Linus Torvalds, a Finnish software engineer. Unlike Microsoft, Torvalds shared the source program code of his operating system with anyone who was interested in it. Furthermore, as those who got copies and worked with it developed new features or discovered security or other problems, they shared them with Torvalds, who posted all of this information and shared it with everyone. So when a security hole in Linux is uncovered everyone is immediately made aware of its presence (which lets the user decide if they should continue using the software and assume potential risks, or suspend use until the fix is installed), and a worldwide community of programmers tackles the problems. Typically Linux problems are addressed in a quarter the time it takes Microsoft to respond to theirs. Although it is counter-intuitive to many, Linux is more secure than Windows because it is open, everyone/anyone can look inside "the black box".
But the key difference is that everyone can know how the software works.
As a society we still have to address other problems with computer-based voting machines, such as the potential for tampering with memory cards. Isn't it puzzling that the film and music industries have developed subtantial, if not perfect anti-tampering mechanisms but Diebold, Sequoia, et al haven't been able to develope anti-tampering mechanisms for voting machine memory cards? |
Tom Sweet
Voting Rights Forum Participant
Username: Tsweet
Post Number: 46
Registered: 06-2006
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Sunday, November 5, 2006 - 6:37 pm: |
|
It is not that puzzling. The music and film industries are much larger billion dollar organizations. |
Javier Ruiz
Voting Rights Forum Participant
Username: Ruizjf
Post Number: 1
Registered: 11-2006
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Sunday, November 5, 2006 - 10:16 pm: |
|
Open Source is a great ideal for the voting machines. Open Source has worked great for Linux and has helped Linux grow into a strong OS. Great point Thomas. |
Jim March
Voting Rights Forum Participant
Username: Jimmarch
Post Number: 96
Registered: 05-2006
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Sunday, November 5, 2006 - 11:28 pm: |
|
My *personal* view is that Open Source (or it's cousin "Public Source" in which the code is still privately owned but fully disclosed) can be "part of this complete breakfast" - in other words, it's not the whole solution to anything, but it can be a key component if we're going to use computers in elections at all.
Without getting into the fight between "pure hand counting" and "better machines", an improved computerized count might have several key features: it would be based at it's core on paper ballots, a machine at the precinct would scan them and record the hashes of each scan, which would be printed to paper right away. At the end of the day scans would be recorded to NON-ERASEABLE media (CD-R versus CD-RW for example) at the end of the day. These scan CDs (or DVD-Rs or HD-DVD-Rs...) would be created for anybody who wants them - media, parties, unions, citizen groups, whatever, plus one for the county to do their tabulation on by processing the scans. Key thing: the county's tabulation can be double-checked with other programs. Imagine each TV station bringing their fastest "gaming class" PC to the elections office to process those scans faster than the county themselves, with citizen groups chugging along behind on slower but equally accurate gear.
This is a "white box" model containing a lot of concepts originally by Harri Hursti. Humboldt County California is considering an offshoot of this: go ahead and run Diebold optical scan, but feed ALL the paper through another scanner, a standard big ol' commercial job with a 500-sheet hopper and fast double-sided processing, worth about $15k. That spits out CDs/DVDs/etc, which can be handed out for processing completely independently of the Diebold software.
No hashing of the scans, but...still better than running a pure Diebold shop. If citizen or party observers watch these "secondary scans" happen and see the disks cut right there, the lack of hashing won't be that big a deal as there won't be time to digitally manipulate the scans (which is what hashing protects against).
Interestingly, as long as you can trust a big commercial scanner not to have "cheat stuff" in it, you get an improved audit process *without* open source. Not perfect, but improved. It works because the scanner doesn't have optical character recognition on-board. Without knowing what's on the paper, it's "too stupid to cheat". The scans get processed later with open source/public source code, human eyeballs or both.
As to Linux. I'm on Ubuntu 6.06 "Dapper Drake" myself, full time  . I'll report on it's state of development in more detail later but short form, yes, it's ready for prime time, especially in a limited-function environment such as voting. (In other words, my access to "Youtube videos" is slightly glitchy at times, but the basic stability and usability is excellent.) Ubuntu (like most Linux distributions) does have some "secret code modules" for things like improved video performance, video handling and the like but a new variant with all publicly disclosed code has just been released:
http://www.tectonic.co.za/view.php?id=1251
It's not the only one out there, and BSD has it's fans too. Or the distro I'm running could work OK with various "fun bits" stripped down. |
Bradley Spencer
Voting Rights Forum Participant
Username: Brad_spencer
Post Number: 15
Registered: 11-2006
Best of Black Box? 
Votes: 4 (A keeper?) | | Posted on Monday, November 6, 2006 - 6:19 am: |
|
Guys
You might be interested to read this string for a different spin about open source in elections:
http://www.bbvforums.org/forums/messages/72/44925.html?1162806060
Remember, there are bad guys in the world today, not just good guys that contribute to open source community.
Also, if the code is available to anyone and everyone that includes the bad guys looking at how they can use the open source code for malicious intent, like hacking into an election system and changing the result, because someone thought it would be a good idea to open source the sourcecode and let Mr bad guy spend his days and nights scrutinising it and finding a weakness.
Its a lot harder for a thief to brake into a safe in total pitch darkness without the combination.....but if some fool left the lights on and the combination written on the front of the safe door, then he has a more than average chance of success !
I think open source has great advantages in certain uses, but not in a voting machine, well certainly not "open source" anyway. "Opening up your source" is a different matter.
If election vendors were required to open up their source to scrutiny by trusted organisations this would be a good start, but letting anyone have access which is "open source" is just turning the light on and writting the combination on the front of the safe door !
As I mention in the referrenced string above, the problem as I see things is not the scrutiny of the code for, during and at the point of certification, its after certification.
Election vendors make constant changes to their code after initial certification as the individual counties and states require a wide diversity of besboke requirements that differ from county to county, and state to state.
This is where the system fails, as there is not enough accountability or control placed on the election vendors with regards to the changes they make after certification.
Sure, they are supposed to send any and all changes as updates for certification, but they dont !
This is where instabilities are introduced to the code, which innevitably results in what we are currently seeing.
Candidates names not on the screen, callibration issues, vote flipping, tallies incorrect etc etc
The average election vendor makes hundreds of changes to the software throughout the year, and sends dozens of fixes and patches out to the field that have not been tested or submitted for certification.
So whether its open source software being used or not, will not make any difference after the point of certification.
The only code people like Ciber Labs get to see currently is the single instance / version that has been submitted for code review by the election vendor.
Currently they review every single line of code, and module by module of an application, against FEC 2002 standards.
The vendor is required to have commented every single line of code (Described in plain english what each line of code represents)
The person doing the code review at Ciber is a developer and he reads the line of code and understands it, he then reads the comment for the line of code and either agrees that it does what it says it does, or not.
The code is reviewed to this standard throughout, and of course would show immediatley if there were any instabilities or trojan horses present in the code.
So Ciber being happy with the code, pass it as reviewed.
That is the last time that Ciber will review that entire code.
The election vendor is then required to submit modules that have been changed or altered after certification code review.
Currently, its just up to the Vendor to be diligent and trustworthy and submit every change.
They dont !
And there is no way of knowing or checking what changes have been made, untill something goes wrong, or a county have a big problem.
The source code leaked from Diebold should be reviewed by Ciber and compared to the last version that was certified.
If the code that was leaked was recent code, it will have many differences to the version that Ciber certified.
This gentlemen, is where the majority of "glitches" in voting machines comes from.
You might also be interested to read my recent posting about Advanced Voting Solutions Inc in their deception of Virginia and PA.
They are a prime example of what happens when a voting company does not keep up with their certification and changes to both software and hardware.
Incidentally, the AVS team are all ex Diebold including the CEO Howard Van Pelt, who was the CEO of Global, which is obviously now Diebold. Looks like he took some bad habits away with him when he left Diebold !
Brad |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 3389
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Monday, November 6, 2006 - 6:27 am: |
|
Brad:
quote:Incidentally, the AVS team are all ex Diebold including the CEO Howard Van Pelt, who was the CEO of Global, which is obviously now Diebold. Looks like he took some bad habits away with him when he left Diebold !
Interesting observation that the AVS team are ex Diebold.
I hope someone will respond to your stunning AVS posts with photos of the illegal hardware soon. (Jim, do you have some advice as to how Brad might handle this most effectively?) |
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 1006
Registered: 01-2005
Best of Black Box? 
Votes: 2 (A keeper?) | | Posted on Monday, November 6, 2006 - 8:03 am: |
|
There are several postulations here that shouldn't go unchallenged:
1:"Its a lot harder for a thief to brake into a safe in total pitch darkness without the combination.....but if some fool left the lights on and the combination written on the front of the safe door, then he has a more than average chance of success ! " It's also a lot harder when there isn't a combination written on the front of the safe (and there isn't in this case, you just get to examine the schematics for the safe), and lots of people have tried all the safecracking they can imagine in to try to crack that same safe in plain daylight in front of all the other people who get to watch them try. It gets better all the time, not worse.
2: "Election vendors make constant changes to their code after initial certification as the individual counties and states require a wide diversity of besboke requirements that differ from county to county, and state to state.
This is where the system fails, as there is not enough accountability or control placed on the election vendors with regards to the changes they make after certification.
Sure, they are supposed to send any and all changes as updates for certification, but they dont !
This is where instabilities are introduced to the code, which innevitably results in what we are currently seeing." This has by no means been proven on several levels:
A. There is no preponderance of evidence that customization is responsible for the majority Elections machines failures. And there is no preponderance of evidence that it's 'instabilities' in the code. What has been proven so far is code that was incorrectly written for its purpose, for the most part (cyclic, 'odometer' style counters that don't detect and prevent rollovers coupled with a test that all candidates for a ballot position's initial tally add to zero, instead of seeing that all of them individually are zero!) .You may be right, but that hasn't been proven yet, and it's a poor assumption to be made in the face of the Diebold evidence, which shows their core applications programming and hardware design to be majorly flawed/at fault.
3. "The source code leaked from Diebold should be reviewed by Ciber and compared to the last version that was certified.
If the code that was leaked was recent code, it will have many differences to the version that Ciber certified.
This gentlemen, is where the majority of "glitches" in voting machines comes from."
Where is there evidence of this? This may be your experience with this vendor's machines, but it isn't substantiated across the majority of vendors as of yet. It may be true, it isn't proven.
There is a great difference between stating that these things aren't adequately controlled or monitored (and that's certainly true)and may be subject to the following problems and saying that because these are your beliefs they are true. This is poor logical argument, as well as leaving an incorrect inpression of current knowledge and the current circumstances.
Now, before everyone piles on, remember: What I said was these may well be correct, but they aren't proven by the current available evidence. I don't have a problem with anybody stating "This is a hole that hasn't been taken care of and could be very serious" but, I do have a problem with someone stating that this individual thing amongst all these other things is where your problems start.
And as a case in point, people read Diebold's source code and didn't spot the "sum all the candidates initial counts and see that this sums to zero" initial totals verification wasn't spotted as seriously flawed, when it should have been make sure all candidate/proposal choices' counts are zero. |
Bradley Spencer
Voting Rights Forum Participant
Username: Brad_spencer
Post Number: 20
Registered: 11-2006
Best of Black Box? 
Votes: 5 (A keeper?) | | Posted on Monday, November 6, 2006 - 8:57 am: |
|
Brant
I believe you are being far too general with my safe analagy and your comments.
It is a fact, that if you open source the source code to a software application, then you have access to a full version of the code with which you can make your own additions, deletions and changes at will with the version you have.
You dont just get the schematics to the safe, you get open and free access to the whole nine yards.
Thats the whole point behind "open source"
And if you have this information, you can seek out and exploite vulnerabilities for malicious intent.
Why do think its so easy to spot instabilities in Diebold code ?
Its exactley what you would get if you obtained an open source software application ! (All the code)
With regards to the Diebold code, Question: Is the code that was inspected the same version as the certified version, and has it been compared to the certified version to see what the differences are ?
I believe that will yield some interesting answers for everyone.
Election machines fail for a great many number of reasons.
However, some are easily explained, and some are not so easily explained.
The term "glitch" in this context relates to the easy to explain problems, Im not saying that there are not hundreds more issues that are of foul play, since there is too much compelling evidence to suggest otherwise.
I am not stating that changes to code after certification are responsible for all the problems because they are not.
What I am saying, is that this is where instabilities start.
As someone that has been involved in designing, building and maintaining multiple electronic voting applications accross a wide spectrum of applications over the last 10 years, I can only speak from experience Brant.
Not every issue is a conspiracy theory. Some can be investigated from a point of view of whats broke about the process, and how can it be fixed, hence my comments about the lack of proceedure after initial certification.
Other problems come down to vendors not doing what they should, and other more serious issues happen through malice and clear human intent.
Im just saying that you cant badge everything under one term.
Brad |
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 1010
Registered: 01-2005
Best of Black Box? 
Votes: 1 (A keeper?) | | Posted on Monday, November 6, 2006 - 1:15 pm: |
|
Brad, this is wrong in the following ways:
Diebold wasn't doing open source they just left their pants down; they didn't invite advice or correction and so they had the risks of open source without any of the benefits. Any first year programming student could have told them not to run a program off of the inserted memory modules and to check all candidate's initial values as zero, not summing to zero on a ring counter. And you don't have unlimited access to the machine that the open source is intended to run on, only your own (either in simulation or on a real machine, if you can get one). You've mis-stated this, above.
Also, Diebold's machines had the following flaws:
Bad core programming (the choice of a circular counter combined with the sum-all-candidates-to zero-check instead of each candidate shows zero for initial totals bonehead mistake, allowing a program to be run off of the memory card)
Bad archetectural choices for OpSys and Applications layering (from a security perspective). These aren't ad hoc programming changes these were long term mistakes.
Bad hardware design (from a security standpoint).
While whatever machines you may have worked on may have had the problems you describe, and due to the reasons that you attribute them to, but you have shown no reason to believe these are the most prevalent in other manufactures's machines, nor have you provided evidence to that effect. |
Bradley Spencer
Voting Rights Forum Participant
Username: Brad_spencer
Post Number: 25
Registered: 11-2006
Best of Black Box? 
Votes: 5 (A keeper?) | | Posted on Monday, November 6, 2006 - 2:20 pm: |
|
Brant
With all due respect you are inaccurate, or you do not understand what I am saying, or both.
Firstly I never suggested that Diebold were doing open source...you stated that in relation to open source Quote" you just get to examine the schematics"
This is complete nonsense Brant, you get the whole software application source code with open source.
I then made reference to the Diebold code that problems were found to exist in when it was examined, in order to reference how easy it is to spot vulnerabilities in software if you have access to the actual source code.
You also clearly do not appear to understand software. Quote" And you don't have unlimited access to the machine that the open source is intended to run on"
Brant, firstly you dont need to have any access to the voting machine, and the "open source" does not run on the actual voting machine anyway.
Secondly, the open source is the source code which is used to compile an executable application program, which is then loaded onto the voting machine. There is NO source code on the voting machine EVER.
If you have a version of the open source, source code you can run this on your own pc, and spend as long as you need to scrutinise and change it to do what you want it to do.
How are most precinct and jurisdiction tallies sent to election central and enter the election management system?
Answer, by modem....Has the penny dropped yet ?
If you have the version of software running on a pc anywhere in the world, and you alter it, because you can, because its open source, you can connect to the elections management application at election central over a simple phone line and send in whatever the hell results you want. And guess what, the elections management application would have no clue, because it recognises you as a precinct or jurisdiction sending in results !
Hey, dont just take my word for it Brant, ask someone you know.
The machines I have most knowledge about have nothing to do with this debate. Every single election vendor has the same things in common when it comes to the source code producing the executable application that sits on the voting machine and also how elections are tallied in election central through an elections management application.
And please dont mis quote me. I never said "most prevalent"
I have simply offered an entirely explainable scenario to explain some of the issues, which by the way wasnt just directed at Diebold which you keep assuming I am talking about.
You also have still not answered my question:
"With regards to the Diebold code, Question: Is the code that was inspected the same version as the certified version, and has it been compared to the certified version to see what the differences are ?"
The answer makes all the differnce Brant.
If the code is the same as last certified by Diebold, and it is in fact confirmed that the same is also deployed on all Diebold voting machines, then there is a huge problem !
If however, it is not the same version as last certified by Diebold, then it is entirely possible that the version inspected is not deployed ?
But we need an answer to the question Brant in order to discuss that topic any further.
Brad |
Travis Rogers
Voting Rights Forum Participant
Username: Soundg
Post Number: 6
Registered: 11-2006
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Monday, November 6, 2006 - 3:22 pm: |
|
Wow, how this topic has digressed.
Let's put our egos aside and have a productive discussion.
First off, let's clear up the use of the term "open source". This term has become an umbrella statement over time and I would like to clear it up. Most "open source" projects involve source code that is free to download and is developed by a team of programmers that can be located anywhere in the world. The source code is licensed in a way that insures that it is free to use. This is the most standard use of the term.
This could be applicaple in voting systems. I don't know, nobody has tried it, right? This could be affected by Brad's theory of crooks and enemies, although 99.99% of all open source projects that I am aware of don't let just anyone make changes to the code.
The term "open source" can also be applied to proprietary source code that is available to the public to view. This source code is developed by a team of developers that may be located anywhere in the world. The code is controlled and owned by an "entity". This could be a corporation, an individual, or an organization. This is the meaning I use anywhere that I've made a post that refers to "open source".
I hope this helps others understand that "open source" should be a necessity in voting systems.
I think Brad brings up some good points about the current processes around code certification and distributing updates and their actual installation. These are all issues that can be corrected. Agreed?
I will venture to guess that Brad also develops or works in association with current voting systems. Please correct me if I'm wrong. So is it safe to say that you also have a vested interest in proprietary (closed) systems?
I think Brant points out facts around the Diebold systems which are in my opinion flawed to the core. Anyone agree here?
My point is this, how can we change what is happening now so that the entire process is open and transparent, but also still automated?
Travis |
Bradley Spencer
Voting Rights Forum Participant
Username: Brad_spencer
Post Number: 27
Registered: 11-2006
Best of Black Box?
Votes: 4 (A keeper?) | | Posted on Monday, November 6, 2006 - 4:36 pm: |
|
Hi Travis
I hear ya !
However, still not totally accurate on open source.
A software applications source code is either open source or it isnt.
If its open source you can download all the source code behind an application for the purposes of changing it yourself. This is essentially the cool part and success of the use of open source.
Its important to note though just for the avoidance of any confusion.....Once you open source the source code there is no way to police who does what with it...Again, this is a further building block of open source...its freely available and you can do what you like to it.
There is only ONE correct use of the term and it relates to the open source community
Your second description relates to opening up source code for viewing purposes to the public. This would be a bit of a waste of time, as there is no benefit unless you can test the application and source code performance against tests.
If all you can do is inspect the code, you would understand little to nothing.
Opening up source code to scrutiny by trusted departments and organisations is a different matter. By delivering the source code to be scrutinised properly by experts under a secure means is a good start.
I have no vested interest in a closed system, and actually quite the opposite. I think a closed system is one of the routes of evil within the industry.
I say "open it up to scrutiny", but do it sensibly
Brad |
Tom Sweet
Voting Rights Forum Participant
Username: Tsweet
Post Number: 47
Registered: 06-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 6, 2006 - 6:36 pm: |
|
Who pays the nearly million dollars or so to certify the software?
What if changes must be made in a hurry before the next election and recertified - who will work the extra time to make those changes? |
Jim March
Frequent Voting Rights Forum Participant
Username: Jimmarch
Post Number: 112
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 6, 2006 - 7:51 pm: |
|
"Security by obscurity" is a thoroughly discredited concept in computer security and cryptography. This has been well understood since 1883 and today banks transmit billions of dollars daily in encrypted bytes protected by open source security processes.
See also my commentary here:
http://www.bbvforums.org/forums/messages/73/44559.html
...under "discovery challenges". |
Travis Rogers
Voting Rights Forum Participant
Username: Soundg
Post Number: 9
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 6, 2006 - 8:06 pm: |
|
Ok Brad, I'm growing weary of debating the meaning of open source. After all, it's not the point.
I am interested in coming up with ways of removing the burden of vendor lock and lazy government tendencies. To do this you have to present an alternative and right now there is no alternative.
Tom,
One could ask why does it cost a million dollars to certify the software? Where does this money go? Does this cost encourage certification?
Developers get paid everyday to work on open source software. I don't see a shortage of developers as being an issue.
Obviously there has to be funding for any commercial endeavor and any electronic voting system would qualify as a commercial endeavor. After all, our state governments pay a lot of money for these systems so there is a lucrative market. |
David Warman
Voting Rights Forum Participant
Username: Lanwolf
Post Number: 2
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 7, 2006 - 12:02 am: |
|
Right, travis, it's not the point. I posit that the point is that it is not possible to validate electronic elections. Period. They can be cracked, so they will be.
Our present SOA in computing is many years away from being trustable in open elections. Banks can do it electronically because they operate in a well controlled and well defined single domain, with no human intervention required for normal operation, and using their own closed network rather than the Internet. Their use of OSS encryption rather than secret obfuscation is a win for them because the system has been vetted by the best minds on the planet, not only those who work for the banks.
The electoral process has to be transparent in order for the voting public to be able to trust that the results come from counting the ballots and nowhere else. This means, amongst other things, that the entire process in detail has to be understandable to the person of typical high school education. If even a behenoth the size of Microsoft cannot produce perfect code that is immune to all attacks, then neither can smaller companies, regardless of their political leanings or intent. Let alone can any individual voter verify for their own satisfaction the correctness of a computing system, hardware+software+procedures, upon which their quality of life, liberty, and the pursiuit of freedom, depends.
I've been a computer designer for nigh on 40 years now, and I don't trust society to get a faithful election result from them. |
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 1013
Registered: 01-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Tuesday, November 7, 2006 - 5:06 am: |
|
One of the things that Brad is deliberately avoiding is that if the code was open sourced (and build options had to be published) you would have something to compare the manufacturer's source against, which no citizen had now. And you can kick the tires on the source code on your machine, but not on the voting machine. |
Bradley Spencer
Voting Rights Forum Participant
Username: Brad_spencer
Post Number: 35
Registered: 11-2006
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Tuesday, November 7, 2006 - 8:30 am: |
|
Travis
I agree, its not the whole problem.
With regards to the costs of certification, it is quite expensive, and a long continual process.
The Vendors pay the Labs like Wyle and Ciber direct, so in once sense I suppose as the Labs are commercial money making entities that are paid direct by the election vendors, then would it be accurate to describe the election vendors as Customers to these labs do you think ?
I would guess, that since it is expensive, and the money goes to the Labs direct from the vendors, that it might be a discouragement to the election vendors....nobody likes heavy expenses and costs of doing business do they ?
Being an election vendor is very profitable too.
Just as an example: Two different voting machines that I am aware of, cost about $800 to manufacture, and are sold for over 3 times that amount to local government....not bad !
Then there is an average of 18% of the full total cost of the purchase payable each year in maintainance and support....not bad !
Brant,
Im not avoiding it, I believe you are not understanding me.
Im very simply saying that because of the way the current rules are, that it would not be strict or effective enough.
Yes you would have something to compare it to....the last certified copy of the code....And my point from the beginning is, that because of the lack of proceedure and control after certification, whats actually on the voting machines out in the field cannot be guaranteed to be identical to the application that was last certified.
Brant, talking about avoidance I'm still waiting for an answer to my question !
"With regards to the Diebold code, Question: Is the code that was inspected the same version as the certified version, and has it been compared to the certified version to see what the differences are ?"
The answer makes all the differnce Brant.
If the code is the same as last certified by Diebold, and it is in fact confirmed that the same is also deployed on all Diebold voting machines, then there is a huge problem !
If however, it is not the same version as last certified by Diebold, then it is entirely possible that the version inspected is not deployed ?
But we need an answer to the question Brant in order to discuss that topic any further.
I would appreciate an answer Brant, as would Im sure others.
Thanks
Brad |
Russell Scott Reece
Voting Rights Forum Participant
Username: Scottreece
Post Number: 1
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 7, 2006 - 2:31 pm: |
|
Hello All,
Everyone has some valid points to this argument as a whole, but...
I've been consulting in IT for around 15 yrs and was (at first) very against "open source" yet at the same time very curious. I program mostly in C#, VB.Net, and J2EE just to give a VERY small background. I've worked with various hashing algorithms, public/private keys, SSL, and proprietary models especially used with "smart cards".
Not trying to step on ANYONE'S toes, but...
"Open source" is a very very plausible solution to, as was stated earlier, a part of the problem - that being the software itself. "Open source" has been the backbone of many public domain architectures - heard of "Google"? Google did not start out as "open source", but here is a quote off of their website (http://code.google.com/faq.html): "We really care about free and open source software (F/OSS) at Google, and this site is one aspect of that affection."
Also, there are MANY was to control who and what changes, as far as the code goes, take for example "Sourceforge" which acts not only as a source code control utility, but allows for code runthrough/validation etc. via controlling entities BEFORE the actual changes in code are implemented.
I don't want to get too involved in this topic cause my point is simply that using an emporium like this not only opens the "black box" to others who are just curious, but also strengthens the code not only to vulnerabilities that could provoke attacks to the system, but would discourage anyone from creating ANY "back door" cause they would be immediately exposed AND their code would NEVER get in anyway!
My 2 cents,
Scott |
Tommy Brasco
Voting Rights Forum Participant
Username: Tommy_brasco
Post Number: 3
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 7, 2006 - 5:07 pm: |
|
It would help if Black Box didn't use an Access database to prove their point.
Manipulating data in an Access DB on a local disk is lightyears away from breaking inot a secure SQL or Oracle server and changing tables.
To those who aren't technically sound, please don't believe this documentary, their examples are re-created in their own personal lab, not secure state or federal or even local systems with security. |
Travis Rogers
Voting Rights Forum Participant
Username: Soundg
Post Number: 12
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 7, 2006 - 5:48 pm: |
|
Tommy,
Check out the forum that has all the Diebold source files. I think you will find that it's Diebold that uses the Access databases. Hugh and Harri just showed that there were no integrity checks in the "system" to notice modifications to data.
It would seem that at least a file system check of the time stamp on the database file would alert the system or someone that the database file had changed, but that is just my opinion. |
Bev Harris
Frequent Voting Rights Forum Participant
Username: Site_admin
Post Number: 124
Registered: 10-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 7, 2006 - 5:49 pm: |
|
Tommy,
please present evidence that Diebold GEMS uses a secure SQL or Oracle server.
I urge you to watch the film again and also, to download copies of the Diebold software. If that doesn't convince you, try downloading any of the ACTUAL election databases here on this site:
The Glades County Florida 2004 election database which we obtained from Glades County in a public records request
The Alaska 2004 Diebold GEMS database which the Alaska Democratic Party obtained from the state of Alaska after going to court to get it
The Shelby County Tennessee database from August 2006, which Shelby County citizens went to court to obtain.
You can download each of these databases in the Black Box Voting Document Archive -- choose Election Records -- go to the appropriate location and examine them in as much detail as you wish.
To believe what you are saying, we'd have to believe that:
Ion Sancho, who has been Supervisor of Elections for 17 years in Leon County Florida, is lying,
AND
The Alasaka Democratic Party and the state of Alaska are lying
AND
Shelby County Tennessee election officials are lying
And that they all "made up" databases.
I know. It's shocking. But you are directing your skepticism at the wrong target. |
Tommy Brasco
Voting Rights Forum Participant
Username: Tommy_brasco
Post Number: 7
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 7, 2006 - 5:51 pm: |
|
Yes, they used Diebold's "packaged" trial version software that comes with Access databases, canned to show off how the product works.
Software companies use Access files to attach their products to for TESTING, it is not feasible for these companies to package thousand dollar database software for sample testing versions.
This is where the deception comes from, the documentary makes it seem like you can double click on a file and change votes, which is absolutely laughable. |
Tommy Brasco
Voting Rights Forum Participant
Username: Tommy_brasco
Post Number: 8
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 7, 2006 - 5:54 pm: |
|
Bev,
Are you seriously trying to tell me that we(America) or Diebold uses MS Access databases to collect vote data? Ha Ha Ha |
Bev Harris
Frequent Voting Rights Forum Participant
Username: Site_admin
Post Number: 126
Registered: 10-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 7, 2006 - 5:55 pm: |
|
No, we used Diebolds ACTUAL system which was installed in Leon County Florida and had run elections, and this was confirmed by Diebold's ACTUAL systems in Shelby County Tennessee, the state of Alaska, Glades County Florida.
This is not testing. Tommy, you are now posting disinformation here. Go check the facts or provide evidence of your claims before you post again. |
Tommy Brasco
Voting Rights Forum Participant
Username: Tommy_brasco
Post Number: 9
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 7, 2006 - 5:56 pm: |
|
....and regarding the databases. Where do I find these databases and I will tell you everything about them. ; ) |
Tommy Brasco
Voting Rights Forum Participant
Username: Tommy_brasco
Post Number: 10
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 7, 2006 - 5:58 pm: |
|
Bev.
You are not bein truthful. The example on your documentary was NOT connected to the Leon county system. Period, its just not factual.
It was a laptop, using a local database. Meaning when you clicked "My Computer/C:" that is local on that laptop's hard drive.
You are trying to say that Leon County uses a "static" laptop to collect vote data and you are wrong.
(Message edited by tommy_brasco on November 07, 2006) |
Travis Rogers
Voting Rights Forum Participant
Username: Soundg
Post Number: 14
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 7, 2006 - 6:20 pm: |
|
Wow Tommy, you are thick bud. I got some land for sale... |
Bev Harris
Frequent Voting Rights Forum Participant
Username: Site_admin
Post Number: 127
Registered: 10-2006
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Tuesday, November 7, 2006 - 6:50 pm: |
|
Tommy Brasco, rest in peace. This is an example of a troll who was here to distract and take people's time on Election Night while we're working on incoming information. He was here for no other purpose. Nuked. |
ed metis
Voting Rights Forum Participant
Username: Neutralsam
Post Number: 37
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, November 8, 2006 - 2:58 am: |
|
Good eye Bev wanna go hunting I can hit tihs?
Might be the mercury they put in the vaccines? Its now good for ya. |
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 1014
Registered: 01-2005
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Wednesday, November 8, 2006 - 5:00 am: |
|
"Brant, talking about avoidance I'm still waiting for an answer to my question !
"With regards to the Diebold code, Question: Is the code that was inspected the same version as the certified version, and has it been compared to the certified version to see what the differences are ?" I have no idea, Brad and you don't either, as they've never had to disclose their code to anybody who has proven to be willing to check. Your question (in the current environment) is obviously rhetorical.
Either way it falls out, if it is their standard code (that's been certified and is buggy) or it isn't (they're running uncertified code in real elections) it's just as much of a problem. I was giving you time to figure that out for yourself. |
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 1015
Registered: 01-2005
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Wednesday, November 8, 2006 - 5:11 am: |
|
"Brant, talking about avoidance I'm still waiting for an answer to my question !
"With regards to the Diebold code, Question: Is the code that was inspected the same version as the certified version, and has it been compared to the certified version to see what the differences are ?" I have no idea, Brad and you don't either, as they've never had to disclose their code to anybody who has proven to be willing to check. Your question (in the current environment) is obviously rhetorical.
Either way it falls out, if it is their standard code (that's been certified and is buggy) or it isn't (they're running uncertified code in real elections) it's just as much of a problem. I was giving you time to figure that out for yourself. |
Bradley Spencer
Voting Rights Forum Participant
Username: Brad_spencer
Post Number: 72
Registered: 11-2006
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Wednesday, November 8, 2006 - 8:12 am: |
|
Brant
Thanks for the response, vaig though it is.
I figure things out just fine thanks.
Please believe me, nobody more than I would love to see more election vendors brought to task for clear and multiple wrong doings.
That all said, you have to remain objective.
If you dont remain objective, you become blinkered. When you become blinkered you end up looking like a turkey when your target (In this case Diebold) mounts challenges to your accusations.
You may well indeed be correct Brant, having it stand up to legal challenge is something else. Once a targets lawyers get busy, its a whole other ball of wax !
Let me explain where I am going with this:
If the code was compared to the latest certified code, and is identical, then theres a big problem for Diebold, as it is the ACTUAL same application deployed on voting units.
If its not the same as the certified code, then Diebold can argue that the code in question is simply a work in progress and is not yet ready for use or certification.
When you develop any software application, each time you make an addition or change, you introduce intabilities into the code, and brake other components in the code. You also can effect the business logic of what the code is meant to do, and i dont mean on purpose.
This is why, if it takes you a week to write a piece of code into an application, you are supposed to spend 4 to 5 times longer that the time it took to write, on testing and bug tracking.
Any developer on the planet will confirm this to you Brant.
From the comments in your responses to me, you have me figured all wrong !
Im not standing up for Diebold ! Im trying to help you nail them !!
But to nail them, you need to have all your ducks in a row !
Now do you get me ?
Brad |
Bradley Spencer
Voting Rights Forum Participant
Username: Brad_spencer
Post Number: 75
Registered: 11-2006
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Wednesday, November 8, 2006 - 11:27 am: |
|
Brant.....Cat got your tongue ?.....Ive been waiting for a credible answer to this same question for days now......
Quote " I was giving you time to figure that out for yourself."
Or perhaps you are just giving me further time to try and figure it out for myself ?
Brad |
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 1020
Registered: 01-2005
Best of Black Box?
Votes: 3 (A keeper?) | | Posted on Wednesday, November 8, 2006 - 12:46 pm: |
|
"If its not the same as the certified code, then Diebold can argue that the code in question is simply a work in progress and is not yet ready for use or certification. " No, they can't because if it's uncertified code, then what the hell is it doing out in public use? These aren't their development machines we're talking about these are machines out for public use, for Christ's sake. And you've got the blinkers on, if this machine is out in the public and has any form of code on it that's uncertified, it is an indictment of somebody in the chain of custody or service of the machine, which in either case indicts the security procedures, which starts the legal investigation, which lets the investigators find out who's responsible, and chase them down.
I answered your question a post ago. There is no way for anybody but the vendor to answer your question, what are you, thick? |
Bradley Spencer
Voting Rights Forum Participant
Username: Brad_spencer
Post Number: 79
Registered: 11-2006
Best of Black Box?
Votes: 3 (A keeper?) | | Posted on Thursday, November 9, 2006 - 3:51 pm: |
|
Brant
Sarcasm and name calling is the lowest form of wit.
You dont know a whole lot about software, voting systems, certification and how the rules are easily bent do you ?
Reading most of your posts over the last few weeks, you tend to resort to, (as you now are with me) when you cant dominate a debate, you turn it into a pissing contest. Unfortunatley, you lack the tackle.
Thats why you will never know more than you actually know today Brant !, which by your comments, aint a whole lot !
Being BBV Leadership team you obviously have access to my "private" registration details, so you should know what I specialise in.
Which, unlike a lot of participants is not based on opinion and or theory, but rather 10 years of practice.
I have designed, built, implemented, maintained and supported every voting system from Internet voting, Electronic DRE voting, Absentee voting, SMS text message voting, voting via digital television, electronic e-counting (scanning) systems, elections management systems, voter registration systems, electronic signature verification systems for absentee voting, electronic poll books, e-voting verification systems and manual paper voting systems, internationally.
I have interacted long term, first hand with the top certification labs, and have detailed knowledge of their process and ability / inability of which the details you would never have access to, which you and others have tried to gain access to.
And instead of cultivating a new knowledge pool at your disposal, you just seem happy to try and score browny points in debate.
Remeber Brant, no matter how much you think you know, there is always someone who knows more.
You know my bio, and since we are conversing, I,d be intersted to know the bio of the person I am conversing with.....whats your credentials and experience ?????
I have been in the elections industry a long time.
Have I been successful ?....Yes I have.
Have I made a lot of money ?...Yes I have.
Am I happy with the indusrty ?...No I am not !
I am sick and tired of the corrupt nature of the business and everything along the way.
It needs to be changed. That is why I contacted BBV !
Getting back to the leaked Diebold software for just a second.
Please tell me that someone bothered to check the software version number of the leaked software against the version number of the certified software (Which IS in the public domain) and also against the version number of the deployed software (which is also in the public domain) ?
QUOTE "There is no way for anybody but the vendor to answer your question"
RUBBISH.....you just need to know what to look for, and where to look for it. Its ALL publically available !
Brad |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 3400
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 5:47 am: |
|
Brad,
FWIW those "Leadership Team" tags are added automatically by the forum software after a certain number of posts. They don't mean BBV "approval" and they don't allow any difference in access to records or information from what you or any other poster has. None of us posters can access your private registration info, Brad, so we know nothing about your background other than what you post publicly.
If you think the "Leadership Team" tag is indeed misleading I would strongly agree with you, and I wish those tags could be changed. (I was kicked off of dKos because someone decided that since I was BBV "Leadership Team" that meant I could delete and edit other peoples' posts--not true--and that I should have "disclosed" this supposed privileged status!!!)
Brant,
As you already know, personal attacks and jibes are not welcome on this website.
I suggest Brant & Brad edit their previous posts and delete any put-downs. They have no place here. Everyone has the right to post their opinions at BBV without being called names or being insulted.
If it is too late for these posts to be edited then I hope that Bev will red-line or delete the offending statements at the earliest opportunity. |
Bradley Spencer
Voting Rights Forum Participant
Username: Brad_spencer
Post Number: 83
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 7:39 am: |
|
Hi Catherine
Thanks very much for updating me about the tags.
For the last week or so I have believed that I have been debating with someone from "BBV Leadership Team" in the sense that the person was part of the "BBV team" itself, and accordingly couldnt understand why a certain individual had no real clue about the subject being discussed ?.
I had naturally expected the individual to have a "hands on" experience and knowledge within the topic of discussion, which now explains why they didnt have.
I think that particular tag is a very misleading use of language, and has potential to frustrate people, and damage BBV, since it is evident that people under this tag may not have any experience or credability, but could be percieved to have, from the tag.
Anyway, thanks again Catherine, this explains a lot !
I dont believe there are any put downs in my posts, but of course I am happy for BBV to edit at will, after all its Bevs site, and if I have said anything against the rules, then so be it.
Thanks again
Brad |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 3410
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 12:29 pm: |
|
Hi Brad,
Well, "unfortunately you seem to lack the tackle" seemed a little "below the belt" to me.
Glad the explanation about the tags helped. I agree that it's potentially harmful to BBV because "Leadership Team" implies some kind of authorization, approval or access that is not the case. Specifically, anyone who has such a tag does not speak for BBV, even though the tag might easily mislead someone to believe otherwise.
Bev, isn't there something that can be done to change the forum tags??? Or just get rid of them altogether? |
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 1034
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 1:19 pm: |
|
I haven't treated Brad nearly as poorly as he has treated several other people, if he can't take less than half what he's dished, he surely shouldn't dish it out. And since Brad has been saying that the other vendor (who'll go nameless here) has been revising software at will for years and claiming it's the same version number, and since only the test agencies (or Diebold) have Diebold's source or compiled source to verify it against, how have I said anything that isn't true?
Come on, people, use your common sense. He's just said (in other forums) a vendor kept the same version number in multiple releases and ad hoc revisions of code! Why wouldn't another vendor be able to do that? So, even if the numbers matched, given your own contentions on this site, what evidence is that that the code would be the same? You can't have it both ways, Brad. You keep asking a question that's been honestly answered.
Also, Brad has been rude to a lot of people across the board, and you need only look at his posts to find it. And I did answer his post in my previous post, just as I'd said. Given that he's said himself that the people he worked for used different revisions of software under the same revision number I thought that he would add the two things up that a comparison between the actual saved files and the current files would be necessary, as opposed to looking at what the screen (or what had been recorded from a screen) of a voting machine said, since we know even from Diebold that the reported revision of the software on the screen and the software running on the machine need not match, and often haven't. Is this clear enough? I certainly thought so. |
Matt R. Jezorek
Voting Rights Forum Participant
Username: Mattjez
Post Number: 16
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 1:48 pm: |
|
Version numbers are nothing more then strings they can say what ever you want. I can create HonestVote 6.1.3 today and it be the first version and 10 years from now I can make 6.1.3 again because version is nothing more then
#define VERSION "6.1.3" |
Bradley Spencer
Voting Rights Forum Participant
Username: Brad_spencer
Post Number: 86
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 2:17 pm: |
|
Catherine
Yeah, point taken
He did kinda deserve it though....a bit of a foram bully. Seen too many people bullied into silence !
Brad |
Matt R. Jezorek
Voting Rights Forum Participant
Username: Mattjez
Post Number: 19
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 2:20 pm: |
|
Silence != Progress however |
Bradley Spencer
Voting Rights Forum Participant
Username: Brad_spencer
Post Number: 87
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 3:12 pm: |
|
Brant
You just still dont get it...perhaps you never will?
With regards to version numbers, and this is for you too Matt R.Jezorek:
In the ordinary world version numbers mean little to nothing.
In the elections industry they are quite important for the purposes of certification and cross checking.
The certification process is actually pretty lapse.
You send your code to Ciber, and as long as the code conforms to the FEC 2002 standards they pass it.
They have not however tested that the application functions as a voting application.
All they actually do is require that each line of source code is commented in plain english to explain the purpose of the line of code, together with module size, code module length etc.
They review on the basis of looking for anomalies and defects.
They do not review how the application performs.
There is a lot of documentation to fill in for the Technical Documentation pack that accompanies the code review, with specific explanations about the application and security, but again they do not test that it functions.
The application is then loaded on a voting unit and it goes on to hardware and functional testing with someone like Wyle.
Here they conduct functional testing of the completed product...ie the unisen of the software and the hardware, and the functions it performs.
All manner of tests are conducted, like placing the voting unit in extreme cold, extreme heat, and voting a great number of votes and determining the outcomes etc.
Still however the voting unit and software are not tested to the point of security penetration. they dont try and hack the machine.
In fact they dont try and do anything to the software or hardware that isnt on the list of what it SHOULD DO.
This is important....like any other device of this nature, sure it might do the right things under a test environment....however, technology goes wrong when its put in the hands of the user, as they do things in the wrong order, or out of sequence.
This is when problems occur....the developers think in a logical manner.....you do A, then you do B then you do C and the result is D
The user always manages to do things in a different order by mistake, and the thing brakes.
Dont get me wrong, this only equates for a small number of problems.
The point is, when these devices are tested, they are tested in a clean environment, and by the numbers. They are not put under stress......"What happens if I press this, then press this then I do this?"....does not happen !
Version numbers can help in finding out if a vendor is lawfull or not.
Sure they can fudge the version numbers....but they always screw up somewhere...and its a good place to look.
Brant Quote "since we know even from Diebold that the reported revision of the software on the screen and the software running on the machine need not match, and often haven't."
If this is truly the case then they can be de-certified. The version number must match the software deployed, running on the machine, and lodged at Ciber.
All the info is in the public domain. You just have to go look for it, and piece together the jigsaw.
Matt, the reason you can do anything you want with your version numbers is because you are not tested and certified, and you have no Federal Law mandating what you must do by law with your version control... its different with the elections industry.
Matt, Im not being unkind, but you realy have no clue about the version control legislation in the elections industry if you make comments like that.
Brant, Ive asked before, but I'l ask again...What are your credentials and background or experience where the elections industry is concerned ?
I only ask, so that I know at what level to converse with you....at the moment I have contained everything to laymans terms, which is difficult to go into detailed explanations on certain subjects.....If you have the vocabulary, we can step it up a notch or two which would be easier for me to explain further.
I am not being confrontational by the way, its just hard to know how complex to get.
regards
Brad |
Sue Bartlett
Voting Rights Forum Participant
Username: Msfixit
Post Number: 4
Registered: 03-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 4:34 pm: |
|
Ok, since you'all are talking about version numbers anyway, I have a question for all you experts. I know that version numbers can be hacked, although as Brad says, it's easy to mess up and would therefore possibly be traceable. (if you can see the code, which you can't, although there are other useful attributes like size and running a checksum if one had access to both the certified and the copy on the machine in question.)
However, I went to the list on NIST where they listed some of the official releases for various voting machines. They did have the model we use here and I noticed they use something called a digital signature to identify the software with. It claims to be a combination of the version number and some sort of hex code that they claim can only be the same if it was from the same compile (I can't remember the exact wording, but that was the gist of it)
So my question is - is it really true that the digital signature UNIQUELY id's the executable as the same one that was certified? And what do they actually run against the executable that gives them the digital signature to compare. I ask this because the people at my county's tallying place were only looking for versions and gave me some vague sounding excuse about not being able to check the software versions on the Unity PC because of them being multiple modules. I know that is lame but we were 3 days from the 7th and there was little chance of fraud not being noticed or having an effect since our county is 70% or more democratic. Instead I asked them to compare counts between the output of the tally machines and the combined report of the Unity software just to make sure it didn't add incorrectly. I realize this doesn't mean the tally machines couldn't have problems, but I could only do so much in a week. Fortunately all the counts from the tally machines matched the Unity. But moving on from there, if I were to get the county or state to properly test the certified version of the software, and those tests were satisfactory - are the digital signatures of practical use?
-Sue
btw, Brad - are you the brad of www.blog.bradleyspencer.com? I'm doubting it is, but I'm curious. google, you know.
(Message edited by msfixit on November 10, 2006) |
Sue Bartlett
Voting Rights Forum Participant
Username: Msfixit
Post Number: 5
Registered: 03-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 4:53 pm: |
|
And for my comment on the original topic in this blog, I agree with Jim March, Travis and Russell - I believe that open source is a viable option for the future, whether you are talking about "open source" or "opening the source". You can control which version you are using, you can verify the source it complied from, the tests can be made rigorous and automated, and more importantly - shared! Any state could easily run a reasonably complete set of tests. The business model still allows for some capitalism to occur (if that's important, which it seems to be in our system ;-)) in the handling or control of the versions, the maintenance of the machines and the testing of both new updates and any reporting software, which should also be open source, I think. I also think the tests for the correct mapping of each election ballot type should be open source too, to make sure all the issues have been dealt with and so the process isn't so mysterious to non-techies. It was kind of hard explaining to people who believe their system is well tested that they are only testing that the ballot description they entered into the software was mapped properly to the ballot entries as they are read by the tally machine and did not in any way look for any possible hacks.
I'm not saying that open source isn't hackable, nor that it will stop the bad people out there who might want to steal elections, but I really do believe it could take the big money out of the hands of the Diebolds of the world, and forcing the hacks to be at the level of individual machines or at the most, state-wide (if the cracker is inside the state or their trusted contractors) instead of manufacturer-wide.
I also think that for now, it would be better not to have touch screen voting.
-Sue |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 3411
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 5:02 pm: |
|
One of the problems with versions is that in some states (and in some cases even the ITA's technical board--which is not even made up of people with technical expertise in some cases!) one or more officials can decide to accept or certify something--even if it has not passed the required tests, or doesn't meet stated required criteria, or even if has been discovered to differ from what had been certified. This makes a mockery of the whole idea of testing and certification.
Plus, as Brad mentioned, there are lots of important tests that are never done at all. |
Sue Bartlett
Voting Rights Forum Participant
Username: Msfixit
Post Number: 6
Registered: 03-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 5:34 pm: |
|
Thanks Catherine. That is true. The state can accept "uncertified" software. I'd still like to understand about what is described on NIST as a "digital signature" because at least here, if i am successful in getting them to adopt good testing at the state level, it is imperative to have a secure mechanism to determine if the software that was tested is the one on the local machines. I can always find a good checksum program to use, but digital signatures are already reported at NIST, so I'd rather use them if they aren't hackable.
On the other hand, our Secratary of State has declared himself amenable to the idea of open source - and we have a great open source lab here in the state, so it's a good match and we could come up with our own secure mechanism there.
Unfortunately, that will take more than two years to design, write, test and deploy and we need something much sooner to assure the 2008 election is correct in this state, so i work with what is there now and testing is the main mechanism viable in the short term. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 3415
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 5:59 pm: |
|
Use the Advanced Search button on the left. There have been extensive discussions here by some of the technical folks on the relative merits of checksums, hashes etc. |
Matt R. Jezorek
Voting Rights Forum Participant
Username: Mattjez
Post Number: 21
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 7:35 pm: |
|
Bradley,
So Explain to me then since you seem to have all the answers.
If I make version 1.0 of SafeVote and I get it certified. Do they make a hash of this software binary?
If so then okay version numbers are okay.
If they do not whats to stop me from making modifications to the 1.0 code and not rolling the version number up that still makes me "compliant" even if illegal I can say this version 1.0 was certified.
Do they make them keep the source to 1.0 in a seperate branch for later auditing?
You say they are bound by certifications etc to keep this from happening. But they also said it was unhackable (kinda funny seeing it was written by humans, foulable humans at that) then you have to also doubt version numbers.
Sometimes your comments seem to support the need for change and sometimes your arguments seem to support the status quo. Clarify to me and to everyone else why its impossible to modify the code AFTER certification without rolling up the version number and still shipping your product as the supposed certified version.
As a system architect I understand and have more then once seen a problem or caught a problem 1 day or the D-Day of the project going live. You fix and go (now at my company we have forced it into everyones brain that if we make any change even a change to verbage it goes back to the testing group for testing but not all companies have this)
Voting is not the Olympics. There are no votes awarded for difficulty
|
Matt R. Jezorek
Voting Rights Forum Participant
Username: Mattjez
Post Number: 22
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 7:39 pm: |
|
We also cant say that the FEC 2002 is the final word because apparently you can still get certified (possibly with enough cash) with violations.
Read 8.3.2 (Security)
Mentions use security procedures and logging records to control access to system functions
Controlled system access by means of passwords, and restriction of account access to necessary functions only; and
Have capabilities in place to control the flow of information, precluding data leakage through shared system resources.
These dont seem to be followed the vendors as written
Voting is not the Olympics. There are no votes awarded for difficulty
|
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 1038
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 8:38 pm: |
|
Matt, it's only OK if they actually go out and compare the software using a byte by byte comparison. Brad has said (on other parts of Black Box) his employer used the same version number for software on significantly different product that wouldn't have functioned with the same software, since these can't match by any legitimate comparison method, how could it have been checked with one? This means that the vendor he worked for, at least, didn't abide by these rules, so if they didn't, and didn't get caught, why would anyone else? And why do you expect that others in the industry have been honest or would get caught when he's stated that his business reported that they were using the same revision of code for an ungodly amount of years with multiple revision released as the same level, and not been caught (elsewhere on this forum)? Occam's razor slices this kind of argument mighty thin.
And by the way, Brad you don't mean 'the standards are lapse' you mean 'the standards are lax'. |
Matt R. Jezorek
Voting Rights Forum Participant
Username: Mattjez
Post Number: 24
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 8:50 pm: |
|
Ohh I know Brant my commends were directed at
Matt, the reason you can do anything you want with your version numbers is because you are not tested and certified, and you have no Federal Law mandating what you must do by law with your version control... its different with the elections industry.
Matt, Im not being unkind, but you realy have no clue about the version control legislation in the elections industry if you make comments like that.
To say things like this means that they too can do anything they want with version numbers and they do too
To say they have a federal law mandating and that is what stops them is complete bs seeing he has already said that the vendor he worked for did not follow that mandate so why even say the comments above
This means to me that the version is nothing more then a string of characters that while they are supposed to mean something they quite possibly do not.
No I dont understand the law fully but I am reading the FEC 2002 line for line and it seems to me that no vendor we have spoke about here follows it anyways so wondering why do I waste my time reading it. Ohh thats righ because I want to be educated. I dont want to be told I dont know anything I want to be educated.
If your going to say that I dont know what I am talking about then back it up with "Why" not "Because Federal Law Mandates it" we all know that the election vendors really dont care about that mandate except to do enough to keep certification
(Message edited by mattjez on November 10, 2006)
Voting is not the Olympics. There are no votes awarded for difficulty
|
Matt R. Jezorek
Voting Rights Forum Participant
Username: Mattjez
Post Number: 25
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 8:58 pm: |
|
I guess in general what I am saying is if you have so much experience in the field why not spend your time educating in a manor that an educator would and not by arguing with everone that does not understand your point of view without telling us WHY
Voting is not the Olympics. There are no votes awarded for difficulty
|
Travis Rogers
Voting Rights Forum Participant
Username: Soundg
Post Number: 16
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 10, 2006 - 10:18 pm: |
|
I'm getting confused by all this "information" about certification. Hopefully someone can set me straight.
1) Does Ciber have access to the source code when they are in the process of certification?
2) Does Ciber build the software themselves?
3) Is Ciber delivered binaries (executable files ready to run) for the software from the vendor?
4) Does Ciber compare MD5 sums (CRC hashes) of the binaries from the vendor?
These questions are very important and I would love for anyone, especially Bradley, to chime in here.
I'll wait for feedback before I continue.
Thanks,
Travis |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 3416
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, November 11, 2006 - 7:26 am: |
|
Not a techie myself, but--
Keep in mind that it's not just the application software that is a potential problem.
For example, there's the OS. Windows CE has been tinkered with--because you have to, to get it to interface with an application--and even though it was therefore supposed to be checked by the ITAs, it wasn't. Why not? Because the vendors claimed it was OTS software even though thy knew it wasn't.
Then there is hardware which has ways of inserting new code. Things can be done so that the "wrong" software will be used, but only at certain dates and times, and then it will erase itself and if you check the code it will look as if everything is fine.
There's no good way to check for bootloader hacking, no way to know for sure whether or not any machine with this vulnerability has ever been compromised. And if it has been compromised, there is no remediation.
While I accept that it's important to address problems with software versions etc., and we shouldn't let vendors, ITAs or election officials off the hook in relation to using uncertified versions, the problems go deeper.
There are so many ways to hide or load rogue programs, and anyone with inside access could do so. In fact it could have been done at a factory before the machines were even shipped. Yet the software application would appear perfectly fine.
Using open source for an application isn't enough. Using open source on the OS also isn't enough. You also have to deal with the multiple hardware vulnerabilities, and also the vulnerabilities in the system access (e.g. could 1 trusted insider be bought off and compromise the system?). |
Bradley Spencer
Voting Rights Forum Participant
Username: Brad_spencer
Post Number: 91
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, November 11, 2006 - 7:55 am: |
|
Guys
In relation to what Ciber actually do with the vendors software, the plain english explanation is as follows:
I think its important to understand in the beginning, that Ciber do not actually fully test the softwares limits or boundaries.
What happens is, the vendor develops the software as near to FEC 2002 complience as possible.
The whole source code is not very often submitted to Ciber in one go, but rather module by module. Since Ciber Lab only has limited staff, they are also dealing with many other vendors software at the same time, so they prefer the module by module approach.
When a module is submitted to Ciber, every line of source code has been commented in plain english to interpret what each line of code actually means.
The reviewer at Ciber reads the line of code, and understands it. He then reads the line of plain english and either agrees or disagrees with its interpretation.
The module will bounce backwards and forwards from the vendor and Ciber, untill the vendor gets it passed by making the required alterations to it, untill Ciber are happy with it.
There are also quite a lot of other technical criteria that is looked at, like source code line lengths, module sizes etc. Sometimes a module is required to be split into sub modules etc.
So anyway, once every module has been passed, Ciber then are provided with any and all third party, or COTS components required to compile the application.
The application is compiled and checked that it functions as a whole application.
The vendor is also required to submit a TDP (Technical Documentation Pack) for review.
When Ciber are happy, they do indeed sign the version of code with a digital signature.
Now comes the problem bit:
That is the last time Ciber have any input in the source code, untill the vendor sends them a module to pass, that has been updated, altered or changed.
The problem is that the vendor is in full control of what they do with the source code, and although it is their duty to supply any changed modules for review, however, the vendor is constantly making changes and updates to the software, and to assume that they kept up with sending the updated modules for review, would be quite nieve.
Firstly, Ciber just dont have the resources, and secondly, it would mean that the vendors would have their code in for review on a pretty much permanent basis, which would slow them down massivley on releasing the changes to the customer.
Ciber do not control the software or source code, the vendor does. Ciber just review when asked.
The vendor is responsible for deploying the software as it belongs to them, and they make all changes etc.
Ciber are paid directly for their work, by the vendors, so the vendors are Cibers customers.
Ciber are not there to give the vendor a hard time. They work together as a team. Ciber are not there to test the application to breaking point, only to review that the vendor has followed the guidlines as set out when building the application.
And even then, after being passed by Ciber, the software can still be the most rubbish voting application on the market, so long as the vendor has followed the methodology laid down with regards to how it has been built, Ciber are happy.
So, the software has been passed by Ciber, and Ciber have a copy of the code digitally signed.
Lets call it version number 1.0
So now the vendor has 1.0 passed. Now they have to get the hardware tested along with the application functioning on the hardware.
The hardware goes to Wyle and they conduct their review, which involves heat, cold temperate operation tests.
Logic and accuracy. Multiple thousands of votes, and so on and so on.
Also, BOM (Bill Of Materials) is submitted which is a complete list breakdown of every hardware component used to build the hardware.
There is also a TDP submitted for the hardware.
Again, Wyle are not there to say to the vendor, look guys the components you built the machine with are cheap and crappy....They simply review that the machine functions as to its instructions, and it doesnt brake if its too hot in the room. (Im generalising a bit)
Once the voting machine has been reviewed and passed, just like the software, the hardware is supposed to be re submitted if you make any changes to the components.
IMPORTANT:
The BOM is the list of hardware bits that the machine is built from.
The hardware TDP is the technical specification of the voting machine.
The software version number of the passed code is 1.0
The software TDP is the tech spec and security model for the software.
Heres where it gets interesting guys....
Firstly the software. The vendor can change the code, deploy it to the voting machines out in the field, and still get away with calling it 1.0 if they so choose, as currently there exists NO way of the customer determining if its the same code Ciber passed. (Of course there are many methods that can be used, but what I am saying is that none exist that are requirements at this momemt)
It should be part of the acceptance testing, that when delivered to the customer, the software is checked with Ciber to conform to the reviewed software.
The counties using the voting machine have no contact or interaction with Ciber presently. The election vendor is in control of everything, and Ciber have no enforcement proceedures over the vendor to ensure that everything after certification is being conducted lawfully !
Ciber are not enforcement....they simply get paid by the vendor to review whatever, and whenever the vendor send them something to review....its all down to the vendor !
The customer just gives the vendor blind trust that what is delivered is certified !
And how would the customer know any different under the present system....they look at the paperwork, and then at the version number on screen, and both say "version 1.0" !!
The hardware: So the hardware has been passed by Wyle. Thats the last time Wyle will be involved untill the vendor asks, and pays them to review a changed or modified voting machine.
There is now nothing to stop the vendor changing, adding componants or modyfying the electronics of the voting machine....Sure, they are supposed to send it back to Wyle to be re tested if they modify it.
You also have to remember that electronic components that are used today in a voting machine, might not be available next year, as they have been replaced with a newer type. Mother boards etc....technology moves very quickly.
What vendors should do, is estimate how many units they are gonna sell in the next 3 years and buy in / stock pile the components needed to build the projected number of units, to ensure that they are all the same.
Wyle, are not enforcement....they simply review whatever, and whenever the vendor sends them a machine to review.
The customer currently has no contact with Wyle. The election vendor is again in full control of the process.
The customer takes delivery, looks at the paperwork for the version of tested hardware, looks on the unit ID tag for the corresponding version sticker (Stuck on by the vendor) and if they match they are happy !
Again, blind faith that the voting machine is the same as the one Wyle tested !
What should happen as part of the acceptance testing is when taking delivery of the voting machines, random samples should be sent to Wyle BY THE CUSTOMER for comparison against what was tested. This does not happen at the moment, and Wyle are not interested.....they are just a business like Ciber that get paid to review stuff !
SUGGESTION FOR STARTERS:
1.The source code for voting systems should not be open source, but rather made available as a requirement to appointed NON PROFIT, INDEPENDANT organisations like computing science labs, research universities etc to ensure quality and security matters of the source code, rather than just looking at it to see if its been built in line with a criterior (FEC 2002 etc), which is all that Ciber currently do.
It should be tested against vulnerabilities by experts in that field, and not just glanced at by a profit making company !
2. As part of the acceptance testing a cutomer should have the ability to have reviewed, the software being delivered to them, against what is certified prior to use in any live election.
(And I mean a FULL review)
3. The hardware should be submitted as a requirement to appointed NON PROFIT INDEPENDANT organisations as with the software above, for the same purposes. And to ensure that it is tested against vulnerabilities and defects, instead of just being measured against what it should do, which is what Wyle currently does....It should be tested to find out what it shouldnt do !
3. The customer, as part of the acceptance testing should have the ability to have as many random samples reviewed against what is tested and certified, before using it in a live election.
Summary
I believe at the very least, these minimum points should be mandated as absolute requirements in the industry and the process. And the results should be public available information from every department involved.
It wont cure everything under the sun, but it will cure a huge percentage of fraudulent and dubious activities of the election vendors !
They control the whole process from start to finish and have nobody enforcing them to do anything.
People are under an illusion about Ciber, Wyle and certification.....its all just further processes controled by the vendor, and paid for by the vendor !
Theres no enforcement !
Guys I hope that clears up where I am coming from !
Its not just a case of open source or not ?
You have to understand what actually goes on from start to finish, and then when you have the whole picture, you clearly see a BIG pattern emerge around the whole process controled by the vendors.
Hope this helps you to understand a few missing pieces ?
Brad |
Matt R. Jezorek
Voting Rights Forum Participant
Username: Mattjez
Post Number: 28
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, November 11, 2006 - 8:02 am: |
|
Thank you Brad, Im not trying to come down but I do want to learn the whole process from start to finish
Voting is not the Olympics. There are no votes awarded for difficulty
|
Travis Rogers
Voting Rights Forum Participant
Username: Soundg
Post Number: 17
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, November 11, 2006 - 8:38 am: |
|
Thanks for the response Brad.
From what you describe, the entire certification process is a complete sham that has no value what so ever. You have to ask, why do our congress men and women and elections officials accept this? Why do we as American citizens accept this?
From your description, there is NO POSSIBLE WAY that Ciber can "certify" any of the software running on ANY system. There just aren't any checks and balances in the process that you describe. It's absolutely criminal in my opinion.
I've been in the software industry for 17 years now and I can say with absolute confidence that none of the corporations that I've been associated with would EVER let a process like this certify any of their enterprise systems. It doesn't even come close to being a solution.
I've only posted on these forums recently and up to a few days ago I was convinced that open source code and system specifications with tight controls would be better than what we have today. I'm not so sure now. Unfortunately, I don't think that pencil and paper is the way to go either. Let's face it, our elections process can't be 100% free of fraud. It all comes down to human nature, right. If someone wants badly enough to alter or manipulate an election, there is no way to prevent it 100% of the time. So this begs to ask what is an acceptable percentage of fraud prevention?
Ok, off the soap box and back to the topic of this thread...
Since this is a thread about open source solutions for electronic voting I just want to say that I stand firmly in the believe that if you have electronic systems available to the public, then you must have completely open source code for the bios, operating system and all applications running on the machine. The integrity of this source code must be verifiable. If this isn't the case then there is no sense in using machines in any way.
Perhaps an acceptable system would be similar to JT Gleason"s idea (and probably the idea of many others) of hand voting and counting followed up with machine totals to cross reference. This adds more simplicity because now you could have a system that could have the counting application as just a Perl script. =) |
Tim Gooch
Voting Rights Forum Participant
Username: Timthefoolman
Post Number: 1
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, November 11, 2006 - 9:19 am: |
|
Travis,
1) Yes.
2) The vendor is to provide everything necessary to compile the binaries. There is no guarantee as part of the process that Ciber will do so, but they expect to have all the necessary DLLs, runtime libraries, compilers identified, and so on.
3) Yes.
4) No. This is something that some vendors pursue, at least internally, because it helps guard against "phantom" problems with linking in libraries that may have been not-so-carefully built. (That is, a point revision could be made, and the company building the library may not identify it as such in the actual .LIB or .DLL file info.) It's also useful for making sure that a given set of datafiles are compatible with a specific version of source code. However, that gets a bit more complicated.
In addition, many states are expecting vendors to comply with the VVSG (Voluntary Voting System Guidelines, revised 12/05) as proposed by the EAC (Election Assistance Commission). While it doesn't have the "teeth" of the FEC 2002 requirements, the secretaries of state have come out pretty strong in favor of such compliance.
All,
The Open/Closed Source thing, while interesting, isn't a complete answer to building secure code. Writing secure code is hard, and reviewing secure code (doing a proper analysis of security holes) is even harder than writing the code to begin with. Combine that with the fact that many of the vendors are using C/C++ to write their code, and you have a horribly complicated situation.
As Gary McGraw (noted computer hacker/security expert )has pointed out several times, there is no guarantee that open source code is more secure than closed source. Just because open source gives people the opportunity to review it, doesn't mean that the RIGHT ones will do so.
For example, it's pretty simple to scan code for potential buffer overruns, wild pointers, and other obvious stuff. What isn't so obvious are the attacks you can make against a system that only become visible when the source code is compiled and run on a production system. What does a system do to protect against malicious code being run along side the certified code? What protection does the system provide to guard against "man in the middle" attacks? These things wouldn't show up in any source review or Ciber testing, but are much more significant threats.
Some vendors don't take into consideration the possibility of someone doing something nefarious (or just stupid) within their carefully crafted (but way too open) network, while others make presumptions about the technical savvy of the average polling site volunteer that are just not based in reality. These are security issues that also won't show up during a source code review.
As noted above, writing such code is hard--reviewing it is harder. Getting the right person to review the code AND the system for security holes (with all due respect to Harri Hursti & Avi Rubin) is an expensive proposition, and not something likely to be addressed properly by the "thousands of eyes" premise of open source. This makes for secure code ONLY when the right pair of eyes happens to be in that sea of thousands.
In summary, open source voting systems aren't, by definition, better or worse than closed. They could be much better, or much worse. To just suggest either one over the other out-of-hand is a bit naive. As someone else has pointed out, interested parties (who have the right technical background) would do well to do a bit of research into actual production systems and code before tossing too many opinions out there.
Tim |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 3417
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, November 11, 2006 - 9:50 am: |
|
Brad's points are very important. If you want more insight into the ITAs and their relationship with vendors there is extensive documentation here on this website. for example, read the transcripts of the CA hearings organized by Debra Bowen. You will see the ITA folks lie through their teeth.
The things the ITAs check for are only those specific things that are on their checklist. Nothing else. And who decided what would be included on that checklist? That was decided with the help of the vendors.
Nowhere was there included things that would be in the public interest to check., but that the vendors did not want checked.
there is no mechanism in the ITAs for withdrawing their approval of something even when they later find out new information that, if they had known it at the time, would have caused the hardware or software to be unacceptable.
ITAs are definitely not enforcement.
And unfortunately state and county election officials also get away with breaking their own state laws, and suffer no consequences.
There is no enforcement anywhere in the voting machine or election system industry. election offices mention their own regulations and NASED certification and ITA testing as reasons why the general public should be wiling to trust the reliability and accuracy of these machines. But they don't mention that none of the regulations or certification requirements are actually enforced.
It's like putting a then paper muzzle on a hungry German Shepherd. It looks like it's safe, from a distance. . . In cases like this, the appearance of security is more dangerous than a situation in which everyone knows the danger and knows there is no protection. That's one of the things that is so bad about our current "certification" and "regulation" set-up. They are purely illusory in terms of assuring that customers get products that are accurate, reliable and that are able to do only what they are supposed to do. |
Charles Christopher
Voting Rights Forum Participant
Username: Ilikeinfo
Post Number: 1
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, November 11, 2006 - 4:28 pm: |
|
I agree with the idea of Open Source for elections machines. The very purpose of security and encryption is to pass information "in the open". The moment privacy is needed for anything other than the "keys" then one must assume security does not exist since the very act of open scrutiny is what validates the security.
So long as the redundent papar trail is easy to duplicate, and humans are involved with moving the votes using descrete devices, there will allways be a way to manipulate the election.
That all said I feel the moment we crossed the line to fully electronic voting we put ourselves into a situation whereby manipulation increase an order of magnitude. Simply put it's hard to punch out say 1000 punch cards, replace 1000 actually voter cards, and then make the voter's cards disappear. Electronic data is trivial to change by design thus it can't be insure without ssome procedural mechanism *OR* have the technology punch the cards and then count the cards (Rube Goldberg).
I think the special interests have us right where they want us, arguing and impossible agrument. The "fingerprint" that voter leave must be tangible/physical thus imposing the greatest burden on those trying to manipulate the election. Where as right now those protecting the election now have the hardest job .....
Another way of thinking of it is this:
The way the IRS, and accoutants, ensure accountability and build in detection of deception is via redundency. Simply put, the buyer has a negtive entry on their return, the seller has a positive entry of equal magnitude.
(Message edited by ILikeInfo on November 11, 2006) |
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 1041
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, November 11, 2006 - 6:31 pm: |
|
So, among other things:
No body but the vendor or the certifying agency will have a known good copy of the certified level of the object code, to see if what's on the system compares to what's the 'verified, certified file copy', or however you want to word it.
How well can anybody verify that 2 modules work together if you don't have copies of them simultaneously?
Software re-writes should only be distributed from the testing facility, not from the vendor.
Charles Christopher: think of what it might be like if the IRS investigators got a bounty on the monies they collected (a way for potential gain), and they retained sole possession of your original documents after you submitted them (an avenue to cheat), do you think there would be a danger that your originals would vanish and re-appear with some digits transposed and you owing more tax? Unfortunately, voting is like this. A third party, who is unlikely to remain disinterested after being involved in the system for a minimum of time, now controls all the evidence. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 3420
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, November 11, 2006 - 6:39 pm: |
|
Brant said
quote:A third party, who is unlikely to remain disinterested after being involved in the system for a minimum of time, now controls all the evidence.
This is brilliantly explained, Brant. It's a crucial flaw of the electronic voting system enterprise and it is pivotal in its importance. This is what is making it impossible to get the evidence to prove fraud--the evidence is completely controlled by third parties who are very much invested in the outcome. The voter, who supplied the original "vote", has no legal standing and restricted possibilities to collect evidence. |
Bradley Spencer
Voting Rights Forum Participant
Username: Brad_spencer
Post Number: 93
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, November 12, 2006 - 7:45 am: |
|
Guys
Its not the answer to have Ciber distribrute the certified code, since Ciber is a PROFIT making commercial company paid directly by the election vendors. Remember, the election vendors are Cibers PAYING customers !
Remember MONEY TALKS !
Let me give you an example.....remember when I said that Ciber prefer the module by module approach to reviewing the code ?
Well, whilst this is true, I have experienced occasions of preferential treatment being given to Diebold over smaller vendors.
This happens as people like Diebold have deep pockets and are able to stump up large amounts of money to ensure that they get whatever service they need, by paying for and swamping Ciber with their work, to the point where Ciber cant take on any other work for any other vendor untill they get done with Diebold work.
This can be both strategic and intentional, if you get where I am coming from ?
Also, the other problem is that if the testing institute were to distribute the code....who would they be distributing the code to ?
If they distribute it to the government, who's gonna deploy it ? The government or the vendor ?
The counties just dont have this type of resource or ability at their disposal.
This is why they rely so heavily on the vendor....they have no clue about such things.
If the certified code is distributed back to the vendor, we are back to square one !
I believe that the code needs to be certified by NON PROFIT official departments of comuting science universities or something equivelent.
Take it away from people trying to simply make money !
There then needs to be a process, that when the county recieves the voting machines, with the software loaded, that random samples are then sent to the computing science department or other equivelent body, to check that what has been deployed to be used in an election, is the same as what has been certified....NOTHING more elaborate is required.
The testing facility needs to be impartial and open.
The distribution of code by the teting facility will not work, and will not solve the issues at hand, as it relys on distributing it to someone who then has to compile it, deploy it, and test it !
Much better that when it is deployed, it is compared to the certified software at that point.
It will also not work from the perspective that its not just the software that needs to be controled....its the software deployed on the hardware that needs testing as a combined single package, you cant just single out the software to be looked after.
Remember the process I outlined above.....first the software is reviewed, then the software and hardware working together are reviewed.
The process needs to be certify the software, certify the hardware with the software on it, it gets sent to the county by the vendor, and the county sends random samples back to the testing institute to verify that both individually the software is verified, the hardware is verified, and that the unisen of software working on the hardware is verified.
Any other process is wide open to manipulation at many, many levels.
Tim, with regards to VVSG, why have another non enforcable process in the mix ?
There is only one way to improve the current process and thats to enfocability, and accountability as standard.
Whats the point of joining a voluntary group ? Its just more lip service as far as Im concerned.
Legislators need to grow a pair, and lock down on the vendors, and produce legislation that has enforcement as its strap line !
Nothing short of an enforcable, open process will do !
Brad |
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 1049
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, November 12, 2006 - 7:19 pm: |
|
If getting the copy to send back involves running a utility piece of software on the voting machines (say, provided by the vedor?) , there isn't a good reason to be certain that you've taken a real copy. Now, if you're going to pull the hard drive and ship that, that might be different.
And Catherine that :"A third party, who is unlikely to remain disinterested after being involved in the system for a minimum of time, now controls all the evidence.", also applies just as well to untraceable paper ballots at many steps along the way, as well. |
Tim Gooch
Voting Rights Forum Participant
Username: Timthefoolman
Post Number: 2
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 13, 2006 - 8:04 am: |
|
Brad,
I wasn't suggesting that the VVSG was an effective alternative to FEC 2002... just pointing out that the SoS's are looking for intelligent tests in addition to what the FEC 2002 documents require. I would posit that, although it's not efficient, the fact that each state determines the rules that they are going to adhere to makes the likelihood of widespread collusion highly unlikely.
Just because you can sell your equipment in IN doesn't mean you'll get consideration in FL or NY.
Brant, depending on the system configuration, you could be talking about a huge logistical issue. LA County alone has over 5000 precincts. Think about the process necessary to successfully execute an election, even if you assume everyone to be honest, and put no security measures in place.
This is my biggest concern with systems that put a computer in the polling site. If they require ANY kind of update (for ballot def. files, etc.) it's going to be almost impossible to guarantee that they're running the same code today that they were running last week, since the vendor is almost always going to be involved in updating the machines.
With regard to the ITAs being in the vendor's pocket, this is no different from UL listing. Equipment manufacturers pay UL to test their stuff. UL tests against very specific performance guidelines that are clearly published. UL accepts the vendors' money. Insurance companies are very interested in the outcome, but don't subsidize the UL listing process. The insurance companies DO hire independent experts to periodically review the tests and methodology of UL, since they could be on the hook if the tests are bogus.
What Ciber and the other ITAs test is clearly shown, and clearly documented. If you're saying that the FEC isn't specific enough because they haven't documented every possible attack vector against systems that use technology that may or may not have been around when the regs were written... I'd have to agree. On the other hand, unless they've hired "The Amazing Kreskin" to write the test scripts, what do you expect them to do?
Assume for a moment that Ciber is absolutely, 100% beyond question in their honesty and integrity. How would they behave any differently, given what they're charged to do?
Connecticut did some interesting testing this past year, in that they asked the comp sci dept. at UCONN to examine all the "approved vendor" systems
for security risks. That seems like a much more sensible approach.
1) Use the ITAs to validate that the system does what the vendor claims, and performs to the State's expectation in terms of ballot integrity, repeatability, and so on. This puts the burden and expense of system validation where it belongs, on the vendor.
2) Given a list of vendors whose equipment meets the State's needs (and budget), submit all proposed systems to a third party (trusted by the state) for security analysis. Since many of the states have their own voting regs and rules that complicate aspects of the process, the trusted party can look at the security of the system in the context of how the State would actually use it. If necessary, the trusted party could also review the process & methodology of the ITA to ensure that its tests are applicable to the State's requirements.
Tim |
Bradley Spencer
Voting Rights Forum Participant
Username: Brad_spencer
Post Number: 100
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 13, 2006 - 8:27 am: |
|
Brant
Its not effective to run a utility on the voting machine.
Also, very few voting machines have a hard drive nowadays, with increased stability from solid state being preferred, and to access that, you would have to dis assemble the voting unit, which would void its vendors warranty.
Where voting machines are concerned, a random sample accross each batch should be shipped for verification. remember, its not just the software that needs verifying, its the unisen of the software and hardware working together.
Dont forget about stuff like firm ware etc where hardware is concerned.
Its a different story where the elections management system is concerned, as invariably servers are built specific for the county, and the software sits on these servers.
This software is slightly easier to control.
Brad |
Bradley Spencer
Frequent Voting Rights Forum Participant
Username: Brad_spencer
Post Number: 101
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 13, 2006 - 8:31 am: |
|
Tim
with regards to the ITA,s....thats pretty much what Ive been trying to get across.
Someone has to be trusted to certify / review etc.
However, I would personally prefer to see a non profit organisation appointed in each state that has an open book policy when repoting to the public.
Brad |
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 1054
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 13, 2006 - 12:22 pm: |
|
If it's no longer a hard drive (and it's PC architecture) then it's likely flash or PCMICA flash. If your talking about new processes and rules you would have to get/force the vendors' aquiescence to new rules anyway, , and you set it up in law, that a random sampling are removed from their machines for testing, and that this is necessary to retain their certification. So then, you have a decent chance of catching hacked code.
Frankly, you should have a comparison against known good executable code before every election, on every machine. |
Bradley Spencer
Frequent Voting Rights Forum Participant
Username: Brad_spencer
Post Number: 104
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 14, 2006 - 2:15 am: |
|
Brant
Nowadays one of the favoured technologies is a DOM (Disk On Module)
I agree, in an ideal world you should be able to check every voting mavhine.
Problem is the sheer numbers, geography and logistics of doing so.
Some counties have multiple thousands of machines deployed. Who would check every machine for them, and how ?
I think a good start would be for members of the public to be allowed under escort into the warehouse at the county elections department, and pick out random machines from each batch, to send for review and verification.
A start at least ?
Brad |
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 1058
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 14, 2006 - 5:45 am: |
|
With as little margin as an election turns on, it's not enough. |
Tim Gooch
Voting Rights Forum Participant
Username: Timthefoolman
Post Number: 3
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, November 15, 2006 - 1:44 pm: |
|
Brad,
That presumes that the person(s) escorting them is technically savvy enough to tell the diff between someone who's auditing a system, and someone who's compromising one. How do I know that you, Mr. Auditor, aren't installing a worm onto those machines that will spread through the network, or better yet, propagate up through the system when a flash drive or removable memory device is inserted?
On top of that, you have the ugly situation that derives from convincing someone to give you access, when the whole exercise (auditing the systems) demonstrates your lack of trust in their ability to do their job properly. For every large county where there's been neglect or fraud, there are hundreds that are doing things "by the book," and don't do the questionable things that we read about in the news (or watch on HBO).
I'm not trying to defend incompetence. I'm just pointing out that lack of technical knowledge at the county level is one of the MANY factors that contributes to technical "glitches," problems with otherwise functional systems, and improper procedures. The social aspect (not trusting Mary to correctly run the machines, when she's been an election supervisor for 23 years) is another big component.
Tim |
Bev Harris
Board Administrator
Username: Admin
Post Number: 5819
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, November 15, 2006 - 1:51 pm: |
|
moved to general discussion
WHAT TO DO WITH EVIDENCE:
"Never put it in a funnel."
Always PROPAGATE evidence to at least 5-7 different places:
- A reporter
- Black Box Voting
- Your local elections office (this will seed it into the public record)
- Your e-mail list
- Your local elections reform group
- The EIRS reporting system
- A blog
- Someplace unexpected
EVIDENCE = video, audio, photos, public records
(stories and anecdotes are not evidence)
|
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 1068
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, November 16, 2006 - 9:34 am: |
|
Brant: "If getting the copy to send back involves running a utility piece of software on the voting machines (say, provided by the vedor?) , there isn't a good reason to be certain that you've taken a real copy. Now, if you're going to pull the hard drive and ship that, that might be different."
Brad: "Brant
Its not effective to run a utility on the voting machine."
Please don't make it sound as though you're disagreeing with me when you're agreeing with me, it makes it confusing for other readers. (hard to break a habit, isn't it?) |
|
|
