[ale] Its over. Maybe

Michael D. Hirsch mhirsch at nubridges.com
Thu Nov 4 16:25:23 EST 2004 

On Thursday 04 November 2004 09:17 am, Geoffrey wrote:
> George Carless wrote:
> > If there *are* situations where FOSS is not the solution, this is
> > absolutely not one of them.  What possible legitimate reason is there
> > for keeping the voting system secret and proprietary?
>
> I can easily suggest a solution where we can all vote in confidence.

Boy, we're different.  I think I disagree with most of these points.

> First, voting devices should not be monopolized, in the case of the
> Diebold systems, they are.

Ordinarily, I agree.  In this case, however, I don't think I do.  We are 
talking about defense from attack.  With multiple suppliers there are more 
opportunity for attack.  Of course, that would mean any single attack would 
be less pernicious, but I'm not sure where I'd want to fall on that one.

> Second, the systems should be reviewed by non-partisan technically
> capable people.

Obviously correct.

> Third, voting devices such as these should be randomly seized and a
> complete verification of the system be completed, again by a
> non-partisan group.  That's to say, they could walk into a polling
> place, anywhere in this country, select a machine and after protecting
> the existing votes on that device, proceed to validate and verify that
> it is functioning correctly.

That's crazy.  Even just considering the technical aspects, how does one 
"validate and verify".  If we knew how to do that we wouldn't have security 
problems any more.  I believe there is a meta-theorem which says you cannot 
validate a sufficiently complex system--and these are more than sufficently 
complex.  

The whole point of a paper trail is that it protects against unknown attacks.  
Even if the bad guys come up with a diabolically clever attack which avoids 
detection by looking at the system, the electronic and paper ballots will not 
agree.  The attackers would have to subvert the hard copies, too, which we 
have a lot of experience preventing.  Furthermore, electronic fraud is done 
wholesale and paper fraud is retail--it would be extremely difficult to get 
them to agree.

Michael

More information about the Ale mailing list