BBV did you know ES&S iVotronic are not hackiable

or voter fraud can not be commited with them because of their security.......

I just got that from a Supervisor of Elections in Florida in reply to an email to her and others about the problems of Touchscreens without a paper trail..

Any good points to reply back to her.

TIA
Bill

and you'll show her that she's wrong.

Ask her how she KNOWS it is not hackable, ask her for her back up documentation showing that it is not hackable.

the system. If they are so confident it can't be broken this shoudl be an OK request. Even have a reputable computer secrutity company try it, someone like ISS or something.

they research bugs, and release them to the vendors periodically to get their name on bugtraq and keep people scared of being hacked. They sit on bugs until when they deem its most profitable to release.

The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.

Reflections on Trusting Trust
Ken Thompson


http://www.acm.org/classics/sep95/

Thompson's point is that there is:

a) no way to be certain your system is secure unless you, personally, wrote *every* line of code and designed and built *every* bit of hardware, and;

b) a malicious insider *especially at the software vendor* can commit fraud and never be detected.

Tell your SOS that having a secure computer-based voting system is not just difficult -- it's provably impossible.

(Paranoia: high) Ask whether the operating system has been auditted for security compliance. In fact, ask whether they know what OS the thing is using. At least DieBold used WindowsCE; and of course the "Windows" name combined with "unhackable" is a riot (and besides, Windows is too big to be trusted).

Ask whether the compiler/linker toolchain used by the manufacturer has been auditted for correctness and security. There have been recorded cases of viruses inserted into compilers that would alter what programs they produce do.



Ask whether the manufacturer claims compliance with any high-reliability software engineering practices/processes.

Explanation: writing software without bugs is hard. IIRC, the usual 'good' number is like 4 or so bugs per 1000 lines of code. So if you're doing something like writing the software for the space shuttle, or for life support equipment, it must be developed in a very special way, in order to ensure maximum reliability. If the software for voting machines is not developed in this way, it's hard to be confident in it working right even absent any intent by anyone to tamper

that creates a "no paper receipt system" I am not sure that is true.

or does the manufacturer? It is entirely feasable that ES&S (or any other manufacturer) bribe a certification agency to get the result they want. IMHO, the state should pay for certification preferably with one of their universities that would allow their results to be published. I wouldn't trust Texas A&M though.

Most of the problems that have stemmed from BBV issues have come back to Diebold (the manufacturer) patching their own machines with faulty code that has not been certified. No hacking involved if you're with the company, right? WRONG.

Ask the machine again?

Where is the independent source to check against the machine?

You have to get outside of tech, to audit tech.

Would she personally take out an insurance policy and guarantee that the elections will be error, fraud, and hack free?

:kick:

I am technology-challenged, so I'm sure this will send all the experts into gales of hysterical laughter, but I'm gonna ask anyway.


What would happen if a voter had one of those trydium (sp??) magnets in his/her pocket and got close to one of the touch-screen machines or whatever?