A Bit More Background on the Hursti Test

The first part of this substantial article provides a bit more background on the Hursti Test.

The balance of it is quite interesting, as well. The author discusses current testing administration, questions it's constitutionality, debunks "trade secrecy" claims for test results, provides a means for verifible testing (if you will).

He even comes up with a market-based means with which to implement it. :wow:

The guy must have stayed up all month writing it. :7

Hopefully some of you will tease out these other ideas put forth and post a thread so we can discuss them.

Testing Election Software Effectively
A Proposal for Effective Testing of Election Software

By John Washburn, VoteTrustUSA Voting Technology Task Force

February 02, 2006

Last month a mock election in Leon County was run exactly as it should be - where all proper policies and procedures are followed. Contrary to the claims of the vendor, the election results provided by the software administering the election were both incorrect and the manipulation was undetectable except through the most extraordinary of means.

This comes as a surprise only to those who have not been paying attention. For more than a decade and a half, citizen activists, investigative reporters, and computer scientists have been reporting on the inherent risks presented by electronic voting through either malice or mistake. (See "Decades of Concern" below)

Every revelation of a security defect, demonstrated or speculated, has been met with one of four responses from vendors:

1) If there were such a problem it would have been discovered during the federal testing.
2) Well, that is the other vendor’s equipment. It does not apply to our equipment.
3) Well, that was a bug, but is fixed in our latest product offering.
4) Well, that is a problem, but it could not occur under circumstances found in a real election where proper policies and procedures are followed.

What set the demonstration in Leon County apart was the fact that the test was specifically designed to meet and counter each of these responses. This attention to detail is described in this first hand account as the third iteration of this test was performed. Another distinctive feature of the Leon County test is the persistence of a lone election official. The much publicized testing done on December 13, 2205 was actually the third time this test was done. The prior two times were in May and June of 2005. The full report was distributed on July 4, 2005 to election officials across the country. In response to the July 4 report, Diebold repeated stock responses 1, 3, and 4 as late as a October 17th meeting of Cuyahoga County Board of Elections (see pages 135 line 4 to page 136 line 20 of the transcript). Diebold later admitted on January 3, 2006 to the Secretary of the Commonwealth of Pennsylvania that the response given during the October 17th meeting were indeed unfounded.

It is time to recognize the vendor-funded testing efforts performed under the auspices of the National Association of State Election Directors (NASED) have produced software testing results which are as reliable as the research performed by the Tobacco Institute on the effects of smoking. It is time to consider a proper framework for certification. Ten years which could have been spent testing election systems effectively have been wasted because of the current frame work.

snip

http://www.votetrustusa.org/index.php?option=com_content&task=view&id=870&Itemid=26

If you hadn't kept us with developments, you'd think the machines miscounted on their own.

The point of an "inside job" is that they can be impossible to detect, no matter what system is in place. We can insist that safeguards be designed to make it harder, but given privileged access ... anyone can mask their tracks.

My point is, you make it harder to take professionals seriously when you give credence to such hyperbole.

Knock yourself out.

warren@VoteTrustUSA.org

:)

KICK!

Steven P. :kick:

I'm not the one bawling, remember?

I'll just note for other DUers who are falling for this that you've already admitted that this accusation lacks substance.

Message removed by moderator. Click here to review the message board rules.

in Diebolds equipment. And the FEDS NEVER -said-- hey- you cant do that.

And since most vendors use memory card - portable media-- the potential for similar attack vectors is significant. Rebecca Mercuri has been saying this for years.

Or, they may try to argue that it falls under the "typo-ed" non-existent exception in the guidelines.

Are you aware of that particular mess?

know now, and they should quit with the silence. After we get control of this mess they should all be fired for NOT KNOWING unless they come clean now.

The whole affair includes the tangled mess involving the EAC, ITA's, NASED, TGDC, NIST, IEEE, and of course, the vendors themselves.

You don't even have to know what all those acronyms mean to wonder what the hell is (and isn't) going on.

Lawmakers have to be dragged over to the stinking pile and told to get out a pooper scooper.


-edit to add-

The Election Center, too.

The application is compiled. You have to accept a new definition of the phrase to believe that the vendor got away with a deliberate violation.

might be worth my time

The FEC regs are here

http://www.eac.gov/election_resources/vss.html

Section 6.2 deals with this topic

Access controls are procedures and system capabilities that detect or limit access to system components in order to guard against loss of system integrity, availability, confidentiality, and accountability. Access controls provide reasonable assurance that system resources such as data files, application programs, and computer-related facilities and equipment are protected against unauthorized operation, modification, disclosure, loss, or impairment. Unauthorized operations include modification of compiled or interpreted code, run-time alteration of flow control logic or of data, and abstraction of raw or processed voting data in any form other than a standard output report by an authorized operator.

Access controls may include physical controls, such as keeping computers in locked rooms to limit physical access, and technical controls, such as security software programs designed to prevent or detect unauthorized access to sensitive files. The access controls contained in this section of the Standards are limited to those controls required of system vendors. Access controls required of jurisdictions will be addressed in future documents detailing operational guidelines for jurisdictions.

Next, Dr. Shamos claims that the prohibition of self-modifying code, dynamically loaded code, and interpreted code found in section 4.2.2 of the 2002 VVSG does not apply to the Diebold equipment (both optical scanners and touch screen DRE’s) because of an exception. Section 4.2.2 reads:

“Self-modifying, dynamically loaded or interpreted code is prohibited, except under the security provisions outlined in section 6.4.e.”

The only problem is that there is no section 6.4.e! It doesn’t exist.

Dr. Shamos notes that this “appears to be a typographical error” and then takes the initiative and decides that it is “apparently meant to refer to 6.4.1(e)”. Whether Dr. Shamos’s speculative interpretation of Section 4.2.2. is correct or not, he should know that he has no authority to interpret the 2002 VVSG. The sole arbiter of the 2002 VVSG is the National Association of State Election Directors (NASED) Voting Systems Board. This is clearly stated in Section 9.6.4 of the 2002 VVSG:

The NASED Voting Systems Board (the Board) is responsible for resolving questions about the application of the Standards in the testing of voting systems. The Secretariat for the Board will relay its decisions to the NASED certified ITAs and voting system vendors. The Federal Election Commission will monitor these decisions in order to determine which of them, if any, should be reflected in a subsequent version of the standards.

snip

http://votetrustusa.org/index.php?option=com_content&task=view&id=814&Itemid=113


For What It's Worth

and I volunteered my time for verifiedvoting.org, so I have some confidence in his analysis

http://www.verifiedvotingfoundation.org/article.php?id=6324

It's nice, too, that you volunteered.

What is unfortunate is that Dill's analysis seems, at least in it's conclusion, to differ from your assertion.


Emphasis mine.

snip

1. Does Diebold's AccuBasic interpreted code (which is present on the memory cards of both their TS and TSx DREs and on the precinct count version of their optical scanners) violate the FEC 2002 Voting Systems Standard's (VSS) prohibition on the use of interpreted code?

snip

#1. No, provided one accepts Pennsylvania's interpretation of a rather vague and ambiguous exemption clause (Section 6.4.1(e)) of the FEC 2002 VSS. (However, if one accepts that interpretation, then it must apply equally to the TSx and OS systems.)

snip

Which is the exact thing I've been saying.

For What It's Worth

Dill's article is objective and neutral. I have no trouble with his analysis.

Posting is not peddling. And, For What It's Worth, I pointed out that I want to see Pynchon supply proof that there was a deliberate insertion of code. But intent is not the current issue, unless the aim is obfuscation.

You have been peddling an argument that this is all a big deal over nothing. The Dill link you provide differs.

He seems to consider it a big deal period.

For What It's Worth, I think Fredda Weinberg Is Wrong about this.

of deliberate fraud. Else, we'd be having a reasoned discussion of the sorry state of voting technology and you wouldn't be posting Diebold help wanted ads.

I don't volunteer my services for meaningless causes - and I don't ignore those, who in the name of that cause, make baseless charges that diminish us all.

CONCLUSIONS

1. Pennsylvania's decision to certify the TSx appears to hinge on their interpretation of §§4.2.2 and 6.4.1(e) of the FEC 2002 VSS. This wording is ill-defined and open to alternate interpretation.

2. If Shamos' analysis is accurate, then the use of interpreted code on the memory card of the TSx represents a different level of risk than the use of such code on the memory card of Diebold's precinct count optical scanners, because the former does NOT appear to be directly vulnerable to the exact same "Hursti Hack" to which the latter is clearly vulnerable. However, the memory card of the TSx, unlike the op-scan memory card, can be plugged into and modified by any laptop computer and therefore is subject to a different class of risks.

3. Pennsylvania's conditions for certifying the TSx (i.e., requiring "careful handling and storage procedures and the use of effective seals...") can only (potentially) address concerns of tampering with interpreted code on memory cards if their election procedures also require that each TSx voting machine be subjected to "Election Day testing" conducted after the memory cards have been inserted into all machines and "sealed". If "Election Day" testing is performed only on some machines, then malware could be installed on the memory cards of some of the TSx machines prior to when the seals are applied, and go undetected if those machines did not undergo subsequent "Election Day" testing.

4. Even if all TSx machines are subjected to "Election Day" testing after the memory cards are installed and seals applied, such "Election Day" testing (conducted with the machine operating in "test mode") may not be sufficient to detect the presence of any malware (with appropriate digital signatures) installed onto the TSx memory card prior to its insertion into the machine.

5. To the extent that completion of federal certification is a prerequisite to the State's certification testing and the granting of State certification, Pennsylvania's decision to certify the TSx on January 17, 2006 may be premature and thus possibly subject to legal challenge, since it appears that the specific TSX configuration that Pennsylvania tested has not completed federal certification. Specifically, the following components of that configuration (which is specified on page 8 of the certification report) do not yet appear to be certified at the federal level: GEMS election management system software 1.18.25 and Election Media Processor 4.6.2. Furthermore, the remaining items listed in that configuration do not appear as being certified under a single NASED System ID number, and thus do not correspond to a consistent configuration that has received federal certification.

6. The federal certification of all TSx configurations has been called into question by the California Secretary of State's office because Diebold failed to submit for ITA review either the AccuBasic source code used to generate the .abo files on the removable memory card or the source code for the AccuBasic interpreter itself. As a result, NO configuration of the TSx has been certified for use in California because of Diebold's failure to submit that code to ITA review, and certification of the TSx in California will not occur (if at all) until the relevant ITA laboratories have received and completed their review of that source code. This raises additional concerns about Pennsylvania's decision to certify the TSx while the ITA's review of that software is not yet completed.

The concerns raised in this analysis may or may not provide sufficient grounds for challenging Pennsylvania's certification of the TSx.

http://www.cs.uiowa.edu/~jones/voting/dieboldacm.html

Once again, I'm not defending Diebold - I'm contradicting those who claim that they deliberately inserted nefarious code and that they proved election fraud.

That's why I haven't claimed that.

But what are you offering to contradict Pynchon's claim?

Neither you nor Pynchon have offered proof. Maybe Pynchon can prove it, maybe she can't.

One thing is for certain, though, it's irrelevant to the current debate.

Is it that you don't get that, or that you don't want others to get it?

"It had to be PUT there (programmed) on purpose."

http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=203&topic_id=409859&mesg_id=409922

I do that a lot.

For What It's Worth,this is a peddler.

this is a peddler

be able to buy prime time television slot to go on TV with the quote "conspiracy theorist" to get to the bottom of all these election theft stories thats what I would do if I was a legitimate company that wanted to count Americas vote's.

'ZERO TOTAL REPORT'
'TEST ZERO REPORT'
'TEST RESULTS REPORT'
'ELECTION ZERO REPORT'
'ELECTION RESULTS REPORT'
'PRINT ALL\nPRECINCT TOTALS?'PRINT PRECINCT\n NUMBER '
'PRINT LONG\n REPORT?'
'PRINTING REPORT'
'=== OPTIONS SETTINGS ==='
'REJECT BALLOTS WITH:'('OVERVOTED RACES '
'BLANK VOTED RACES ('UNDERVOTED RACES('ALL RACES BLANK
('STR PARTY OVERVOTES'
MULTI-PARTY VOTES
DUPLICATE VOTES
'PRINT OVERRIDE LOG FOR:'
('OVERVOTED RACES"
('BLANK VOTED RACES
('UNDERVOTED RACES
('ALL RACES BLANK

Shall I go on? Doesn't look like 1s and 0s to me.