At 1:01 PM -0500 2/4/2001, John Kelsey wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>At 11:02 PM 1/27/01 -0500, William Allen Simpson wrote:
>
>...
>>"Arnold G. Reinhold" wrote:
>>> There are a lot of reasons why open source is desirable,
>>> but it does simply the job for an attacker.
>
>>I disagree. Security by obscurity is never desirable.
>
>Right. This is doubly important in this application, where
>the big threat is insider fraud. The people we're really
>worried about doing some kind of large-scale fraud are
>the ones being trusted to man voting stations, transport
>ballots, count votes, and certify elections. Outsiders
>who've read through the source code looking for buffer
>overflow bugs aren't likely to have the access needed to
>mount an attack.
>
I feel like I am being quoted out of context here. I was not
suggesting closed source, but proposing a new type of compiler that
produce obfuscated object code under a key. This could make an
attackers job more difficult, particularly in the narrow time window
of an election.
In the attack model I am addressing, the people who man the voting
stations would be supplied with malware tools based on just such an
analysis of the source code. Under my scheme they could not rely
knowing the exact object code they will encounter. The compilation
key or keys would be published after the election, allowing the
object code used in the field to be compared with the source.
At 10:38 AM -0800 2/4/2001, David Honig wrote:
>On Banning Video Cameras From Voting Places
>
>The voting apparatus may keep a serial record of each vote, in order, for
>auditing purposes. This is also mentioned in WAS's legislative text. Now,
>if an evil vote buyer had someone recording who entered which booth
>and also had access to the audit records, the correlation lets them
>buy or blackmail votes. Note that this requires only *one* conspirator if
>that conspirator is a poll worker with a concealed camera.
>
One doesn't need a concealed camera. There is nothing to stop a poll
watcher from keeping written notes of the time when each voter votes.
In fact, here in Massachusetts the election officials are required to
call out the name of each voter when they get their ballots and when
they turn them in.
Arnold Reinhold