At 1:01 PM -0500 2/4/2001, John Kelsey wrote:
>At 11:02 PM 1/27/01 -0500, William Allen Simpson wrote:
>>"Arnold G. Reinhold" wrote:
>>> There are a lot of reasons why open source is desirable,
>>> but it does simply the job for an attacker.
>>I disagree.  Security by obscurity is never desirable.
>Right.  This is doubly important in this application, where
>the big threat is insider fraud.  The people we're really
>worried about doing some kind of large-scale fraud are
>the ones being trusted to man voting stations, transport
>ballots, count votes, and certify elections.  Outsiders
>who've read through the source code looking for buffer
>overflow bugs aren't likely to have the access needed to
>mount an attack.

I feel like I am being quoted out of context here.  I was not 
suggesting closed source, but proposing a new type  of compiler that 
produce obfuscated object code under a key. This could make an 
attackers job more difficult, particularly in the narrow time window 
of an election.

In the attack model I am addressing, the people who man the voting 
stations would be supplied with malware tools based on just such an 
analysis of the source code. Under my scheme they could not rely 
knowing the exact object code they will encounter. The compilation 
key or keys would be published after the election, allowing the 
object code used in the field to be compared with the source.

At 10:38 AM -0800 2/4/2001, David Honig wrote:
>On Banning Video Cameras From Voting Places
>The voting apparatus may keep a serial record of each vote, in order, for
>auditing purposes.  This is also mentioned in WAS's legislative text.  Now,
>if an evil vote buyer had someone recording who entered which booth
>and also had access to the audit records, the correlation lets them
>buy or blackmail votes.  Note that this requires only *one* conspirator if
>that conspirator is a poll worker with a concealed camera.

One doesn't need a concealed camera. There is nothing to stop a poll 
watcher from keeping written notes of the time when each voter votes. 
In fact, here in Massachusetts the election officials are required to 
call out the name of each voter when they get their ballots and when 
they turn them in.

Arnold Reinhold

Reply via email to