On Saturday 17 October 2009, Krishnakant wrote:

> We have also herd about the software in the woting machines being flawd.
> whether that comment came from a pollitical loss of the party in
> question is in doubt.

In the case of the EVMs the "experts" claiming the flaw were unable to 
demonstrate the flaw in the prescence of all party representatives.

Also from the info i have gathered, the system is a simple hardwired system 
with no method of reprogramming the microcontroller in circuit, i.e without 
opening the evm. This means that one would have to collude with officials and 
several party reps to remove and reaffix the onetime seals. 
The need for manual enable (which is also upper and lower time bound ) by the 
voting official limits the ability to stuff the ballot to make this exploit 
almost useless.
Counting is possible only by physically retriveing the memory card which is 
3des encrypted. Since this is done in the prescence of all parties, no hope 
of tampering. Pre loading would require prior knowledge of which card would 
go to which EVM and which EVM would be assigned which center and a trojaned 
microcontroller to overlook the initial blank check at the polling booth.

Finally the counting sofware it self or the counting machine could be 
trojaned. About this part of the process i have no idea. This software Itself 
should be made free so that it is verifiable and the os gnu/linux with the 
disk image suitably verified. One must presume the political parties have 
found this part ok.

There could be possible exploitable process flaws (assigning EVMS to centers, 
wrongly assigning symbol and button etc), but that would require collusion 
from too many opposing players. Dangerous imo.

Unlike the diebold online touch screen system with (i love this) locked down 
XP, the indian EVMs simplicity, particularly no online connectivity, makes 
them quite secure.  

-- 
Rgds
JTD
_______________________________________________
network mailing list
[email protected]
http://lists.fosscom.in/listinfo.cgi/network-fosscom.in

Reply via email to