On Saturday 17 October 2009, Krishnakant wrote: > We have also herd about the software in the woting machines being flawd. > whether that comment came from a pollitical loss of the party in > question is in doubt.
In the case of the EVMs the "experts" claiming the flaw were unable to demonstrate the flaw in the prescence of all party representatives. Also from the info i have gathered, the system is a simple hardwired system with no method of reprogramming the microcontroller in circuit, i.e without opening the evm. This means that one would have to collude with officials and several party reps to remove and reaffix the onetime seals. The need for manual enable (which is also upper and lower time bound ) by the voting official limits the ability to stuff the ballot to make this exploit almost useless. Counting is possible only by physically retriveing the memory card which is 3des encrypted. Since this is done in the prescence of all parties, no hope of tampering. Pre loading would require prior knowledge of which card would go to which EVM and which EVM would be assigned which center and a trojaned microcontroller to overlook the initial blank check at the polling booth. Finally the counting sofware it self or the counting machine could be trojaned. About this part of the process i have no idea. This software Itself should be made free so that it is verifiable and the os gnu/linux with the disk image suitably verified. One must presume the political parties have found this part ok. There could be possible exploitable process flaws (assigning EVMS to centers, wrongly assigning symbol and button etc), but that would require collusion from too many opposing players. Dangerous imo. Unlike the diebold online touch screen system with (i love this) locked down XP, the indian EVMs simplicity, particularly no online connectivity, makes them quite secure. -- Rgds JTD _______________________________________________ network mailing list [email protected] http://lists.fosscom.in/listinfo.cgi/network-fosscom.in
