On Saturday 17 October 2009, Vickram Crishna wrote: > On Sat, Oct 17, 2009 at 2:22 PM, jtd <[email protected]> wrote: > > On Saturday 17 October 2009, Krishnakant wrote: > >> On Sat, 2009-10-17 at 13:15 +0530, jtd wrote: > >> > On Saturday 17 October 2009, Krishnakant wrote: > >> > > We have also herd about the software in the woting machines being > >> > > flawd. whether that comment came from a pollitical loss of the party > >> > > in question is in doubt. > >> > > >> > In the case of the EVMs the "experts" claiming the flaw were unable to > >> > demonstrate the flaw in the prescence of all party representatives. > >> > > >> > Also from the info i have gathered, the system is a simple hardwired > >> > system with no method of reprogramming the microcontroller in circuit, > >> > i.e without opening the evm. This means that one would have to collude > >> > with officials and several party reps to remove and reaffix the > >> > onetime seals. > >> > The need for manual enable (which is also upper and lower time bound ) > >> > by the voting official limits the ability to stuff the ballot to make > >> > this exploit almost useless. > > With due respect, the 'experiment' you refer to would make any student > laugh. In reality, the time one has to manipulate a single machine can > be anywhere up to 8 hours or even more, depending on the 'extent' of > booth capturing.
Afaik the crackers were given several hours. One would require collusion with officials AND other political party workers. Not an Absolute impossibility but pretty much useless, as you already have lost. > I do not find it impossible to conceive of a > situation where the EPROM/controllers may not be physically > substituted, instead of resetting or any other easy to detect > approach, and contain within it all the workarounds for manual enable > etc. Again not impossible with a few machines, but most certainly impossible to do it with a significant number. You would require a SMT reflow and rework line. A 40 pin .5mm pitch qfp takes a god 30 minutes to solder. PS i havent seen the insides of a voting machine but i presume it would have suitable physical barriers to prevent a quick physical hack, which is why it wasnt attempted. > In a city like Mumbai, such capturing may no longer be a viable > option, but parts of the countryside are quite different. Niceties > such as 'officials and several party reps' may not always be the case. True. Nonetheless imo not as easy as you make it out. > What people have been asking for, and it is not unreasonable, is that > the machine have the option of manual printout, for the voter to carry > away. And why would the rigger not produce a similar printout? If post count tallying is the goal, i am afraid a simple printout wont cut. > This would meet the doubts of an ordinary citizen. Pointless. Rigged votes are of those who did not cast their vote. Ofcourse if one is talking of widespread official collusion (Iran ?), then these measures are meaningless because of the counting mechanism, it being the weakest link in the chain. > The second > point, about open code, was to meet all the doubts about manual enable > and so on, the failsafes built into the system under normal > circumstances. Opening the code is an absolute must, irrespective of how fool proof the system is. My argument was only against the current alleged exploit, not at all against a public code audit. Given the obsolescence rate in electronics, it is just a matter of time before a redesign would be essential, and there is no guarantee whatsoever that the new design will be as good. > Only technologists understand how critical this can be, > for a system as important as a voting machine in a national election, > or any other, for that matter, but this point has been explained so > many times, that many non-techies know perfectly well why the EVM is > still being questioned. However, this understanding is not matched by > the attitude of EC officials. Ok. > >> But in the case of the issue I pointed about MHADA's lucky draw, the > >> problem was very much centered around software. > >> and we may never know the reality. > > > > Very true. The very fact that it selected multiple times the same persons > > shows a very poor software. But that is not the real point. > > > > In the past when draws were held manually, it was a public fact that the > > process was rigged. Costed Rs.50,000/- to Rs.100000/-. This was between > > 87 to 90. Some of my friends paid and got themselves alloted flats at > > Borivali gorai. The ones in Ghatkopar Pantnagar were in great demand and > > the rig price was Rs.200000/- and required insider contacts in MHADA. My > > friends had the contacts but not enough cash on the table. So though we > > grew up in Pant Nagar, they opted for Gorai. One of them worked in MHADA > > and brokered a discount of Rs.5000/-. There was hughe rukus after the > > allotments as some riggers had failed to get allotments (actually two > > agents delayed payment - full two months before the draw afair - by a > > day and were not included in the rig) and many non riggers suspected the > > process anyway. > > > > Computers can never remove systemic and process vulnerabilities. Infact > > they only aide and make discovery more difficult. > > Yes, we have the expression, to err is human, to really *&*^%^ up > takes a computer. Of course, one that is programmed to do so. ;-) -- Rgds JTD _______________________________________________ network mailing list [email protected] http://lists.fosscom.in/listinfo.cgi/network-fosscom.in
