--- On Mon, 7/13/09, Zak B. Elep <[email protected]> wrote: > Just thinking out loud: > > Would it be possible for Comelec to provide you these > things all with > a corresponding digital signature? Ideally, could > Comelec provide a > publicly-accessible GPG key that you could use to verify > the sources > (and could possible be used later on to verify the > results,) in a way > similar to Archive Signing Keys for software packages?
There is no tech-savvy person in Comelec who knows how to do this, and so Comelec is relying on Smartmatic to do everything for them. Smartmatic could probably be asked to GPG-sign the source code. Actually, then have agreed to SSL-sign all machine executables to prove that the executables came from them, but there is no assurance that the 82,000 signed executables running on those 82,000 PCOS machines are all the same, even if Smartmatic has signed them. Their signature only proves that they are the source of the program, and not that all the PCOS executables are the same. > > REGARDING LINUX SYSTEM ADMIN SETTINGS OF THE ELECTION > COMPUTERS: > g. is everything (the application, the election data, the > OS itself, > even the logs) subject to a backup system, possibly to a > different > (but possibly publicly accessible) location? All these data are required to be backed up in CF cards, according to the Comelec Terms of Reference (ToR). Just backing up the ballot images (tiff files) will use up a lot of bandwidth, which Smartmatic can not get under the current state of cellular infrastructure. > h. is there a process of the election application > deployment that puts > in verification (e.g. something like a GPG signature > verification of > the application binaries and/or source,) which could also > be extended > to the data/results? The precinct election returns (ER) will be SSL-signed by the BEI teachers, with secret keys/public keys provided by Smartmatic. This procedure is so ridiculous and immoral, since the secret keys will be known to the signers (BEI teachers) only during election day, but Smartmatic will already know the teachers' secret for a long time before election day. We will suggest to Comelec that the teachers use GPG secret keys/public keys that they generate without help from Smartmatic or Comelec, and for the public keys to be signed by their supervisors at DepEd. For the election application, we would like the simpler SHA1 checksum computation from the original executables compiled from the approved source code. On election day, the BEI teachers will just redo the checksum computations to verify that the executables have not been changed. We do not trust the Smartmatic-signed executables, because Smartmatic can sign several different versions of the executables and you will never know which version you are getting, swince there will be 82,000 of those PCOS machines and 2,000 CCS/BOC machines. > i. related to h., is there some sort of public > infrastructure that > would allow independent verification of the (automated) > result output? Can you propose a procedure for doing this? The law provides that Comelec can select one precinct in every congressional district in which to do a manual audit, but that is hardly verifying the national election picture. > j. since this is all supposed to be 'automated', are all > the machines > to be deployed using and automatic configuration management > system > (like CFEngine or Puppet) so possible preconditions like > those above > could be declared and verified? Smartmatic will use an automated EMS (election management system) to convert the Comelec data for the different precincts into EML (election mark-up language) files for configuring each precinct's CF card that contains customization and configuration data. Each PCOS machine has an EML interpreter built in. Thank you Zak. //Pablo _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
