On 10/12/2009 15:52:55, Oscar Plameras wrote: Sent: > Remember, Election Automation Software is one of the easiest to develop. > It is "Count and Tally", nothing complicated and convoluted.
No! In addition to the checking for triggers or backdoors that other have mentioned, the EAS should also provide a way to check that data, and maybe even the program, has not been tampered with. Thus, the need for several crypto tech like public key encryption, message digest algorithms, etc. Everybody in this list knows how important it is to have crypto stuff. You might be using good algorithms to do the authentication or checking the integrity of the system and data, but a little backdoor and your EAS is even worse than paper ballots.to simulate. >> >> Hardly no commercial developer will allow third parties to have source >> code access to their propriety >> software. And in general, commercial confidence protects the privacy >> of these codes.under the trade >> secrets act of countries. I think the Philippines is a signatory to that. >> >> And lastly, which source codes are they going to review. The >> application source codes? But application >> source codes interacts with system source codes. Are they going to >> review system source codes, too? >> What about the source codes of all firmware chips used in the system? >> Are they goind to review those source codes, >> too? How long is a piece of string? The code done by one programmer >> maybe anathema to another and so >> source code review leads to more controversies. As you know >> programmers are full of egos and one argument >> leads to another and another. The point is if it does the defined >> specifications, it does not matter how or why the >> code is written that way. >> >> Reviewing source codes is a mine field of difficult issues to deal with. >> >> The simplest and easieast is to test by outcome, not how the code and >> why the code is written that >> way. After all, we are interested in the integrity of the system not >> the integrity of the code. >> >> On Mon, Oct 12, 2009 at 2:24 PM, Pablo Manalastas >> <[email protected]> wrote: >> > On SysTest Labs: It will do a testing of the binary executable. The >> > testing will be more scientific than the testing done by the Special Bids >> > and Awards Committee (that awarded the contract to Smartmatic) but will >> > cost >> > COMELEC more than PHP70 Million. Note that this is software testing of the >> > binary executable, not a review of the source code, and the two are totally >> > different "animals". >> > >> > On Monday, October 5, 2009, CenPEG filed with the Supreme Court a >> > petition for mandamus, asking the Supreme Court to force COMELEC to release >> > the source code of the election programs that will be used in May, 2010 to >> > CenPEG and to all interested political parties and groups, as provided for >> > by law (RA-9369). >> > >> > The text of the petition can be found here: >> > >> > http://www.cenpeg.org/POL%20PARTIES%20AND%20ELECTIONS/OCT%202009/Petition%20for%20Mandamus.pdf >> > >> > The lawyers for CenPEG are Atty Koko Pimentel, and Atty Pancho Joaquin. >> > I mention their names here, because they render their services for >> > important >> > causes for free, and by advertising them, I hope to give them business. So >> > if you need legal representation, please talk to them. >> > >> > ~Pablo Manalastas, for CenPEG~ >> > >> > >> > --- On Fri, 10/9/09, Drexx Laggui [personal] <[email protected]> wrote: >> > >> >> From: Drexx Laggui [personal] <[email protected]> >> >> Subject: Re: [plug] The Death of Election 2010 Source Code Review >> >> To: "Philippine Linux Users' Group (PLUG) Technical Discussion List" >> >> <[email protected]> >> >> Date: Friday, October 9, 2009, 11:01 PM >> >> 09Oct2009 (UTC +8) >> >> >> >> On Fri, Oct 9, 2009 at 21:21, Richard Paradies <[email protected]> >> >> wrote: >> >> > But Note Caution: Not certain if it's the same >> >> company. >> >> >> >> I'm pretty sure it is. SysTest is one of the companies >> >> *currently* >> >> accredited by EAC: >> >> >> >> http://www.eac.gov/program-areas/voting-systems/test-lab-accreditation/eac-accredited-test-laboratories/ >> >> >> >> >> >> --And the list of the 5 testing labs in the above URL is >> >> most probably >> >> what is referred to in this news article: >> >> http://services.inquirer.net/print/print.php?article_id=20090824-221835 >> >> >> >> Excerpt: >> >> "Meanwhile, Ateneo de Manila professor Renato Garcia, who >> >> sits as >> >> consultant for the poll body's project management office >> >> (PMO) for the >> >> 2010 elections, said they have written letters to at least >> >> five of the >> >> international software certification bodies that can >> >> conduct a >> >> “formal, thorough review” of the poll automation system >> >> software. >> >> >> >> “One of the five international software certification >> >> bodies, have >> >> already expressed interest to do the formal review of the >> >> customized >> >> automation software. This body, we found out, has been >> >> conducting a >> >> software review for Canadian-based Dominion, the software >> >> provider for >> >> Smartmatic's poll machines,” Garcia said. >> >> >> >> “If we can get them, the certification will be easier and >> >> faster,” he added." >> >> >> >> >> >> >> >> > For Immediate Release on 10/29/2008. EAC Announces >> >> Intention to Suspend >> >> > SysTest Labs >> >> > >> >> > WASHINGTON, DC – The U.S. Election Assistance >> >> Commission (EAC) today >> >> > notified SysTest Laboratories Inc. of its intent to >> >> suspend the laboratory’s >> >> > accreditation based upon actions taken by the National >> >> Institute of >> >> > Standards and Technology (NIST). >> >> > >> >> > August 8, 2008 – Letter from NIST to SysTest >> >> regarding initial reassessment >> >> > findings. Reiterates EAC’s earlier concerns by >> >> stating that SysTest has no >> >> > documented test methods, unqualified personnel >> >> conducting tests and concerns >> >> > regarding manufacturer influence. NIST notes the need >> >> for an on-site >> >> > assessment, requires SysTest to submit specific >> >> testing information and >> >> > update NIST regarding testing documentation. >> >> > >> >> > October 28, 2008 – NIST suspends accreditation of >> >> SysTest. >> >> > >> >> > EAC is United States Election Assistance Commission >> >> 1225 New York Avenue >> >> > N.W. - Suite 1100 Washington, DC 20005 >> >> > >> >> > On Thu, Oct 8, 2009 at 6:36 PM, jan gestre <[email protected]> >> >> wrote: >> >> >> >> >> >> What's with this? >> >> >> <snip> >> >> >> >> >> >> US-BASED SysTest Labs was declared as the winning >> >> bidder that will certify >> >> >> the source code of the software to be installed in >> >> the 82,200 precinct count >> >> >> optical scan (PCOS) machines for the May 2010 >> >> elections. >> >> >> >> >> >> Poll Commissioner Rene Sarmiento said that out of >> >> the four international >> >> >> companies that participated in the bidding last >> >> week, SystTest Labs was able >> >> >> to comply with all the requirements set by the >> >> Bids and Awards Committee >> >> >> (BAC) of the Commission on Elections (Comelec). >> >> >> >> >> >> Taken from >> >> >> >> >> >> --> http://www.sunstar.com.ph/manila/us-firm-wins-bid-review-pcos-source-code >> >> >> >> >> >> They're not allowing Cenpeg et al. but the awarded >> >> a bid to a US based >> >> >> firm? WTF. >> >> >> > _________________________________________________ >> > Philippine Linux Users' Group (PLUG) Mailing List >> > http://lists.linux.org.ph/mailman/listinfo/plug >> > Searchable Archives: http://archives.free.net.ph >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph > > > > -- > Regards, > Danny Ching > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
