Re: Voting machine security

[Adam Fields]

On Mon, Aug 18, 2008 at 09:24:33AM -0700, Eric Rescorla wrote:
[...]
> Without directly addressing the question of the quality of Diebold's
> offerings, I actually don't think the criticism implied here is
> entirely fair. If you're going to have voting machines, even precinct
> count optical scanners (and because of the complexity of US elections,
> hand counting is quite expensive), you likely want to machine
> tabulate, and that means an EMS. Though you certainly should make
> serious attempts to keep the EMS from coming in contact with outside
> data (see [HRS+08] for some discussion of how difficult this actually
> is), there is always some chance that there will be some
> contact. Generic AV probably isn't that great at detecting or stopping
> this, but it may well be better than nothing, and it's certainly an
> arguable point.
[...]

This raises the very real question of what exactly went wrong that
caused the AV software to freak out and "lose" votes. Did the vote
data have a virus signature pattern and get quarantined?!?

-- 
- Adam

** Expert Technical Project and Business Management
 System Performance Analysis and Architecture
** [ http://www.adamfields.com ]

[ http://www.morningside-analytics.com ] .. Latest Venture
[ http://www.confabb.com ]  Founder
[ http://www.aquick.org/blog ]  Blog
[ http://www.adamfields.com/resume.html ].. Experience
[ http://www.flickr.com/photos/fields ] ... Photos
[ http://www.aquicki.com/wiki ].Wiki

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Voting machine security

[Adam Fields]

On Mon, Aug 18, 2008 at 10:16:02AM -0700, Paul Hoffman wrote:
[...]
> Essentially no one would argue that is is "quite expensive". I 
> suspect that nearly everyone in the country would be happy to pay an 
> additional $1/election for more reliable results.

Without seeing all of the expense (and likely inability) of securing
and ensuring the proper count from the machine, people look at the
problem and go "computers are good at counting things fast and people
aren't, so it must therefore be massively cheaper to have a computer
do the count".

If you're >just< talking about summing a few lists, that's true. But
of course, no one who doesn't work for a voting machine company is
just talking about summing a few lists.

The idea that after you factor in everything, it might actually be
cheaper to have people do it after all, is a very difficult one for
many people to even conceptualize. "Progress" demands that computers
do all menial tasks.

-- 
- Adam

** Expert Technical Project and Business Management
 System Performance Analysis and Architecture
** [ http://www.adamfields.com ]

[ http://www.morningside-analytics.com ] .. Latest Venture
[ http://www.confabb.com ]  Founder
[ http://www.aquick.org/blog ]  Blog
[ http://www.adamfields.com/resume.html ].. Experience
[ http://www.flickr.com/photos/fields ] ... Photos
[ http://www.aquicki.com/wiki ].Wiki

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Voting machine security

[dan]

Paul Hoffman writes:
-+--
 | At 9:24 AM -0700 8/18/08, Eric Rescorla wrote:
 | >(and because of the complexity of US elections,
 | >hand counting is quite expensive)
 | 
 | This is quite disputable. Further, hand vs. machine counting is core 
 | to the way we think about the security of the voting system.
 | 




The keynote talk for the USENIX Security Symposium was 

  Dr. Strangevote or: How I Learned to Stop Worrying
  and Love the Paper Ballot

  Debra Bowen, California Secretary of State 


and her talk had one slide only.  I do not have the
slide, but I can reproduce it.  It was a photo of
the tail end of her car and on it a bumper sticker.
That bumper sticker read

  
  PREVENT UNWANTED PRESIDENCIES
  MAKE VOTE COUNTING A HAND JOB


In no other state could a Constitutional Officer
get away with such a bumper sticker, but...

--dan


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Voting machine security

[Paul Hoffman]

At 9:24 AM -0700 8/18/08, Eric Rescorla wrote:

(and because of the complexity of US elections,
hand counting is quite expensive)


This is quite disputable. Further, hand vs. machine counting is core 
to the way we think about the security of the voting system.


On a "complex" ballot, there are maybe 20 races or propositions, some 
of which may allow multiple votes per race. The pre-electronic method 
for hand-counting these was to start with race #1, have one person 
reading each vote out load from a large stack of ballots, and another 
person tabulating. In most districts, this is done twice with 
different people doing the counting and, often, those people coming 
from the "opposite party" in our wonderful two-party system.


The numbers I saw in the late 1970's said that each vote took 2.5 
seconds per ballot per race when done slowly; so that's 5 seconds 
when run twice. Per "complex" ballot, that's about 100 seconds, or 
roughly 2 minutes, or roughly 1/30 of an hour. At current labor rates 
of $12/hour for this type of work (that's high, but we want qualified 
people to count), that means it costs about US$0.40 per ballot for a 
complex ballot.


Essentially no one would argue that is is "quite expensive". I 
suspect that nearly everyone in the country would be happy to pay an 
additional $1/election for more reliable results.


--Paul Hoffman, Director
--VPN Consortium

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Voting machine security

[Eric Rescorla]

At Fri, 15 Aug 2008 11:57:38 -0400,
John Ioannidis wrote:
> 
> This just about sums it up: http://xkcd.com/463/

Without directly addressing the question of the quality of Diebold's
offerings, I actually don't think the criticism implied here is
entirely fair. If you're going to have voting machines, even precinct
count optical scanners (and because of the complexity of US elections,
hand counting is quite expensive), you likely want to machine
tabulate, and that means an EMS. Though you certainly should make
serious attempts to keep the EMS from coming in contact with outside
data (see [HRS+08] for some discussion of how difficult this actually
is), there is always some chance that there will be some
contact. Generic AV probably isn't that great at detecting or stopping
this, but it may well be better than nothing, and it's certainly an
arguable point.

More discussion at:
http://www.educatedguesswork.org/2008/08/should_voting_systems_have_av.html

-Ekr


[HRS+08] J.A. Halderman, E. Rescorla, H. Shacham, and D. Wagner. ?You
Go to Elections with the Voting System You Have: Stop-Gap Mitigations
for Deployed Voting Systems.? In D. Dill and T. Kohno, eds.,
Proceedings of EVT 2008. USENIX/ACCURATE, July 2008. 
http://www.cse.ucsd.edu/~hovav/papers/hrsw08.html

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Voting machine security

[[EMAIL PROTECTED]]

On Fri, Aug 15, 2008 at 11:57 AM, John Ioannidis <[EMAIL PROTECTED]> wrote:
> This just about sums it up: http://xkcd.com/463/
>
Only slightly better then suggested by the comic. McAfee anti-virus
software was on the servers, not the DRE voting machines themselves.

>From 
>

  Premier spokesman Chris Riggall had not seen the
  counterclaim [breach-of-contract lawsuit counterclaim
  filed by the Ohio Secretary of State] and declined
  comment on it. But he blamed the vote tabulation
  problems on McAfee anti-virus software on computer
  servers.

-Michael Heyman

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Voting machine security

[John Ioannidis]

This just about sums it up: http://xkcd.com/463/

/ji

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]