Re: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes

From: Craig Paterson (craigp_at_tippett.com)
Date: 09/29/04

  • Next message: Boren, Rich (SSRT): "[security bulletin] SSRT4794 rev.0 HPStorageWorks Command View XP access restriction bypass"
    Date: Tue, 28 Sep 2004 18:16:04 -0700
    To: Adam Jacob Muller <adam@gotlinux.us>
    
    

    Adam Jacob Muller wrote:

    > At a recent family gathering I spent about an hour trying to explain
    > to various people why "open source" voting machines are more secure.
    > Everyone perceived "open" as being able to go in and change votes...
    > The fact that I was trying to explain the open source model for the
    > first time did not help...

    Therein lies the issue. Understanding the (possible) benefits of
    open-source voting machines, and how computerized voting systems might
    or might not be reliable and verifiable has two big problems:

    i) it's obscure
    ii) it's boring

    It's obscure because at the least you need a grasp of various concepts
    of computers and software to understand the terminology, let alone
    decide on the relative merits of different approaches. It's boring
    because people who don't know those things on the whole really don't
    want to, especially given faith that "someone else is checking" and that
    elections "don't get tampered with in the West" (etc.)

    Paper votes are slow to count and may be spoiled. Ballot boxes may be
    lost. But the basics can be grasped by just about anyone, and from there
    much of the detail understood. It's a piece of paper, somehow marked to
    indicate preference. Those pieces of paper are counted, and that count
    decides who won (whether it's first past the post, STV, ATV or
    whatever). Even the complicated stuff is understandable. That's why the
    obvious compromise is a paper audit trail: the machines can count the
    votes very quickly, but if there's a problem you can do it the
    old-fashioned way, and everyone can understand the old-fashioned way.

    Craig.


  • Next message: Boren, Rich (SSRT): "[security bulletin] SSRT4794 rev.0 HPStorageWorks Command View XP access restriction bypass"