Re: [ISN] Voting-Machine Makers To Fight Security Criticism

From: InfoSec News (isn@private)
Date: Thu Dec 11 2003 - 01:07:23 PST

Next message: InfoSec News: "[ISN] Feds get a 'D' in computer security"

Previous message: InfoSec News: "[ISN] No Christmas patches from Microsoft"
Maybe in reply to: InfoSec News: "[ISN] Voting-Machine Makers To Fight Security Criticism"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: Henry Schwan <owlswan@private>

An important question to be asked is if all the other electronic
machines that Diebold and others make leave a paper trail, why was the
paper trail in voting machines specifically left out.  See:

No Confidence Vote: Why the Current Touch Screen Voting Fiasco Was 
Pretty Much Inevitable

<http://www.pbs.org/cringely/pulpit/pulpit20031204.html>

-----snip----

Now here's the really interesting part.  Forgetting for a moment
Diebold's voting machines, let's look at the other equipment they
make.  Diebold makes a lot of ATM machines.  They make machines that
sell tickets for trains and subways.  They make store checkout
scanners, including self-service scanners.  They make machines that
allow access to buildings for people with magnetic cards.  They make
machines that use magnetic cards for payment in closed systems like
university dining rooms.  All of these are machines that involve data
input that results in a transaction, just like a voting machine.  But
unlike a voting machine, every one of these other kinds of Diebold
machines -- EVERY ONE -- creates a paper trail and can be audited.  
Would Citibank have it any other way?  Would Home Depot?  Would the
CIA?  Of course not.  These machines affect the livelihood of their
owners.  If they can't be audited they can't be trusted.  If they
can't be trusted they won't be used.

Now back to those voting machines.  If EVERY OTHER kind of machine you
make includes an auditable paper trail, wouldn't it seem logical to
include such a capability in the voting machines, too?  Given that
what you are doing is adapting existing technology to a new purpose,
wouldn't it be logical to carry over to voting machines this
capability that is so important in every other kind of transaction
device?

This confuses me.  I'd love to know who said to leave the feature out
and why?

Next week: the answer.

InfoSec News wrote:

> http://www.washingtonpost.com/wp-dyn/articles/A47436-2003Dec8.html
>
> By Jonathan Krim
> Washington Post Staff Writer
> December 9, 2003
>
> Electronic-voting-machine companies announced yesterday that they
> are banding together to counter mounting concerns about whether
> their machines are secure enough to withstand tampering by hackers.

-- 
Sincerely,

Henry Schwan
Paralegal
Electronic Frontier Foundation

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Feds get a 'D' in computer security"
Previous message: InfoSec News: "[ISN] No Christmas patches from Microsoft"
Maybe in reply to: InfoSec News: "[ISN] Voting-Machine Makers To Fight Security Criticism"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 11 2003 - 03:47:18 PST