Forwarded from: matthew patton <pattonme@private> Diebold couldn't have gotten a more sympathetic article. Now we'll have votors demanding that security be tossed to the wind because they can't wait 8 let alone 48 hours to get a tally. And all those blathering TV pundits will be denied their right to mindlessly repeat "we have no new news, but this is what we know" for 8 hours straight. > "The fact we now have a slight delay over what we had two years ago > is, I think, a worthy trade-off for enhanced security," Cox says. At least Cox has a little perspective. > - but there ought to be a balance between security and speed so we > can enjoy the excitement of election night." some people need a reality checkup. > The software was added to all voting machines last spring. It > encrypts the transmission of election data from precincts to county > election headquarters, making electronic vote tampering, internally > or externally, more difficult. > > Votes from machines are now coded onto a data card. Then, those > cards have to be decoded and counted by a computer before the vote > is official. Ok, the above is probably the result of a jouno who simply doesn't comprehend the subject material. But even so, since when is the lack of encryption on the card anywhere CLOSE to being the problem that has blasted Diebold (and other) machines? A 'vote' is but 1KB of data if even that much. You mean to tell me Diebold machines run on 8086 CPU's and are trying to crunch a 1024bit AES key be it symetric or asymetric encryption? > "I'm sure you will talk to people in this state who think we can > never have too much security," she says. "Certainly I think this > enhancement was a good thing for our machines." How exactly? Where is the audit trail on the software itself? Where is the resolution of the multiple ledger issue? Where is the verification that votes are even counted right? While it may be 'nice' to know that the card is encrypted as it is transfered 10ft over the air-gap between voting station and the counting machine, or that purhaps the counting machine won't honor an "illegal" card, physical security was never the issue. > Even though there hasn't been a recorded incident of fraud involving > the system, some people simply don't trust it. and why shouldn't EVERYbody not be leary? Heck, I wouldn't trust the punchcard/optical machine either if it's summation software were not available for inspection. > To pacify uneasy voters, the state is considering retrofitting the > machines with printers so voters could double-check their on-screen > choices. Creating a paper trail could slow the vote count even more > - if those ballots were used in the official count, says Cox's printing the screen does NOTHING to legitimize the software or the process. The computer could have written one thing to disk/card and another to the printer. And the counting machine could take the vote (card, barcode, OCR scan) and muck with it all it wants to while doing the tabulation process. The point is that every step of the process has to be fully disclosed and beyond reproach. Frankly I think every voting station should have a 2nd vote-counter from a different supplier that uses the nation-wide open-vote format to independently tabulate votes. As somebody wrote a year or so ago, why are the slot machines under vastly better security than the voting infrastructure? The financial rewards of tampering with an election FAR exceed mucking with betting machines. _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Mon Oct 24 2005 - 06:32:43 PDT