I usually lurk as well, but wanted to respond to your question.
There's so much debate for one simple reason. All the known solutions
have been ignored. This is why everyone is getting so upset on this
issue. Companies like Diebold have ignored all the previous work on
this subject, work done by people like Bruce Schneier. They've ignored
all the problems with their system, up to and including their complete
lack of verifiability. They're already, in a rather short history in
this field, shown a complete lack of accountability (think the various
unapproved revisions that got them sued in California).
That they've been so determined to weasel around the _known_ solutions
to these issues casts a great deal of suspicion on them. Their
continued resistance to even the simplest fixes, combined with their
repeated denials of any problems, is only making things worse.
Unfortunately, I don't see any major changes to this happening until
some state's electoral votes go to CowboyNeal or Bill the Cat...
Ryan (Not speaking for Dell in any way, shape or form)
"Every election is a sort of advance auction sale of stolen goods."
-- H. L. Mencken
-----Original Message-----
From: Claudius Li [mailto:aprentic@sectae.net]
Sent: Friday, September 24, 2004 9:02 AM
To: bugtraq@securityfocus.com
Subject: Re: Diebold Global Election Management System (GEMS) Backdoor
Account Allows Authenticated Users to Modify Votes
I usually stay comfortably hidden in lurkland but I'm a bit confused.
Maybe someone here can enlighten me.
A few years ago I read Bruce Schneiers Applied Cryptography. Everything
in the book which I tested or looked up independantly turned out to be
true and it enjoyed an excellent reputation in our computer science
department.
This book has a whole section on electronic voting. In it, Mr. Schneier
lists several thing which we expect a voting system to provide;
anonymity, accountability, verifiability, and others. He also points out
that there is a theoretical limit to the level to which all of these can
be satisfied. That is, we can never guarantee all of them with 100%
confidence. This limit seems to extended to all voting systems whether
they are electronic, paper based, clay-shards-in-an-amphora, or raised
hands.
But we can choose the levels at which we will guarantee each
characteristic and get them to levels at which we are comfortable. Mr.
Scneier also presented an open protocol using public key cryptography
which does just that. It doesn't involve hidden code, it doesn't require
an actual physical paper trail and, as far as I know, noone has ever
pointed out any flaws in it.
So my question is, given that this seems to be a solved problem why is
there so much debate on finding the solution? Surely I am missing
something obvious.
-Claudius Li
