What's to stop them from giving you source code for one executable, and
then installing something totally different on the machines, come election
day?
If you've read Ken Thompson's article "Reflections on Trusting Trust," you
realize that even the source code won't provide ultimate proof of security
and trustworthiness. Only dissecting the object code taken from one of
the voting machines in production can do that, and that's an exteremely
difficult thing to do.
To quote from Ken Thompson's article (which can be found at
http://www.acm.org/classics/sep95/ ):
"The moral is obvious. You can't trust code that you did not totally
create yourself. (Especially code from companies that employ people like
me.) No amount of source-level verification or scrutiny will protect you
from using untrusted code. In demonstrating the possibility of this kind
of attack, I picked on the C compiler. I could have picked on any
program-handling program such as an assembler, a loader, or even hardware
microcode. As the level of program gets lower, these bugs will be harder
and harder to detect. A well installed microcode bug will be almost
impossible to detect. "
--Jeff Leitman
On Wed, 22 Sep 2004, Jaeson Schultz wrote:
How about providing the source code so we can see for ourselves? Shouln't
the machines used for elections in a democracy such as The United States of
America be open to such review? Just because you refute the existence,
doesn't mean that the "back doors" or "hidden codes" aren't there. Only the
source code can prove that. Why should we just take your word for it?
~Jaeson Schultz
-----Original Message-----
From: pressinfo@diebold.com [mailto:pressinfo@diebold.com]
Sent: Tuesday, September 21, 2004 8:05 AM
To: bugtraq@securityfocus.com
Subject: Re: Diebold Global Election Management System (GEMS) Backdoor
Account Allows Authenticated Users to Modify Votes
In-Reply-To: <20040831203815.13871.qmail@www.securityfocus.com>
Diebold strongly refutes the existence of any "back doors" or "hidden codes"
in its GEMS software. These inaccurate allegations appear to stem from
those not familiar with the product, misunderstanding the purpose of
legitimate structures in the database. These structures are well documented
and have been reviewed (including at a source code level) by independent
testing authorities as required by federal election regulations.
In addition to the facts stated above, a paper and an electronic record of
all cast ballots are retrieved from each individual voting machine following
an election. The results from each individual machine are then tabulated,
and thoroughly audited during the standard election canvass process. Once
the audit is complete, the official winners are announced. Any alleged
changes to a vote count in the election management software would be
immediately discovered during this audit process, as this total would not
match the true official total tabulated from each machine.
