Simon <lists@sime.org.uk> 29/09/2004 08:20:09 >>>
Marco S Hyman wrote:
All I demand from a voting system is that votes can be voter
verified.
That's not true of ANY voting machine regardless of who writes the
code
unless there is a hard copy audit trail. If there is a hard copy
audit
trail then it doesn't make any difference who wrote the code.
How do you know that the software generating the audit trail is
playing
fair if it's closed source?
Sometimes, IMHO, there's just no alternative to pen and paper. Surely
the manual method of ticking a box and having multiple human vote
counters checking ballots is the best option going, even if it is more
expensive. (I confess I've no idea what costs are involved either
way.)
But how can you trust the _COUNTERS_?
The problem is - there is always a weak link. There's always some part
of the process we cannot trust, what we have to decide is how much
mistrust we can tolerate, and where.
In the pen and paper system, it's sufficiently minimised through
accountability (if the boss catches you counting a 'Bob' paper, and
marking it down for 'Hank' - he'll fire you on the spot. He SAW YOU do
it), and dispersal (if there a 100,000 counters, and one is corrupt,
it's only 0.001% of the total votes at risk).
Walk into the booth, push the button for your candidate. The machine
prints a receipt which is visible behind a glass window. You look at
the receipt, and touch the 'Yes - thats correct' button. It then dumps
the receipt in a big box marked 'Audit' (or 'Plan "B"'), and you leave
the booth feeling happy. No garuntees about the software, but if a
recount based on paper eventuates - it's trustworthy.
In terms of the software though - how does this sound: Have the
machines run a cut down OS that distributes pre-compiled binary files of
open source packages (Ie RPM) - include on the system the python binary,
and associated libraries. Write all the code in python. You can now
pull the ACTUAL source code off of a voting machine after the election,
and audit it. You know its the software that was used, because, well,
you just used it. :-)
You can then run a checksum on the binaries used, to ensure they are
the same as the pre-compiled binaries distributed around the globe.
This only leaves the hardware still corruptable (and the BIOS, esp) -
perhaps have every booth supply an old 486+ touchscreen to install the
software on...
Gareth Humphries
IT Specialist
IBM New Zealand Ltd
______________________________________________________________________________________________________
This message contains information, which is confidential and may be subject to
legal privilege.
If you are not the intended recipient, you must not peruse, use, disseminate,
distribute or copy this message.
If you have received this message in error, please notify us immediately (Phone
0800 665 463 or info@linz.govt.nz) and destroy the original message.
LINZ accepts no responsibility for changes to this email, or for any
attachments, after its transmission from LINZ.
Thank you.
______________________________________________________________________________________________________
