|
The Hopkins/Rice guys said there was no way the Diebold code they looked at (the portion they looked at) could be tweaked into something secure. You design security from the ground up, they said.
They started finding flaws within, what, 45 minutes or something. Found them everywhere they looked. Called them things their Computer Security 101 class would NOT get wrong.
And, this is without even looking at the majority of the code.
Separately, David Dill of Stanford says, in a radio interview, when asked
Q: Diebold has something like 800,000 lines of software code in their proprietary software. Is it realistic to expect a certification board to go through and find any problems?
Answer by David Dill: It is practically impossible for someone to review software of any length at all -- even 10,000 or maybe even 1500 -- lines of code to make sure that's 100% error-free. The certification is done by organizations called independent testing authorities. They couldn't do it, no matter how hard they tried. Now, from what I have learned, they don't try hard enough. There are claims that the code is inspected line by line. I know that that is not sufficient to find bugs and certainly not to find tampering that is deliberately hidden in that software. In fact, the tampering may not even be in the software that's presented to the independent testing authority. So far as I can determine, the review conducted by independent testing authorities may not actually include a human being who inspects the code line by line. What I've heard from certain vendors and people who've talked to some of these independent testing authorities, is that they actually just use other computer programs to inspect the code -- submitted to them by the vendors-- and those computer programs are very much like style checkers in Microsoft Word or something. They'll check the spelling of individual things, make sure that your English usage is okay. But they won't make sure that your document is saying the right thing, because only you know that. So, I think that the current inspection process is completely inadequate for ensuring reliability and certainly computer security. I think that the problem is basically unsolvable without an independent audit trail.
~~~~~~~~~~
So, no matter what the software of Diebold is, it seems clear to me that it cannot meet the high standard required, including confidentiality for the voter, plus absolute accuracy and flawless programming and machines that are only used one a year performing flawlessly. Then, you add in the concept of threat analysis. Meaning, you're not just running critical software, you're trying to protect it from people with no scruples who want the huge pot of goodies that can be won from cheating. This is not a fifty cent bag of potato chips in a vending machine, this is, for instance, a Senate race where millions of dollars will be spent to win it.
Computer experts say nope, it is an UNSOLVABLE problem. Computer alone can't do it. Ya gotta have paper too, or some equivalent that has not yet been developed.
At this point, I'm wondering if we've just been sold a bill of goods completely on the computers' place in voting. What would be wrong with using computers at the polling place something like a word processor with a printer -- help by pulling up the right ballot, easy to read, in different languages as necessary. Or, for the sight impaired, provide a booth with sound. The only thing the computers would do is help the voter see/hear the ballot, and print out a paper ballot with their choices. The paper ballot is the vote. Period. The end. The computer does nothing in the way of counting. Nothing zero. No modems. Count the paper at the precinct. Post the results at the precinct, where all counters and all citizens can see them. Call the results in. Impound the paper ballots under lock and key after counting.
|
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
