E-Vote Vendors Hand Over Software

E-Vote Vendors Hand Over Software By Kim Zetter
Story location: http://www.wired.com/news/evote/0,2645,65490,00.html


In an effort to increase the integrity of next week's presidential election, five voting machine makers agreed for the first time to submit their software programs to the National Software Reference Library for safekeeping, federal officials said on Tuesday.

The stored software will serve as a comparison tool for election officials should they need to determine whether anyone tampered with programs installed on voting equipment.

The National Software Reference Library is part of an election security initiative launched by the U.S. Election Assistance Commission, a new federal entity that Congress created after the Florida 2000 election problems. The EAC is the first federal entity established to improve the integrity and efficiency of elections.

DeForest Soaries, chairman of the EAC, in June requested software from the largest voting companies, which provide 90 percent of the software to be used in computerized voting machines on Tuesday. The companies include Election Systems and Software, Diebold Election Systems, Sequoia Voting Systems and Hart InterCivic. Two other companies, Avante Technologies and VoteHere, have also handed over their software, although no counties will be using their software in the presidential election. The EAC will eventually ask all voting companies, even those that produce counting software for punch card machines, to submit their software.

Soaries called the library a major step and praised the vendors for their willingness to increase the transparency of elections.

"Their acceptance of our request to submit their software begins the process that assures the country that we will have (a) higher level of security and therefore confidence in e-voting than we have ever had before," Soaries said in a press conference....cont'd

Hard to say whether this is comforting at all... I know computers well but not enough to know whether someone can simply compare the software on an existing machine to "original" software and be completely satisfied. Wouldn't software hackers/conspirers be savvy enough to cover their tracks?

since...anyone who can hack a machine can probably do it twice:

Once to install cheating software.

Again to take it back to the 'reference' install.

I don't see how this makes mauch of a difference.

up...provide a paper tail...very easy to do...pretty much says they are trying to steal the election. NO REASON NOT TO AGREE TO PAPERTAIL.

... that the manufacturers aren't interested in full disclosure, yup.

And if there's weakness in that code which allows exploitation, how does one tell if it's intentional or accidental, especially when no court would allow decompiling because of copyright restraints. That's much tougher to do.

The only possible reason to object to the paper trail, as Jeb Bush and the Republicans do, is because it would expose the fact that they stole the election.


THE * ONLY * POSSIBLE * REASON

dammit

:wtf:

<snip>
NIST's voting software library was established too late this year to examine software that has already been loaded onto locked voting machines, so election officials won't be able to verify that they have unchanged, certified software before Tuesday's election.
<snip>

Here comes the court cases.

Kerry needs to win by a land-side because, "hey if you are good, you steal something once, you can steal it again".

-barring political contributions and activities for employees and especially executives voting-related companies.

-code must be submitted to a government agency for safekeeping.

-there must be an audit mode which dumps/prints data that easily shows proper vote tallying, etc.

-audit mode only turns on/off the dump/prints. i.e., no way to do anything differently when in audit mode.

-code review by independent company.

-etc.


ALTHOUGH, a very sensible alternative would be to simply make production of voting systems a GOVERNMENT job. if EVER there was a task that should not be outsourced to the private sector, this is it.

to avoid accountability.

I'm sick of having my intelligence assaulted like this!

We already know the software is defective. All they're doing is proving they're using the defective software.

In February 2003, Dr. Soaries was appointed by President Bush to serve as a public director of the Federal Home Loan Bank of New York. He was a member of the affordable housing committee of the bank.
From January 12, 1999 to January 15, 2002, Dr. Soaries served as New Jersey's 30th Secretary of State. Appointed by former Governor Christine Todd Whitman, he managed one of the premier departments of State government and served as a senior advisor to the governor on issues that transcended traditional departmental lines.

In 2002 DeForest "Buster" Soaries unsuccessfully ran for the US House of Representatives from the New Jersey 12th, narrowly losing to Rush Holt. Soaries was subsequently appointed to chair the U.S. Election Assistance Commission. Got into trouble in July 2004 after he wrote a letter to Department of Homeland Security head Tom Ridge concerning the lack of a mechanism to reschedule a federal election. In the letter, Soaries reportedly recommended that Secretary Ridge ask Congress for the power to postpone.

This guy is a Republican through and through

How do they know its the version that is in the polling stations now? Who is responsible for monitoring and auditing code changes to the software in use at the polling stations?

They don't know

They will never know

No one is responsible ...except the crooks that flog these machines

The sun is to life, as paper is to voting....

US boosts e-voting software security


13:24 28 October 04

NewScientist.com news service

A US federal body has come up with a new plan to help secure electronic voting, employing a mathematical technique used mainly by cryptographers.

The US Election Assistance Commission (EAC) based in Washington DC, announced on Tuesday that it had persuaded the five largest electronic voting machine vendors to submit certified versions of their software to the National Software Reference Library (NSRL).

“Their acceptance of our request begins the process that assures the country that we will have a higher level of security and therefore confidence in e-voting than we have ever had before,” said DeForest Soaries, EAC chairman.

At the NSRL, each program file submitted was converted via a mathematical function known as SHA-1 into a fixed-length string of digits, called a “hash”. The hash is like a fingerprint for that piece of software - if the software changes, the hash changes.


Smoke and mirrors


Hashing is a cryptographic technique for representing large files with a small amount of data that is entirely dependent on the content of the files. But the EAC says that hashing is useful for e-voting software because even minor tampering or hacking of the code can be easily spotted by hashing the software and comparing the result with the certified version in the library. All the hashes of the e-voting software are available online....cont'd


http://www.newscientist.com/news/news.jsp?id=ns99996593

It uses math and everything! It must be good!

What a bunch of snake oil, and I speak as one who can write crap code, since I often put php md5 hash in my pipes and smoke it.

Shit, this is unbelievable doublespeak.

"Their acceptance of our request to submit their software begins the process that assures the country that we will have (a) higher level of security and therefore confidence in e-voting than we have ever had before," Soaries said in a press conference.

Well no, not for me. This is pure bullshit spew. God Damn them all. Where is my paper ballot?

Who does awol think this helps?

New Information Shows Bush Indecisive, Paranoid, Delusional