Wednesday, December 21, 2005

California Demands Diebold eVote Appliance Source Code Certification

It appears that:

1) The code inside the machine that records the vote,
2) The output of the code (i.e., the vote) of the machine that records the vote, and
3)The audit log generated by the code of the machine that records the vote

Are all susceptible to undetectable manipulation. This comes as no surprise. Computers are not sentient (except for those with Turing potential, and there are none yet) and do not lie, but those who program are, and may. Knowing what the coder/manufacturer has placed inside a device, what it does, how it does it, and concrete proof (rather than assurances) that it will always do what it is purported and advertised to do, might be helpful for audit purposes.

And an honest election.

Excerpted from

"Diebold's woes don't end in California. Last week, elections officials in Leon County, Fla., announced plans to drop Diebold from its polling places after a Finnish security expert successfully tampered with a memory card in an optical scan machine without detection."

A wee bit'o bias (mine): Hardware based trusted timestamping schema could remediate this problem. The e-vote machine community would be well advised to follow the lead of the financial community, which has adopted and published an ANSI standard (X9F4 9.95) for Trusted Timestamps usage in the financial institution community.

Link to the Article: