Lorne J. Leitman wrote on "RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes": > What's to stop them from giving you source code for one executable, > and then installing something totally different on the machines, come > election day? This is, of course, a valid question -- and it sure ought to be raised. Bringing up conspiracy theories (and the potential for simple human mistakes) is actually a good thing, since that in part has the potential to show us where it is possible for us to actually go wrong. Sadly, often this potential is not used. It does not simply follow from the fact that juries or parliaments or electoral committees may be bribed or that they may make mistakes that any arbitrary organization of such a group (or, more extensively, of a system) is as good as another. Clearly, a bureau whose administrative action is restricted by a constitution and other legislation is _less_ free to act stupidly or immorally than another that is not restricted in such a way. Clearly, a bureau that includes a large, diverse group of people is _less_ easily subject to bribery than another that more clearly only represents a single "interest group". Clearly, a bureau whose meetings are open to reporting by the mass media and are documented in a way accessible to the public is _less_ easily subject to take action that would seem condemnable in our eyes. Such transparency and means of control make it _less_ probable that careless, stupid or immoral acts are performed. It also makes our trust in our government _less_ blind and _more_ justifiable (and, supposedly, this in turn motivates us to act more prosocially). Ultimately, these things have some intrinsic value in a democracy (in an open society). Similarly, it is conceivable that a voting system is _less_ susceptible to manipulation and errors if it is more transparent, better monitored by several independent parties and better regulated by legislation. We must first make it clear to ourselves that we wish to at least _consider_ any conceivable risk of something going wrong and what are the possible means to make it less probable that the risk actualizes. Further, part of this evaluation involves considering "risk" in another way: how does a person about to act carelessly, stupidly or immorally conceive hir personal risk of doing so, and how may we influence hir perception of that risk, to stop the person from acting in a condemnable way? For example, even if we cannot fully ascertain that the correct executable in this case is installed, we can set up a framework of control that audits the build system and the process of installing the software. Even if circumventing this system, too, in one way or another is conceivable, any remotely rational person will at this point realize that s/he is taking a rather great risk in trying to do so. Yet another point is that it would only be logical to subject this system of control to public surveillance and transparency itself. It is rather worrying if an institution lacks the transparency and framework of control to prove that the theories about conspiracies and potential mistakes are obviously false, or at least that their probability and potential effects are sufficiently minuscule. The kind of trust required in those kinds of situations is definitely essential in our personal relationships; however, it is not only stupid, but ultimately immoral, to have such a blind faith in a government that has no personal relation with us. Trusting something implies we have at least some limited responsibility for that trust. Trusting a child with a gun implies that we may somehow justify our conception that the child will not harm hirself or others with the gun; trusting a president with a military force implies that we have a defensible belief that s/he will not wage an immoral war; trusting an administration to arrange an election in a certain way implies that we can argue that the basic human rights (to participate in decision-making by voting) are not violated in the election. -- Heikki - heko@xxxxxx ; http://iki.fi/heko/
