> > >>>> Simon <lists@xxxxxxxxxxx> 29/09/2004 08:20:09 >>> >Marco S Hyman wrote: > > > > All I demand from a voting system is that votes can be voter verified. > > That's not true of ANY voting machine regardless of who writes the code > > unless there is a hard copy audit trail. If there is a hard copy audit > > trail then it doesn't make any difference who wrote the code. > >How do you know that the software generating the audit trail is playing >fair if it's closed source? > >Sometimes, IMHO, there's just no alternative to pen and paper. Surely >the manual method of ticking a box and having multiple human vote >counters checking ballots is the best option going, even if it is more >expensive. (I confess I've no idea what costs are involved either way.) But how can you trust the _COUNTERS_? The problem is - there is always a weak link. There's always some part of the process we cannot trust, what we have to decide is how much mistrust we can tolerate, and where. In the pen and paper system, it's sufficiently minimised through accountability (if the boss catches you counting a 'Bob' paper, and marking it down for 'Hank' - he'll fire you on the spot. He SAW YOU do it), and dispersal (if there a 100,000 counters, and one is corrupt, it's only 0.001% of the total votes at risk). Walk into the booth, push the button for your candidate. The machine prints a receipt which is visible behind a glass window. You look at the receipt, and touch the 'Yes - thats correct' button. It then dumps the receipt in a big box marked 'Audit' (or 'Plan "B"'), and you leave the booth feeling happy. No garuntees about the software, but if a recount based on paper eventuates - it's trustworthy. In terms of the software though - how does this sound: Have the machines run a cut down OS that distributes pre-compiled binary files of open source packages (Ie RPM) - include on the system the python binary, and associated libraries. Write all the code in python. You can now pull the ACTUAL source code off of a voting machine after the election, and audit it. You know its the software that was used, because, well, you just used it. :-) You can then run a checksum on the binaries used, to ensure they are the same as the pre-compiled binaries distributed around the globe. This only leaves the hardware still corruptable (and the BIOS, esp) - perhaps have every booth supply an old 486+ touchscreen to install the software on... Gareth Humphries IT Specialist IBM New Zealand Ltd ______________________________________________________________________________________________________ This message contains information, which is confidential and may be subject to legal privilege. If you are not the intended recipient, you must not peruse, use, disseminate, distribute or copy this message. If you have received this message in error, please notify us immediately (Phone 0800 665 463 or info@xxxxxxxxxxxx) and destroy the original message. LINZ accepts no responsibility for changes to this email, or for any attachments, after its transmission from LINZ. Thank you. ______________________________________________________________________________________________________
