Nice call with the MD6 checksums(MD5 might be cracked, as a recent letter to bugtraq demonstrated :) ran on the electronic voting systems. That would be a good way to verify the authenticity of the code, after it was posted on sourceforge. As for the paper trails, does it really matter? An earlier post pointed out that if your code isnt open source, whats to stop you from coding your SW to print one thing while entering another into the database? I know of at least 5 companies I could hire to independently verify anything I would like them to. What scares me most about GEMS is the fact that the systems are networked. If we are going to have an election system that communicates with a central repository, then there will be the chance that 1 person/group of people/company can hijack an election unless there are major steps taken (or any steps taken) to verify and secure the process. Might as well have a website at whitehouse.gov where we can log in and post our vote via PKI authentication if we are going that route :) -JP -----Original Message----- From: Jeremy Epstein [mailto:jeremy.epstein@xxxxxxxxxxxxxx]
