Bugtraq mailing list archives
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes
From: Casper Dik <casper () holland sun com>
Date: Tue, 28 Sep 2004 21:15:12 +0200
Running voting machines on OSS software seems obvious its the only way to do it correctly, since its true noone trusts each other.
It is not sufficient; there really is no other way than a paper trail. Currently, many voting systems operate by storing the vote in memory of some kind and it is really hard to verify that this is done correctly; more importantly, it is *not* possible to verify the voting was done correctly after the fact. It's not just a simple matter of verifying the software; you do need to verify: System's BIOS Keyboard Display hardware OS Window system Voting software. The vote tabulation process (communication, more computer systems) That's just too much to verify correct. Seems the readers here are thinking of just voting software. But there is a solution which does not require any verified software at all: a paper trail verified by the voter self. After each vote, the voting machine prints a receipt; the voter verifies the receipt and then deposits it in a ballot box. When there's a dispute; the paper trail which was verified by each individual voter can then be counted. Note that the paper ballots can be machine readable for quite counting but they should not contain barcodes; the human readable bits must be the "legal" bits. Open source, closed source; it's all really moot. Voter verification is what counts. They don't do it correctly in my country; but they apparently did it correctly in Venezuela where voter confidence is always very low. Casper
Current thread:
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Jeremy Epstein (Sep 25)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Mike Healan (Sep 27)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Tracy Bost (Sep 28)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Casper Dik (Sep 29)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Coleman (Sep 28)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Tracy Bost (Sep 28)
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Yoav Nir (Sep 27)
- RE: Diebold Global Election Management System (GEMS) Backdoor Paul Wouters (Sep 27)
- Re: Diebold Global Election Management System (GEMS) Backdoor Crispin Cowan (Sep 28)
- Re: Diebold Global Election Management System (GEMS) Backdoor Adam Shostack (Sep 29)
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Greg A. Woods (Sep 27)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Marco S Hyman (Sep 28)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Simon (Sep 28)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Colm Buckley (Sep 29)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes David F. Skoll (Sep 29)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Marco S Hyman (Sep 28)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Mike Healan (Sep 27)