re Voting Software a to true comment on our field

["Dave Farber" <farber () gmail com>]

Right on djf

> Begin forwarded message:
>
> From: "Jonathan S. Shapiro" <jonathan.s.shapiro () gmail com>
> Subject: Re: [IP] re Voting Software a to true comment on our field
> Date: August 9, 2018 14:10:46 JST
> To: David Farber <dave () farber net>
>
> [For IP]
>
> What Geoff Kuenning seems to be missing is that the methods developed by the automobile, aeronautics, high-security, 
> and critical systems software communities over those decades are directly applicable to the voting machine problem 
> and are now taught in many schools. Mercedes' adoption of formal verification following their flirtation with 
> bankruptcy over the first ABS system is legendary for a reason. In project after project, modern realizations of 
> these methods have yielded much more complicated systems that have demonstrated zero defects (though many have 
> contained flaws of specification). Spark ADA stands out as a system to examine along these lines, but there are 
> others.
>
> Voting systems must be designed as high-security systems. The evidence that bad actors will seek unrelentingly to 
> compromise them, and that many past bad actors have been well funded and sophisticated, is beyond dispute. Many of 
> you know the joke ending with "But who is Tovarisch Daley?" If that isn't enough, we have an extended sequence of 
> demonstrations by researchers dating back nearly twenty years in which every electronic voting system tested has been 
> found to be readily vulnerable. Including, just to be clear, every single one of the voting systems that are 
> currently cast in doubt. That is: the manufacturers knew. Worse: these results are public, which means that the 
> officials responsible for the integrity of the voting process in the several states knew or should have known. There 
> is evidence that in many key states those officials set aside their lawful responsibilities in favor of political 
> partisanship. Too many saw sacrificing Democracy itself as an acceptable price for supporting their preferred party.
>
> The question isn't whether these machine implementations are grossly negligent. The question is when we will 
> acknowledge that the critical role of software in society warrants substantial civil protections, up to and including 
> civil and criminal liability, for knowingly shipping a critically flawed critical system and/or ignoring the most 
> mundane levels of well-established routine practices. Penetration testing of critical public systems with public 
> reporting should not only be routine, it should be mandated by statute. Yes, the expense of these systems will rise. 
> Consider, however, that while these systems are vulnerable the market price of the American political and legal 
> process is essentially "free".
>
> A hard-wired password "abcde" in a voting machine and nobody goes to jail? The folks at Black Hat were not the first 
> ones to find that!
>
>
> Jonathan Shapiro, Ph.D.
> (Formerly) Assistant Professor
> Department of Computer Science
> Johns Hopkins University,
> Co-founder, Johns Hopkins University Information Security Institute
>
> On Wed, Aug 8, 2018 at 9:32 PM Dave Farber <farber () gmail com <mailto:farber () gmail com>> wrote:
>
>
> > Begin forwarded message:
> >
> > From: Geoff Kuenning <geoff () cs hmc edu <mailto:geoff () cs hmc edu>>
> > Subject: Re: [IP] Re Voting Software a to true comment on our field
> > Date: August 9, 2018 13:19:25 JST
> > To: dave () farber net <mailto:dave () farber net>
> >
> > What Randall Munroe seems to be missing (the last panel and the popup are a bit unclear about what position he is 
> > taking) is that airplane engineers and elevator designers went through *decades* of learning how to make safe 
> > systems.  See, for example, the history of the Airbus A320.  Manufacturers of voting software don't have those years 
> > of experience, and in fact they have been highly resistant to suggestions from experts in software reliability and 
> > consistently reluctant to submit to outside testing (such as what the FAA does for airplanes, and other bodies do 
> > for elevator designs).
> >
> > Furthermore, when an airplane or elevator fails, the failure is obvious.  When a voting system fails, the failure 
> > can be incredibly subtle--and in fact, the beneficiaries of the failure can be astoundingly resistant to suggestions 
> > that the results might not be accurate (see 2000, 2004, and 2016 U.S. presidential elections).
> >
> > So this is another case where reasoning by analogy breaks down completely.  -- 
> >   Geoff Kuenning   geoff () cs hmc edu <mailto:geoff () cs hmc edu>    http://www.cs.hmc.edu/~geoff/ 
> > <http://www.cs.hmc.edu/~geoff/>
> >
> > Orchestra retrospectively extremely satisfied with symphony [No. 1] as
> > result of barrel of free beer.
> >      -- Gustav Mahler, post-premiere letter to Arnold Berliner
>
> Archives <https://www.listbox.com/member/archive/247/=now> | Modify <https://www.listbox.com/member/?> Your 
> Subscription | Unsubscribe Now 
> <https://www.listbox.com/unsubscribe/?&&post_id=20180809002558:4E5C454E-9B8C-11E8-B14C-D2E1FE66B3A4>         
> <https://www.listbox.com/>



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-a538de84&post_id=20180809011412:0B69818C-9B93-11E8-AFD7-9AF401C9545B
Powered by Listbox: https://www.listbox.com