Create an Account
username: password:
 
  MemeStreams Logo

EFF: Make Your Voice Heard on E-Voting Machines
search
Home Agent Weblogs Social Network Post Help About

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  Computer Security
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
EFF: Make Your Voice Heard on E-Voting Machines
Topic: Politics and Law 11:16 am EDT, Sep 21, 2003

] In the aftermath of the Florida election debacle, the IEEE
] took up the question of standards for voting equipment.
] It created a working group, called Project P1583,
] overseen by a Standards Coordinating Committee known as
] SCC 38. After passage by IEEE, this standard will go to
] ANSI for final validation. The substantive work is in
] its final stages, and the draft standard is currently out
] to ballot.

The EFF put this alert out about the IEEE Voting Systems Standard group. I asked them for more information. They provided this link to the standards committee, which they say they will put on their site:

http://grouper.ieee.org/groups/scc38/index.htm
http://grouper.ieee.org/groups/scc38/1583/

While the draft standard is only available if you spend $100 on it, there are parts of the standard on this site if you do some digging. In particular, the security standards are available.

I think there are some serious questions that might be raised about these security standards. This is what I told the EFF:

"I haven't read this document in extreme detail, but it does appear at first glance to be weak. A glaring example is this text: "Voting systems that use electromagnetic (wireline or wireless) or optical (open air or fibre optic) transmission of data shall ensure the integrity of all transmitted data. This shall include standard transmission error detection and correction methods such as checksums or message digest hashes."

Checksums are not a reliable data integrity technique when one is concerned about malicious manipulation of data. This misuse of checksums in electronic voting equipment was discussed in Avi Rubin's paper on the leaked Diebold code.

This is just one example. There are all kinds of questions the might be raised about this document. Why allow voting systems to operate in an environment shared by other data processing applications? Are the restrictions on network connections complete enough? Why is there no discussion of programming techniques used to prevent memory management ("buffer overflow") vulnerabilities. Why not have more specific requirements for authentication of voting system administrators? Why is there no discussion of the security of features which maintain the anonymity of voters?

In sum, they ought to solicit audits of their security standards from well respected security professionals."

EFF: Make Your Voice Heard on E-Voting Machines

Thread [1]


  
 
Powered By Industrial Memetics		RSS2.0