Linux vs. windows for voting systems?

"Peter Köhlmann" <peter.koehlmann.RemoveThis@t-online.de> wrote in message
news:f7gnp0$2kq$03$1@news.t-online.com...
: Nedd Ludd wrote:
:
: > "Christopher Hunter" <chrisehunter.RemoveThis@NOSPAMblueyonder.co.uk> wrote in
: > message news:sWumi.27160$jY5.10338@fe1.news.blueyonder.co.uk...
: > : Hadron wrote:
: > :
: > : > Here's another one : could someone compile their own kernel in Linux
: > : > and do it even easier? Answer: yes.
: > :
: > : Yes, but the code would be open to examination by all...
: > :
: > : C.
: >
: > You'd still don't know if the code being examined is the code that is
: > loaded on the system.
:
: Simple. Compile it yourself. Compare the resultant binaries
: If it is the same source with the same compiler, the result ha to be the
: same. If not, you get easy to follow pointers where it differs

How do you get the binaries off the voting machine?
You've got a "chicken / egg" problem.

Really, the best solution for voting is to have people fill in the bubbles
on high quality paper with a black ink felt tip pen. I think the neatest
feature of the felt tip pen process is that it is easily scalable. If there
is a heavy crowd of voters at 8:00 before work or noon during lunch, the
polls can easily be scaled up to support the influx of voters. All that's
required is another $2.00 felt tip pen to scale the system up. To scale up
a computer based voting system, you need to purchase another computer.

For a reliable voting system you've got to have physical, human readable
ballots. The voter needs to be able to verify that his selections are
reflected on the ballot. The original ballots need be saved in case there of
a recount.

For the voting to be reliable you need a physical, voter verifiable ballot.
That ballot needs to be the item that is counted. It is not hard to write a
program that can tally votes. It is hard to do it in a way that protects
the privacy of the voter and the integrity of the tally. The result ends up
being a program that offers the choices then prints out a hard copy of the
ballot showing the selections which gets fed to a counter. Unfortunately, a
system like that is not much more than a $3000 #2 pencil.

So why does a voting system need to be computerized anyway?

In comp.os.linux.advocacy, Peter Köhlmann
<peter.koehlmann.TakeThisOut@t-online.de>
wrote
on Mon, 16 Jul 2007 23:25:52 +0200
<f7gnp0$2kq$03$1@news.t-online.com>:
> Nedd Ludd wrote:
>
>> "Christopher Hunter" <chrisehunter.TakeThisOut@NOSPAMblueyonder.co.uk> wrote in
>> message news:sWumi.27160$jY5.10338@fe1.news.blueyonder.co.uk...
>> : Hadron wrote:
>> :
>> : > Here's another one : could someone compile their own kernel in Linux
>> : > and do it even easier? Answer: yes.
>> :
>> : Yes, but the code would be open to examination by all...
>> :
>> : C.
>>
>> You'd still don't know if the code being examined is the code that is
>> loaded on the system.
>
> Simple. Compile it yourself. Compare the resultant binaries
> If it is the same source with the same compiler, the result ha to be the
> same. If not, you get easy to follow pointers where it differs

No it doesn't; some object formats contain a build
timestamp (HP/UX, IIRC, had this issue) within the file
proper. This is of course pedantic, but screws up md5sum
comparison methods something awful. :-/ There are also
of course the usual issues regarding compiler, SDK header,
and library versions.

The good news: object formats are rather naive about
verification issues; the most one has to worry about is a
checksum, and in a pinch one can zap the timestamp and the
checksum if one can find them. Also, ELF does not have the
build timestamp problem -- and ELF is by far the most used
format on Linux nowadays, a.out having been deprecated
(but still supported) long ago. (I don't know offhand
whether a.out had build timestamps.)

The bad news: Joe User has his work cut out for him if he
wants to play "trust but recompile" on many distros (Gentoo
being a rather nice exception), though I've not researched
how easy it is to handle source RPMs (RedHat) and DEBs
(Debian) lately. It's actually not that difficult, but
the usual result is a binary RPM, which has always struck
me as logical, but a little odd.

To be sure, such considerations pale into insignificance
against the near-impossibility of the user being allowed
to recompile Microsoft operating systems -- with the possible
exception of some exported .NET components, which is a tiny
smidge of Microsoft's offerings.

At least on Linux, it's vaguely possible to build one's own
system -- if one trusts the compiler, anyway (and gcc isn't
too bad in that department, as one can rebuild it as well).
LinuxFromScratch is a good start for those willing to do
it themselves, or one can use distros such as Gentoo and
Sabayon. I don't know how well RedHat or Debian can build
systems if one starts out solely with a non-RedHat/Debian
Unix or Linux system, an implementation of rpm or dpkg,
a good cross-compiler, and a set of source RPMs or DEBs.

(Gentoo is designed to build itself; chroot is in fact
required as part of the process.)

--
#191, ewill3.TakeThisOut@earthlink.net
/dev/signature: No such file or directory

--
Posted via a free Usenet account from http://www.teranews.com

In article <wbqdnZD74tVLtQHbnZ2dnUVZ_gudnZ2d RemoveThis @comcast.com>,
"Nedd Ludd" <NeddLudd RemoveThis @comcast.net> wrote:
> Really, the best solution for voting is to have people fill in the bubbles
> on high quality paper with a black ink felt tip pen. I think the neatest

Close, but not quite. This is better:

<http://punchscan.org/>


--
--Tim Smith

Tim Smith wrote:
> In article <wbqdnZD74tVLtQHbnZ2dnUVZ_gudnZ2d DeleteThis @comcast.com>,
> "Nedd Ludd" <NeddLudd DeleteThis @comcast.net> wrote:
>> Really, the best solution for voting is to have people fill in the bubbles
>> on high quality paper with a black ink felt tip pen. I think the neatest
>
> Close, but not quite. This is better:
>
> <http://punchscan.org/>

You are right, I concede.

"The Natural Philosopher" <a.RemoveThis@b.c> wrote in message
news:1184578774.30277.0@proxy02.news.clara.net...
> Aaron Gray wrote:
>> "resonator80" <w.edelstein.RemoveThis@gmail.com> wrote in message
>> news:1184512183.628120.165180@q75g2000hsh.googlegroups.com...
>>> Computerized voting systems (aka DREs or Direct Recording Electronic)
>>> must be based on an operating system, for example, Windows or Linux.
>>>
>>> Linux has the advantage of being open so that all the source code can
>>> be open. Windows source code will not be opened to anyone.
>>>
>>> Some people have argued that the basic Windows operating system can
>>> remain secret as long as the voting application program (i.e. C,
>>> Python, etc) is open.
>>>
>>> Here are some questions about such an arrangement.
>>>
>>> 1. Could someone tamper with the Windows OS or put in some additional
>>> code that would not be found in an inspection of the application
>>> program that could alter the results?
>>>
>>> 2. Could viruses and other malware affect the OS and, ultimately, an
>>> election without its effects being detected by examining the
>>> application program?
>>>
>>> Any other comments are welcom.
>>
>> Only Linux is secure enough and able to be validated as secure. Windows
>> is not capable of being validated as being secure.
>>
>
> Actually you have to go down to some special processors and real time OS's
> before you can actually claim that.

Latest Fedora Core + SHA1 checksums on all files + very restrictive
firewall...

I think that would do the job. I do not belive you could not do the same
with Windows reliably.

Aaron

"Aaron Gray" <ang.usenet.RemoveThis@gmail.com> wrote in message
news:5g2plkF3ejb49U1@mid.individual.net...
> "The Natural Philosopher" <a.RemoveThis@b.c> wrote in message
> news:1184578774.30277.0@proxy02.news.clara.net...
>> Aaron Gray wrote:
>>> "resonator80" <w.edelstein.RemoveThis@gmail.com> wrote in message
>>> news:1184512183.628120.165180@q75g2000hsh.googlegroups.com...
>>>> Computerized voting systems (aka DREs or Direct Recording Electronic)
>>>> must be based on an operating system, for example, Windows or Linux.
>>>>
>>>> Linux has the advantage of being open so that all the source code can
>>>> be open. Windows source code will not be opened to anyone.
>>>>
>>>> Some people have argued that the basic Windows operating system can
>>>> remain secret as long as the voting application program (i.e. C,
>>>> Python, etc) is open.
>>>>
>>>> Here are some questions about such an arrangement.
>>>>
>>>> 1. Could someone tamper with the Windows OS or put in some additional
>>>> code that would not be found in an inspection of the application
>>>> program that could alter the results?
>>>>
>>>> 2. Could viruses and other malware affect the OS and, ultimately, an
>>>> election without its effects being detected by examining the
>>>> application program?
>>>>
>>>> Any other comments are welcom.
>>>
>>> Only Linux is secure enough and able to be validated as secure. Windows
>>> is not capable of being validated as being secure.
>>>
>>
>> Actually you have to go down to some special processors and real time
>> OS's before you can actually claim that.
>
> Latest Fedora Core

With SELinux (Security Enhanced) enabled and even thurther restrictions
using SELinux rules.

Aaron

In comp.os.linux.advocacy, Tim Smith
<reply_in_group.TakeThisOut@mouse-potato.com>
wrote
on Mon, 16 Jul 2007 20:08:23 -0700
<reply_in_group-0C4871.20082316072007.TakeThisOut@news.supernews.com>:
> In article <wbqdnZD74tVLtQHbnZ2dnUVZ_gudnZ2d.TakeThisOut@comcast.com>,
> "Nedd Ludd" <NeddLudd.TakeThisOut@comcast.net> wrote:
>> Really, the best solution for voting is to have people fill in the bubbles
>> on high quality paper with a black ink felt tip pen. I think the neatest
>
> Close, but not quite. This is better:
>
> <http://punchscan.org/>
>

If that is what I think it is (the website timed out on
me), California abandoned a system similar to it some
years back. I frankly don't know why (though suspect a
snow job).

--
#191, ewill3.TakeThisOut@earthlink.net
Windows. When it absolutely, positively, has to crash.

--
Posted via a free Usenet account from http://www.teranews.com

Aaron Gray wrote:
> "The Natural Philosopher" <a.RemoveThis@b.c> wrote in message
> news:1184578774.30277.0@proxy02.news.clara.net...
>> Aaron Gray wrote:
>>> "resonator80" <w.edelstein.RemoveThis@gmail.com> wrote in message
>>> news:1184512183.628120.165180@q75g2000hsh.googlegroups.com...
>>>> Computerized voting systems (aka DREs or Direct Recording Electronic)
>>>> must be based on an operating system, for example, Windows or Linux.
>>>>
>>>> Linux has the advantage of being open so that all the source code can
>>>> be open. Windows source code will not be opened to anyone.
>>>>
>>>> Some people have argued that the basic Windows operating system can
>>>> remain secret as long as the voting application program (i.e. C,
>>>> Python, etc) is open.
>>>>
>>>> Here are some questions about such an arrangement.
>>>>
>>>> 1. Could someone tamper with the Windows OS or put in some additional
>>>> code that would not be found in an inspection of the application
>>>> program that could alter the results?
>>>>
>>>> 2. Could viruses and other malware affect the OS and, ultimately, an
>>>> election without its effects being detected by examining the
>>>> application program?
>>>>
>>>> Any other comments are welcom.
>>> Only Linux is secure enough and able to be validated as secure. Windows
>>> is not capable of being validated as being secure.
>>>
>> Actually you have to go down to some special processors and real time OS's
>> before you can actually claim that.
>
> Latest Fedora Core + SHA1 checksums on all files + very restrictive
> firewall...
>
> I think that would do the job. I do not belive you could not do the same
> with Windows reliably.
>

No: The Intel processor itself is indeterminate.

> Aaron
>
>

After takin' a swig o' grog, thad05.RemoveThis@tux.glaci.delete-this.com belched out this bit o' wisdom:

> Christopher Hunter <chrisehunter.RemoveThis@nospamblueyonder.co.uk> wrote:
>>
>> True. Also, "one man one vote" is a truly stupid way of electing a
>> government!
>
> ... but better than all the alternatives. Nevertheless, I think a
> system utilizing a game show or reality television format has great
> potential. It may not produce equitable government, but it would
> certainly increase citizen participation and the viewership of
> CSPAN. >

Plus your congressman can have his affair out in the open.

--
Tux rox!

[H]omer <spam.DeleteThis@uce.gov> espoused:
> Verily I say unto thee, that thad05.DeleteThis@tux.glaci.delete-this.com spake thusly:
>
>> <sarcasm>
>> By all means lets throw out the last couple hundred years of
>> democratic progress and return to utopian time when justice
>> was reserved for the landed gentry. Everything after the
>> Magna Carta was a waste of time.
>> </sarcasm>
>
> Careful. I'm sure there are more than a couple of Trolls in this group
> who would truly welcome such a move.
>

Or, at least, they lack the imagination to recognise that turning the
clocks back could be detrimental to themselves.


--
| Mark Kent -- mark at ellandroad dot demon dot co dot uk |
| Cola faq: http://www.faqs.org/faqs/linux/advocacy/faq-and-primer/ |
| Cola trolls: http://colatrolls.blogspot.com/ |
| My (new) blog: http://www.thereisnomagic.org |

On Tue, 17 Jul 2007 13:28:06 +0100, BearItAll wrote:

>> The *ONLY* way to verify is via paper trail,
>
> That is probably the least safe of the posible means of vote counting. It
> tends to be concidered safe for no other reason than it is traditional.

The common theory is that voter fraud with paper ballots, when there is a
proper procedure in place to guard the safety of the ballots, would require
a huge conspiracy to be successful, and conspiracies of that level always
make mistakes.

What's more, the paper ballot can (and should) be augmented with electronic
means. For instance, your argument about dropping more than one piece of
paper wouldn't work when you have to feed your ballot into an optical
scanner, since the scanner would be designed to only allow one piece of
paper to go through.

Further the ballot can be signed by cryptographic key that would prevent
anyone fron inserting their own ballots into the process.

No system is foolproof, obviously. But it's usually good enough to make it
extremely difficult to pull off fraud without being detected.

BearItAll wrote:
> Erik Funkenbusch wrote:
>
< snip >
>>
>> The *ONLY* way to verify is via paper trail,
>
>
> That is probably the least safe of the posible means of vote counting. It
> tends to be concidered safe for no other reason than it is traditional.

This is an interesting thesis. Let's see how well you can support it.

> First the voting box. You fold your piece of paper in half while you are
> still in the privacy of the voting booth. Then you walk out and put it into
> the box. No one is allowed to touch your paper. Would they be able to tell
> if you have a few pieces of paper folded inside your own? The answer is no,
> because it has been done.

You are wrong, or it doesn't have to be the way you described.
Allow me to describe the system used where I vote.

You get one sequentially numbered ballot when you sign in. You take the
ballot to the booth or other private area and make your selections. You
don't have an opportunity to get multiple ballots. You slide the ballot
into a sleeve that is a little shorter than the ballot after you fill
out the ballot. The sequence number is displayed and a volunteer notes
the ballot number. The ballot does not go into a box but is slid into a
scanner. A counter on the scanner is incremented when the ballot is
successful so I have an indication that my vote counted. Also, the
ballots are printed on very heavy paper; they're almost a light
cardboard. Two ballots would not fit into the scanner at the same time
and even if they could, only the ballot facing the sensors is read.

I've just described at least three controls that prevent people from
voting multiple times: 1) you get one ballot 2) the observer can see
you slide in one ballot 3) the scanner can only read one ballot at a time.

> Have a look at the counting stage, in just a few hours many millions of
> pieces of paper are sorted into piles depending where the 'X' is.

This step you've just described tells me that you've never voted or
you're an idiot. Most elections include multiple issues. A ballot can
include selections for President, Federal Senator, Federal
Representative, State Senator, State Representative, Judges, College
Trustees, State ballot initiatives, local ballot initiatives, Mayor,
School Board members, City Council members and Dog Catcher. "Sorting
into piles depending on where the 'X' is" is not a practical task.

> The
> sorter/counter doesn't have the time to check the number on the paper to
> see if it is valid or if it has been counted in another pile by another
> counter.

When voting is done there is a stack of ballots sitting behind the
scanner which are easily counted, there is the tally on the scanner and
I wouldn’t be surprised if the scanner had an internal tally as well.
The numbers should match up. Should the numbers not match up then
compare the tallies to the number of sequentially numbered ballots
handed out.

The number of ballots handed out is the maximum possible ballots cast;
any ballots above that number are thrown out. Identifying duplicate
ballot numbers is easy and identifying the bogus ones may be possible.
The bottom line is that inconsistencies are easily identified.

> How ever carefull they are with the ballot box system there are many stages
> where cheating can take place. It's true that the inspectors know this so
> can try their best to stop it.

You've presented a strawman argument. All voting systems come with
security risks. Processes mitigate the risks and reduce the possibility
of fraud whereas the tools can only assist.

> It is well known that it goes on, but would
> slow the count down too much, so instead they only take it into accout on
> very close counts, I think I'm right in saying only if it comes to a third
> count (something like that). But I doubt they could do that on a major
> election simply because they would be too many ballot papers to check.

No, you are categorically incorrect. All votes are counted using the
system I described. When the scanned vote totals are within a threshold
then a recount is called. During the recount the ballots can
be rescanned or counted manually.


> Then they is the old chestnut, how do You know that the ballot box that you
> put your ballot paper into is the box that is delivered to the counting
> station? The truth is that you don't know. Guarded? By whom. (I already
> know someone is going to give a very stupid answer to that).

The votes are counted when they are scanned. The ballots can be
rescanned or hand counted in the event of discrepancies. WWII vets
witness the process and they'll still kick your ass if you interfere
with the Democratic process they preserved for the world 65 years ago.

> Much better to have an ID type electronic vote, I don't know how best, but
> maybe in the lines of an allocated key value that can only be used once.
> Yes, I know that they is the risk of yours being knicked and someone else
> voting using yours. But you still only have one vote per key so much more
> likely to give the result of a fair vote.

> Actually since these days people don't really care who you vote for, I mean
> no gangs will turn up at your door and tar and feather you if you vote
> Labour, then maybe everyone should be called to their town hall and have a
> show of hands.

Actually, you're wrong. A Trillion (U.S. Trillion) dollars will be
spent to get people to vote one way or another in the next US
Presidential election. A lot of people want you to vote a particular
way on a lot of issues and they are willing to pay for it.

> PS: You might get tared and feathered if you vote Liberal, but that is
> perfectly understandable and you would only have yourself to blaim.

It doesn't look to me like you've supported you case that manual voting
systems are inherently insecure. You haven't demonstrated how computer
based voting is more secure either. A well implemented manual system
is more secure than a well implemented computer based system simply
because you have physical ballots that can be recounted in the event of
a discrepancy. There is nothing to recount with a computer based system.

So we are back to the fundamental question of why do we need a computer
based voting system?

"The Natural Philosopher" <a DeleteThis @b.c> wrote in message
news:1184662991.14920.0@proxy01.news.clara.net...
> Aaron Gray wrote:
>> "The Natural Philosopher" <a DeleteThis @b.c> wrote in message
>> news:1184578774.30277.0@proxy02.news.clara.net...
>>> Aaron Gray wrote:
>>>> "resonator80" <w.edelstein DeleteThis @gmail.com> wrote in message
>>>> news:1184512183.628120.165180@q75g2000hsh.googlegroups.com...
>>>>> Computerized voting systems (aka DREs or Direct Recording Electronic)
>>>>> must be based on an operating system, for example, Windows or Linux.
>>>>>
>>>>> Linux has the advantage of being open so that all the source code can
>>>>> be open. Windows source code will not be opened to anyone.
>>>>>
>>>>> Some people have argued that the basic Windows operating system can
>>>>> remain secret as long as the voting application program (i.e. C,
>>>>> Python, etc) is open.
>>>>>
>>>>> Here are some questions about such an arrangement.
>>>>>
>>>>> 1. Could someone tamper with the Windows OS or put in some additional
>>>>> code that would not be found in an inspection of the application
>>>>> program that could alter the results?
>>>>>
>>>>> 2. Could viruses and other malware affect the OS and, ultimately, an
>>>>> election without its effects being detected by examining the
>>>>> application program?
>>>>>
>>>>> Any other comments are welcom.
>>>> Only Linux is secure enough and able to be validated as secure. Windows
>>>> is not capable of being validated as being secure.
>>>>
>>> Actually you have to go down to some special processors and real time
>>> OS's before you can actually claim that.
>>
>> Latest Fedora Core + SHA1 checksums on all files + very restrictive
>> firewall...
>>
>> I think that would do the job. I do not belive you could not do the same
>> with Windows reliably.
>>
>
> No: The Intel processor itself is indeterminate.

Should not produce a security risk though, which is what was in question,
not formal verifiability.

Aaron