On Tue, Mar 02, 2004 at 12:56:18AM -0000, Niall Douglas wrote:
voting machines from anything except off the shelf chips is not going to change any time soon.
Why? You can get a military hardened CPU from Atmel or even Intel for less than a x86 CPU. It just won't run Windows.
Fair enough. I assumed they'd be more expensive. Still doesn't change the fact that when you look at the circuit board all you can see is a plastic package and that there's no non-destructive way of finding out if you've really, really got an genuine xyz military hardened processor or just something pretending to be one.
Something(s) on the board must be the key to the trust system, usually the processor but maybe there are multiple chips that check the signatures. You only need to replace these with look-a-likes that will also trust your switched image. No one can discover this without examining the chip layout under an electron microscope, rather impractical.
You're wrong on this. There are these key generating boxes which spit out encryption keys for use in X509 certs and such and they usually live inside a fire proof safe. They're very very tamper proof, you can't even let them get too hot or cold or else they reset themselves and you lose the key sequence. You could have something similar for voting machines.
I know them from having to go through the rigmarole of accessing one. You had to sign this log book and two people had to be present at all times to make sure you didn't drop it etc.
You've gone way outside the requirements for a voting machine here. I agree with you that a practically tamper proof machine is possible, however we are talking about machines which will spend 364 days a year switched off in a warehouse in the back of beyond and then they'll spend a full day in an unfriendly environment being used in private by punters.
If a machine is not running continuously then I can swap chips on it so that it behaves perfectly correctly until it gets my signal and there is nothing anyone can do to discover this, short of cracking open all the chips.
I don't think technological security is the issue here, personal security is much more important. Mobile phone voting in the North would be a good laugh, where the bloke looking over your shoulder, watching you vote, wears a balaclava for a bit of petrol bombing fun at the weekend. Even taking threats and violence out of the mix, remote voting allows vote selling.
No more so than a fellow paying you a tenner to vote a certain way. Of course you could vote differently anyway - however under a mobile phone voting system, I see no problem with being able to change your vote later.
One problem is that it greatly complicates vote storage and anonymnity. I can't see it ever being accepted because most people want to know that when they cast their vote it's done and nothing can undo it.
F