Home page logo

interesting-people logo Interesting People mailing list archives

Re: Premier (Diebold) admits to flaw that drops votes
From: David Farber <dave () farber net>
Date: Sun, 24 Aug 2008 21:58:59 -0400

Begin forwarded message:

From: Cem Kaner <kaner () KANER COM>
Date: August 24, 2008 3:29:09 PM EDT
Subject: Re: Premier (Diebold) admits to flaw that drops votes
Reply-To: Cem Kaner <kaner () KANER COM>

What I am suggesting is that ITA testing, state-level testing and vendor
testing should not be the only alternatives and we shouldn't be encouraging
the government to perpetuate this narrowness.

Do you really need 7000 systems or is just that this is the only
configuration you understand today? How much could we learn from simulators?
How much from long-sequence testing that involves fewer processors?

I don't know--for Diebold machines--because our system bars anyone but a few
insiders from knowing anything of substance.

But my experience with phone systems and network printer firmware tells me
that it is often possible to get a handle on hard-to-reproduce problems,
including race conditions, on less complex systems than one might first

What would we learn if university labs and commercial test labs (commercial as distinct from regulatory-system-focused labs: the bug-hunting kind rather than the paper-processing kind) were able to do testing? This takes money, but how much has flowed into Obama's campaign? After Obama loses, how many people will believe that the voting machines were the embodiment of a thumb
on the scale? How much will they be willing (but forbidden) to spend to
investigate that suspicion?

Cem Kaner, J.D., Ph.D.
Professor of Software Engineering, Florida Institute of Technology

-----Original Message-----
From: Douglas W. Jones [mailto:jones () cs uiowa edu]
Sent: Sunday, August 24, 2008 11:01 AM
To: Cem Kaner
Subject: Re: Premier (Diebold) admits to flaw that drops votes

On Aug 23, 2008, at 12:30 PM, Cem Kaner wrote:

If testing of these machines wasn't:

(a) limited to captive test labs and captive testing consultants
(b) with results protected by nondisclosure agreements

Then we would have known about these bugs a long time ago.

This is unclear.  I've done some work on Diebold machines, and what
clear is that the key bugs are race conditions that only show up
in very large configurations.  There's evidence that neither the
nor the testing labs ever tested things on the scale that is found in
metropolitan areas where the jurisdiction must process several thousand
PCMCIA cards after the polls close.

Typical outside tests of voting systems seem to involve only a few
Agressive state-level certification testing only seems to involve a
few tens
of machines and a few hundred test ballots.  ITA testing?
that's been so opaque that you can't even tell how many machines were
used by reading the (non-disclosed) ITA reports (at least not in the
tens of such reports I've read).

It's not clear to me that it's realistic to ask for vendor testing on
scale of 7000 voting machines in 700 precincts, in order to produce
PCMCIA cards to process in 70 PCMCIA readers networked to a GEMS
This is the scale of the system that they use in a large urban
county.  What
we want is systems with architectures that scale well, where testing
can be
conducted on a realistic scale.

What really bothers me is that Ohio isn't the most intensive user of
If Ohio is seeing these kinds of problems in its urban counties, I
why there are no similar reports out of Maryland and Georgia, where
are even larger urban centers using GEMS.  Surely, the problems
out of Ohio have been seen in these other states.  If these problems
not noticed in these other states, then this is evidence of gross
in the conduct of elections in those states.  If the problems have
been seen,
then why have those states not shared this information with other
and demanded corrective action long ago.

                Doug Jones
                jones () cs uiowa edu

Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]