Home page logo
/

interesting-people logo Interesting People mailing list archives

Re: Premier (Diebold) admits to flaw that drops votes
From: David Farber <dave () farber net>
Date: Sun, 24 Aug 2008 21:58:59 -0400



Begin forwarded message:

From: Cem Kaner <kaner () KANER COM>
Date: August 24, 2008 3:29:09 PM EDT
To: USACM () LISTSERV ACM ORG
Subject: Re: Premier (Diebold) admits to flaw that drops votes
Reply-To: Cem Kaner <kaner () KANER COM>

What I am suggesting is that ITA testing, state-level testing and vendor
testing should not be the only alternatives and we shouldn't be encouraging
the government to perpetuate this narrowness.

Do you really need 7000 systems or is just that this is the only
configuration you understand today? How much could we learn from simulators?
How much from long-sequence testing that involves fewer processors?

I don't know--for Diebold machines--because our system bars anyone but a few
insiders from knowing anything of substance.

But my experience with phone systems and network printer firmware tells me
that it is often possible to get a handle on hard-to-reproduce problems,
including race conditions, on less complex systems than one might first
expect.

What would we learn if university labs and commercial test labs (commercial as distinct from regulatory-system-focused labs: the bug-hunting kind rather than the paper-processing kind) were able to do testing? This takes money, but how much has flowed into Obama's campaign? After Obama loses, how many people will believe that the voting machines were the embodiment of a thumb
on the scale? How much will they be willing (but forbidden) to spend to
investigate that suspicion?

Cem Kaner, J.D., Ph.D.
Professor of Software Engineering, Florida Institute of Technology
www.kaner.com
www.testingeducation.org
http://www.satisfice.com/kaner/


-----Original Message-----
From: Douglas W. Jones [mailto:jones () cs uiowa edu]
Sent: Sunday, August 24, 2008 11:01 AM
To: Cem Kaner
Cc: USACM () LISTSERV ACM ORG
Subject: Re: Premier (Diebold) admits to flaw that drops votes


On Aug 23, 2008, at 12:30 PM, Cem Kaner wrote:

If testing of these machines wasn't:

(a) limited to captive test labs and captive testing consultants
(b) with results protected by nondisclosure agreements

Then we would have known about these bugs a long time ago.

This is unclear.  I've done some work on Diebold machines, and what
seems
clear is that the key bugs are race conditions that only show up
reliably
in very large configurations.  There's evidence that neither the
company
nor the testing labs ever tested things on the scale that is found in
large
metropolitan areas where the jurisdiction must process several thousand
PCMCIA cards after the polls close.

Typical outside tests of voting systems seem to involve only a few
machines.
Agressive state-level certification testing only seems to involve a
few tens
of machines and a few hundred test ballots.  ITA testing?
Historically,
that's been so opaque that you can't even tell how many machines were
used by reading the (non-disclosed) ITA reports (at least not in the
several
tens of such reports I've read).

It's not clear to me that it's realistic to ask for vendor testing on
the
scale of 7000 voting machines in 700 precincts, in order to produce
7000
PCMCIA cards to process in 70 PCMCIA readers networked to a GEMS
server.
This is the scale of the system that they use in a large urban
county.  What
we want is systems with architectures that scale well, where testing
can be
conducted on a realistic scale.

What really bothers me is that Ohio isn't the most intensive user of
GEMS.
If Ohio is seeing these kinds of problems in its urban counties, I
wonder
why there are no similar reports out of Maryland and Georgia, where
there
are even larger urban centers using GEMS.  Surely, the problems
reported
out of Ohio have been seen in these other states.  If these problems
were
not noticed in these other states, then this is evidence of gross
negligence
in the conduct of elections in those states.  If the problems have
been seen,
then why have those states not shared this information with other
customers
and demanded corrective action long ago.

                Doug Jones
                jones () cs uiowa edu





-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]