Friday, December 02, 2005

FW: [IP] 24 hours!!! review of elections-computers' source-code completed in 24 hours!

Yet another reason not to trust government south of the Mason Dixon line.

-----Original Message-----
From: David Farber <dave@farber.net>
Date: Thursday, Dec 1, 2005 5:36 pm
Subject: [IP] 24 hours!!! review of elections-computers' source-code completed in 24 hours!

Begin forwarded message:

From: Jim Warren <jwarren@well.com>
Date: December 1, 2005 4:36:08 PM EST
To: Dave Farber <dave@farber.net>, Declan McCullagh <declan@well.com> Subject: review of elections-computers' source-code completed in 24 hours!

Sheesh! Hope EVERY computer-literate citizen of North Carolina learns about this -- and screams bloody-hell to their legislators. What a amazing SHAM!

--jim

From: Justin Moore <justin@cs.duke.edu>
Organization: Duke University Department of Computer Science
Date: Thu, 01 Dec 2005 13:31:05 -0500
Subject: [NCVI] Diebold back in NC

It seems that Diebold didn't cut and run from North Carolina after all. Less than 24 hours after Diebold finally placed all of their source code into escrow -- OS and all, they claim -- the State Board claims that
their source code audit confirms that Diebold system meets necessary
security and reliability standards.

The portion of relevant state law is

===
c) Prior to certifying a voting system, the State Board of
Elections shall review, or designate an independent expert to review, all source code made available by the vendor pursuant to this section and certify only those voting systems compliant with State and federal law. At a minimum, the State Board's review shall include a review of security, application vulnerability, application code, wireless
security, security policy and processes, security/privacy program
management, technology infrastructure and security controls, security organization and governance, and operational effectiveness, as
applicable to that voting system.
===

By certifying Diebold's system, the SBOE claims (implicitly) that they have conducted this review within the last 24 hours on all code placed in escrow.

Perhaps the NC SBOE could publish their audit methods in the next top- tier software engineering conference. This is the most amazing code
audit -- in terms of speed, breadth, and depth -- that I have ever seen.

-jdm
-- Duke University Department of Computer Science, Durham, NC 27708-0129 Email: justin@cs.duke.edu
Web: http://www.cs.duke.edu/~justin/

-------------------------------------
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)