Saw the AccuPoll Demonstration
The public demonstration of the AccuPoll system was on display during the evening on Nobember 17, 2005. The system is better from a technology point of view than Diebolds. To start with the operating system is Linux Red Hat and the data base is the open source MySQL. Excellent choices from the computer security point of view. Also many of the main configuration files and parameters are hashed and the hashes prominently and frequently printed on reports.
The star configuration with the EtherNet connection is troubling. In every precinct there is a precinct workstation which is connected to each and every voting station in the precinct/ward. Thus the name star configuration. The precinct machine is at the center with a communication line to each voting station. There is a great of communication on each of these communication lines.
There is an authentication protocol between the central precinct machine and each of the voting stations as the voting station connects to pecinct central. This authentication is actuall a good idea. if the software hashes (MD5) do not match the expected values then the system does not initialize. since the system recognizes the software is not approved.
When the vote is cast the ballot info is sent precinct central as part of the "stored in multiple locations" architecture. Again, a good idea. The more data sinks the more involved any machine manipulations of the vote must become.
There is program on the precint central which can "spoil" out a ballot on both the central machine and the data stores on the voting station. It was unclear. But, I am very sure the record is not deleted but is marked as spoiled in the MySQL database. This has got to be a weakness; the protocol of which can be exploited. Can I selective spoil out a pecentage of ballots is select locations to skew the city-wide reports?
The main problem is the Voter Verified Paper Audit Trail is a ballot reciept which the elector handles and could leave the polling place with. If even 1 ballot recipt can leave, WI 5.91(18) is not met since neither a count nor recount can be done using the paper. WI 5.91(1) prevents an election official from handling the ballot receipt. and since it is not a ballot, there is nothing in 5.64 to prevent this ballot receipt from leaving the polling place. Tis is a problem for the AccuPoll system I saw. A receipt under glass scheme would seem to be a solution. but, it is a solution AccuPoll does not have at this time.
As for the electronic protions. All of the communication is IP (internet protocol). Even the short cables for the single voting station were a pain in the but. It is a given that some polling location is gooing to go with a wireless connection between the central precinct machine and the 6-12 voting stations in the polling place. WI-FI reduces the physical danger of tripping, greatly simplifies the setup of a polling place and allows for great flexibility in seting up a polling place. From a security, election integrity point of view WI_FI is a fraudster's delight.
The star configuration with the EtherNet connection is troubling. In every precinct there is a precinct workstation which is connected to each and every voting station in the precinct/ward. Thus the name star configuration. The precinct machine is at the center with a communication line to each voting station. There is a great of communication on each of these communication lines.
There is an authentication protocol between the central precinct machine and each of the voting stations as the voting station connects to pecinct central. This authentication is actuall a good idea. if the software hashes (MD5) do not match the expected values then the system does not initialize. since the system recognizes the software is not approved.
When the vote is cast the ballot info is sent precinct central as part of the "stored in multiple locations" architecture. Again, a good idea. The more data sinks the more involved any machine manipulations of the vote must become.
There is program on the precint central which can "spoil" out a ballot on both the central machine and the data stores on the voting station. It was unclear. But, I am very sure the record is not deleted but is marked as spoiled in the MySQL database. This has got to be a weakness; the protocol of which can be exploited. Can I selective spoil out a pecentage of ballots is select locations to skew the city-wide reports?
The main problem is the Voter Verified Paper Audit Trail is a ballot reciept which the elector handles and could leave the polling place with. If even 1 ballot recipt can leave, WI 5.91(18) is not met since neither a count nor recount can be done using the paper. WI 5.91(1) prevents an election official from handling the ballot receipt. and since it is not a ballot, there is nothing in 5.64 to prevent this ballot receipt from leaving the polling place. Tis is a problem for the AccuPoll system I saw. A receipt under glass scheme would seem to be a solution. but, it is a solution AccuPoll does not have at this time.
As for the electronic protions. All of the communication is IP (internet protocol). Even the short cables for the single voting station were a pain in the but. It is a given that some polling location is gooing to go with a wireless connection between the central precinct machine and the 6-12 voting stations in the polling place. WI-FI reduces the physical danger of tripping, greatly simplifies the setup of a polling place and allows for great flexibility in seting up a polling place. From a security, election integrity point of view WI_FI is a fraudster's delight.
0 Comments:
Post a Comment
<< Home