[Novalug] On behalf of everyone in the IT industry - Sorry!

Bryan J Smith b.j.smith@ieee.org
Fri May 1 00:56:50 EDT 2015


On Fri, May 1, 2015 at 12:18 AM, Peter Larsen <peter@peterlarsen.org> wrote:
> It's expensive and doesn't provide methods for verification of votes.

Actually, it does very well.  Common assumption is not reality..

> Paper based voting adds a long process to print and distribute the
> ballots.

It is due process with physical retention.  In fact, there is a heavy,
newfound interest in doing more, not less, of that, precisely because
of recounts and other, newer laws.  I absolutely don't understand your
argument at all.

> There's no validation of people putting the marks correctly as
> we call in the crappy 2000 election.

YES THERE IS!!!  Did you not read my e-mail?

If you accidentally mark 2 things, the 1980s-era ink-electronic
systems DO REJECT the ballot

They've pretty much become the "gold standard" here in Florida, based
on the issues with any other solution in 2004 and 2006.  Again, my
county has had these systems since the '80s, and we're the only ones
that didn't have issues.

> There's a lot of faults with paper based ballots.

The age-old ink-electronic systems are actually becoming the "Gold
Standard" because they already solve a lot of problems of other
systems, and have for 30+ years.  ;)

> Problems electronic voting fixes.

Our experiences here in Florida, among many others states, utterly
_disagrees_ with that assumption-based assessment.  All the counties
that bought into the new-fangled non-sense post-2000 have _all_
dropped them and fallen back to our 1980s-era ink-electronic systems.

And yes, they do all sorts of things you claim they do not.

> Standards are a must. Voting needs to be "commoditized" and done the
> same way regardless of voting in Alaska or Florida. I'm OK starting at a
> state level, but in the end we should all use the same validated system
> and process.

Actually, if you read our Constitution, the US Federal government
cannot set standards, as the federal government does not decide how
states handle elections.  What the US Federal government is
responsible for, and can trump the state, is in ensuring civil
liberties and civil rights to vote.  That's a different ballgame.

The last thing anyone should want is the US Federal government
involved in other aspects.  One place to control, versus 51 +
territories.  The US Federal government should absolutely should be
involved in investigating and ensuring civil liberties though.

> I don't agree that computer based voting is non-sense. This kind of
> computer based voting is - absolutely 100% worthless and it should have
> been trashed at the first presentation done by the vendor.  Just as a
> paper based system can fail miserable if we don't have things in place
> to ensure transportation, enough and accurate ballots etc. - any badly
> constructed system will fall apart.

Experience with the current systems out there has pretty much shown
this.  I've read numerous reports produced in Florida, Ohio and a few
other states, they ones that spent mass amounts of money on these new
systems.  In the end, they came back to the conclusion that the
existing ink-electronic systems least issues, and despite common
assumptions, many features.

This includes _immediately_ "spitting back" a ballot that has an
incorrect vote on it.  That's why you put the ballot into the machine
yourself when these ink-electronic systems are used.

> I remember the Diabold debacle and I agree lots of integrators. I
> understand the hunt for government contracts, and the idea of getting a
> contract to supply the nation with mandatory purchase machine I think
> made a lot of them vet their pants. I'm ok with that. What I'm not ok
> with is the lack of requirements, oversight and validation.

I don't think you understand the deep details here.

I.e., I was working at banks and financial institutions 2001-2006.

Both Diebold and IBM were _frank_ about the lack of "control" they had
in everything from the choice of the platform to the encryption used
to the integrators involved.  Why?  Because virtually all IT
departments wanted to be involved, and they wanted Windows, no Linux.

It was the same issue, whether it was an ATM, or a voting machine.

Embedded, dedicated, limited access systems are crucial for these
types of solutions.  I cannot stress this enough, having designed
embedded solutions for mission critical applications at industry
leaders in everything from aerospace (Boeing, L-3) to trading (IPC
Systems).

> The whole idea of proprietary voting machine software makes absolutely
> no frigging sense!

Whoa!  Okay dude ... step back!

We're talking an embedded platform, increasingly run with an open
source stack these days.  This "proprietary" argument is not just a
red herring, but often not the case.

Yes, the code is audited, usually to very strict standards, and a
"certified" platform, open source or not.  But it is inspected.
*AND*, most importantly, access to the platform is *LIMITED*.

Take the Toyota Camry for example.  As proven in more than one civil
lawsuit now, Toyota corporate decided to forgo using a certified open
source platform, and utilized the free one to save on costs.  Along
with other shortcuts, everything from using an uncertified board
without a watchdog timer to one with half as much memory resulting in
constant stack overflows (proven in court, an '05 Camry could miss up
to 80% of brake petal depresses).

It's more than just whether or something is open source.  It's whether
it's certified, audited and the functionality is very limited.  With a
generic PC solution, you cannot get that.  Sorry, but true.

> If there is anything our government needs access to
> it's THAT code! It should be fully open sourced, free for everyone to
> implement, validate and comment on.

Do you think this doesn't happen already?

After the Sojourner mission in the mid '90s, everything went the COTS
software stack route.  Virtually all of that was built on GNU.  The
code is audited.  The solutions are certified.  There are usually
licensed engineers involved.

If you've been around the industry, you would know this.

> To me it's two different issues - I want a reliable voting system first
> - no system should be accepted if it cannot provide that.

Which is why study after study keeps coming back to the
straight-forward, limited ink-electronic designs that have a very
simple, straight-forward stack with extremely limited functionality.
It's a tried'n true design.

The more you go generic PC, the worse it gets.

>  This is 2015
> - we do billions of transactions on the stock exchanges every day
> covering trillions of dollars of trade, we can do this with modern means
> and gain the benefits from it - but that's absolutely secondary to the
> first part.

It's ironic you should bring this up, considering I worked on the
backpack of IPC Systems flagship product (IQ/Max) last decade.

[ FYI, for those that don't know, IPC Systems is the #1 embedded
vendor for banking and trading systems. IQ/Max is GNU/Linux-based. ]

> Until we have reliable electronic voting, using the systems
> you talk about is our best choice - as imperfect they may be - they are
> the best we have.

Okay, at least we agree there.

> Don't agree - not even a little bit - if by solutions you mean business
> process type solutions. Of course watching your child open a present on
> his 5th birthday shouldn't be a PC and there are lot of other examples.
> But when it comes to process management and reliability, I don't agree
> at all.

Sorry, but general access PC architectures are not ideal in these solutions.

-- bjs



More information about the Novalug mailing list