Posted on 06/17/2007 10:46:20 PM PDT by dayglored
(Bo Lipari is the Executive Director of New Yorkers for Verified Voting, http://www.nyvv.org/)
Microsoft, the 800 pound gorilla of software development has moved forcefully into New York State, supported by voting machine vendors using Microsoft Windows in their touch screen voting machines and other systems. Over the last two months Microsoft and a cadre of high paid lobbyists have been working a full-court press in Albany in an attempt to bring about a serious weakening of New York State election law. This back door effort by private corporations to weaken public protections is about to bear fruit.
On Thursday, June 14, I recieved a copy of proposed changes to New York State Election Law drafted by Microsoft attorneys that has been circulating among the Legislature. These changes would gut the source code escrow and review provisions provided in our current law, which were fought for and won by election integrity activists around the state and adopted by the Legislature in June 2005. In an earlier blog I wrote about Microsoft's unwillingness to comply with New York State's escrow and review requirements. Now the software giant has gone a step further, not just saying “we won't comply with your law” but actively trying to change state law to serve their corporate interests. Microsoft's attorneys drafted an amendment which would add a paragraph to Section 1-104 of NYS Election Law defining “election-dedicated voting system technology”.
Microsoft’s proposed change to state law would effectively render our current requirements for escrow and the ability for independent review of source code in the event of disputes completely meaningless - and with it the protections the public fought so hard for...
(Excerpt) Read more at nyvv.org ...
Microsoft, which already refused to escrow its software in violation of this law, is now dismantling the law itself.
And lest you think, "Oh, they're just protecting their American intellectual property", let me remind you that Microsoft WILLINGLY GAVE THEIR SOURCE CODE TO THE CHINESE COMMUNISTS a while ago to try to prevent the Chicoms from developing an open-source alternative. The Chicoms got to read the software that Microsoft refuses to let Americans see.
Microsoft consistently donates more money to liberal Democratic candidates than to conservative Republicans -- this should not surprise anybody, but it should factor into how we view this decision to give American proprietary software to the Chicoms, while changing American laws so that if it screws up the next presidential election, American voters can't find out what went wrong.
We should be very concerned.
You may find this ping-worthy.
His argument is total BS. Read carefully what MS is proposing. They are saying that if someone builds a voter app to run in their environment that MS doesn't have to release the environment to the government or anyone else for independant review. This would remove the ability for pretty much anyone to get a look at MS's operating system source codes.
IE - if you build a voting machine app using pocket PC software, you still have to release the code - which anyone who knows software can reconstitute on a pocket PC environment and verify it works as it is suppose to.
The developer of the voting machine equipment themselves don't even have access to the environment source. MS is just doing this so that people can use their awesome development tools/environment and compete with those who are not.
His concern is about whether the ballots that are cast are counted and verified. Others are concerned with who gets to cast a ballot. The fact that he concentrates on one aspect doesn't invalidate his position, any more than if it were the other way around and he worried about IDs and not how the votes were counted. Your criticism is specious.
> His argument is total BS. Read carefully what MS is proposing. They are saying that if someone builds a voter app to run in their environment that MS doesn't have to release the environment to the government or anyone else for independant review. This would remove the ability for pretty much anyone to get a look at MS's operating system source codes.... IE - if you build a voting machine app using pocket PC software, you still have to release the code - which anyone who knows software can reconstitute on a pocket PC environment and verify it works as it is suppose to... The developer of the voting machine equipment themselves don't even have access to the environment source.
You are saying you don't care whether the software that runs the voting machines in America works correctly or not. I think that's blind and foolish. Software -- all software -- has flaws and errors. They're unavoidable. In something as crucial as counting votes in an election, there MUST be a way to find out if the software has made mistakes, and the only way to do that is to have access to source code.
> MS is just doing this so that people can use their awesome development tools/environment and compete with those who are not.
I have worked with Microsoft's development tools and environments professionally and privately for the past 18 years. I think you're confusing "awesome" with "bloated", but that's a different argument.
You are discounting flaws in the kernel...
where most of the exploit attempts would target.
Elections source code must be reviewable all the way down to the machine language source code. Memory calls at the hex and binary levels must be reviewable by independent experts.
What you are suggesting, and what MS is lobbying for, leaves huge holes open for low level memory buffer overflow exploits, and memory capture/alteration exploits and other attacks at boot up before the OS loads the election software program into memory.
From the assigned RAM that holds the election software’s tallies, the OS must control all hardware and memory switches that move that information out to external hardware, be it a memory card or ethernet connection or whatever. All of that must be reviewable by independent experts. The ENTIRE chain of custody of the information in memory must be 100% secure. MS is lobbying for a small fort to be built amongst a countryside full of thieves.
You've confused two very different things:
1. Whether something is analytically correct.
2. Whether something produces an expected output.
They are not the same. It's entirely possible to produce expected results with an incorrect process. So saying that you can reproduce and verify results, while a useful test, is not the same as knowing that the results were obtained using the correct procedure. As a trivial example, I claim to have a software program that produces squares of numbers. You test it by inputting "2", and sure enough you get "4" as a result, so you say "It works". But inside, the source code is not doing "x^2", it is actually doing "x+2". It just happened that for your test, the result was the same.
You cannot take an incorrect system -- one with errors in the source code -- and "test it until it works". That is what you propose to do with the Windows-based voting machines. I prefer to be able to know that the voting machine is doing the correct thing, analytically, by looking at the source code.
And if you think that the only errors of concern are those in the application, that the underlying operating system can't introduce subtle errors into the application running over it, then you are completely naive with regard to software. People looking to corrupt our voting machine software will aim for the underlying operating system.
I have no background in software engineering/computer science and am intrigued by this thread and your post. Are you saying that the ‘environment’ (I’m assuming this means the operating system and software environment that a software developer would use to build their own programs) is capable of altering the ‘intent’ of the software that uses it? Would this have to be done by altering the ‘environment’ after the election software was written, or could something be written into the source code that would corrupt any election software that uses it? I apologize if this is a ridiculous question.
> Are you saying that the ‘environment’ (I’m assuming this means the operating system and software environment that a software developer would use to build their own programs) is capable of altering the ‘intent’ of the software that uses it?
Yes, absolutely.
> Would this have to be done by altering the ‘environment’ after the election software was written, or could something be written into the source code that would corrupt any election software that uses it?
Either one, or a third option. It's quite possible to know about a weakness in the operating system, and exploit it after the voting machine is in place, causing the voting app to register incorrect votes, even if the application itself were written correctly.
> I apologize if this is a ridiculous question.
Not ridiculous at all -- it's the crux of the issue. Namely, if you can't see what's going on in the operating system, you cannot have full faith in the application.
Thanks for explaining this.
Don’t forget, if a company is using Windows CE it has access to most of the source code anyway. Modified to fit a voting machine, that code would still be subject to review. But modified for a platform that is also the basis for a voting machine, it would not.
So, Company A makes ATMs using Windows CE. Company A then uses the same hardware for their voting machine and drops their Windows CE implementation in the voting machine. Ta-da, many lines of operating system code the vendor had free reign to modify at will, and none of it subject to review.
Imagine if we were doing critical math equations (say they’re running a nuclear reactor) on a system, and all the software’s been thoroughly audited for this use, but you’re using an early Pentium processor and you’re not allowed to test that for accuracy.
You hit it on the head. dayglored has much more experience in the field than I, and gave a good reply.
This will only pass through pure strongarming and palm greasing, it’s a simple and straightforward concept that has been given alot of media time in NY State after the 2004 elections.
Anyone interested further can look at http://www.votingmachinesprocon.org/
it gives both sides of the debate, though it hasn’t mentioned the NYState lobbyist bill yet on the website...
Sure, but I wanted to avoid sparking a religious flamewar about operating systems, so I stuck to the transparency aspect -- since a closed proprietary microcontroller would also have the same problem as Windows.
But yes, a simpler system would be easier to characterize and analyze. And putting any mission-critical application over Windows is just asking for trouble. There are damn few analytically-correct operating systems; Windows is certainly NOT one of them.
> That they'd even be thinking about a Windows-based system for this means that the people working on this are either utterly, grossly incompetent, or are already planning subversion of the voting process.
I agree completely. I hope it's merely gross incompetence, but somedays, it's hard not to start thinking about tin-foil hats... ;-)
I hadn't yet thanked you for your excellent comment above in #5:
> What you are suggesting, and what MS is lobbying for, leaves huge holes open for low level memory buffer overflow exploits, and memory capture/alteration exploits and other attacks at boot up before the OS loads the election software program into memory... From the assigned RAM that holds the election software’s tallies, the OS must control all hardware and memory switches that move that information out to external hardware, be it a memory card or ethernet connection or whatever. All of that must be reviewable by independent experts. The ENTIRE chain of custody of the information in memory must be 100% secure. MS is lobbying for a small fort to be built amongst a countryside full of thieves.
Quite so. Those of us who have at one time or another had to use core (memory) dumps to locate "live" data and read values off the CPU stack during procedure calls, know only too well how easy it is for a malicious program to get into the memory of a running computer and alter, add, remove, all sorts of data, with the application completely unaware that the ground is shifting under it.
You said it more succinctly --
All of that must be reviewable by independent experts. The ENTIRE chain of custody of the information in memory must be 100% secure.Microsoft is trying to make it easier for the bad guys to corrupt and control American elections. We ignore this danger at our peril.
Voting machines shouldn’t run on any common OS at all.
Windows isn’t suitable for ATMs, certainly not for vote tabulators.
I was once toubleshooting the prototype of a PowerPC embedded system and it had a memory problem during bootup. So one might have said,
“PowerPC code corrupts RAM. Absolute PowerPC code corrupts RAM absolutely.”
OK who in New York State is going to look at Windows operating system source code and verify it? This is a joke. We’re not talking about Fourier transforms and teraflops here. We’re adding up integers, one at a time. How much dependency is there on the O/S for that? A PC Junior could handle this and not break a sweat.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.