[EM] CORRECTING Black box voting repost re how HAVA imploded

[Ka-Ping Yee]

On Thu, 1 Feb 2007, Brian Olson wrote:
> But the problem is you didn't count the million lines of python
> interpreter or the millions of lines of X11 or Linux you might run it on.
>
> If you're going to claim verification, you need verified building blocks
> or build the whole thing yourself.

Any attempt to verify something has to choose a level of abstraction to
stop at.  Does security verification require verifying your C compiler?
How about the CPU microcode, the CPU transistor layout, or the RAM?
(Diebold's code uses MFC and runs on Windows CE -- also a lot of code.)

You are correct that verifying the Python prototype alone does not amount
to verifying everything.  The way i decided to draw the line there is
that Python is widely deployed, mature open source software -- we have
massive ongoing evidence that the language implementation doesn't contain
serious bugs.  We don't have any such evidence about software written
specifically for voting, so that's where verification is most needed.

By the way, i'm not much in disagreement with you about paper ballots.
There's no question that paper is currently a more reliable and
accountable recording medium for votes than software.  However:
(a) we're stuck with machines alas, so they'd better not suck; and
(b) there are some pretty compelling arguments for richness in the UI,
both in terms of better enfranchisement of voters with all types of
disabilities or impairments, and it's an established fact that
computers (when they actually work) can help voters detect and correct
mistakes.


-- ?!ng