[CAVO] Open Source Election Software
Brent Turner
turnerbrentm at gmail.com
Tue Aug 8 18:14:17 UTC 2017
Larry-
Here is the real article before these proprietary folks rewrote it to suit
their black op purposes
https://www.nytimes.com/2017/08/03/opinion/open-source-software-hacker-voting.html?_r=0
Though many don't want to hear it- the reality is Microsoft and their
allies, as Director Woolsey explains , have waged war on open source voting
to the detriment of the national security..
Part of this disinformation campaign is Barbara Simons / David Dill /
Verified Voting working with Mitch Kapor to provide disinformation -
Ambassador Woolsey and myself are featured in a documentary about this
coming out soon-- called "The Real Activist" For information about the
Dill / Microsoft controlled " fake " activist / academic community see
http://cavo-us.org/matrix.pdf
Best-
Brent
More to come !!
On Tue, Aug 8, 2017 at 9:36 AM, Brent Turner <turnerbrentm at gmail.com> wrote:
> Please use real nyt article rather than this proprietary community rewrite
> that eliminates cavo and disinforms toward paper ballot
>
> On Tue, Aug 8, 2017 at 9:26 AM Lawrence Rosen <lrosen at rosenlaw.com> wrote:
>
>> Here is an article from Linuxinsider.com about open source election
>> software.
>>
>>
>>
>> http://www.linuxinsider.com/story/Is-the-Path-to-Secure-
>> Elections-Paved-With-Open-Source-Code-84730.html
>>
>>
>>
>> I'm copying the entire article below for your convenience. /Larry
>>
>>
>>
>> ************************************
>>
>> Increased use of open source software could fortify U.S. election system
>> security, according to an op-ed published last week in *The New York
>> Times*.
>>
>> Former CIA head R. James Woolsey and Bash creator Brian J. Fox made their
>> case for open source elections software after security researchers
>> demonstrated how easy it was to crack some election machines in the Voting
>> Machine Hacking Village staged at the recent DefCon hacking conference in
>> Las Vegas.
>>
>> "Despite its name, open-source software is less vulnerable to hacking
>> than the secret, black box systems like those being used in polling places
>> now," Woolsey and Fox wrote.
>>
>> "That's because anyone can see how open-source systems operate," they
>> explained. "Bugs can be spotted and remedied, deterring those who would
>> attempt attacks."
>>
>> Open source software has proven to be so reliable and secure that it's
>> being used by the U.S. Defense Department, NASA <http://www.nasa.gov/>
>> and the U.S. Air Force, noted Woolsey and Fox. [image:
>> http://www.linuxinsider.com/adsys/count/9675/?nm=a-ilin_160-1us&ENN_rnd=15022087902837&ign=0/ign.gif]
>> Microsoft Resistance
>>
>> Despite the benefits of open source software, Microsoft and other
>> companies selling proprietary voting systems have lobbied aggressively
>> against moving to open source, Woolsey and Fox contended.
>>
>> "If the community of proprietary vendors, including Microsoft, would
>> support the use of open-source model for elections, we could expedite
>> progress toward secure voting systems," they suggested.
>>
>> Microsoft did not respond to our request to comment for this story.
>>
>> "There's a role for proprietary software," said Lawrence Rosen, an
>> intellectual property attorney with Rosenlaw & Einschlag
>> <http://rosenlaw.com/> and former general counsel for the Open Source
>> Initiative.
>>
>> "Everything doesn't have to be open source," he told LinuxInsider, "but
>> when we're talking about elections software that requires the confidence of
>> the voters, that's different from whether my car radio is proprietary or
>> open."
>> Cracking Fest
>>
>> Woolsey and Fox's *Times* piece was particularly timely, coming as it
>> did on the heels of the cracking fest at the Voting Machine Hacking Village.
>>
>> "They confirmed what we already knew," said James Scott, a senior fellow
>> at the Institute for Critical Infrastructure Technology
>> <http://www.icitech.org/>. "These are extremely vulnerable machines."
>>
>> "Think of what a voting machine is," he told LinuxInsider. "It's a 1980s
>> PC with zero endpoint security in a black box where the code is proprietary
>> and can't be analyzed."
>>
>> Although the researchers at DefCon impressed the press when they
>> physically hacked the voting machines in the village, there are more
>> effective ways to crack an election system.
>>
>> "The easiest way to hack an election machine is to poison the update on
>> the update server at the manufacturer level before the election," Scott
>> explained. "Then the manufacturer distributes your payload to all its
>> machines for you."
>> Security Through Obscurity
>>
>> Advocates for open source elections software argue that more transparency
>> is needed in the systems.
>>
>> "With closed source systems, you really have no idea what they're doing,"
>> said Nicko van Someren, executive director for the core infrastructure
>> initiative at The Linux Foundation.
>>
>> "Diligent states will do some sort of auditing of their own, but we know
>> from history that any sort of security audit on any sort of code seldom
>> shows up everything," he told LinuxInsider.
>>
>> "The more people you have examining the code, the more vulnerabilities
>> you're likely to find," van Someren added.
>>
>> Although largely discredited, a belief persists that keeping source code
>> secret is more secure than open sourcing code.
>>
>> "That's wrong-minded," van Someren said. "In practice, hackers can look
>> at binaries and still find vulnerabilities."
>>
>> Still, an ostrich attitude about security still prevails at some
>> businesses, according to Brian Knopf, senior director of security research
>> at Neustar <http://www.neustar.biz/>.
>>
>> "There are still some companies that have the idea that if they bury
>> their head in the sand, if I ignore everyone else and don't provide access,
>> then no one will find anything," he told LinuxInsider. "Clearly, that's not
>> the truth."
>> Can't Hack Paper
>>
>> If elections systems makers aren't willing to go the open source route,
>> they at least need to open their code to expert eyes outside their
>> organizations, maintained Mark Graff, CEO of Tellagraff
>> <http://www.tellagraff.com/>.
>>
>> "The source could be placed in escrow so an expert panel could look at
>> it," he told LinuxInsider, " but I don't think that's worked in the past,
>> and I don't know if you could line up the commercial interests to agree to
>> do what the experts say."
>>
>> A simpler solution to the security problem involves paper ballots and
>> post-election ballot auditing, said Barbara Simons, president of
>> VerifiedVoting <http://www.verifiedvoting.org/>.
>>
>> After all the votes are cast, a sampling of paper ballots would be
>> compared manually to the electronic tally to determine the accuracy of the
>> vote.
>>
>> "Open source is good thing -- we support it -- but there are always bugs
>> that are not going to be caught," Simons told LinuxInsider.
>>
>> "What we need are paper ballots and manual post-election ballot audits,"
>> she said.
>>
>> "If we have those, even with proprietary software, we can protect our
>> election from being hacked," Simons maintained. "You can't hack paper." [image:
>> http://www.ectnews.com/images/end-enn.gif]
>> ------------------------------
>>
>> [image:
>> http://www.linuxinsider.com/images/rws620514/John%20P.%20Mello%20Jr..jpg]*John
>> P. Mello Jr.* has been an ECT News Network reporter since 2003. His
>> areas of focus include cybersecurity, IT issues, privacy, e-commerce,
>> social media, artificial intelligence, big data and consumer electronics.
>> He has written and edited for numerous publications, including the *Boston
>> Business Journal*, the *Boston Phoenix*, *Megapixel.Net* and *Government
>> Security News*. Email John. <john.mello at newsroom.ectnews.com>
>>
>>
>>
>>
>>
>> Lawrence Rosen
>>
>> Rosenlaw (www.rosenlaw.com)
>>
>> 3001 King Ranch Rd., Ukiah, CA 95482
>>
>> Cell: 707-478-8932 <(707)%20478-8932>
>>
>>
>> _______________________________________________
>> CAVO mailing list
>> CAVO at opensource.org
>> https://lists.opensource.org/cgi-bin/mailman/listinfo/cavo
>>
> --
> Sent from Gmail Mobile
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/cavo_lists.opensource.org/attachments/20170808/86fe4f8b/attachment.html>
More information about the CAVO
mailing list