<div><div dir="auto">Please use real nyt article rather than this proprietary community rewrite that eliminates cavo and disinforms toward paper ballot </div><br><div class="gmail_quote"><div>On Tue, Aug 8, 2017 at 9:26 AM Lawrence Rosen <<a href="mailto:lrosen@rosenlaw.com">lrosen@rosenlaw.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="#0563C1" vlink="#954F72"><div class="m_-4155829168736849487WordSection1"><p class="MsoNormal"><span style="font-size:12.0pt;color:black">Here is an article from Linuxinsider.com about open source election software.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:black"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:black"><a href="http://www.linuxinsider.com/story/Is-the-Path-to-Secure-Elections-Paved-With-Open-Source-Code-84730.html" target="_blank">http://www.linuxinsider.com/story/Is-the-Path-to-Secure-Elections-Paved-With-Open-Source-Code-84730.html</a><u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:black"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:black">I'm copying the entire article below for your convenience. /Larry<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:black"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:black">************************************<u></u><u></u></span></p><p class="m_-4155829168736849487story-body"><span lang="EN">Increased use of open source software could fortify U.S. election system security, according to an op-ed published last week in <em><span style="font-family:"Calibri",sans-serif">The New York Times</span></em>.<u></u><u></u></span></p><p><span lang="EN">Former CIA head R. James Woolsey and Bash creator Brian J. Fox made their case for open source elections software after security researchers demonstrated how easy it was to crack some election machines in the Voting Machine Hacking Village staged at the recent DefCon hacking conference in Las Vegas.<u></u><u></u></span></p><p><span lang="EN">"Despite its name, open-source software is less vulnerable to hacking than the secret, black box systems like those being used in polling places now," Woolsey and Fox wrote.<u></u><u></u></span></p><p><span lang="EN">"That's because anyone can see how open-source systems operate," they explained. "Bugs can be spotted and remedied, deterring those who would attempt attacks."<u></u><u></u></span></p><p><span lang="EN">Open source software has proven to be so reliable and secure that it's being used by the U.S. Defense Department, <a href="http://www.nasa.gov/" target="_blank">NASA</a> and the U.S. Air Force, noted Woolsey and Fox. <img border="0" width="1" height="1" style="width:.0083in;height:.0083in" id="m_-4155829168736849487Picture_x0020_3" src="cid:image001.gif@01D31027.6CFF5C80" alt="http://www.linuxinsider.com/adsys/count/9675/?nm=a-ilin_160-1us&ENN_rnd=15022087902837&ign=0/ign.gif"><u></u><u></u></span></p><h2><span lang="EN">Microsoft Resistance <u></u><u></u></span></h2><p><span lang="EN">Despite the benefits of open source software, Microsoft and other companies selling proprietary voting systems have lobbied aggressively against moving to open source, Woolsey and Fox contended.<u></u><u></u></span></p><p><span lang="EN">"If the community of proprietary vendors, including Microsoft, would support the use of open-source model for elections, we could expedite progress toward secure voting systems," they suggested.<u></u><u></u></span></p><p><span lang="EN">Microsoft did not respond to our request to comment for this story.<u></u><u></u></span></p><p><span lang="EN">"There's a role for proprietary software," said Lawrence Rosen, an intellectual property attorney with <a href="http://rosenlaw.com/" target="_blank">Rosenlaw & Einschlag</a> and former general counsel for the Open Source Initiative.<u></u><u></u></span></p><p><span lang="EN">"Everything doesn't have to be open source," he told LinuxInsider, "but when we're talking about elections software that requires the confidence of the voters, that's different from whether my car radio is proprietary or open." <u></u><u></u></span></p><h2><span lang="EN">Cracking Fest <u></u><u></u></span></h2><p><span lang="EN">Woolsey and Fox's <em><span style="font-family:"Calibri",sans-serif">Times</span></em> piece was particularly timely, coming as it did on the heels of the cracking fest at the Voting Machine Hacking Village.<u></u><u></u></span></p><p><span lang="EN">"They confirmed what we already knew," said James Scott, a senior fellow at the <a href="http://www.icitech.org/" target="_blank">Institute for Critical Infrastructure Technology</a>. "These are extremely vulnerable machines."<u></u><u></u></span></p><p><span lang="EN">"Think of what a voting machine is," he told LinuxInsider. "It's a 1980s PC with zero endpoint security in a black box where the code is proprietary and can't be analyzed."<u></u><u></u></span></p><p><span lang="EN">Although the researchers at DefCon impressed the press when they physically hacked the voting machines in the village, there are more effective ways to crack an election system.<u></u><u></u></span></p><p><span lang="EN">"The easiest way to hack an election machine is to poison the update on the update server at the manufacturer level before the election," Scott explained. "Then the manufacturer distributes your payload to all its machines for you." <u></u><u></u></span></p><h2><span lang="EN">Security Through Obscurity <u></u><u></u></span></h2><p><span lang="EN">Advocates for open source elections software argue that more transparency is needed in the systems.<u></u><u></u></span></p><p><span lang="EN">"With closed source systems, you really have no idea what they're doing," said Nicko van Someren, executive director for the core infrastructure initiative at The Linux Foundation.<u></u><u></u></span></p><p><span lang="EN">"Diligent states will do some sort of auditing of their own, but we know from history that any sort of security audit on any sort of code seldom shows up everything," he told LinuxInsider.<u></u><u></u></span></p><p><span lang="EN">"The more people you have examining the code, the more vulnerabilities you're likely to find," van Someren added.<u></u><u></u></span></p><p><span lang="EN">Although largely discredited, a belief persists that keeping source code secret is more secure than open sourcing code.<u></u><u></u></span></p><p><span lang="EN">"That's wrong-minded," van Someren said. "In practice, hackers can look at binaries and still find vulnerabilities."<u></u><u></u></span></p><p><span lang="EN">Still, an ostrich attitude about security still prevails at some businesses, according to Brian Knopf, senior director of security research at <a href="http://www.neustar.biz/" target="_blank">Neustar</a>.<u></u><u></u></span></p><p><span lang="EN">"There are still some companies that have the idea that if they bury their head in the sand, if I ignore everyone else and don't provide access, then no one will find anything," he told LinuxInsider. "Clearly, that's not the truth." <u></u><u></u></span></p><h2><span lang="EN">Can't Hack Paper <u></u><u></u></span></h2><p><span lang="EN">If elections systems makers aren't willing to go the open source route, they at least need to open their code to expert eyes outside their organizations, maintained Mark Graff, CEO of <a href="http://www.tellagraff.com/" target="_blank">Tellagraff</a>.<u></u><u></u></span></p><p><span lang="EN">"The source could be placed in escrow so an expert panel could look at it," he told LinuxInsider, " but I don't think that's worked in the past, and I don't know if you could line up the commercial interests to agree to do what the experts say."<u></u><u></u></span></p><p><span lang="EN">A simpler solution to the security problem involves paper ballots and post-election ballot auditing, said Barbara Simons, president of <a href="http://www.verifiedvoting.org/" target="_blank">VerifiedVoting</a>.<u></u><u></u></span></p><p><span lang="EN">After all the votes are cast, a sampling of paper ballots would be compared manually to the electronic tally to determine the accuracy of the vote.<u></u><u></u></span></p><p><span lang="EN">"Open source is good thing -- we support it -- but there are always bugs that are not going to be caught," Simons told LinuxInsider.<u></u><u></u></span></p><p><span lang="EN">"What we need are paper ballots and manual post-election ballot audits," she said.<u></u><u></u></span></p><p><span lang="EN">"If we have those, even with proprietary software, we can protect our election from being hacked," Simons maintained. "You can't hack paper." <img border="0" width="21" height="10" style="width:.2166in;height:.1083in" id="m_-4155829168736849487Picture_x0020_2" src="cid:image002.gif@01D31027.6CFF5C80" alt="http://www.ectnews.com/images/end-enn.gif"><u></u><u></u></span></p><div class="MsoNormal" align="center" style="text-align:center"><span lang="EN"><hr size="1" width="100%" noshade style="color:#a0a0a0" align="center"></span></div><p id="m_-4155829168736849487story-authorbio"><u></u><img width="80" height="80" style="width:.8333in;height:.8333in" src="cid:image003.jpg@01D31027.6CFF5C80" align="left" alt="http://www.linuxinsider.com/images/rws620514/John%20P.%20Mello%20Jr..jpg"><u></u><strong><span lang="EN" style="font-family:"Calibri",sans-serif">John P. Mello Jr.</span></strong><span lang="EN"> has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the <em><span style="font-family:"Calibri",sans-serif">Boston Business Journal</span></em>, the <em><span style="font-family:"Calibri",sans-serif">Boston Phoenix</span></em>, <em><span style="font-family:"Calibri",sans-serif">Megapixel.Net</span></em> and <em><span style="font-family:"Calibri",sans-serif">Government Security News</span></em>. <a href="mailto:john.mello@newsroom.ectnews.com" target="_blank">Email John.</a><u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:black"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:black"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:black">Lawrence Rosen<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:8.0pt;color:black">Rosenlaw (</span><span style="color:black"><a href="http://www.rosenlaw.com/" target="_blank"><span style="font-size:8.0pt;color:#0563c1">www.rosenlaw.com</span></a></span><span style="font-size:8.0pt;color:black">) <u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:8.0pt;color:black">3001 King Ranch Rd., Ukiah, CA 95482<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:8.0pt;color:black">Cell: 707-478-8932 <u></u><u></u></span></p><p class="MsoNormal"><u></u> <u></u></p></div></div>_______________________________________________<br>
CAVO mailing list<br>
<a href="mailto:CAVO@opensource.org" target="_blank">CAVO@opensource.org</a><br>
<a href="https://lists.opensource.org/cgi-bin/mailman/listinfo/cavo" rel="noreferrer" target="_blank">https://lists.opensource.org/cgi-bin/mailman/listinfo/cavo</a><br>
</blockquote></div></div><div dir="ltr">-- <br></div><div class="gmail_signature" data-smartmail="gmail_signature">Sent from Gmail Mobile</div>