[CAVO] Fwd: [VVSG-election] [VVSG-pre-election] [VVSG-interoperability] Separating Issues and Avoiding Ghost Stories - RE: By November, Russian hackers could target voting machines

Brent Turner turnerbrentm at gmail.com
Fri Jul 29 00:42:48 UTC 2016 

---------- Forwarded message ----------
From: Joseph Kiniry <kiniry at galois.com>
Date: Thu, Jul 28, 2016 at 3:21 PM
Subject: Re: [VVSG-election] [VVSG-pre-election] [VVSG-interoperability]
Separating Issues and Avoiding Ghost Stories - RE: By November, Russian
hackers could target voting machines
To: Susan Eustis <susan at wintergreenresearch.com>
Cc: vvsg-pre-election <vvsg-pre-election at nist.gov>, Arthur Keller <
ark at soe.ucsc.edu>, vvsg-election <vvsg-election at nist.gov>, Stephen Berger <
stephen.berger at suddenlink.net>, vvsg-post-election <
vvsg-post-election at nist.gov>, vvsg-interoperability <
vvsg-interoperability at nist.gov>


Susan et al.,

> On Jul 28, 2016, at 07:12, Susan Eustis <susan at wintergreenresearch.com>
wrote:
>
> I believe the problems are 2:
> 1. How to make fraud detectable, the code base in any electronics is
vulnerable where-ever it is, Code can be changed without detection and this
needs to be addressed.

I keep hearing this statement made in many forums and continue to bring up
the fact that there is some excellent R&D going on wrt this topic which has
been seeing practical application in the DOD space for a few years.

It is now the case that you can prove that the application (and operating
system &c) you have is exactly what you think it is an moreover that a
running system is executing exactly that software.

This is hard.  Few people know how to do it.  No existing/traditional
elections vendor does it or knows how to do it.  But it is a solved problem
now.

I’m happy to go into deep technical detail with anyone who is interested
and point to the relevant peer-reviewed work, but this is not the forum for
such.

Joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/cavo_lists.opensource.org/attachments/20160728/878e8edc/attachment.html>

More information about the CAVO mailing list