|

 
|
| | Name : | Ron Crane | Organization : | N/A | Post Date : | 9/30/2005 |
| Section : | A1C | Page no. : | | Line no.: | | Comment : | 8a. The Guidelines contain many loopholes surrounding the distribution and authentication of software.
a. Vol. I, App. C, §6.0.4.2 (Best practices for distribution and validation of voting system
software) is insufficient to provide any real security. It states that digital signatures can be
used "to verify that voting system software is the correct version," but does not describe an appropriate reference procedure for doing so. Worse, it doesn't mention that
the program used to compute the software's signature must not be provided by the vendor - since an unscrupulous vendor's program can return the correct signature
without actually computing it, thus making malware appear valid.
The Guidelines must clearly and fully document the appropriate procedure and tools that elections officials
should use to determine the software's authenticity. | |
|
|