US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   James Johnson
Organization :   N/A
Post Date :   9/30/2005

Section Comments
Section :  6.7
Page no. :  
Line no.:  
Comment :  IrDA Software  
IrDA software drivers are available form a number of sources for use with UNIX, Windows and other Operating Systems (OS). Most versions of MS Windows come with support for IrDA already included. This is true of the MS Windows CE operating system as well as Windows XP. Microsoft also provides a free IrDA driver which can be  

downloaded from it web site. Other suppliers of IrDA systems (e.g., Ericsson) offer their own drivers including source code (Texas Inurnments).  
With the source code available, an interrupt handler (executable code) could easily be added. For example, when the voting terminal receives a special bit configuration (caused by holding down multiple keys concurrently) that is outside the usually accepted range, a special interrupt could be generated invoking a handler that could be programmed to perform any desired function. This would require a small amount of code and could easily be hidden; such code would be difficult to discover.  
If such code was installed in the driver, which is considered to be Commercial-Off-The-Shelf (COTS) [even if compiled and installed by the voting system manufacturer] it would not be examined by the ITAs.  
Code in such a handler could be designed to place the voting terminal in a mode where it downloads and install an executable module, thus allowing unapproved logic to be added to the voting machine while in use on Election Day. Obviously this executable could perform any function the programmer desired including deleting itself when finished. The only recourse is to disallow communications with the voting terminal during use. It might be augured that such code could be added the day before Election Day. If all software in the system is required to self authenticate using a digital signature these kinds of changes would be detected.   [Statements submitted to NIST Technical Guidelines Development Committee]