[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can a machine test itself? + other issues



I suspect that putting clips on the ROMs of an unpowered machine might indeed be the only foolproof test.  (And it could be done only by voting officials.)  I'm still curious whether anyone actually claims to capture "an image of the entire system".
 
BIOS does indeed imply a PC.  Since so many are discarded daily, a PC-based voting system costs almost nothing.  It also has the advantage of being testable by anybody; no special, expensive, proprietary hardware is needed.  The software (including the FreeDOS operating system) can be downloaded from a web site by anyone, and fits on a diskette.  The contents of the diskette can be verified by a hash-code test, which can be done by anyone, in any machine, with an independently downloaded program.  Diskettes also are easily copied, so multiple exact copies of what goes into the computer and what comes out can be distributed to opposition parties, media, etc.  This is why SAVIOC is arguably more secure than any other voting system, including those with paper trails.
 
As for testing the BIOS ...  I think it would be possible to verify that a BIOS has not been changed since some previous check, but that would require testing and tracking every machine with a different BIOS, and is something that would be controlled entirely by voting officials.  Poll watchers would be unable to verify that it was done properly.
 
 
In a message dated 12/6/2004 10:42:28 PM Eastern Standard Time, vince@lipsio.com writes:
> That comment about "an image of the entire system including the OS" intrigues
> me.  Since the machine itself must be used (I presume) to generate an image
> of the entire system, couldn't malicious software in the OS or BIOS present a
> false image of what is there?  (I have been inquiring about a foolproof way to
> verify a BIOS.  I'm not sure that one exists.)

The only foolproof way to test a system's code is to have an external device perform
the test, so this would require, for example, a special system with clips that
connect to the ROMs and read and verify their contents.

Also, the "BIOS" would be part of what is tested; the term "BIOS" in my experience
is something peculiar to a PC, which a voting machine should not be, but if it is,
then the BIOS would have to be part of the code and would have to be testable.

Vince Lipsio