U.S. Voting Software Hashes Made Public

fibonacci2000 writes "From the NIST website: 'This effort is a first step in being able to trace software from the vendor through the accreditation process to the states and other purchasers of voting systems. Now election authorities have a reference database to compare with the digital signatures of software provided to them by vendors.'"

Let me be the first to say

[commodoresloat]

And I, for one, welcome our new democratically elected overlords!

a nice gesture, but only a gesture

[timothy]

This does one necessary thing, which is provide a way to prove (near enough) that the software being used is the software that the voting software company provided, that no one hijacked the delivery truck carrying the voting machine and swapped in one favorable to candidate X. (Or W, or K.)

What it specifically does *not* do is do anything to prove the actual security, accuracy of the included software when running as intended, or that it can't be used *other* than as intended, in a 99-extra-lives "cheat mode." While incrementing by one a pretty small number of piles several thousand times doesn't sound like a computationally tough job, Bev Harris and others have shown the numerous and substantial flaws that current systems have; I'm aware of only one state (Nevada) that will be requiring a paper trail for its electronic voting machines in case of a dispute over the electronic returns.

Hashes? Great! Put them on the outside of the envelope containing every scrap of the sourcecode in machine-readable form, along with documentation that you have completed the publically available test suite, please, and take a seat in the lobby. The taxpayers will get around to you in your turn.*

timothy

*Oh, if it were that simple ;)