Indeed, if successfull, it will nullify the current Council political agreement that no one want to break for diplomatic reason.
If the Commission has to rethink the subject, they may take some of the good guy message into the new directive.
If the Parliament is still on the good side, then they will bring us an as good directive as last time.
With more time, the Council will be able to receive and take into account strong opposition like Spain and Poland... Maybe we can get Portugal with us after the election over there.
The relationship between cryptography research/usage and patent is a very interesting one.
I would say that together with codec (VoIP/MPEG) and compression (LZ77) this is a place were a lot of time is spend on an algorithm and interoperability is required as it apply for file format or protocol.
In cryptography the situation is worst because of that export restriction (and also because of the security implication).
As soon as a patent is filled on a cryptographic algorithm (frequently it is hidden behind a patent on a encryption device to bypass EPC limitation), nobody is interested to research the given algorithm. The reason is that if it is patented, then it will more likely not be used widely. If it is not used widely or not study widely, then we can not tell if the algorithm is strong. This is because we need peer review of the algorithm.
So if one cryptographer want to be famous, he rather not patent his work. If he want to be "rich" then he might hope to patent and that it will still be in used.
For Belgian, it is interesting to see what the author of AES have to say about patenting... They decided (maybe because it was impose for AES selection) that Rijndael would not be patented. However friendly, the author of Rijndael might not want to take public position on this debate.
It is interesting also to compare the advance in cryptography and compare europe and US. It is hard to tell if the difference is due to the export rule or to the patenting situation.
I once contacted a poor "inventor" that wanted his "magic" algorithm to be widely used. He spended a lot of money to patent it... to later find out that no one was interested anymore and that the patent might be invalid after all.
That inventor became broke and decided not to renew the patent. In order for that work not to be lost for ever, he spend time advocating for his unfamous algorithm.
So there are some argument to find in the cryptographic world.
Feel free to send me an email if you ever want to say something on this topic that I could use while talking to a Free Software fanatic that believes having the source code is enough to guarantee democracy or to publish on our web site.
After a talk with Richard Stallman about the use of Free Software for Electronic Election, I emailed him. RMS sent me the following:
Free software is not enough to ensure that elections are carried out properly.
The software used in and for government should always be free software; the government should always have the freedom to run it, study its source code, change it to suit government needs, and distribute copies to others either unchanged or modified. That way, software owners will not have power over the government's computers. But that is not enough to ensure that computerized elections are fair and honest.
It is easy for a programmer to change a program so that it tells the user "You voted for Mr Smith" but actually record a vote for Mr Brown. Unfortunately, free software does not prevent this. There is no known way to prevent this.
With free voting software, a government election committee can study the source code. If the program has been published, anyone can study the source code. But there is no way to be sure that the program actually running when you cast your vote is the same program that you and the election committee studied. Someone could have installed a fiddled version an hour before the election and replaced it with the authorized version an hour after it ended.
To assure honest elections, we need physical ballots that can be used for a recount.
Re:What would I do with this much bandwidth?-Music
on
Ethernet at 10 Gbps
·
· Score: 1
It can be from your office to your provider. Then encapsulated or transported accross very long distance with things like cisco ONS.
It is not unsusual to have 1G or ATM OC3 or ATM OC12 accross long distance (in my case 500 Km), except if I work on another planet.
The UK enacted the EUCD in October 2003. The Directive has similarly been enacted in a number of other EU member states, allowing Sony to pursue mod chip sellers. Recently, it won just such a case in Belgium.
But that sound odd since EUCD has not been translated into Belgian law... yet. Even if it had been translated, Belgian Slashdoter should know more about that case Sony won.
Anybody with more clues?
David GLAUDE
Ever since there was network protocol using fixed timer, we have seen some global synchronisation effect generating fluctuation in network performance.
All new protocol that include some timer should do it with a suffisently random interval.
RIP: 30 s
OSPF: 30 min
STP: 2 s
RSS: 1 hour
This is all wrong.
The free e-Democracy project was stopped when the author found out that having Free Software or not for electronic election is not the issue.
He found out he better fight bad e-Voting by design than to try to fix a solution searching for a problem. Now he started a resolution promoting e-Voting with VVAT (Voter Verified Audit Trail).
You do not need to create a unique random serial number on the paper audit trail. The preference expressed by the elector is already a rather good number that can be used as a sorting key.
Sorting the ballot by first preference is already the first step in any election with STV electoral system (what is used in Ireland). You just have to continue like that.
I would like to see how frequently does the removal of randomness change the result of the election before signing for a black box on a single argument.
In the cancelled attempt to do eVoting for European Election, the removal of the randomness was not even part of the plan.
You should rather look at Voter Verified Audit Trail and... quote:
"Take a look at Fergal Daly and John Lambe's pages describing how VVAT might work in Ireland."
The "perfect transfert" argument does not make paper trail impossible.
It is rather easy to sort all the vote=preference of a constituancy. It is equaly easy to sort the paper trail. Once this is done, it is very easy to compare the vote in 1234th position and compare it with paper trail in 1234th position. If you always get a match after a few sample test like that, you can trust the recorded electronic version of the vote.
Once the vote database is OK, it is easy to independantly verify who is to be elected.
You can read...
* Richard Stallman on Free Software and Free Software.
* Free Software Foundation France on Free Software and Free Software ... to understand that Free Software or Open Source is not the solution to the lack of democraty when you introduce Electronic Voting.
Please remember that 99% of the citizen-elector can not read code and that the 1% left can not verify what code is running the day of the election.
I did send a formal request to FSF representative in Belgium to handel the case. I am a legal owner of a KISS 500 and I garantee that nowhere in the documentation or CDROM provided there is a copy of the GPL licence, nor the source code, nor an offer to get the source code.
FSF is however not the copyright owner of the source code involved into that copyright/GPL violation. So they can only assist whoever is in the owner of the copyright.
Concearning KISS 500, it concearn busybox, uClinux kernel and maybe a dhcd client.
Since the firmware update is available for download, everybody can complain that they distribute binary without respect for the GPL. At worst they stop providing upgrade.
It would be interesting to know if anywhere in the Nerderlands there are oposition to your very special e-voting. In Belgium we are PourEVA and did block e-voting progress, force by legal action the source code to be publish,...
If you are Dutch speaking you can read ou
Open brief aan de leden van het federale parlement van Belgie, else you can read the whole web site in french.
There might be some stuff you don't know about election in the US. They have 100+ question to answer, from who should be the governor to the color of traffic light. So simple solution are not simple.
Now back to the nederlands... and a few question:
How do you deal with two election run the same day (European + xxx)?
Is the source code + hardware specification of the system available to the general public?
How does the voter know his vote has been counted... trust an expert?
Is it possible to do recount in the Nederlands? What do you recount then?
Is there a paper version of the vote printed (paper audit trail) that is VoterVerifiable?
Do not hesitate to contact me (the web master of PourEVA) with information about e-voting in your european country.
Adding a printer (Printing paper audit trail) might be the best option for the US that is stuck with voting machine.
The best solution of all is PAPER and PEN.
If you want speed in the result, then SCANNING the paper is the best option.
Using computer to generate paper is not the cheapest way to make a PAPER BALLOT and any device between me and my vote is a risk to the secrecy of my vote.
In french and dutch for Belgian that want to have fair election... PourEVA
In Belgium 43% of the population vote using magnetic card (no one but the computer can verify what is on the magnetic card).
In May 2003, in order to proof the population that "e-voting" was OK we tested "ticketing" in two locations.
With Ticketing, when you confirm your vote with the light pen, a ticket (piece of paper) get printed with your vote. The printer is behind a glass and you can only read your vote. You are asked to confirm and the ticket drop (for futur manual counting). Then your magnetic card is returned to you so that you can insert it for magnetic counting.
At the end of the day, ticket are counted and compare to the magnetic result. The Belgian law for that experiment say that if the result are not the same... then the paper result is valid.
Guess what took place...
The paper result was not matching by 7% for one specific candidate (100 to 107 preferencial vote). The official expert that are monitoring electronic voting did choose to use the magnetic result saying that they were more accurate and that it was difficult to read the ticket for counting.
"Voter Verifiable paper trail" is NOT the solution for fair, secret and democratic election. Adding a printer to a DRE might be the only chance to verify the election process in the US... but hand-casted-hand-counted vote is the best democratic solution.
To learn (in french/dutch) about Belgium electronic voting:
http://www.poureva.be/.
David GLAUDE
1. Accept the challenge.
2. Learn from her how to hack.
3. Make sure she does not reveal anything to anybody else and pretend she found nothing and it was an accident.
4. Win the election (for ever)
5. PROFIT!!!
Give us more information.
There was a debate about should you show your ID or give your ID. Apparently the "law" say show so you could keep your card but just hold it so that they can read...
Then how else could you proof your id than by showing your id card??? driver licence?
I am Belgian too and not happy with data retention (like ISP connection) and many thing in my country.
My next IdCard will be RSA smart card for signature and authentication.
But I already have a memory card for social security. I did explicitly request my national id not to be printed on my old plastic id card, but it is printed on my social security card anyway.
Last time I came to the bank, they asked me my id card to get my new id card number (because I changed address). They told me 70% of the id card number stored in bank database are wrong (say outdated because of peaple renewing car or changing address). They are require to update those database or pay penalty... it never made the news, but it is hapening right now.
Some belgian party want every transaction above 500 EURO to be done electronicaly, but hopefully they are not successfull during election.
Whatever, all the belgian bank grouped together to form Banksys wich is having a de-factomonopoly on ATM transaction, and they introduced the an electronic card to pay very small amongt of money. So they know how I spend my money.
All supermarket have fidelity card and they know how you spend your money, if you take baby, dog or kat food. If you hope to have babys because you take pregnancy test or if you cheat on you wife because you take condom.
All of your medical expense are also track by a card (social security card, see above) and don't try to go to the pharmacy without your card, they will let you die rather than to give you the medecin that was prescribed to you.
If you are belgian, do what you want, but I choosed to fight back and join association that care about human right in the computer world: AEL. Strangly enough, they care about free software, but that's only a positive side effect.
I don't know if the European beast is in Brussels or not, but I know Belgium don't need Europe help to track belgian. And if there is a beast in Brussels, it might well be the one tracking Belgian... If the beast does not exist, all the data are already available for starting the project.
Belgium is having 43% of the population voting using computer (not at home) and magnetic card.
On 18 May 2003 we had a mysterious and spontaneous bit inversion on the vote result ElectronicVotingRandomSpontaneousBitInversion.
This problem was not explain by the code poor quality:
AvailableVotingCode
Believe it or not, but maybe by cosmic ray did strike the counting computer during election day: RandomSpontaneousBitInversion.
I have documented and translated a few document in English for internationnal reader, you may want to check ElectronicVoting.
Belgian can get more information in french from VoteElectronique. or PourEva.
Trust me... never trust a computer or a computer expert for election result.
This is not enough.
I want the source code of all the GPL code (modified or not) by Cisco. If they do only provide a patch to a well-known source code, this is not respecting the GPL.
Of course since I do not have such a module, I can not complain... but aquiring one just to remind Cisco that they do not understand the GPL and are not respecting the rules would be fun...
Cisco and the FSF already discussed some issue in other cards like NAM, IDS,... At least they have less problem using Windows for running IP telephony solution, Microsoft is less regarding since they don't care about freedom much.
The expert appointed by registred political party had limited access to the system. Only the expert from the power in place had a way to verify something...
Slashdot Mirror
Indeed, if successfull, it will nullify the current Council political agreement that no one want to break for diplomatic reason.
If the Commission has to rethink the subject, they may take some of the good guy message into the new directive.
If the Parliament is still on the good side, then they will bring us an as good directive as last time.
With more time, the Council will be able to receive and take into account strong opposition like Spain and Poland... Maybe we can get Portugal with us after the election over there.
I would say that together with codec (VoIP/MPEG) and compression (LZ77) this is a place were a lot of time is spend on an algorithm and interoperability is required as it apply for file format or protocol.
In cryptography the situation is worst because of that export restriction (and also because of the security implication).
As soon as a patent is filled on a cryptographic algorithm (frequently it is hidden behind a patent on a encryption device to bypass EPC limitation), nobody is interested to research the given algorithm. The reason is that if it is patented, then it will more likely not be used widely. If it is not used widely or not study widely, then we can not tell if the algorithm is strong. This is because we need peer review of the algorithm.
So if one cryptographer want to be famous, he rather not patent his work. If he want to be "rich" then he might hope to patent and that it will still be in used.
For Belgian, it is interesting to see what the author of AES have to say about patenting... They decided (maybe because it was impose for AES selection) that Rijndael would not be patented. However friendly, the author of Rijndael might not want to take public position on this debate.
It is interesting also to compare the advance in cryptography and compare europe and US. It is hard to tell if the difference is due to the export rule or to the patenting situation.
I once contacted a poor "inventor" that wanted his "magic" algorithm to be widely used. He spended a lot of money to patent it... to later find out that no one was interested anymore and that the patent might be invalid after all.
That inventor became broke and decided not to renew the patent. In order for that work not to be lost for ever, he spend time advocating for his unfamous algorithm.
So there are some argument to find in the cryptographic world.
The open voting consortium has this idea wrong: Most human beeing can not read barcode David GLAUDE
Feel free to send me an email if you ever want to say something on this topic that I could use while talking to a Free Software fanatic that believes having the source code is enough to guarantee democracy or to publish on our web site.
After a talk with Richard Stallman about the use of Free Software for Electronic Election, I emailed him. RMS sent me the following:
Free software is not enough to ensure that elections are carried out properly.
The software used in and for government should always be free software; the government should always have the freedom to run it, study its source code, change it to suit government needs, and distribute copies to others either unchanged or modified. That way, software owners will not have power over the government's computers. But that is not enough to ensure that computerized elections are fair and honest.
It is easy for a programmer to change a program so that it tells the user "You voted for Mr Smith" but actually record a vote for Mr Brown. Unfortunately, free software does not prevent this. There is no known way to prevent this.
With free voting software, a government election committee can study the source code. If the program has been published, anyone can study the source code. But there is no way to be sure that the program actually running when you cast your vote is the same program that you and the election committee studied. Someone could have installed a fiddled version an hour before the election and replaced it with the authorized version an hour after it ended.
To assure honest elections, we need physical ballots that can be used for a recount.
It can be from your office to your provider. Then encapsulated or transported accross very long distance with things like cisco ONS.
It is not unsusual to have 1G or ATM OC3 or ATM OC12 accross long distance (in my case 500 Km), except if I work on another planet.
The article say:
The UK enacted the EUCD in October 2003. The Directive has similarly been enacted in a number of other EU member states, allowing Sony to pursue mod chip sellers. Recently, it won just such a case in Belgium.
But that sound odd since EUCD has not been translated into Belgian law... yet. Even if it had been translated, Belgian Slashdoter should know more about that case Sony won.
Anybody with more clues?
David GLAUDE
Ever since there was network protocol using fixed timer, we have seen some global synchronisation effect generating fluctuation in network performance.
All new protocol that include some timer should do it with a suffisently random interval.
RIP: 30 s
OSPF: 30 min
STP: 2 s
RSS: 1 hour
This is all wrong.
The free e-Democracy project was stopped when the author found out that having Free Software or not for electronic election is not the issue.
He found out he better fight bad e-Voting by design than to try to fix a solution searching for a problem. Now he started a resolution promoting e-Voting with VVAT (Voter Verified Audit Trail).
You do not need to create a unique random serial number on the paper audit trail. The preference expressed by the elector is already a rather good number that can be used as a sorting key.
Sorting the ballot by first preference is already the first step in any election with STV electoral system (what is used in Ireland). You just have to continue like that.
I would like to see how frequently does the removal of randomness change the result of the election before signing for a black box on a single argument.
In the cancelled attempt to do eVoting for European Election, the removal of the randomness was not even part of the plan.
You should rather look at Voter Verified Audit Trail and... quote: "Take a look at Fergal Daly and John Lambe's pages describing how VVAT might work in Ireland."
The "perfect transfert" argument does not make paper trail impossible.
It is rather easy to sort all the vote=preference of a constituancy. It is equaly easy to sort the paper trail. Once this is done, it is very easy to compare the vote in 1234th position and compare it with paper trail in 1234th position. If you always get a match after a few sample test like that, you can trust the recorded electronic version of the vote.
Once the vote database is OK, it is easy to independantly verify who is to be elected.
You can read...
... to understand that Free Software or Open Source is not the solution to the lack of democraty when you introduce Electronic Voting.
* Richard Stallman on Free Software and Free Software.
* Free Software Foundation France on Free Software and Free Software
Please remember that 99% of the citizen-elector can not read code and that the 1% left can not verify what code is running the day of the election.
I did send a formal request to FSF representative in Belgium to handel the case. I am a legal owner of a KISS 500 and I garantee that nowhere in the documentation or CDROM provided there is a copy of the GPL licence, nor the source code, nor an offer to get the source code.
FSF is however not the copyright owner of the source code involved into that copyright/GPL violation. So they can only assist whoever is in the owner of the copyright.
Concearning KISS 500, it concearn busybox, uClinux kernel and maybe a dhcd client.
Since the firmware update is available for download, everybody can complain that they distribute binary without respect for the GPL. At worst they stop providing upgrade.
On of the numerous problem with e-voting are:
No system aren "uncrackable".
If fraud are done, there could be no trace left, so saying there is no fraud only mean none detected in a system where there is no way to detect them
Excuse me, but everytime I hear Brazil I think about the movie/song... And when I read about your election system... I start to be afraid.
If you are Dutch speaking you can read ou Open brief aan de leden van het federale parlement van Belgie, else you can read the whole web site in french.
There might be some stuff you don't know about election in the US. They have 100+ question to answer, from who should be the governor to the color of traffic light. So simple solution are not simple.
Now back to the nederlands... and a few question:
How do you deal with two election run the same day (European + xxx)?
Is the source code + hardware specification of the system available to the general public?
How does the voter know his vote has been counted... trust an expert?
Is it possible to do recount in the Nederlands? What do you recount then?
Is there a paper version of the vote printed (paper audit trail) that is VoterVerifiable?
Do not hesitate to contact me (the web master of PourEVA) with information about e-voting in your european country.
A Candidate receive 4096 extra vote more likely because cosmic ray can change the value of a bit.
For more information about voting in Belgium (electronic and traditional).
More information about Belgium e-voting on PourEVA.be
This is the good news of the day... http://www.online.ie/news/viewer.adp?article=%2030 46344
0 3143251
http://www.labour.ie/press/detail.tmpl?SKU=200311
Richard Stallman say Free software is not the solution to democratic election.
Adding a printer (Printing paper audit trail) might be the best option for the US that is stuck with voting machine.
The best solution of all is PAPER and PEN.
If you want speed in the result, then SCANNING the paper is the best option.
Using computer to generate paper is not the cheapest way to make a PAPER BALLOT and any device between me and my vote is a risk to the secrecy of my vote.
In french and dutch for Belgian that want to have fair election... PourEVA
In Belgium 43% of the population vote using magnetic card (no one but the computer can verify what is on the magnetic card).
In May 2003, in order to proof the population that "e-voting" was OK we tested "ticketing" in two locations.
With Ticketing, when you confirm your vote with the light pen, a ticket (piece of paper) get printed with your vote. The printer is behind a glass and you can only read your vote. You are asked to confirm and the ticket drop (for futur manual counting). Then your magnetic card is returned to you so that you can insert it for magnetic counting.
At the end of the day, ticket are counted and compare to the magnetic result. The Belgian law for that experiment say that if the result are not the same... then the paper result is valid.
Guess what took place...
The paper result was not matching by 7% for one specific candidate (100 to 107 preferencial vote). The official expert that are monitoring electronic voting did choose to use the magnetic result saying that they were more accurate and that it was difficult to read the ticket for counting.
"Voter Verifiable paper trail" is NOT the solution for fair, secret and democratic election. Adding a printer to a DRE might be the only chance to verify the election process in the US... but hand-casted-hand-counted vote is the best democratic solution.
To learn (in french/dutch) about Belgium electronic voting: http://www.poureva.be/. David GLAUDE
Belgian is the worst of all... Spontaneous Bit Inversion change the result of the election. Feel free to join PourEVA association.
1. Accept the challenge. 2. Learn from her how to hack. 3. Make sure she does not reveal anything to anybody else and pretend she found nothing and it was an accident. 4. Win the election (for ever) 5. PROFIT!!!
Give us more information. There was a debate about should you show your ID or give your ID. Apparently the "law" say show so you could keep your card but just hold it so that they can read... Then how else could you proof your id than by showing your id card??? driver licence?
I am Belgian too and not happy with data retention (like ISP connection) and many thing in my country.
My next IdCard will be RSA smart card for signature and authentication.
But I already have a memory card for social security. I did explicitly request my national id not to be printed on my old plastic id card, but it is printed on my social security card anyway.
Last time I came to the bank, they asked me my id card to get my new id card number (because I changed address). They told me 70% of the id card number stored in bank database are wrong (say outdated because of peaple renewing car or changing address). They are require to update those database or pay penalty... it never made the news, but it is hapening right now.
At previous election, I voted using magnetic card. My vote was counted by computer I don't trust. I know the code of the election is ugly and I can not accept official expert explanations on a strange bit inversion during election electronic counting.
I know the Big Brother is Belgian and is legally watching me.
Some belgian party want every transaction above 500 EURO to be done electronicaly, but hopefully they are not successfull during election.
Whatever, all the belgian bank grouped together to form Banksys wich is having a de-factomonopoly on ATM transaction, and they introduced the an electronic card to pay very small amongt of money. So they know how I spend my money.
All supermarket have fidelity card and they know how you spend your money, if you take baby, dog or kat food. If you hope to have babys because you take pregnancy test or if you cheat on you wife because you take condom.
All of your medical expense are also track by a card (social security card, see above) and don't try to go to the pharmacy without your card, they will let you die rather than to give you the medecin that was prescribed to you.
If you are belgian, do what you want, but I choosed to fight back and join association that care about human right in the computer world: AEL. Strangly enough, they care about free software, but that's only a positive side effect.
I don't know if the European beast is in Brussels or not, but I know Belgium don't need Europe help to track belgian. And if there is a beast in Brussels, it might well be the one tracking Belgian... If the beast does not exist, all the data are already available for starting the project.
Belgium is having 43% of the population voting using computer (not at home) and magnetic card.
On 18 May 2003 we had a mysterious and spontaneous bit inversion on the vote result ElectronicVotingRandomSpontaneousBitInversion.
This problem was not explain by the code poor quality: AvailableVotingCode
Believe it or not, but maybe by cosmic ray did strike the counting computer during election day: RandomSpontaneousBitInversion.
I have documented and translated a few document in English for internationnal reader, you may want to check ElectronicVoting.
Belgian can get more information in french from VoteElectronique. or PourEva.
Trust me... never trust a computer or a computer expert for election result.
This is not enough. I want the source code of all the GPL code (modified or not) by Cisco. If they do only provide a patch to a well-known source code, this is not respecting the GPL. Of course since I do not have such a module, I can not complain... but aquiring one just to remind Cisco that they do not understand the GPL and are not respecting the rules would be fun... Cisco and the FSF already discussed some issue in other cards like NAM, IDS, ... At least they have less problem using Windows for running IP telephony solution, Microsoft is less regarding since they don't care about freedom much.
But 9 peaples can not verify a lot... and when they make advice to modify the existing system, they are not followed. Here is an analyse of the rapport of year 2000
My mother is not an expert... who should she trust to control the election?
Normal citizen lost control of the election process... it this a democracy?