[hcs-d] uc election result testimony

Kevin Lee kevlee at fas.harvard.edu
Mon Nov 23 16:53:54 EST 2009


Hey guys,

I believe that we'd need to have a pretty good understanding of the system
in order to answer those questions. Who would be a good contact that could
either get us (read-only) access to the scripts or explain it?

Kevin

On Mon, Nov 23, 2009 at 4:49 PM, Andrea R. Flores
<arflores at fas.harvard.edu>wrote:

> Hello HCS,
> Here are some questions!
>
> 1) How complicated and technical would it be to go into the tabulation
> system and actually "change" voting outcomes? And is there any way to track
> that?
> 2) Brad explained to the election commission that anyone who had access to
> the UC website, could have access to the voting software. If there is a
> separate voting website, how does this work?
> 3) What did Brad do when he put in a security system? How vulnerable would
> the software have been before that?
>
> Those are some starting questions. Basically the UC is 100% ignorant about
> how our software and voting websites work, and only Brad and Eric Hysen (the
> vice-presidential candidate) truly understand that. If you could do a
> presentation that would be fantastic, slides, and all information would be
> incredibly helpful. Because this is so much of a political debate, to have
> concrete evidence that explains how unlikely vote tampering would be is most
> important. Unless of course it is likely, and then I guess we need to know
> that as well.
>
> Thank you so much for helping out. All of you are helping the UC through a
> very difficult time, and I look forward to meeting all of you tonight. If
> you would like to come early at 7:15, you can set up any presentation you
> might need.
>
> Sincerely,
> Andrea Flores
>
>
> On Mon, Nov 23, 2009 at 4:01 PM, Greg Brockman <brockman at hcs.harvard.edu>wrote:
>
>> Yes, I believe your model is correct.  Anyway, I'd be willing to show
>> up to the meeting tonight, but if we're going to be useful, we indeed
>> would need specific questions ahead of time, as well as actual access
>> to the application... everything else is just speculation.
>>
>> Greg
>>
>> On Mon, Nov 23, 2009 at 3:50 PM, Joshua Kroll <kroll at cs.princeton.edu>
>> wrote:
>> > I think the voting software is a fixed and immutable thing
>> > administered by FAS IT. Brad my have access to an administrative mode,
>> > but not to the application itself. If you like, FAS IT here is a
>> > "trusted third party" that mediates away all of the esoteric evils we
>> > might otherwise attribute to the ghost in the (voting) machine (with
>> > apologies to Adam Gold).
>> >
>> > But this is based half on my faulty memory, half on poorly-informed
>> > guesswork, and is subject to revision if someone can find out about
>> > how the voting system works.
>> >
>> > Of course, as a graduate student in computer security in a lab that
>> > has dealt heavily with voting, I'm pretty sure that trouble is going
>> > to be unavoidable, and some sort of political solution will ultimately
>> > be necessary. That said, it's probably likely that you'll find here
>> > that the obvious attacks are well defended against, but that's at
>> > least in part by chance.
>> >
>> > Josh
>> >
>> > On Mon, Nov 23, 2009 at 3:33 PM, Kevin Lee <kevlee at fas.harvard.edu>
>> wrote:
>> >> But if we're concerned with Brad tampering with the votes, then we're
>> in
>> >> trouble anyways. Wouldn't he be able to modify the application itself?
>> Or do
>> >> any number of things that we might not be able to think of and check.
>> >> But agreed, I think we need a better understanding of the system.
>> >>
>> >> Kevin
>> >>
>> >> On Mon, Nov 23, 2009 at 3:31 PM, Joshua Kroll <kroll at cs.princeton.edu>
>> >> wrote:
>> >>>
>> >>> That, unfortunately, might help Brad determine if there was tampering,
>> >>> but it doesn't help convince the UC that Brad isn't tampering with the
>> >>> votes, which is what the goal is here.
>> >>>
>> >>> I agree with Aneesh that knowing what the UC wants answers to will
>> >>> help you build a strong presentation. I'd even consider making slides,
>> >>> but perhaps not more than 3, if the UC can support such a thing at
>> >>> their meeting. I do think that points #2 and #3 are quite reasonable
>> >>> concerns and that point #4 is pretty much obviously given if you cede
>> >>> #2 or #3, so it's not wise to argue on that point.
>> >>>
>> >>> That said, there's a lot of unnecessary speculation about things. It
>> >>> would be nice if someone in HCS could get access to detailed system
>> >>> schematics so that people could say what the relevant attack vectors
>> >>> are and whether there's sufficient auditing in-place to detect the
>> >>> kinds of tampering that are suspected here.
>> >>>
>> >>> Josh
>> >>>
>> >>> On Mon, Nov 23, 2009 at 3:23 PM, Kevin Lee <kevlee at fas.harvard.edu>
>> wrote:
>> >>> > Additionally, I believe that the system that Brad set up to validate
>> the
>> >>> > results logged each database query into his personal FAS account. My
>> >>> > understanding was that this was done from the actual voting
>> application,
>> >>> > so
>> >>> > even if the MySQL database was completely compromised, the actual
>> votes
>> >>> > (after Tuesday) could be reconstructed from the logs in Brad's
>> account.
>> >>> > Brad, please correct me if I'm wrong.
>> >>> > Kevin
>> >>> >
>> >>> > On Mon, Nov 23, 2009 at 3:15 PM, Joshua Kroll <
>> kroll at cs.princeton.edu>
>> >>> > wrote:
>> >>> >>
>> >>> >> Did they use our voting system? I thought they use their own, which
>> is
>> >>> >> administered by FAS IT?
>> >>> >>
>> >>> >> I think a more compelling case could be made by reading the MySQL
>> >>> >> logs. Presumably nobody had root-level access to the relevant
>> machine,
>> >>> >> so as long as the logs are OK, they can be reviewed for tampering.
>> In
>> >>> >> fact, you might argue that HCS should administer a kind of open
>> >>> >> review, or recount.
>> >>> >>
>> >>> >> I think it would be best if this recount consisted of video of a
>> bunch
>> >>> >> of people sitting at a table, holding up printouts of the MySQL
>> logs
>> >>> >> to the light to see if they've been dimpled.
>> >>> >>
>> >>> >> Josh
>> >>> >>
>> >>> >> On Mon, Nov 23, 2009 at 3:07 PM, Kevin Lee <kevlee at fas.harvard.edu
>> >
>> >>> >> wrote:
>> >>> >> > Hi,
>> >>> >> > I'd be somewhat interested in attending this and helping out.
>> I've
>> >>> >> > pretty
>> >>> >> > interested in computer security, and delving into a security
>> breach
>> >>> >> > investigation sounds like fun.
>> >>> >> > Based on the UC minutes that were just sent out, I don't think
>> point
>> >>> >> > 2
>> >>> >> > is
>> >>> >> > completely accurate. There was access to certain portions of the
>> >>> >> > system,
>> >>> >> > but
>> >>> >> > purportedly this was isolated from the voting application.
>> >>> >> > Kevin
>> >>> >> >
>> >>> >> > On Mon, Nov 23, 2009 at 2:58 PM, Jeremy Hoon
>> >>> >> > <jeremy.d.hoon at gmail.com>
>> >>> >> > wrote:
>> >>> >> >>
>> >>> >> >> Hello HCS,
>> >>> >> >>
>> >>> >> >> I was just asked by Andrea Flores, the current UC president, if
>> a
>> >>> >> >> few
>> >>> >> >> of
>> >>> >> >> us could stop by a UC meeting tonight to discuss the tech issues
>> >>> >> >> surrounding
>> >>> >> >> the election debacle. I think we can agree that vote tampering
>> is
>> >>> >> >> unlikely
>> >>> >> >> for the following reasons:
>> >>> >> >>
>> >>> >> >> - Brad verified the results (unfortunately it appears that for
>> >>> >> >> political
>> >>> >> >> reasons this rationale is not being accepted by certain
>> parties).
>> >>> >> >> - Candidates did not have access to the voting application.
>> >>> >> >> - It would have been very difficult to hack the voting
>> application.
>> >>> >> >> - The final vote total was very close. It seems unlikely that an
>> >>> >> >> attacker
>> >>> >> >> could have manipulated the votes with the precision necessary to
>> >>> >> >> achieve
>> >>> >> >> only a slim margin of victory.
>> >>> >> >>
>> >>> >> >> It might make sense to discuss the voting software
>> implementation
>> >>> >> >> on-list
>> >>> >> >> beforehand. Does anyone know if/where it lives in SVN?
>> >>> >> >>
>> >>> >> >> Brad, I assume you are on this list (if not, could someone
>> please
>> >>> >> >> forward
>> >>> >> >> him this message). You are obviously the number one authority on
>> >>> >> >> this
>> >>> >> >> subject, and your input would be invaluable.
>> >>> >> >>
>> >>> >> >> The meeting is tonight at 7:30 in Sever 113. Please respond
>> on-list
>> >>> >> >> if
>> >>> >> >> you
>> >>> >> >> plan to attend. A group of 2-3 people would be ideal.
>> >>> >> >>
>> >>> >> >> Jeremy
>> >>> >> >>
>> >>> >> >> _______________________________________________
>> >>> >> >> hcs-discuss mailing list
>> >>> >> >> hcs-discuss at lists.hcs.harvard.edu
>> >>> >> >> http://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
>> >>> >> >>
>> >>> >> >
>> >>> >> >
>> >>> >> > _______________________________________________
>> >>> >> > hcs-discuss mailing list
>> >>> >> > hcs-discuss at lists.hcs.harvard.edu
>> >>> >> > http://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
>> >>> >> >
>> >>> >> >
>> >>> >
>> >>> >
>> >>
>> >>
>> > _______________________________________________
>> > hcs-discuss mailing list
>> > hcs-discuss at lists.hcs.harvard.edu
>> > http://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
>> >
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hcs.harvard.edu/pipermail/hcs-discuss/attachments/20091123/3ce5850b/attachment-0001.htm 


More information about the hcs-discuss mailing list