|
IMHO.
A little background on me, I have been a "systems level" programmer since the late 60s. I have worked on everything from embedded computers in ticket scanners to large IBM mainframe computer. I have wrote software that ran at the lowest level in an IBM mainframe.
A little background on funny things operating systems do. I have made this as simple for the non-computer types as I can. I will pick IBM as an example. From the early 70s to the mid 90s IBMs main operating system for their mainframes was called MVS (it is still used but IBM has changed it's name). All computers run in one of two modes, supervisor state, or application state. In supervisor state your program can do things that programs running in application state can not do. (Windows blue screens, if a program in application state gets a program fault you get a nice pop-up, BUT when you see a Windows blue screen, that means the program was, probably, running in supervisor state).
IBM programmers wanted to pop into supervisor state on the fly in their normal application state programs. So they had a stealth method for doing this. There are many systems calls a program can call, for now lets talk about the time-of-day system call. So IBM did some funny things with the time-of-day system call. IF you loaded a secret value into one of the computer registers, not only would you get the time of day return to you but your program would be running in supervisor state. If you looked at the application program, nothing looked strange, just a "normal" call to time-of-day. And because most people could not see the code for the Operating System from IBM, this method was really used for many many years.
What does this have to with Touchscreen Fraud. Well there is a major push to get the code for Touchscreen software to be "Open Source". This is a RED HERRING Even if the TS code is release and reviewed, IMHO nobody will find the fraud because it will be done in the non-reviewed operating system.
Let's pick the famous voting machine company Acme (beep-beep) Voting Machines. Well Acme picked for their operating system for their Touchscreen product the Linux Operating System. You can get Linux source code and compile it yourselves but 99.99% of the people get a pre-compiled version from somebody like Red Hat. But if you go to the Red Hat site, you can get the source for most of their Linux code. And if you wished to, you could re-compile a module yourself.
How TS Fraud could happen at the Operating System Level
OK some very simple code examples.
First a voter record with three fields 1) One character for a vote for Bush. 2) One character for a vote for Kerry. 3) One 36 character field to hold the time of day.
Second in the TS software we have some code that looks like
move -1 to hold_time_of_day.
{10-20 statements }
Remark - go get the time of day for this voter. call time_of_day with hold_time_of_day. . . record vote......
If a outside company reviewed the TS code, there would not be anything to point to voter fraud. Why because the votes were changed in the time_of_day function.
Acme had change the Red Hat Linux time_of_day function to do something funny if the hold_time_of_day field was -1. It would change every 10th vote for Kerry to a vote for Bush.
I have made this as simple as I could. In the real world this would be a lot more code in the application program and the voter record have a ton more fields, but you get the idea.
The "Open Source" Red Herring
The Linux Operating system with all it's window managers, something called OpenGL for drawing pretty pictures on screens etc is on the order of over a couple million lines of code. The Touchscreen app from Acme is probably on the order of 50,000 lines of code. So when Mr. Nice Guy Acme turns over the source for the Touchscreen app to an independent reviewer to compile and test, everything will work great and no fraud found. WHY because the reviewers are not looking at all the source for, in this case, Red Hat's Linux.
In this simple example, Acme Voting machine programmers had changed less than a 100 lines of code out of a couple million from Red Hat and only ONE module. They had two versions of a "common" Linux module. One that committed voter fraud and one that didn't. The two could be made to be the same size, same date, and same CRC (geek method that tries to come up with a unique number for a module, but can be fudged around).
Please do not fall into the trap of thinking if you can review the source code the product is "safe" from voter fraud. That is only a Red Herring IMHO.
|