[Infowarrior] - More on... Americans Abroad Can Now Vote Online

[Richard Forno]

------ Forwarded Message
From: Rich K

On Tue, Jan 22, 2008 at 10:37:20AM -0500, Richard Forno wrote:

> From: Duane 
> 
> Has anyone reviewed the security of "Everyone Counts, Inc."?

In one regard, it doesn't matter how secure "Everyone Counts, Inc." is.

It matters how secure the systems being used to cast the votes are.  And
if they're running Windows, we know that they fall into two categories:

 1. Those that have already been compromised
 2. Those that are very likely going to be compromised

I won't rehash all over again the evidence which indicates that something
on the order of 10e8 systems out there are known-compromised.  (Vint Cerf,
for example, has estimated 2.5 X 10e8.)  Or why various asssesments
(including passive OS fingerprinting of spam-sending SMTP clients and
botnet-participating systems) indicate that -- with rare exceptions --
they're all running Windows.  Or why there is ample reason to conclude
that the number which are actually compromised greatly exceeds the number
which can be confirmed as compromised.

Instead, what I'll point out is that *nothing* a compromised system does
can be trusted.  Whether it's sending mail or casting a ballot, whatever
it does from the point it's compromised forward is done at the pleasure
of its new owner(s).  So even if we stipulated that Everyone Counts,
Inc. had impenetrable security,  the best of intentions, and bug-free
software, its tabulations are only as valid as the data provided to it --
and that data can't be trusted at all.