[gs-devel] Urgent Ghostscript query involving election software!

Ken Sharp ken.sharp at artifex.com
Thu Nov 8 08:27:26 PST 2007

Hi Jim,

At 23:51 07/11/2007 -0700, Jim March wrote:
>Folks, this is a very important query, only slightly off-topic and I
>hope you can forgive that due to urgency.

I've just got in after a trans-atlantic flight, so please excuse any 
fuzziness. I'm answering this now to give you some feedback as quickly as 
possible. You should definitely not take any direct action based on the 
opinions below, these are purely for your consideration, in the hope they 
may help you to deciding where to go next.

I'm sure one of the US support team will be in touch.

Unfortunately you were unlucky enough to pick a staff meeting day to raise 
this, so everyone was in meetings or travelling.

>software to control ballot layouts for elections in many US
>jurisdictions.  (Sidenote: is that a GPL problem?)

One for the lawyers :-) Ray, would you make sure Miles is aware of this ?

>C:\Program Files\gs\gs8.54\Resource\CMap

Slight nit-pick, these aren't fonts, they are CMap resources. They are in 
essence a look up table that allows you to find the right glyph program in 
the font file, when given a large opaque number. This doesn't really affect 
your questions though.

>16th.  Prior to 5/10/06 a "logic and accuracy" test was run to ensure
>(at least theoretically) that the election system was basically
>running right.  From that point forward, data could be entered into
>the system but the code base was supposed to be frozen.
>Yet here we have changes to GS on 5/11/07.  Worse, the official day's
>proceedings didn't get started until 9:56am according to the audit
>logs.  So we end up with questions:
>* What was somebody doing in there at 7:23am, before the party
>observers showed up?

Good question, but not one for us surely ? Physical access to the machines 
should be secured I would have thought ? Was the clock correct on the 
machine(s) in question ?

Have you quoted these dates correctly, and are you sure there is a problem 
? The dates you quote in your mail are from *2006*, not 2007. Its entirely 
possible that someone in the development team modified those files a year ago.

Is there any other reason for treating these files as suspicious ?

NB, the GS development team is scattered around the world, a very early 
time in the US can easily be middle or end of the day in Europe. 7:23 am is 
not an unlikely time.

>* What action on the part of the user would trigger these font installs?

In the general case, the user would have to manually copy the files. Note, 
however, that Ghostscript is an open-source application. It is possible 
that the manufacturer has themselves modified Ghostscript, or added a 
'phone home' feature looking for updates.

Ghostscript will not update itself as it is normally shipped, but we can't 
answer for the wider system, or for any changes made by the manufacturer.

>* Would the fonts have come in over an Internet connection, in which
>case what the hell was this thing doing being so connected at all?
>Trust me: it's supposed to be standalone.

Sorry, can't answer this one either. To re-iterate, the standard 
Ghostscript will not (unlike for example Acrobat) search for and install 
updates. It is possible for the manufacturer to have added such functionality.

THese questions should probably be directed to the manufacturer (Diebold I 
think you said).

>* Since GS is used to prepare ballot layouts, what was somebody doing
>fooling around with ballot layouts post-Logic & Accuracy test?
>*  Is it possible that somebody brought data in from home (or some
>other system) to be loaded into or touched by Ghostscript, and the
>"alien system" had Japanese fonts in it, which triggered loading
>Japanese fonts on the official ballot tabulator station on 5/11/06?
>What I'm getting at is, where could these files have come from, what
>could have triggered their installation, and is this a trace evidence
>of election tampering?

Its evidence of something having changed, certainly. While it is almost 
certainly benign *I* wouldn't be happy about it.

As I've said above, I think you need to take this up with the supplier if 
you are sure there have been file changes. The standard Ghostscript 
installation will not update itself, there is no mechanism for us to ship 
updates like that. In fact we would probably have howls of protest from our 
customers if we did.

This does not mean that the implementation supplied by the manufacturer is 
a standard Ghostscript install, though given the secretive nature of 
Diebold regarding their source code , and the fact that GS is licenced 
under GPL, they probably are breaking the licence if they are not shipping 
a standard installation.

Note also that the underlying Operating System may check with its supplier 
for updates, and update Ghostscript manually.

I hope that helps, the regular team should be coming on line for the day 
shortly, and will hopefully be able to help you further,


         Ken Sharp

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TASK: Shoot yourself in the foot.
dBase. You buy a gun. Bullets are only available from another company 
and promised to work so you buy them. Then you find out that the next 
version of the gun is the one that is scheduled to actually shoot bullets.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

More information about the gs-devel mailing list