Security notes, and can we set a meeting with Bev Harris?

From: Jim March <jmarch_at_prodigy_dot_net>
Date: Thu Apr 14 2005 - 17:24:11 CDT

Bev would like to set up a meeting involving herself, me and the top
five or six or so programmers/designers of the OVC product. What she'd
like to accomplish is to get a series of "reports from the field" into
your hands and iron out how those affect security issues. With any luck
we can resolve any possible differences and achieve a closer tactical union.

Right now BBV is talking mostly about problems (with existing systems).
We (speaking as a member of the board of BBV) realize the need to talk
about solutions too and we hope such a meet will help foster more
"solutions" discussion that BBV can officially get involved in.


As one example of where we're going:

It's a little-known fact that at least in California, voting system
*vendors* (and designers) have the ability to draft "election law" as it
concerns their systems. That's because California certifies both
systems and *procedures* at the "Voting Systems and Procedures Panel"
(VSPP) meetings.

The "procedures manual" created by the vendor and approved by the
SecState's office becomes "force of law", esp. with the greater control
over security issues given to the SecState with last year's SB1376.

This has all kinds of opportunities in it. One obvious possibility is
to specify which "records" (paper or electronic) created by or
maintained by the OVC system are releasable to the public without
causing any security problems. The paper ballots are just one, we've
also got electronic audit logs in each machine, etc. Probably five or
six different records. By certifying that they don't constitute a
security threat to release, OVC would make it MUCH harder for county
elections agencies to withhold those records from the public under a
nebulous "security" boilerplate as most are doing now with Diebold,
ES&S, Sequoia, etc.

Only people doing "field research" and filing Public Records Act
Requests (as Bev Harris is doing) would realize the potential benefit in
doing this in the procedures manual. There's one hell of a lot more Bev
has for y'all from the same source (real world experience!) and I hope
we can find a way to tap that as soon as possible.

Jim March
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Sat Apr 30 23:17:06 2005

This archive was generated by hypermail 2.1.8 : Sat Apr 30 2005 - 23:17:22 CDT