Re: Security notes, and can we set a meeting with Bev Harris?

From: Arthur Keller <voting_at_kellers_dot_org>
Date: Thu Apr 14 2005 - 18:31:50 CDT

Great. I'll be happy to set up a teleconference at a mutually agreeable time.

Best regards,
Arthur

At 3:24 PM -0700 4/14/05, Jim March wrote:
>Bev would like to set up a meeting involving herself, me and the top
>five or six or so programmers/designers of the OVC product. What
>she'd like to accomplish is to get a series of "reports from the
>field" into your hands and iron out how those affect security
>issues. With any luck we can resolve any possible differences and
>achieve a closer tactical union.
>
>Right now BBV is talking mostly about problems (with existing
>systems). We (speaking as a member of the board of BBV) realize the
>need to talk about solutions too and we hope such a meet will help
>foster more "solutions" discussion that BBV can officially get
>involved in.
>
>------------
>
>As one example of where we're going:
>
>It's a little-known fact that at least in California, voting system
>*vendors* (and designers) have the ability to draft "election law"
>as it concerns their systems. That's because California certifies
>both systems and *procedures* at the "Voting Systems and Procedures
>Panel" (VSPP) meetings.
>
>The "procedures manual" created by the vendor and approved by the
>SecState's office becomes "force of law", esp. with the greater
>control over security issues given to the SecState with last year's
>SB1376.
>
>This has all kinds of opportunities in it. One obvious possibility
>is to specify which "records" (paper or electronic) created by or
>maintained by the OVC system are releasable to the public without
>causing any security problems. The paper ballots are just one,
>we've also got electronic audit logs in each machine, etc. Probably
>five or six different records. By certifying that they don't
>constitute a security threat to release, OVC would make it MUCH
>harder for county elections agencies to withhold those records from
>the public under a nebulous "security" boilerplate as most are doing
>now with Diebold, ES&S, Sequoia, etc.
>
>Only people doing "field research" and filing Public Records Act
>Requests (as Bev Harris is doing) would realize the potential
>benefit in doing this in the procedures manual. There's one hell of
>a lot more Bev has for y'all from the same source (real world
>experience!) and I hope we can find a way to tap that as soon as
>possible.
>
>Jim March
>_______________________________________________
>OVC discuss mailing lists
>Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org

-- 
-------------------------------------------------------------------------------
Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424
_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Sat Apr 30 23:17:07 2005

This archive was generated by hypermail 2.1.8 : Sat Apr 30 2005 - 23:17:22 CDT