This is not just about simple certification, it is primarily about
Previously we have worked hard to achieve the acceptance
of the principle of the need for paper ballot records. This is now an
equivalent challenge that ultimately leads to legislation to bring about
change. This is also not about replacing certification per say because
ultimately certification is attempting to achieve the same thing which
is trusted election results. Rather it is establishing two alternatives,
either certified systems that meet the current EAC VVSG, or
self-certifying systems that are inherently transparent and verifiable,
as being suitable for use in elections. Legislators and adminstrators
can then choose which is most suitable for their local jurisdictions
(aside: no prizes for guessing which OVC would prefer!).
How do self-certifying systems differ from the current systems that
require certification? Conceptually the principle is simple, to be
self-certifying a system must allow for the independent verification of
an election result by permitting a third party to use the same records
and the same software components to replicate the same numbers, totals,
and outcomes. However there are also important caveats to this to
ensure that the need to meet legal requirements for privacy particularly
are maintained. We have reached a point of maturity of understanding
where this can now all be quantified and detailed as a prelude to
legislative action next.
Defining a self-certify system therefore includes the following:
1) Uses COTS hardware components that are already ISO9001 and MILSPEC
(or equivalent) conformant. The principle here is that if the
equipment has already been tested to a significant measure of
hardware operational requirements and reliability testing,
there is no need to perform redundant testing because the equipment
is COTS and will be used without modification from as originally
approved and certified. This should include removable recording
devices such as CD-RW media. This should also include conformance
to exclusions, such as the VVSG ban on use of wireless communication
capable devices. The configuration and equipment specification list
should be made public by the supplier(s) so that the components
compliance claims may be independently verified.
2) Testing is not required for hardware components that are not used
physically for the software operation that is recording the votes,
e.g. packing boxes, privacy screens, tables, and so on.
3) Transparency of vote recording by using an accredited open public
standard specification such as OASIS Election Markup Language (EML)
that ensures all aspects of the officially recorded vote records,
totals and results are documented and known.
4) Performs polling place ballot totalling and then central tabulation
counting using COTS software that is broadly available (more than
100,000 certified license registrations), or is available as an
open public license with open source code from a public download
repository, and uses recording format specifications that are
publically available, e.g. office products such as Microsoft Excel or
Open Office spreadsheet software.
5) All digital artifacts used to perform the election counting and
results should be available in a compressed archive package format
(such as ZIP) that can be downloaded for independent verification
purposes. Setup and use instructions then allow a third party to
configure the equivalent COTS software as that used for the election
itself, to perform the same calculations on their own compatible
tabulation COTS hardware equipment.
6) The digital artifacts provided in 5) will exclude any artifacts that
are at the precinct level such as digital copies of paper ballots, such
as scanned images, that can compromise voter privacy. Also digital
ballot artifacts from the
precinct level will be recorded anonymously to preserve voter privacy
(such as avoiding time stamping) but may contain unique random ballot
numbering systems that ensure only approved cast ballots with
matching paper ballot records are being included.
7) A test package and instructions will be provided for public download
at least 30 days prior to the actual election start date to allow
those desiring to install and verify the configuration, and also
optionally follow results published live during the
election itself (although this is not a requirement, only an option).
8) Any custom software written to perform the actual ballot casting
process shall be open source and made available 90 days prior to
the election start date on a publicly accessible download site and
the link publicized from the election board web site. Open
source is defined as software written in a commonly understood
software language that is documented to the VVSG requirements for
software coding standards (e.g. not cryptic or
intentionally obfuscated source), along with instructions for its
compilation, dependencies and use.
9) The EAC would be arbiter in case of election boards using systems
that appeared to not meet self-certification and a public review
Now anyone using results from self-certifying systems will be able to
replicate the totals and tallying that was officially reported in
the election results.
Also the operation of the actual ballot casting software can be examined
Of course there is nothing to prevent certified systems providers also
publishing comparible results and making available software components
to allow independent verification. The track record of such vendors
has been the opposite however to date, and I think that speaks clearly
to the need to have self-certifying systems available.
I'm hoping members here can pick up the baton and carry this forward -
to refine as needed - with a view to actually getting this on the
statue for selected states.
Given the current economic woes, this could be a huge enabler to allow
election boards to replace expensive existing solutions with low cost
alternatives based on COTS components, saving citizens money and
creating local jobs at the same time - since current vendors are
often charging in annual maintenance alone what complete replacement
would cost with COTS!!
OVC-discuss mailing list
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Thu Apr 30 23:17:05 2009
This archive was generated by hypermail 2.1.8 : Thu Apr 30 2009 - 23:17:06 CDT