Re: Ballot Reconciliation Procedure

From: Lou Montulli <lou_at_montulli_dot_org>
Date: Mon Dec 01 2003 - 11:34:56 CST

Alan Dechert wrote:

>About 3 years ago, I came up with a procedure that deals with how to ensure
>that the physical paper ballots have one and only one matching electronic
>record. It is a key part of the whole idea. I have described it in various
>places and various times. I didn't think it needed to be part of this demo
>project but since questions keep coming up over and over about how this is
>done, I want to include it now. The demo WILL include a demonstration of
>the ballot reconciliation procedure. Now that we will be taking a little
>more time to get the demo ready, it should not be difficult to include this
>piece of the puzzle.
>
>This is not, of course, proposed as "all we need in terms of ballot
>security" but it is an important part of how we ensure one person one vote
>and one matching xml file for tabulation (previous descriptions of this
>procedure may have referred to records or rows in a table... now we're
>talking about an XML file for each ballot instead).
>
>******
>The voting machines will be booted from a CD that contains the OS, voting
>machine software, and ballot data. When the polls close, the ballot images
>are written to the CD during the voting machine shut down procedure. Each
>ballot image will be one XML file named like
>
>20041104-MA-Franklin-0740-4210.xml
>(electiondate-state-county-precinct-ballotID)
>
>
>
Alan,

In order to survive power outages and system crashes, you will need to
save the ballots as they are cast. I think the security of the machines
would be much easier to verify if they didn't have hard drives at all,
so what about using external flash memory writers. A USB flash memory
reader costs around $10 and the flash cards could be pre-verified and
inserted on the day of the election. You could then remove the flash
cards, flip the write protect and cover it with a tamper proof seal and
send them to the election center. The flash writers themselves could
be physically secured by routing all the cables into a locked box. In
the future, if you wanted to get fancy you could get write once flash
cards that allow data to be written and read but not modified.

:lou
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Wed Dec 31 23:17:03 2003

This archive was generated by hypermail 2.1.8 : Wed Dec 31 2003 - 23:17:18 CST