Re: Observations on the new VVSG Guidelines

From: Ron Crane <voting_at_lastland_dot_net>
Date: Fri Jul 22 2005 - 15:55:30 CDT
I think we ought to be more ambitious than that. We ought to push for the Guidelines to

1. Not just recognize, but positively encourage, the use of open source software, firmware, et al. The purpose is, of course, to obtain full public review of as much of every system as possible. Let's avoid conflating this with the notion of "free software" (i.e., software that those other than the developers may incorporate into their own products without limitation).

2. Require routine random hardware inspections, in which roving bands of inspectors seize a machine and determine what software, OS, firmware, etc. it's running -- tearing it to shreds if necessary. The Nevada Gaming Commission does this with electronic gaming machines. Do we value our votes as much as our gambling chips? This is, BTW, a great rhetorical point.

3. Require parallel testing in a statistically-significant set of randomly-selected precincts during every election.

4. Require *all* voting software, OS software, firmware, etc., to be inspected before it's deployed, no matter how "minor" the changes from previous versions. No software or data should flow from a vendor directly to a jurisdiction unless (a) it's been inspected, signed off, and given an appropriate digital signature; and (b) the jurisdiction has the appropriate tools to check its authenticity (not provided by the vendor) and does so.

5. Require someone other than the vendor or test lab to build the system's software and firmware from sources, using publicly-known build tools not provided by the vendor and determine whether the resulting software/firmware is identical to that submitted by the vendor. It's too easy to cheat by instrumenting a compiler or linker to add malware.

6. Require completely open testing and the publication of all test results.

7. Require at least VVPAT with random recounts, if not VVPB.

8. Outlaw wireless devices, period. And networked DREs, too -- because parallel testing can't be conducted on them without clueing them into the fact that they're being tested.

9. Require systems to be randomly assigned to test labs, rather than vendors choosing any lab they like. Require test labs to be paid by the EAC, not by vendors, to reduce conflicts of interest.


Alan Dechert wrote:
These are all good points, Dick.

The relevant urls are on the EAC website ( )

Here are the specific links:


Meeting in Pasadena on the 28th:

Our purpose is to get them changed to allow for and make specific reference to

1) Free software ("Public Software") in elections
2) Electronic Ballot Printer (EBP) architecture
3) Multi-use model for equipment used in voting (we don't yet know how strong we will be advocating multi-use, but the possibility should not be precluded by these guidelines).
4) In general, we want the system to be transparent.

We can also argue for no wireless, and OpenTest.

We should prepare a statement that can be read in 3 minutes.  Then we should provide specific comments on sections in the VVSG.

I guess we can submit comments on line (I notice that John Gideon has submitted quite a few).  We need to coordinate this activity.

One of us (probably me) should plan to attend the hearings on the 28th, read the statement, and hand them our comments (or perhaps a summary of them pointing to what we've submitted online).

Alan D.

Hi Ron!

The link to the Guidelines (so called) would be helpful, as would an
organized means of delivering a response.  What is the purpose of
the response, other than self-expression?  My opinion is that a
response might be an important resource for friendly press and
politicians.  Notice that the unfriendlies of both varieties are
numerous and active.

Also--you might want to join a group and circulate your comments
among them for review.  The purpose of the comments is key; at
least some press and polititians care about truth, and we might want to
organize our comments towards persuading the persuadable.


-- Dick

OVC discuss mailing lists
Send requests to subscribe or unsubscribe to

OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Sun Jul 31 23:17:19 2005

This archive was generated by hypermail 2.1.8 : Thu Sep 15 2005 - 11:43:09 CDT