From: Charlie Strauss <cems_at_earthlink_dot_net>
Date: Mon Jun 13 2005 - 09:12:19 CDT

Other interesting items.
1) call of interoperability specifically notes this can be
established by either using open source data base standards or COTS
2) "parallel testing" is not specifically called for but does show op
as one of 7 other (very very weak) methods for building confidence in
the voting system
3) the section on testing (like in ITA type tests, though they have a
new name for it) focuses soley on nominal functional behaviour. it
seems to say (it's a tad hard to read so i might be mistaken) that it
makes no pretense of actual reliability testing. The section is also
written in such a different jargon style than the rest of the
document one could easily be led to think it was perhaps simply cut
and pasted from the contract for deliverables some existing ITA must
be offering their customers.

The "split" process architecture referred to below is simply defined
as a system that physically separates the vote selection machine from
the vote verification machine with the communication encapsulated in
a token carried by the voter. Obviously the vvpat/barcoded OVC
ballot serves this role. However this would allow non-human readable
token's as well. IN the non-human readable case one would think,
though it's not explicitly stated and thus presumably left open, that
the verification part would be mandatory to the voting process. Also
it would seem that such a process would be pointless without a ballot
reconciliation procedure. None is stated.

I think that this glaring lack of key elements, reconciliation, human
readability or manadatory verification, provides some excellent
talking points for OVC to distinguish it's process.

regarding the other items. I note there is a relatively new vendor
(democracy systems I think they were called) that sells a video cable
witnessing hardware unit that appears to intercept video signals and
records them. These witness boxes are then collected and centrally
processed to reconstruct any ballot. One nice feature of such a
system is that it implicitly lets the dynamics of the user voting
process to be watched too. (I guess one could argue that this also
could open weakly threaten ballot secrecy (e.g. somewhat far fetched,
but Bruno the enforcer says I want you to write in "XYZPDQ" then
erase it then actually vote for Fred Derf.))

On Jun 13, 2005, at 4:43 AM, Charlie Strauss wrote:

> there's a lot in the draft document
> (2nd to last link at:
> MeetingMaterialsApr20.html )
> a couple of relevant comments:
> 1) calls for vote order randomization (sorry paper tapes).
> 2) calls for independent vote verification system.
> 3) calls for human factors studies to assess accessibility.
> Notably the guidlines do not dictate VVPAT but instead they list
> four illustrative examples of how one might achieve an independent
> vote verification system of which VVPAT is but one example: (see
> page 100)
>  voting systems with a split process architecture,
>  end-to-end voting systems that include cryptographic audit
> schemes,
>  witness voting systems that take a picture of or otherwise
> capture an indirect verification of
> ballot choices,
>  direct independent verification, including some types of voting
> systems that produce an
> optically scanned ballot or that produce a voter-verified paper
> audit trail (VVPAT).
> _______________________________________________
> OVC discuss mailing lists
> Send requests to subscribe or unsubscribe to

OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Thu Jun 30 23:17:06 2005

This archive was generated by hypermail 2.1.8 : Thu Jun 30 2005 - 23:17:11 CDT