Re: Help with Computer-as-Ballot-Marking-Device Threat Analysis

From: Ron Crane <voting_at_lastland_dot_net>
Date: Wed Jun 15 2005 - 16:28:35 CDT


I will be contributing something like this to the A3 report. The first
draft is actually due today, so your request is timely. I'll send you a
copy later this afternoon. Bear in mind that it's only a draft and
will, no doubt, be changed beyond recognition before it makes its way
into the final A3 report. ;-)


On Jun 15, 2005, at 2:06 PM, laird popkin wrote:

> A friend working at the Brennan Center (i.e. Good Guys) is working on
> compiling a threat analysis of various voting systems, including
> Computer-as-Ballot-Marking-Device (i.e. OVC's approach). It would be
> great if we could help them out on this front. It's a great thing to
> help people make informed decisions about voting systems, and of
> course the more people know about OVC and our approach, the better.
> -----
> Hi Laird,
> Eric and Annie (Brennan Center) here. Could you please post on
> relevant
> listservs for us, especially OVC lists, so we can find someone to help
> us with the threat analysis. Thanks for your help,
> Annie
> -----
> The Brennan Center is currently engaged in a Voting Technology
> Assessment Project, culminating in a published report, which will aim
> to
> evaluate the technologies available in 2006 along three main measures:
> security, accessibility, and cost effectiveness. The intended audience
> of the report will be elections officials, legislators, advocates,
> vendors, and the general public. The Brennan Center's work is likely
> to
> also be used to advise such organizations as NIST and the Election
> Assistance Commission.
> On the security front, we have been developing "attack catalogs" that
> list the possible intentional interferences associated with each voting
> system. We have drafted catalogs for DRE, DRE v/ VVPT, and PCOS
> (Precinct-Count-Optical-Scan). For each attack, we have attempted to
> quantify the threatóby measuring "cost" of the attack (in terms of the
> number of attackers needed, for example), likelihood, and possible
> countermeasuresóa quantification that will be vetted and refined as the
> Project progresses. Generally our perspective is that the strength of
> the technology should be determined by the difficulty of the least
> difficult attack. As such, getting the attack catalogs correct is
> critical to our efforts.
> We are in need of assistance in identifying possible attacks of a
> Computer-as-Ballot-Marking-Device (BMD) system from someone who is
> familiar with its strengths and weaknesses. We have some important
> deliverables on the 28th and would like to have added a first draft
> attack catalog for BMD by then. Even if you only have time to spend a
> few hours with us on the phone, that could be key to our success.
> Thanks very much for your interest. Please reply to
> _______________________________________________
> OVC discuss mailing lists
> Send requests to subscribe or unsubscribe to

OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Thu Jun 30 23:17:08 2005

This archive was generated by hypermail 2.1.8 : Thu Jun 30 2005 - 23:17:11 CDT