Re: Report on rejection of electronic voting proposal in Ireland

From: Arthur Keller <arthur_at_kellers_dot_org>
Date: Mon May 03 2004 - 15:41:22 CDT

At 10:02 AM -0700 5/3/04, Alan Dechert wrote:
>The part about "hardware and software" being "the precise versions that have
>been tested, approved and certified," is something we'll have to deal with.
>There may be a need for a more general description of hardware components,
>or some reliance on testing that COTS hardware normally undergoes. It may
>not be practical or particularly meaningful to have election equipment
>examiners testing every new version of every hardware device.

Although that was one of the reasons the Diebold TSx needed
certification; it was primarily a hardware change not merely a
software change, I understand. We ignore this issue at our peril. I
think at least initially, we'll need to have hardware partners and
standardize on some (new) hardware. Used equipment and generic
equipment switches will have to come later. In particular, this was
one of the sensitive issues that came up in our meeting with the
California Secretary of State's office. And we need to address it in
a conventional way. We need to pick and choose the battles we fight;
we cannot pick and choose the standardization process we follow.

The certification of the entire package is a meaningful concept that
attempts to deal with such issues as trojan firmware. Yet the
standardization testing should more than black box testing, but
rather should test the internal operations of the systems according
to internal specifications. That's along the lines of what financial
auditors do, and voting certification should be up to the same
standards.

Best regards,
Arthur

-- 
-------------------------------------------------------------------------------
Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Mon May 31 23:17:05 2004

This archive was generated by hypermail 2.1.8 : Mon May 31 2004 - 23:18:15 CDT