Re: Draft Proposal Concept for California Secretary of State -- Feedback Wanted

From: Edward Cherlin <cherlin_at_pacbell_dot_net>
Date: Tue May 10 2005 - 11:57:47 CDT

On Tuesday 10 May 2005 04:44, Arthur Keller wrote:
> Dear Friends,
> Here is the current draft of the proposal concept (white
> paper) to the California Secretary of State. Your immediate
> comments are requested, as this document will be submitted to
> the California Voting Systems and Procedures Panel on
> Wednesday, May 11 (or Thursday, May 12 at the latest) for
> presentation at the VSPP meeting on May 19. We plan to submit
> a full proposal (given SoS interest) around June 1.

The Problem
Why are current products inadequate?
The practice of treating voting system software as trade secrets
is described by computer professionals as “security through
obscurity”, in contrast with improving security through Open
Source review, which allows testing by any interested party. The
history of proprietary security products is replete with design
and implementation failures, including the use of easily-cracked
encryption and authentication algorithms, while Open Source
review has removed numerous faulty techniques from
consideration, and allowed vendors to concentrate their efforts
on much better ones. This process of shared public review also
saves vendors and their customers time and money. The same
problem with security through obscurity has been observed in the
voting system programs that have for one reason or another been
subject to public or even restricted review by outside experts.

Existing tabulation systems are vendor-specific. They cannot
accept data from voting systems from other vendors. This makes
it impossible for voting officials to look for a better deal by
mixing and matching equipment, and also makes it impossible to
use equipment from different vendors to check up on each other.

UCCS addresses the flaws and inadequacies of existing systems.
{Here is a paragraph that talks about how UCCS will address the
flaws and inadequacies of existing systems, once the section on
that is written. Here is where we should highlight the web-based
reporting component. We probably will talk about auditability,
non-defeatable security, and the fact that we will use
relational databases that support full audit trail of and full
security for all elements, including applications. We may want
to hint that we are in discussion with industrial partners in
this area.}{Don't forget to mention the journalling capabilities
of the DBMS, which provide a further link in the chain of
custody and increase the reliability of the system.}

> Note that while this is a proposal to the California Secretary
> of State, and so the effort is California-centric, I am sure
> that the OVC is happy to work with other states contingent on
> local funding availability. The software and hardware
> reference platforms developed by UCSC will be adaptable to
> satisfy any specific requirements of other states, but UCSC
> cannot do that with funding from the California Secretary of
> State.
> Best regards,
> Arthur

Edward Cherlin
Generalist & activist--Linux, languages, literacy and more
"A knot! Oh, do let me help to undo it!"
--Alice in Wonderland
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Tue May 31 23:17:30 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT