Re: My issues for DEC 6 workshop on VVSG

From: Richard C. Johnson <dick_at_iwwco_dot_com>
Date: Mon Nov 26 2007 - 14:25:13 CST

Hi Alan!

My comments are in bold below:

Alan Dechert <> wrote: I'm one of several people on this list invited to this workshop (Lillie
Coney and Arthur Keller also).

I'm on the advisory board and will be a panelist. My presentation will be
pretty short (about 10 minutes probably) but there will be time for Q&A.
And, I can help shape the event. I expect the panelists and audience will
be pretty receptive, but opposing viewpoints will certainly be expressed.

I'm taking a pretty high-level approach. I welcome your input on this list
of things to talk about. Please write to the list or get in touch with me
off-list if you prefer.

Open Standard
- What is an open standard?
- To what extent is the VVSG an open standard?
- Should the VVSG promulgate an open standard?
Note: to the extent that the several states may elect to require the "guidelines," they become more of a standard than guidelines.

"Voting System" v. Voting Equipment
- The VVSG appears to deal with equipment, not whole systems
VVSG strains to include all existing equipment of whatever nature provided by existing major vendors so that none of them, however obsolete, will be discomfited. Ideally, it should focus on voting systems.
- Bowen's top-to-bottom review is about equipment; vendors say it's too
narrowly about equipment This is the vendors' cavil about the security missing in the equipment needing to be found in election procedures. One could argue that entire voting systems (not just procedures or machines) need review.
- Assuming the VVSG is really about equipment, to what extent must it
consider the voting system Without addressing the voting system, VVSG is unable to encompass all an interconnected set of machines, procedures, rules, and voting environments. VVSG needs to be re-written from a systems point of view.
- Auditability is part of the system and cannot be completely separate from
the equipment Got that right. If not for auditability, we are stuck with deus ex machina, with strange figures in black robes announcing who won the election.

Open Technology
- How is "open technology" different from "open standard" Both are non-proprietary, available to anyone, open to experimentation and understanding. Open Technology, however, may not be universally welcomed by proprietary vendors who, even so, are able to agree on a standard where it provides advantages to them. Competition from Open Technology threatens the proprietary basis of an industry and makes for much more competition and a lower barrier to entry into the market.
- Almost all the independent experts want the technology to be open And almost all the voting system vendors want it proprietary. Reasons are fairly obvious. Open means competition on the basis of service rather than sell and run; you actually must satisfy the customer. The voting system oligopoly would prefer to tout their technology (Best in the West, By Far!!!!) and rely on salesmanship and lobbying to win business. Converting to Open changes business plans and is very scary.
- Would voting system quality, trustworthiness, and security be enhanced by
open technology? It might, if the overall design is well done. Nothing at all can be accomplished unless the Certifcation and test cost problem is solved.
- Why does industry promote the notion of security by obscurity? SbyO fits the common sense notion of hiding something and is easy to sell. It fits well into a system of secrets held by those with privilege and those in the know. (Trust us!) Hiding in plain sight is harder to sell for the same reasons. Unfortunately, secrets can be discovered and if secrecy is the only basis of security, we are doomed. Security should be designed into the product in ways that do not rely on secrets. This is like the difference between a secret password and an Open eye scan. (Pun intended).
- To what extent does the VVSG endorse the industry view? VVSG, as presently drafted, IS the industry view.

- "Counting ballots" and "recounting ballots" are basic concepts that must
be comprehensible to the public The public knows about counting votes and does not really understand the difference between "votes" and the ballot as a document.
- What definition of "ballot" is used by the VVSG? Almost none. It is not in the present glossary. It talks about CVR (cast vote record) as equivalent to a ballot summary, but it does not address the two other aspects of a legal (in many states) ballot: (1) a defined order in which choices are presented to the voter and (2) the choices themselves.

There is also a big difference between a vote among 12 candidates for The Decider and a vote for The Decider when The Decider has decided that only The Decider should appear on the ballot as a choice for the voter. The former is a contested election and the latter is not. The ballot summary, however, is the same for both.

Proliferation of Systems
- To what extent is proliferation a problem?
- Is the VVSG neutral on system proliferation?
- Should the VVSG be neutral on this subject? The VVSG should not ignor proliferation. Rather, the VVSG should define acceptable forms of proliferation in the public interest. A standard (such as the OASIS Election Markup Language or EML) can establish at least interchangeable election documents and the ability to mix different vendor's technology. A common interface is a good thing.

The chances are very good, however, that once an Open Source voting application has been certified, it will proliferate and drive out proprietary systems as it is adopted by more and more vendors. The vendors, in turn, can then compete more and more on their ability to provide services rather than proprietary systems.

Quality & Trustworthiness
- Is this a major goal of the VVSG? No, based on reading the document. Limiting testing to a narrow range of likley success while remaining ignorant of the inner functions of a system does not bode well as a harbinger of quality and trustworthiness, IMHO.
- To be trustworthy, quality must be evident to voting public The public will be impressed if the machine does not break under use or frustrate their choice of candidate--all in all, a pretty low bar. Anything that goes wrong will seem a lack of quality to the public. However, without substantial true white box testing, without good design, without consideration of the public interest, failures cannot be predicted or corrected and will only be seen by experience. Surprise, surprise!
- Can openness help foster trustworthiness? It might, if people in general believed that any of them, any knowledgeable person, could inspect, test, or build from scratch the machines in use. Otherwise, it is a question as to what one has to hide...

- Ideally, everything in the VVSG would be relevant to all jurisdictions ...except for features like Instant Runoff Vote not common to all jurisdictions or rules of procedure unique to a state or locality.
- How much of the VVSG is relevant to any particular jurisdiction? Potentially, a great deal of it. As drafted, relatively little.
- Is there a way to measure relevancy? Yes...if states adopt and require the guidelines as standards in their jurisdictions, it is relevant. Just because it is relevant, however, is not to say that it is adquate, true, consistent, or deserving of more than critical attention.
- How is proliferation related to relevancy?

Alan D.

OVC-discuss mailing list
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at

OVC-discuss mailing list
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Fri Nov 30 23:17:26 2007

This archive was generated by hypermail 2.1.8 : Fri Nov 30 2007 - 23:17:32 CST