Monday, May 30, 2005
Confirming the need for trusted voting information formats (XML)
Douglas W. Jones asserts - "If the data formats used for election data reporting and election setup are sufficiently transparent and are disclosed to the public, third-party tools can be developed that allow observers to independently verify election results. If we require the publication of all of the relevant election data, including the election configuration files and the raw precinct-level data, then we will extend, to election observers, considerable rights that they have not had since the dawn of computerized vote tabulation."
http://www.cs.uiowa.edu/~jones/voting/nas-cstb2004a.shtml
Of course this is precisely what the OASIS EML 4.0 specifications bring to the table, and one of the reasons why they have been endorsed by the EU Council of Ministers for European election best-practice.
http://www.cs.uiowa.edu/~jones/voting/nas-cstb2004a.shtml
Of course this is precisely what the OASIS EML 4.0 specifications bring to the table, and one of the reasons why they have been endorsed by the EU Council of Ministers for European election best-practice.
More evidence of the need for 100% audit and TLV
Here's a short piece of analysis looking at the US election scene and what influence small, difficult to detect % shifting of votes has (vote manipulation where the vote is recorded differently to what was actually cast).
http://www.schneier.com/crypto-gram-0404.html#4
To protect against this you need visibility across the entire election - otherwise such small pertubations can be dismissed as local anomalies - rather than seen as a systematic manipulation and repeating pattern.
http://www.schneier.com/crypto-gram-0404.html#4
To protect against this you need visibility across the entire election - otherwise such small pertubations can be dismissed as local anomalies - rather than seen as a systematic manipulation and repeating pattern.
Friday, May 27, 2005
Negotiating the vendor minefield - ES&S an example
State Board of Elections (BOE) officials have enough to worry about with interpreting legislation, understanding technology, and wrestling with budgets. Now they also have to grapple with vendor politics and certification angst.
http://www.dissidentvoice.org/May05/Gideon0525.htm
Yet more evidence of the need to have election systems based on open public specifications and open source foundation components so that decision makers can rest assured that teh technology has been peer reviewed and developed by the community.
Unfortunately the BOE staff have not yet realized that for a fraction of the effort they are spending on traversing the vendor minefield - they could fund an open source initiative that will deliver a better product vastly less costly and based on open standards.
The OVC (Open Voting Consortium) has one such project already in progress and the OASIS EML team is looking to jump start another too.
http://www.dissidentvoice.org/May05/Gideon0525.htm
Yet more evidence of the need to have election systems based on open public specifications and open source foundation components so that decision makers can rest assured that teh technology has been peer reviewed and developed by the community.
Unfortunately the BOE staff have not yet realized that for a fraction of the effort they are spending on traversing the vendor minefield - they could fund an open source initiative that will deliver a better product vastly less costly and based on open standards.
The OVC (Open Voting Consortium) has one such project already in progress and the OASIS EML team is looking to jump start another too.
Monday, May 23, 2005
Comparing VVPAT and VVAATT to trusted voting
Unfortunately VVPAT by itself does no provide a trusted voting process. True it holds out the promise of providing a more verifiable election than standalone computer voting terminals (DRE) with no paper trail records, however VVPAT is very much in the eye of the implementer.
Naturally existing vendors want to implement VVPAT in ways that stack the deck in their favour and leave their existing processes untouched in place.
What this means is that they are conforming to the letter of VVPAT without conforming to the spirit and intent. Worse - they want to deflect focus on this by promoting alternatives - such as audio verification and audit trails - (VVAATT) - by sponsoring heavily biased and distorted research - and attempting to hold that up as authorative independent work.
To understand this more - see the analysis here:
http://drrw.net/backup/Understanding%20VVPAT%20v%20VVAATT.pdf
DW
Naturally existing vendors want to implement VVPAT in ways that stack the deck in their favour and leave their existing processes untouched in place.
What this means is that they are conforming to the letter of VVPAT without conforming to the spirit and intent. Worse - they want to deflect focus on this by promoting alternatives - such as audio verification and audit trails - (VVAATT) - by sponsoring heavily biased and distorted research - and attempting to hold that up as authorative independent work.
To understand this more - see the analysis here:
http://drrw.net/backup/Understanding%20VVPAT%20v%20VVAATT.pdf
DW
Saturday, May 21, 2005
e-Voting systems analysis from the ACM
If you had any doubts that this is a classic case of right question, wrong answer - and the need to continue the battle to get this done right - then read the following!
http://www.acm.org/usacm/weblog/index.php?p=73
and the article from the ACM archives on how just one vote changed per voting machine could change a close election result with almost zero ability to detect the fraud due to the normal levels of statastical varience in election voting casting.
There are also many good articles from the same issue of the ACM Communications October issue. Clearly this reinforces the need to have open source software, developed with government resources if necessary, to ensure that we can always verify the actual foundation software process being used and the mechanisms it is supposed to be utilizing for managing the election.
http://www.acm.org/usacm/weblog/index.php?p=73
and the article from the ACM archives on how just one vote changed per voting machine could change a close election result with almost zero ability to detect the fraud due to the normal levels of statastical varience in election voting casting.
There are also many good articles from the same issue of the ACM Communications October issue. Clearly this reinforces the need to have open source software, developed with government resources if necessary, to ensure that we can always verify the actual foundation software process being used and the mechanisms it is supposed to be utilizing for managing the election.
Voting Machines and Software
The latest edition of Scientific American has an excellent article.
Also - the resource site here is very instructive: http://www.vote.caltech.edu/
This is roughly in alignment with my own ideas for breaking the empasse that currently exists - and this is just a microcosm of what ails the software industry generally.
DW
Also - the resource site here is very instructive: http://www.vote.caltech.edu/
This is roughly in alignment with my own ideas for breaking the empasse that currently exists - and this is just a microcosm of what ails the software industry generally.
- I have been trying to get peoples attention to the notion of using open-source voting software as the means to drive transparency in e-Voting processes. My thoughts are that having an open e-Voting software code-based that is community developed and maintained achieves several things.
- Produces an open public specification for the software process, the hardware interfaces, and the results auditing and authentication steps that can be independently verified.
prevents reliance on proprietary vendor software - and therefore allows a wide range of hardware vendors to deliver solutions that are capatible - thus removing reliance on single supplier. - Ensures that software being used has underwent an open validation process.
allows verification of the software used to obtain and compile the results using open testing procedures - Allows use of a double-blind check - where output from one set of hardware being used by the voter - is feed into two independant solutions - and then both must tally at close of voting.
- Verification that the actual software used is the same as the open standard, (ensure what is loaded onto the machine at open of polling - and verify it is still there during and after).
The Open Voting Consortium, in collaboration with the IEEE-1162 and OASIS EML technical committees is currently implementing such a solution set. Governments decision makers are finally starting to take heed. The realization that such an approach can save the public purse $100M in costs, while providing better trusted solutions is a compelling argument, particularly in the USA where States are faced with budget constraints yet demands on them require that they met new legislative voting standards.
Clearly more debate and research on this is all excellent and signs are that this is occurring. The Carter / Boxer Commission is the next pivot point here around which endorsement of open standards could occur.DW
NIST presentations to HAVA / TGDC
The presentations from the March HAVA/TGDC meeting are now online here: http://vote.nist.gov/March9Presentations.html
Of interest is the presentation by John Wack on VVPAT and the useful NIST glossary of voting terminology:
http://www.nist.gov/votingglossary
Enjoy, DW
Of interest is the presentation by John Wack on VVPAT and the useful NIST glossary of voting terminology:
http://www.nist.gov/votingglossary
Enjoy, DW
Trusted Logic Voting and OASIS EML 4.0
Have finished my first overview analysis of EML 4.0, the EU CoE process requirements and trusted logic.
This all appears to fit together very well. I have produced a draft PPT overview (and PDF) here: http://drrw.net/backup/Trusted-Logic-Voting-Systems-with-EML40.pdf
I've tried to keep this at a reasonable level of understanding - keeping above the XML-level / UML activity diagram view of things for now.
I'm seeing this can provide a formal basis for supporting VVPAT and how vendors should be implementing voting - backed up by rigorous international process requirements - rather than the flimsy ad hoc approach of today.
The EU CoE requirements are particularly comprehensive - as noted before - and the OASIS EML work supports adherence to those.
Being able to inform legislators that there is a clear and minimum set of voting process requirements they should be insisting on I believe will dramatically improve the state of voting systems from today's vendor anarchy.
More importantly - moving to a point where we can have confidence in the reliability of voting systems is essential in order to maintain high levels of democracy worldwide.
There is still much technical work to be done, but the foundations appear to be coming into focus.
Enjoy, DW
This all appears to fit together very well. I have produced a draft PPT overview (and PDF) here: http://drrw.net/backup/Trusted-Logic-Voting-Systems-with-EML40.pdf
I've tried to keep this at a reasonable level of understanding - keeping above the XML-level / UML activity diagram view of things for now.
I'm seeing this can provide a formal basis for supporting VVPAT and how vendors should be implementing voting - backed up by rigorous international process requirements - rather than the flimsy ad hoc approach of today.
The EU CoE requirements are particularly comprehensive - as noted before - and the OASIS EML work supports adherence to those.
Being able to inform legislators that there is a clear and minimum set of voting process requirements they should be insisting on I believe will dramatically improve the state of voting systems from today's vendor anarchy.
More importantly - moving to a point where we can have confidence in the reliability of voting systems is essential in order to maintain high levels of democracy worldwide.
There is still much technical work to be done, but the foundations appear to be coming into focus.
Enjoy, DW
More thoughts on why a Trusted Logic Voting Process is vital
Following the OASIS EML conference call this week I realized that the work I had been doing on a trusted logic process can be integrated with the existing EML 4.0 XML formats, procedures and requirements. This includes work by the EU Council of Ministers on voting best-practicehere:
http://www.coe.int/T/e/integrated%5Fprojects/democracy/02%5FActivities/02%5Fe%2Dvoting/01%5FRecommendation/
I'm now working on producing that harmonized set of materials injunction with the OASIS EML team - to have a "how to" workbook.
In the process of reviewing these materials I also came across this paper from Douglas Jones at Iowa University:
http://www.cs.uiowa.edu/~jones/voting/nas-cstb2004a.shtml
that is very complimentary to the underlying assertions in the overall "Nutshell" slides on trusted logic voting: http://drrw.net/backup/Trusted-Ballot-Processing-Nutshell.pdf
Enjoy, DW
http://www.coe.int/T/e/integrated%5Fprojects/democracy/02%5FActivities/02%5Fe%2Dvoting/01%5FRecommendation/
I'm now working on producing that harmonized set of materials injunction with the OASIS EML team - to have a "how to" workbook.
In the process of reviewing these materials I also came across this paper from Douglas Jones at Iowa University:
http://www.cs.uiowa.edu/~jones/voting/nas-cstb2004a.shtml
that is very complimentary to the underlying assertions in the overall "Nutshell" slides on trusted logic voting: http://drrw.net/backup/Trusted-Ballot-Processing-Nutshell.pdf
Enjoy, DW
Why is a trusted voting process needed?
The alternative is to allow vendors to develop sole-source solutions - as is happening today. The robustness of these is then centered around the vendors own rationalization of the various risk areas and the level of effort they feel needed to remediate that. Once this is exposed to external review - you see the type of analysis as occurred here for the Diebold Accuvote system: http://drrw.net/backup/ACCUVOTE-TS_sheet.pdf
The pages toward the end of the document that detail specific attacks are especially telling, as is how quickly these were developed with minimal efforts. The vendor then has to play catch-up to fix these. This is not a method for developing a systematic solution - its band-aiding based on discovery. That is why a trusted process founded on secure principles - such as the MIT "Frog Principle" -is absolutely a pre-requisite.
The trusted process executive overview allows youto see how the types of attack noted above can be easily remediated by having a robust voting process model: http://drrw.net/backup/Trusted-Ballot-Processing-Nutshell.pdf
Enjoy,DW
The pages toward the end of the document that detail specific attacks are especially telling, as is how quickly these were developed with minimal efforts. The vendor then has to play catch-up to fix these. This is not a method for developing a systematic solution - its band-aiding based on discovery. That is why a trusted process founded on secure principles - such as the MIT "Frog Principle" -is absolutely a pre-requisite.
The trusted process executive overview allows youto see how the types of attack noted above can be easily remediated by having a robust voting process model: http://drrw.net/backup/Trusted-Ballot-Processing-Nutshell.pdf
Enjoy,DW
Why 100% audit count and TLV is essential
I just saw this body of research analysis on the 2004 Presidential Election.
When you run through all this analysis and numbers it is apparent that while this is impressive mathematical work - the real answer is to provide for 100% secure and reliable totalling and counting.
Since the Trusted Logic Voting process retains three separate counts - it removes the guess work.
With the computer technology we have available today - this should not even be an issue - its straightforward to implement - and TLV is clearly the gold standard that should be required to avoid all future such questions hanging over elections.
DW
Analysis of the 2004 Presidential Election Exit Poll Discrepancies http://electionarchive.org/ucvAnalysis/US/Exit_Polls_2004_Mitofsky-Edison.pdf
Response to the Edison/Mitofsky Election System 2004 Report
http://exit-poll.net/election-night/EvaluationJan192005.pdf
and presentation slides and overview
http://listman.sonic.net/pipermail/ovc-discuss/attachments/20050516/b72f3cb0/Scheuren050514.pdf
When you run through all this analysis and numbers it is apparent that while this is impressive mathematical work - the real answer is to provide for 100% secure and reliable totalling and counting.
Since the Trusted Logic Voting process retains three separate counts - it removes the guess work.
With the computer technology we have available today - this should not even be an issue - its straightforward to implement - and TLV is clearly the gold standard that should be required to avoid all future such questions hanging over elections.
DW
Analysis of the 2004 Presidential Election Exit Poll Discrepancies http://electionarchive.org/ucvAnalysis/US/Exit_Polls_2004_Mitofsky-Edison.pdf
Response to the Edison/Mitofsky Election System 2004 Report
http://exit-poll.net/election-night/EvaluationJan192005.pdf
and presentation slides and overview
http://listman.sonic.net/pipermail/ovc-discuss/attachments/20050516/b72f3cb0/Scheuren050514.pdf
The eVoting landscape - Chairman of Voting Reform Panel Resigns
Just a quick note to capture this event in time and space, and why developing the Trusted Logic Voting (TLV) approach is a necessity to ensure a solid foundation around which to build all the other procedural and human factors that go into a successfully run election - technology by itself is never enough.
The OASIS EML work - aligned with the EU Council of Ministers efforts on determining factors for fair voting and having methods that encourage those - clearly resonate here.http://www.truthout.org/docs_2005/042305Y.shtmlDW
The OASIS EML work - aligned with the EU Council of Ministers efforts on determining factors for fair voting and having methods that encourage those - clearly resonate here.http://www.truthout.org/docs_2005/042305Y.shtmlDW
