Monday, June 13, 2005
The NIST VVSG2 report to EAC and TLV advantages
NIST has sent their voting guidelines, version 2 (VVSG2), to the EAC for review.
http://vote.nist.gov/VVSG2%20final.doc
Page 98 in this report is in effect a glowing endorsement for the TLV approach - and points up the deficiencies in the current simple DRE's approach. They term independent verification systems as the "top level" of electronic voting systems - and describe the process they use as "a split process system". This definately applies to the Trusted Logic Voting processing using OASIS EML 4.0 formats.
Excellent to see that NIST appreciate the value and need for these mechanisms and detail the handling that they entail.
State election boards should now be able to determine why these are critical for meeting the needs of VVPAT systems, not just simply printing out paper records as some VVPAT designs assume as a minimum.
Clearly voters can now point to these assessments and be able to differentiate the product offerings that deliver poor or insufficient auditing and verification capabilities.
The only problem now is that there is no clear cut recommendations here, and that while the NIST report documents the differencies in the capabilities there is no reflection of that in the recommendations and needs associated with this. As previously noted - vendor interference in the process has limited the real potential benefits. Having to dig to page 98 of a report to find clear indications and understanding of the different implementation capabilities is less than helpful.
Here's the text from the VVSG2 page 98:
Independent Verification is the top-level categorization for electronic voting systems that produce multiple records of ballot choices whose contents are capable of being audited to high levels of precision. For this to happen, the records must be produced, verified by the voter, and subsequently handled according to the following protocol:
(a) At least two records of the voter's choices are produced and one of the records is then stored such that it cannot be modified by the voting system, e.g. the voting system creates a record of the voter’s choices and then copies it to some write-once media.
(b) The voter must verify that both records are correct, e.g., verify his or her choices on the voting system’s display and also verify the second record of choices stored on the write-once media.
(c) The verification processes for the two verifications must be independent of each other and (a) at least one of the records must be verified directly by the voter, or (b) it is acceptable for the voter to indirectly verify both records if they are stored on different systems produced by different vendors.
(d) The content of the two records can be checked later for consistency through the use of identifiers that allow the records to be linked.
http://vote.nist.gov/VVSG2%20final.doc
Page 98 in this report is in effect a glowing endorsement for the TLV approach - and points up the deficiencies in the current simple DRE's approach. They term independent verification systems as the "top level" of electronic voting systems - and describe the process they use as "a split process system". This definately applies to the Trusted Logic Voting processing using OASIS EML 4.0 formats.
Excellent to see that NIST appreciate the value and need for these mechanisms and detail the handling that they entail.
State election boards should now be able to determine why these are critical for meeting the needs of VVPAT systems, not just simply printing out paper records as some VVPAT designs assume as a minimum.
Clearly voters can now point to these assessments and be able to differentiate the product offerings that deliver poor or insufficient auditing and verification capabilities.
The only problem now is that there is no clear cut recommendations here, and that while the NIST report documents the differencies in the capabilities there is no reflection of that in the recommendations and needs associated with this. As previously noted - vendor interference in the process has limited the real potential benefits. Having to dig to page 98 of a report to find clear indications and understanding of the different implementation capabilities is less than helpful.
Here's the text from the VVSG2 page 98:
Independent Verification is the top-level categorization for electronic voting systems that produce multiple records of ballot choices whose contents are capable of being audited to high levels of precision. For this to happen, the records must be produced, verified by the voter, and subsequently handled according to the following protocol:
(a) At least two records of the voter's choices are produced and one of the records is then stored such that it cannot be modified by the voting system, e.g. the voting system creates a record of the voter’s choices and then copies it to some write-once media.
(b) The voter must verify that both records are correct, e.g., verify his or her choices on the voting system’s display and also verify the second record of choices stored on the write-once media.
(c) The verification processes for the two verifications must be independent of each other and (a) at least one of the records must be verified directly by the voter, or (b) it is acceptable for the voter to indirectly verify both records if they are stored on different systems produced by different vendors.
(d) The content of the two records can be checked later for consistency through the use of identifiers that allow the records to be linked.
# posted by DRRW @ 10:52 PM 
