Sunday, July 31, 2005
Diebold voting systems fail California certification testing
After possibly the most extensive testing ever on a voting system, California has rejected Diebold's flagship electronic voting machine because of printer jams and screen freezes, sending local elections officials scrambling for other means of voting.
"There was a failure rate of about 10 percent, and that's not good enough for the voters of California and not good enough for me," Secretary of State Bruce McPherson said.
http://www.insidebayarea.com/localnews/ci_2898234
Mr. McPherson is to be applauded for his stance here and insistence on reliable and fullscale testing. This also shows that the vendors own industry certification testing is fundamentally weak and questionable.
And it further highlights the need to use reliable off-the-shelf equipment that can be readily replenished, and not expensive proprietary kit that has to be warehoused for years and subsequently develops unacceptably high failure rates.
"There was a failure rate of about 10 percent, and that's not good enough for the voters of California and not good enough for me," Secretary of State Bruce McPherson said.
http://www.insidebayarea.com/localnews/ci_2898234
Mr. McPherson is to be applauded for his stance here and insistence on reliable and fullscale testing. This also shows that the vendors own industry certification testing is fundamentally weak and questionable.
And it further highlights the need to use reliable off-the-shelf equipment that can be readily replenished, and not expensive proprietary kit that has to be warehoused for years and subsequently develops unacceptably high failure rates.
Saturday, July 16, 2005
Voting needs: open source, or public open source projects?
An interview with Avi Rubin and David Dill available on SourceForge news:
http://software.newsforge.com/article.pl?sid=05/07/06/182210
explores the key needs in developing trusted software for voting.
There is still a huge difference between a vendor publishing open source, which by most informed analysis is almost worthless since it can still be mostly opaque, and public open source projects, which are the real deal.
There are two public open source projects working at the moment developing core components for use by voting system solutions - one is the OVC (Open Voting Consortium), and the other is OASIS EML - http://emlvoting.org that basically are following the same principles of creating baseline benchmarks as reference implementations.
Once we have these foundation peices available that vendors can then implement solutions around - then we will have crossed another very significant bridge to transparent election solutions that are trustworthy.
See the slides in the TLV primer link for more in depth analysis of what such public open source delivers and why.
Until then calls for open source for vendor solutions are nobly intended, but unlikely to achieve very much in terms of better transparency in voting software.
http://software.newsforge.com/article.pl?sid=05/07/06/182210
explores the key needs in developing trusted software for voting.
There is still a huge difference between a vendor publishing open source, which by most informed analysis is almost worthless since it can still be mostly opaque, and public open source projects, which are the real deal.
There are two public open source projects working at the moment developing core components for use by voting system solutions - one is the OVC (Open Voting Consortium), and the other is OASIS EML - http://emlvoting.org that basically are following the same principles of creating baseline benchmarks as reference implementations.
Once we have these foundation peices available that vendors can then implement solutions around - then we will have crossed another very significant bridge to transparent election solutions that are trustworthy.
See the slides in the TLV primer link for more in depth analysis of what such public open source delivers and why.
Until then calls for open source for vendor solutions are nobly intended, but unlikely to achieve very much in terms of better transparency in voting software.
New Jersey enacts requirement for VVPAT
In the shadow of a lawsuit demanding that New Jersey update state laws to reflect its increasing use of electronic voting machines, New Jersey's acting governor recently signed into law legislation that will require all voting machines to produce a voter-verified paper record by 2008.
http://i-newswire.com/pr36358.html
Next up - figuring out what base functional operational characteristics are really enbodied in the notion of VVPAT, and which are explicitly excluded?!?
http://i-newswire.com/pr36358.html
Next up - figuring out what base functional operational characteristics are really enbodied in the notion of VVPAT, and which are explicitly excluded?!?
Friday, July 15, 2005
DNC Voting Systems Analysis Report
Following on from an extensive five-month investigation by the VRI's (Voting Research Institute) research and investigative team grave problems in the administration of Ohio's voting system during the November 2004 election have been identified. More than 1 in 4 voters in Ohio faced problems at the polls, including illegal requests for identification, long lines, poorly trained election officials, and more. There were also dramatic disparities in voting conditions among different races; African Americans waited nearly three times as long on average as whites to vote.
The report is also very critical of DRE voting systems (section VII) while offering viable alternatives and making good suggestions for more openness in the the voting process, including internet posting of election tallying (section VIII).
The idea of using blogs to track and report precinct voting is attractive. Posts can be made secure, and javascripting can automatically locate totals and produce results. The whole then becones distributed via RSS automatically.
For the full report see: http://www.democrats.org/a/2005/06/democracy_at_ri.php
The report is also very critical of DRE voting systems (section VII) while offering viable alternatives and making good suggestions for more openness in the the voting process, including internet posting of election tallying (section VIII).
The idea of using blogs to track and report precinct voting is attractive. Posts can be made secure, and javascripting can automatically locate totals and produce results. The whole then becones distributed via RSS automatically.
For the full report see: http://www.democrats.org/a/2005/06/democracy_at_ri.php
Unilect DREs get failing vote from Carteret County, N. Carolina
"It's the election board's opinion that the citizens have suffered a grievous wrong as a result of the use of this (UniLect Patriot) equipment," Board of Elections Chairman Ed Pond states in the letter, July 12th, to the State Board of Elections.
The UniLect system has been in question in Carteret County since the November 2004 election, when 4,438 votes were permanently lost because of a mishap over the storage capacity of a control unit used during the early voting period.
"We don't want the citizens of Carteret County to face another election with the uncertainty of their vote not being counted," Pond said.
Carteret County is asking for help in additional funding to remedy the situation by renting voting equipment. Under consideration are paper ballots with optical scanning equipment, and alternate DRE rental.
See: http://www.jdnews.com/SiteProcessor.cfm?Template=/GlobalTemplates/Details.cfm&StoryID=33486&Section=News
for more details.
The UniLect system has been in question in Carteret County since the November 2004 election, when 4,438 votes were permanently lost because of a mishap over the storage capacity of a control unit used during the early voting period.
"We don't want the citizens of Carteret County to face another election with the uncertainty of their vote not being counted," Pond said.
Carteret County is asking for help in additional funding to remedy the situation by renting voting equipment. Under consideration are paper ballots with optical scanning equipment, and alternate DRE rental.
See: http://www.jdnews.com/SiteProcessor.cfm?Template=/GlobalTemplates/Details.cfm&StoryID=33486&Section=News
for more details.
Friday, July 01, 2005
US EAC ask for comments on their VVSG1
The Voluntary Voting System Guidelines were developed under the Help America Vote Act of 2002 (HAVA) Section 202 mandate that the U.S. Election Assistance Commission (EAC) update the 2002 Voting System Standards to address increasingly complex voting system technology. They were designed for state and local election officials to help ensure that new voting systems function accurately and reliably.
More details can be found at:
http://www.glynn.com/eac_vvsg/intro.asp
There is a 90 day review period.
More details can be found at:
http://www.glynn.com/eac_vvsg/intro.asp
There is a 90 day review period.
New TLV presentation addresses secure computing needs
So far the TLV has focused on the software process particularly. Thanks to the work being done by the Open Voting Consortium on countermeasures for protecting against software based attack methods directly, the TLV work now recognizes the need for a secure computing system.
Essentially the TLV has worked at providing protection through verification and auditing. Now by including secure computing this allows proactive defenses during the voting process itself that can potential identify attacks as they occur. In addition by using open scripts, the opportunity for attacks is reduced by minimizing the window of opportunity for attackers.
Using a master control agent allows execution thread control and tracing of the execution path during the voting process. This is very similar to anti-virus technology where monitoring prevents rogue process takeover, and monitors the execution signature of processes to detect changes.
The new TLV primer presentation contains details and updates to reflect this enhanced set of protections.
http://drrw.net/backup/Trusted-Logic-Voting-Systems-with-EML40.pdf
Essentially the TLV has worked at providing protection through verification and auditing. Now by including secure computing this allows proactive defenses during the voting process itself that can potential identify attacks as they occur. In addition by using open scripts, the opportunity for attacks is reduced by minimizing the window of opportunity for attackers.
Using a master control agent allows execution thread control and tracing of the execution path during the voting process. This is very similar to anti-virus technology where monitoring prevents rogue process takeover, and monitors the execution signature of processes to detect changes.
The new TLV primer presentation contains details and updates to reflect this enhanced set of protections.
http://drrw.net/backup/Trusted-Logic-Voting-Systems-with-EML40.pdf
Testimony from Carter / Baker Commission Hearings
The webcast from Rice University yesterday was excellent and most informative.
The individual testimony can be found here: http://www.american.edu/ia/cfer/hearings.htm
The emphasis on getting voters better information on polling places, and better registration processing is instructive. Far more votes were lost to this cause than any other in the 2000 and 2004 elections.
Creating a mature voter registration system remains a challenge in today's highly mobile world. Possiblity of using OASIS ebXML Registry technology, along with OASIS EML voter registration records is of interest.
The individual testimony can be found here: http://www.american.edu/ia/cfer/hearings.htm
The emphasis on getting voters better information on polling places, and better registration processing is instructive. Far more votes were lost to this cause than any other in the 2000 and 2004 elections.
Creating a mature voter registration system remains a challenge in today's highly mobile world. Possiblity of using OASIS ebXML Registry technology, along with OASIS EML voter registration records is of interest.
