Re: Deb Bowen's Test Plans

From: Richard C. Johnson <dick_at_iwwco_dot_com>
Date: Sat Mar 31 2007 - 09:05:06 CDT

The plans in California to test voting systems at public expense are likely a good thing. The ITA test system is both badly broken and a substantial barrier to new companies in the voting systems market.

The barriers Alan mentioned in a previous email to entry in the voting machine market are quite substantial. One would estimate the expense of ITA certification for a single release of code at from $250,000 to $500,000. That is for a single version of the code. Make some changes for another customer and back to get re-certified. The point is not that certification should cease; quite the contrary. It is that the public can receive the benefit from this testing and the public should pay for it directly. Then, new players do not have the impossible barriers to entering the market. Old players do not have a conflict of interest in being both the test paymaster and the owner of what is tested. ITAs hired by vendors are inevitably subject to conflict of interest, and the tests are consider proprietary and secret. So are the test results.

Does the public save because the vendors pay for testing? Not at all. Vendors simply charge more to cover the cost, and the relative lack of competition helps them add even more to prices. Public finance of testing can be done in a series, with a certain level of performance necessary to rise above each level to the next.

This will wash out the least suitable machines at an early and less expensive step and will involve spending substantial public funds only on the systems that can survive the open, published requirements for each level. And...the tests and the test results should BOTH be made public. No system should be considered that lacks the ability to provide security in spite of such public disclosure of qualifying tests and their results.

-- Dick

Alan Dechert <> wrote:

I don't think anyone responded so far to this ...

I want to add a couple of things.

Rather than "permit" open source implementations, I would like something a
bit stronger. At least, let's "encourage" open source implementations.

Another things we should state here -- perhaps as a corollary, but it needs
to be said.

We need actions that remove financial, legal, and regulatory barriers to
open source implementations of this open e-voting standard.

Alan D.

> This is from John Borras, Chair OASIS E&VS TC
> M. +44 (0)7976 157745
> An open [1] public e-voting standard must:
> - Have open public license terms that are free for use and that permit
> open source implementations
> - Be publicly available, documented and accessible via the internet
> - Ideally be a de jure [2] standard
> - Have a controlling body that should be open with available public
> membership, with open public processes, archives and access to the
> specifications development process
> - Be controlled by an open approval process that has a well-defined,
> inclusive process, with public comments and input for evolution of the
> standard
> - Have approval of the standard that is subject to review and voting
> across the membership of the defining standard organization
> - Support the provisions enshrined in a Voter's Bill of Rights or other
> similar legislation
> - Be broadly implementable by available e-Voting systems and not be
> designed to be restricted to only a few providers' solutions
> - Be adaptable by design so that localization and extensions are
> permitted, supported and anticipated
> - Produce consistent results that can be independently verified by anyone
> familiar with the standard and specification details
> - Be auditable for conformance, compatibility and support the development
> of verification testing tools
> - Support interoperability amongst vendors' implementations so that parts
> of the e-voting process can be separately and independently developed and
> then interact successfully
> Using such an open standard will help, along with associated traditional
> administrative and manual election processes, secure a result that is
> trustworthy, verifiable and affordable.
> _____________________________________________
> [1] Open = Approved under an open process where all interested parties
> have input, results are publicly viewable, etc. The organization who
> developed the standard may be de jure or not.
> [2] De Jure = Force of law; approved by one of the four recognized
> international standards organizations (ISO, IEC, ITU, UN/ECE)

OVC-discuss mailing list


OVC-discuss mailing list

= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Sat Mar 31 23:17:09 2007

This archive was generated by hypermail 2.1.8 : Sat Mar 31 2007 - 23:17:09 CDT