[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Link to EU requirements for voting
http://www.coe.int/T/e/integrated_projects/democracy/02_Activities/02_e-voting/01_Recommendation/default.asp#TopOfPage I think this is the document referenced on Monday's call. I will assume so. An excellent set of fundamental requirements. Item # 59 certainly is very appropo for the US right now. Item # 66 also key. I think items #94 and #95 need to be updated in lieu of the trusted logic process - to ensure integrity - basically - this needs to say more about how this processing is conducted. Item #96 is problematically worded - I think it needs to reference central counting facilities. Local voting media and storage should be closed once the poll closes. Secure transfer of counting media, or digital counts via networks, probably needs to be called out. Item #100 needs to be expanded to detail exactly what types of audit mechanisms are needed as a minimum. Cross-checking of 3 count sources and 100% counting is obviously what the trusted logic calls for to ensure accuracy and integrity. Item #107 could be construed as requiring what Item #100 finesses here. Item #102 - Yes - I love it! Things missing: 1) Explicit reference to the importance of using write-once media for vote logging - either paper or digital. 2) Need for voters to be able to physically verify their vote directly - not in-directly - via paper ballot or equivalent physical representation of an actual ballot - not an electronic ephemeral representation, and to cast that physical representation by hand. 3) Need to separate the layers of the process - so the same component provider is not doing all vote creating, printing, and counting the total votes (no single source provider). 4) Need to use two party process and trusted logic principle so that the voter can verify that the digital voting choice recorded by their interaction with the first party process matches the physical voting choice they selected and confirmed to them by the second, separate, party to the process. A physical representation of the vote should result from this process that the voter can directly verify. 5) Need to compare 100% of all counts - electronic and physical ballot counts and electoral record counts to ensure they tally. (Partial auditing will not reveal the required level of support of detection of errors). 6) Explicit call-out of the need to avoid sequential processing information compromising vote privacy and anonymonity. Did I miss anything here? http://www.coe.int/T/e/integrated%5Fprojects/democracy/02%5FActivities/02%5Fe%2Dvoting/02%5FExplanatory%5FMemorandum/ Gives more resolution on specific items, all of which is more goodness in support of the first document. The only issue is item #169 - this may compromise the earlier requirement to prevent re-construction of a voting event. Critically Items #180 and #181 can be used to insist on items 3), 4) and 5) above. Overall the level of detail is superb - particularly the threat matrix. Next - I will move to create something that embodies the fusion of these EU documents, with the trusted logic process and the EML 4.0 formats - so that we can see how these requirements are all met together. That's going to take me a day or so here! Thanks, DW
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]