Criteria for E-Voting Machine Certification in CA
CA SoS Debra Bowen Releases 'Top to Bottom Review' Criteria for E-Voting Machine Certification in California
It's a Bad Day in Cali for Diebold and ES&S and Sequoia and Hart Intercivic...But a Great Day for the Voters!
BLOGGED BY Brad Friedman ON 3/23/2007 10:05AM
"Clean up politics. Elect Women." Indeed.
In our second "New Female Secretary of State Kicks Ass, Cleans Up Mess Wrought by Male Predecessor" story of the day, California's own Debra Bowen issued her draft criteria to be used for the first-of-its-kind, "top to bottom review" of all electronic voting systems she promised just before taking office. And the electronic voting machine companies ain't gonna like 'em. But we do.
"The review is designed to restore people's confidence in the integrity of our electoral process," Bowen said in a statement issued yesterday to announce the criteria and her call for public input, "Every California voter has the right to have their vote counted as it was cast."
Imagine that. Am I dreamin'?! The criteria are now posted here [PDF] for public comment.
And, oh, man...Here's just a taste. From the "Security Standards" section...
DREs. Each direct recording electronic voting system
(“DRE”), as defined in Elections Code Section 19251(b),
must incorporate, as part of its design, hardware, firmware
and/or software program features that effectively secure the
DRE and all electronic media used with the DRE against
untraceable vote tampering or denial of service attacks by
any person with access to the DRE, its firmware, software
and/or electronic media during their manufacture, transport,
storage, temporary storage, programming, testing and use,
including the electronic ballot definition or layout
The criteria are virtually the same for op-scans and central tabulating systems. And from the "Security Testing" section (Jeff "1000 to 1" Stone of Riverside County is not gonna like this)...
The security of each DRE, vote tabulating device, and ballot tally computer will be tested using two complementary methods, “red teaming” and source code review. The Secretary will select qualified industry and academic experts in computer and software security, including experts on electronic voting systems, to perform both types of tests.
a. Red Teaming. The “red teaming” process is analogous to military training exercises in which the members of the “red team” are adversaries trying to defeat friendly, “blue team” forces. The red team exercise will be designed to simulate conditions in which a voting system might be vulnerable to attack in the actual cycle of manufacturing, programming, delivery, testing, storage, temporary storage and use in California elections. Initially, the team will approach the system knowing nothing of its source code. Knowledge of source code may be used in subsequent attack attempts. The objective will be to determine whether and to what degree it is possible to compromise the security of the voting system to interfere with the accurate recording of votes or alter the record of votes to change the result of an election.
Now we're getting somewhere! And we're also reminded why Bowen was the only candidate ever officially endorsed by The BRAD BLOG!
"I want input from as many people as possible – voting rights activists, county elections officials, and anyone else who wants to offer an opinion," said Madame Secretary, putting the voting rights folks first for a refreshing change, in her statement.
Input on the draft criteria can be sent here: email@example.com. The criteria for California, or as Diebold refers to it, "the world's largest voting market," will be finalized by April 6.