US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   Jordi Puiggali
Organization :   Scytl Secure Electronic Voting
Post Date :   9/9/2005

General Comments
Comment :  (Illustration not included here.)
Figure 1: Verification Module connected to a DRE
The VM, like a printer, serves a basic function, namely to receive from the DRE the
options selected by the voter and to display them to the voter on a device independent
from the DRE. The voter, as in the case of a printed paper ballot, can verify that the
options previously selected in the DRE match those displayed on the screen of the VM
(or listened through its headphones). The VM also allows the voter to confirm (or reject)
the displayed/listened voting options. If there is a positive confirmation, the VM
cryptographically protects the voter-verified options, thus preventing any future
alteration of the vote. As in the case of printed paper ballots, the VM stores a second
record of the votes to allow future parallel recounts. Figure 2 summarizes the steps that
the voter performs to complete the verification process.
The VM is much simpler than the DRE since the former (in contrast with the latter)
carries out only a very limited number of functions (receives the ballot summary,
displays/speeches it, awaits voter confirmation, and cryptographically protects the
vote). As a result, the VM can be easily audited and certified by election authorities with
complete confidence. Moreover, the VM is independent from the manufacturer of the
DRE, and it is based on open-source software and on software that is open to audits.
These characteristics make the dual system DRE-VM a highly reliable and secure
voting system.