|

 
|
| | Name : | Pamela Smith | Organization : | The Verified Voting Foundation | Post Date : | 9/30/2005 |
| Comment : | CERTIFICATION PROCESS:
The current process for voting system certification is almost worthless for security.
The process itself has to be made much more stringent. In particular, security evaluations should be conducted by experts not chosen by the vendors, and those experts should be
allowed to do open-ended research on possible attacks. Such groups are sometimes called tiger teams – a good example: http://www.raba.com/press/TA_Report_AccuVote.pdf
Indeed, the TGDC passed resolution #17-05 calling for such an approach, which
unfortunately does not appear in the guidelines. We urge the EAC to reinstate the recommendation in resolution #17-05 into the guidelines for more stringent security testing. | |
|
|