US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   Pamela Smith
Organization :   The Verified Voting Foundation
Post Date :   9/30/2005

General Comments
Comment :  CERTIFICATION PROCESS:
The current process for voting system certification is almost worthless for security.

The process itself has to be made much more stringent. In particular, security evaluations should be conducted by experts not chosen by the vendors, and those experts should be
allowed to do open-ended research on possible attacks. Such groups are sometimes called tiger teams – a good example: http://www.raba.com/press/TA_Report_AccuVote.pdf

Indeed, the TGDC passed resolution #17-05 calling for such an approach, which
unfortunately does not appear in the guidelines. We urge the EAC to reinstate the recommendation in resolution #17-05 into the guidelines for more stringent security testing.