US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   Stanley A. Klein
Organization :   N/A
Post Date :   9/30/2005

General Comments
Comment :  Flawed provisions allow simultaneous dual use of COTS for voting and nonvoting
Another example of a clearly deficient requirement in the VVSG is its allowing COTS systems
to be dually used simultaneously for voting and nonvoting
activities (Volume I, Sections 2.2.5.3
and 6.5.5). Again, the proper model for a requirement is the Defense Department, that places
very stringent limitations on the use of systems for both classified and unclassified processing.
To switch a system between voting and nonvoting
activity, a proper specification would require
all persistent storage devices (such as hard drives) to be removable so votingexclusive
devices
would be used during votingrelated
processing. There would also be a requirement that
capability be provided to write numerous cycles of random data into all other memories and
channels as part of the changeover between voting and non voting use of the systems.
The fundamental security principle at work here is that the only way to guarantee that a
capability or device can not be maliciously exploited is to physically remove it or otherwise
prevent it from being present in a system. Any device or capability included in a system or
connected to it in any way is capable of being surreptitiously and maliciously exploited. This
especially applies to wireless, and in addition to the lack of serious testing for vulnerabilities, is a
reason the provisions of Volume I Section 6.7 are fundamentally flawed.