US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   N/A
Organization :   Verified Voting Foundation
Post Date :   9/30/2005

Section Comments
Section :  6
Page no. :  
Line no.:  
Comment :  CERTIFICATION PROCESS:
The current process for voting system certification is almost worthless for security. The process itself has to be made much more stringent. In particular, security evaluations
should be conducted by experts not chosen by the vendors, and those experts should be allowed to do open-ended research on possible attacks. Such groups are sometimes called
tiger teams – a good example: http://www.raba.com/press/TA_Report_AccuVote.pdf Indeed, the TGDC passed resolution #17-05 calling for such an approach, which unfortunately does not appear in the guidelines.
We urge the EAC to reinstate the recommendation in resolution #17-05 into the guidelines for more stringent security testing.