US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   Ian S. Piper
Organization :   Diebold Election Systems, Inc.
Post Date :   9/29/2005

Section Comments
Section :  6.4.6.3.4
Page no. :  19
Line no.:  20
Comment :  Regarding the requirement, "Voting system equipment shall provide a read-only external interface to access the software on the system.", voting systems are designed not to have ports that could allow access to the installed software as those ports could be used to compromise the integrity of the software installed.  There has been discussion, with participation from NIST,  regarding the creation of ports that don't also pose a security threat.  To date, these discussions have not found a feasible method of providing this access without compromising the security of the system.  Currently, only the install files can be verified against the reference information from the NSRL and that function is being performed currently by some states.  After installation, physical chain of custody would provide the assurances that the software has not been modified.  Otherwise the software could be reloaded from a verified source prior to each election or the vendor's software could be used to verify the software loaded on the device.  It is hoped that discussions will continue with NIST and, with their expertise,  an acceptable approach can be determined.

Proposed change:   Replace the word "shall" with "should" so that it reads "Voting system equipment should provide a read-only external interface to access the software on the system." The bulleted items in this requirement should remain unchanged.