Friday, September 30, 2005

CAMBER comments re: Voluntary Voting System Guidelines

Mr. Eustis:

This is the CAMBER comment on the Voluntary Voting System Guidelines.

Included in our comment is a copy of our August 24th letter to Ms. Hillman which is included below. Also included in our comment is a sketch of a brochure that outlines the level of documentation that we expect, see below.

The final technical guidelines should fit in a small pamphlet.

Please ensure that our comment is not rejected, is available to reviewers online, and will receive proper consideration and a response. If you wish, follow this instruction: (a) DELETE VOLUME I, (b) DELETE VOLUME II, and INSERT this document including its attachments.

Audience

It is clear to me that the TGDC has not spent enough time considering the audience for the guidelines. We believe that the audience includes: judges, attorneys, district attorneys, attorneys general, secretary of state, county clerks, election officials, legislators, political parties, political campaigns, Election workers, poll watchers, vendors, application developers, application and system testers, independent testing authorities, the public and the press.

A summary of the document is not a solution. For example, the Court, in order to decide a case being litigated before it, must comprehend and make its determination on the official document itself. The current work product does not meet the needs of its audience.

What is needed

A trivial example of what is needed might be helpful. Consider what the individual members of the TGDC would write if they were asked to document their personal requirements for a car. I would anticipate that their individual requirements could be grouped into fairly regular categories such as: comfort, safety, performance, price, operating cost, service, and warrantee. I anticipate that few, if any, members would differentiate between the type of ignition system used to start the engine.

The current guidelines are aimed at the wrong things, because they are not aimed at the right audience.

National expense

The direction that the work is heading would be prohibitively expensive to maintain and impossible to litigate.

CAMBER
Citizens for Accurate Mail Ballot Election Results
2867 Tincup Circle
Boulder, CO 80305
303-494-1540
AlKolwicz@qwest.net
www.users.qwest.net/~alkolwicz
http://coloradovoter.blogspot.com/





----------------------------------------------------------

August 24, 2005


Ms. Hillman,


Again I compliment you for your wonderfully insightful questions of panelists at yesterday’s EAC hearing in Denver. I deduce from your questions that you truly want to represent the interests of the public.

You don’t know me, so you won’t know how much weight to attribute to the following comments. I hope that you will take them seriously.

1. The problem that you and the other commissioners appear to sense with the VVSG is that the VVSG is both voluminous and complex. I concur with this appraisal. In fact, I would go a step further and say that the VVSG is unusable because of its volume and complexity. Writing a superficial overview will not suddenly make the VVSG useable. Editing the VVSG will not make it useable. The problem with the guide is fundamental -- it is aiming at the wrong target, and it is using the wrong ammunition.

a. The guide is incomplete (wrong target). The election system involves many components – the VVSP addresses very few of them. For example, the guide does not address public oversight, yet public oversight is a fundamental component of a trustworthy election process. The guide does not address procedures, such as authentication that a voter is the person who they claim to be. All of the components of the election system must be identified, and must be documented in a high-level systems diagram supplemented with a high level systems description. The diagram and description must be void of specific implementation details, and must not require change for different implementations. The current guide violates these precepts.

b. The guide addresses implementation-level details (wrong ammo). The VVSG should specify only: required results, measurement specifications for each result, acceptable performance for each result, and consequences when the required result is not achieved. HOW the result is achieved must be invisible in the VVSG. Instead, this guide is burdened with detailed descriptions of how things are to be done for specific implementations. For example, there is no general requirement that people and procedures be tested and measured. One of the problems with the approach taken in the VVSG is that it will require revision every time a new technology is introduced. Remember, it will take years before any VVSG change will be reflected in a majority of the nation’s voting systems. Unless changed to reflect principles rather than implementations, the VVSG will fail in its goal of returning public trust to the election system.

2. The proposal for accreditation of Testing Laboratories and the testing process itself is headed in the wrong direction.

a. Missing, for example, is a way to pay for the testing. The vendors should not pay, because that would compromise the integrity of the Testing Labs. The people should not pay for overly expensive or frivolous tests, and should be compensated through penalty fees, for poor vendor performance.

b. There is nothing proposed that will motivate vendors to withhold certification requests until they have a very high degree of confidence that the certification process will not discover a deviation between requirements and the implementation.

c. The role of the public, and in particular the interested professional computer scientists, is missing.

d. There is no penalty when a Testing Lab fails to detect problems that make it into production. How is a lab de-certified?

e. Who is accountable for the quality of the election process?

f. Also, because of the fundamental problems with the VVSG, described above, the Testing Labs are going to be testing the wrong stuff. There is a difference between systems testing that is aimed at requirements and architecture (what), and implementation testing that is aimed at implementation specifications (how).

Few people have the skills needed to draw the elegant line between requirements/architecture and the implementation specifications. The VVSG desperately needs these skills. Unless the VVSG is revamped, I anticipate that it will become a burden on the public. It will generate enormous costs, fail to deliver quality, and be rejected by the public as a solution to their concerns.

Finally, yesterday it was suggested by staff that only public comments that are specific to a page and line number will be considered. In my opinion, the VVSG problems are so severe that it is way premature to inspect spelling errors. Until focused on the correct target, and using the correct ammunition, it is too way early to do any fine tuning.

Is there anything you would like me to do to amplify these points?

Thank you for conducting your hearing in Denver. I look forward to working with you.

Al

Al Kolwicz
CAMBER - Citizens for Accurate Mail Ballot Election Results
2867 Tincup Circle
Boulder, CO 80305
303-494-1540




==========================================



Election System
Requirements


===============================

Election Objects

Property
Person
Jurisdiction
Contest
Contestant
Unused Ballot
Cast Ballot
Election Results
Control Data & Audit Report

================================

Election Requirements

Requirement _____ Metric ______ Standard

Security
Accuracy
Verifiability
Transparency
Performance
Ease of use
Price
Cost
Cycle time
Support

======================================


System Standards




=====================================

Election System Design Rules



  • “Using the computer industry as an example, Carliss Y. Baldwin and Kim B. Clark develop a powerful theory of design and industrial evolution. They argue that the industry has experienced previously unimaginable levels of innovation and growth because it embraced the concept of modularity, building complex products from smaller subsystems that can be designed independently yet function together as a whole. Modularity freed designers to experiment with different approaches, as long as they obeyed the established design rules.” from Amazon.com

  • "Process Synthesis, also known as Structured Conceptual Process Design, is a technique suitable not only for making a step-change in the existing process but also for synthesizing a process flowsheet from scratch.” From Process Design Center, The Netherlands

============================

WARNING


"We are fast approaching the stage of the ultimate inversion: the stage where the government is free to do anything it pleases, while the citizens may act only by permission; which is the stage of the darkest periods of human history, the stage of rule by brute force." - Ayn Rand, The Nature of Government

==========================



CAMBER is a dedicated group of volunteers who are working to ensure that every voter gets to vote once, every vote is counted once, and that every ballot is secure and anonymous.


CAMBER
Citizens for Accurate
Mail Ballot Election Results
2867 Tincup Circle
Boulder, CO 80305
Phone: 303-494-1540
E-mail: AlKolwicz@qwest.net
www.ColoradoVoter.blogspot.com

============================