William Allen Simpson
Sun, 04 Feb 2001 16:55:25 -0800
-----BEGIN PGP SIGNED MESSAGE----- I'm sorry for the second message, but I could not let the egregious error pass uncorrected: Ed Gerck wrote: > The law does not allow it, and for good reasons as you mention. >... > > The voting apparatus may keep a serial record of each vote, in order, for > > auditing purposes. > > No, it MUST not. See the FEC standards on voting. The FEC standards also > demand "storage alocation scrambling" in order to avoid even a serial order > of storage. > > > This is also mentioned in WAS's legislative text. > > which is a miconception, albeit a common one > Mr Gerck would do well to precisely specify the "law" which does not allow this? Mr Gerck would also do well to specify which FEC "standards" have the force and effect of law? The only document of which I am aware is the very old FEC "performance and test standards for punchcard, marksense, and direct recording electronic voting systems", january, 1990. Never mandated, and no congressional appropriation for implementation. He might be referring to chapter 4, section 4.5, page 47, where "parity and checksums" are required for integrity, and "the unit must incorporate multiple memories in the machine itself and in its programmable memory devices," and these "stored images of each ballot must protect the integrity of the data and the anonymity of each voter, by such means as storage location scrambling." He might note that the subject of cryptography does not seem to be mentioned. He might also note that for punchcards and marksense, no "scrambling" occurs. Moreover, he might note that the system audit requirements later in the same chapter (page 49) require "a complete, indestructable archival record of all system activity related to the vote tally." That is to accomplish a "reconstruction" of the election process (repeated several times). Audit data is to be serialized by a "date-and-time stamp" and "preserved during any interruption of power" (page 50). As to the matter of "law", the Congress is granted the power to set standards for its own election (Const Article I, Sections 4 and 5). The FEC isn't mentioned. But the FEC proposed standards don't even consider networks, database replication with offsite storage, and as mentioned earlier, cryptographic security. 'nuff said. -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1 iQCVAwUBOn37BNm/qMj6R+sxAQGgeAQAm/nj4Ro4zcLALFhIdyggFCSQphIZ3NhH xunAksi9GyDghK7uQh8KcOZ2b16t3KEsheenmFDmx6ZDUENgnUeY7SCfyH0Egen6 2A8WS5VApivaFcV3PPCQx4/voPamaS8b5NcnDCz7ow8PYWl/bTp5vicxibjnEGpB VuQeAms8cUY= =njYh -----END PGP SIGNATURE-----