[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: Information on Hart InterCivic recommendation

To: bcv@xxxxxxxxxxx
Subject: Fwd: Information on Hart InterCivic recommendation
From: mlst-pol-bcv-e786894e@xxxxxxxxxx
Date: Fri, 16 Jan 2004 16:35:12 -0700 (MST)
Delivered-to: mailing list bcv@booyaka.com
List-help: <mailto:bcv-help@booyaka.com>
List-post: <mailto:bcv@booyaka.com>
List-subscribe: <mailto:bcv-subscribe@booyaka.com>
List-unsubscribe: <mailto:bcv-unsubscribe@booyaka.com>
Mailing-list: contact bcv-help@booyaka.com; run by ezmlm

Looks like atleast part of the information is available at:

   http://www.co.boulder.co.us/clerk/HartInfo/








> Thanks for your letter.  We've received permission from Hart 
> InterCivic to post all their material in response to our RFP on the 
> web.  I hope that process will begin today and there'll be a general 
> announcement about it's availability.  Since their proposal was to 
> replace Boulder's system with DRE's, and to use their Ballot Now 
> system for absentee ballots, most of the material will be about their 
> DRE's.  While that may be confusing to some, since we're not going 
> with DRE's at present, the sentiment is that more info is better and 
> there'll be some interest in the materials. 
> 
> As to Hart's willingness to participate in a source code review, we 
> (Boulder County) are not part of an effort to review the code.  The 
> request was made by CVV and I presume that they will follow up on Neil 
> McClure's offer if they're interested.  With suspicions being what 
> they are about these systems, we'd rather stay out of the fray and not 
> be accused of having somehow tampered with or manipulated data while 
> we had access to it.  It serves us better to have third parties do the 
> review.
> 
> Tom
> 
> 
> -----Original Message-----
> From: Scott A. Morris [mailto:XXXXXXXXXXXXXXXXXXX]
> Sent: Tuesday, January 13, 2004 9:00 PM
> To: Salas, Linda; Halicki, Tom
> Subject: Information on Hart InterCivic recommendation
> 
> 
> Dear Linda Salas, and Tom Halicki,
> 
> I was pleasantly surprised to read on the Daily Camera's website[0]
> this evening (and from your Jan 8th[1] and Jan 12th[2] press
> releases on the county website) that you are planning to recommend
> an election system from Hart InterCivic that uses hand-marked ballots,
> and preserves both the physical ballots and digital images of the
> ballots.  If such a system can be obtained for a reasonable price, it
> sounds like a major win compared to the paperless DRE systems that
> have caught so much bad publicity in recent months.
> 
> I've been involved in the auditing of several software packages,
> both software that I wrote, and as an third party auditing other
> developers' code, and I have come to the opinion that it is simply
> not possible prove with any certainty the correctness of a
> particular software implementation.  The operating systems and
> hardware architectures we use today are far too complex for the
> average software developer to have a thorough understanding of, the
> programming languages and user libraries we use are too prone to
> misuse, and ultimately, it would take more resources than any
> company, open source project, or government body has to devote to
> it.
> 
> With this view, I was very concerned this fall to hear the
> (ultimately incorrect) rumour that Boulder was intent on going with
> a DRE system.  As an election judge in 2002 (and hopefully again
> this year), I was impressed with how effective the simple physical
> security methods for the ballot box were.  The methods are not
> perfect, but I don't believe any of the current DRE systems could
> reach a comparable level of both security and transparency.
> 
> (The systems the current crop of DREs are built out of have just
> way too much software to ever hope to audit: application software,
> operating system code, firmware in the i/o controllers and hard
> drives, cpu microcode, etc, etc, all of which could have bug that
> would interact to create exploitable vulnerabilities, and then once
> the software was audited, each DRE unit would have to manufactured
> and stored securely... just too many possible points of failure)
> 
> I'm very glad that you chose not to go that route... if the
> recommended system functions as the press releases indicate, it
> sounds very promising.
> 
> I definitely plan on attending the January 29th presentation,  and
> I was wondering if it would be possible to get more information
> about the proposal beforehand.  Specifically, I'm interested as to
> which specific system(s) you are recommending, a copy of the
> proposal, if available, and in any product or technical information
> you would be willing share about this system beforehand.
> 
> I also understand from the archives of the Citizens for Verifiable
> Voting mailing list[3][4] that Mr. McClure was willing to consider
> an independent review by the county of the system.  Conducting such
> a review is quite the undertaking, but if you decide to do this,
> I'd be interested in participating, if you are looking for
> volunteers.
> 
> Thanks, and thank you for all you folks' hard work on this.
> 
> -- Scott
> 
> ---
> Scott A. Morris <XXXXXXXXXXXXXXXXXXX>
> 303-596-8937 http://www.jomche.org/XXXXXXXXXXXXXXXXXXX
> 
> references
> ----------
> [0] http://www.dailycamera.com/bdc/city_news/article/0,1713,BDC_2422_2572019,00.html
> [1] http://listserv.co.boulder.co.us/scripts/wa.exe?A2=ind0401&L=bcpressrelease&T=0&F=&S=&P=186
> [2] http://listserv.co.boulder.co.us/scripts/wa.exe?A2=ind0401&L=bcpressrelease&T=0&F=&S=&P=312
> [3] http://coloradovoter.net/bcv-archive/
> [4] http://coloradovoter.net/bcv-archive/msg00539.html

Prev by Date: Ohio/Compuware security review of Hart et.al.
Next by Date: Fwd: County vote tabulation system info available on the Web
Previous by thread: Ohio/Compuware security review of Hart et.al.
Next by thread: Fwd: County vote tabulation system info available on the Web
Index(es):
- Date
- Thread