+ Slide 26

Part of a talk delivered to the ITU Workshop on ... issues in E-Government, June 6, 2003, Geneva
by Douglas W. Jones
THE UNIVERSITY OF IOWA Department of Computer Science

Weaknesses of the System in the United States

Problems with the Federal Standards

Voting system integrity is a matter of national security

Why do we ignore the Common Criteria?
a widely accepted standard for information security

Voting systems are accounting systems

Votes should be counted as carefully as dollars

Elections should be subject to audit
Mechanical voting machines are not auditable!
Neither are direct recording electronic machines!

Voting systems should not be based on trust

We must assume all participants are partisan
election officials
equipment vendors
suppliers of voting system components

"Industry standard components" are not inspected!
Microsoft Windows is exempt
Disk drive firmware is exempt
Modem firmware is exempt

Testing is incomplete!

Only black-box testing plus code inspection

No feedback from code inspectors to testers

No provision to re-open testing after trouble reported

+ Slide 26

Weaknesses of the System in the United States

Problems with the Federal Standards

Voting system integrity is a matter of national security

Why do we ignore the Common Criteria?
a widely accepted standard for information security

Voting systems are accounting systems

Votes should be counted as carefully as dollars

Elections should be subject to audit
Mechanical voting machines are not auditable!
Neither are direct recording electronic machines!

Voting systems should not be based on trust

We must assume all participants are partisan
election officials
equipment vendors
suppliers of voting system components

"Industry standard components" are not inspected!
Microsoft Windows is exempt
Disk drive firmware is exempt
Modem firmware is exempt

Testing is incomplete!

Only black-box testing plus code inspection

No feedback from code inspectors to testers

No provision to re-open testing after trouble reported

+ Slide 26

Weaknesses of the System in the United States

Problems with the Federal Standards

Voting system integrity is a matter of national security

Why do we ignore the Common Criteria? a widely accepted standard for information security

Voting systems are accounting systems

Votes should be counted as carefully as dollars

Elections should be subject to audit Mechanical voting machines are not auditable! Neither are direct recording electronic machines!

Voting systems should not be based on trust

We must assume all participants are partisan election officials equipment vendors suppliers of voting system components

"Industry standard components" are not inspected! Microsoft Windows is exempt Disk drive firmware is exempt Modem firmware is exempt

Testing is incomplete!

Only black-box testing plus code inspection

No feedback from code inspectors to testers

No provision to re-open testing after trouble reported

Why do we ignore the Common Criteria?
a widely accepted standard for information security

Elections should be subject to audit
Mechanical voting machines are not auditable!
Neither are direct recording electronic machines!

We must assume all participants are partisan
election officials
equipment vendors
suppliers of voting system components

"Industry standard components" are not inspected!
Microsoft Windows is exempt
Disk drive firmware is exempt
Modem firmware is exempt