-----BEGIN PGP SIGNED MESSAGE-----
I'm sorry for the second message, but I could not let the egregious
error pass uncorrected:
Ed Gerck wrote:
> The law does not allow it, and for good reasons as you mention.
>...
> > The voting apparatus may keep a serial record of each vote, in order, for
> > auditing purposes.
>
> No, it MUST not. See the FEC standards on voting. The FEC standards also
> demand "storage alocation scrambling" in order to avoid even a serial order
> of storage.
>
> > This is also mentioned in WAS's legislative text.
>
> which is a miconception, albeit a common one
>
Mr Gerck would do well to precisely specify the "law" which does not
allow this?
Mr Gerck would also do well to specify which FEC "standards" have the
force and effect of law?
The only document of which I am aware is the very old FEC "performance
and test standards for punchcard, marksense, and direct recording
electronic voting systems", january, 1990. Never mandated, and no
congressional appropriation for implementation.
He might be referring to chapter 4, section 4.5, page 47, where "parity
and checksums" are required for integrity, and "the unit must
incorporate multiple memories in the machine itself and in its
programmable memory devices," and these "stored images of each ballot
must protect the integrity of the data and the anonymity of each voter,
by such means as storage location scrambling."
He might note that the subject of cryptography does not seem to be
mentioned. He might also note that for punchcards and marksense,
no "scrambling" occurs.
Moreover, he might note that the system audit requirements later in
the same chapter (page 49) require "a complete, indestructable archival
record of all system activity related to the vote tally." That is to
accomplish a "reconstruction" of the election process (repeated several
times). Audit data is to be serialized by a "date-and-time stamp" and
"preserved during any interruption of power" (page 50).
As to the matter of "law", the Congress is granted the power to set
standards for its own election (Const Article I, Sections 4 and 5).
The FEC isn't mentioned.
But the FEC proposed standards don't even consider networks, database
replication with offsite storage, and as mentioned earlier,
cryptographic security.
'nuff said.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
iQCVAwUBOn37BNm/qMj6R+sxAQGgeAQAm/nj4Ro4zcLALFhIdyggFCSQphIZ3NhH
xunAksi9GyDghK7uQh8KcOZ2b16t3KEsheenmFDmx6ZDUENgnUeY7SCfyH0Egen6
2A8WS5VApivaFcV3PPCQx4/voPamaS8b5NcnDCz7ow8PYWl/bTp5vicxibjnEGpB
VuQeAms8cUY=
=njYh
-----END PGP SIGNATURE-----
