Comment by Michael Cannella, Pleasant Ridge, MI (Voter)
This is a comment on
Part 1, Chapter 2.7-A,
dated
2008/05/02 18:08:49.567 GMT-4
I am a computer security professional, and much of my job deals with the issues surrounding voting systems: Access, auditing, and integrity
Securing electronic data is generally expensive and complicated
-----------------------------------------------------------------
Access and alteration of electronic data is fast, easy, and undetectable by appearance--these are some of the great strengths of computer software technology. These strengths can be at odds with security, because they can allow undetectable observation and modification of sensitive data. A software-based voting system that stores data purely electronically might be compromised and modified to misrecord or alter votes without detection.
Software-based methods of auditing such a system, and ensuring system and data integrity, are subject to the same risk of alteration as the system they audit. Thus it rapidly becomes extremely costly and complex--if not a practical impossibility--to ensure system integrity and securely audit access via purely digital means.
My view is that such assurance would require operating systems and software certified to a U.S. Military TCSEC trust level of B2 or better--an extremely costly and difficult proposition.
Paper is well-understood, human-readable, inexpensive, and difficult to casually alter
---------------------------------------------------------------------------------------
As a physical and human-readable representation of a vote, paper provides an instant, legible, tangible verification of vote, that can also provide machine-readable and hand-countable options for later audit. Maintaining physical security of paper voting records is more straightforward, and provides a check and balance to the electronic system.
The use of paper voting records, in my belief, is the only practical way to assure the credibility of the American democratic system.