VVSGOF Comment Feed

Overvoltage spec

Thu, 28 Feb 2008 18:22:11 EST

\\\"... permanent overvoltage of 110% of the nominal 120 V rating ...\\\" A 110% overvoltage could mean that the total applied voltage is 120 v plus 110% of 120 v, or (120 + 132) v for 252 v total. I hope this is not what is meant. It would be good to clarify this, perhaps just stating what the total \\\'permanent withstand\\\' voltage is for a nominal 120 v supply. (I\\\'m guessing 132 v?)

See COTS in glossary

Mon, 11 Feb 2008 8:28:43 EST

The glossary defines COTS as: "Software, firmware, device or component that is used in the United States by many different people or organizations for many different applications and that is incorporated into the voting system with no manufacturer- or application-specific modification. Discussion: (1) The expansion of COTS as Commercial Off-The-Shelf is no longer helpful, since much of what satisfies the requirements is noncommercial software that is not available in stores. The acronym COTS is used here only because it is familiar to the audience. (2) By requiring "many different applications," this definition deliberately prevents any application logic from receiving a COTS designation." gcc would satisfy the requirement, for example.

validate

Wed, 30 Jan 2008 13:41:16 EST

w3c validation. xhtml

Should be specified

Fri, 25 Jan 2008 16:54:46 EST

This document should specify the acceptable format(s) for this data.

Test Labs

Fri, 25 Jan 2008 16:53:17 EST

A better way to state this requirement would be that test labs should be able to compile everything using an independently available compiler.

Language Dependent

Fri, 25 Jan 2008 16:50:02 EST

The number of lines of code it takes to do certain tasks is language dependent. This requirement might be hard to follow with certain languages.

IVVR Prevents Confidentiality

Fri, 25 Jan 2008 16:34:55 EST

The IVVR prevents confidentiality of voting records with cryptography. This statement should be removed.

DRE Requirement

Fri, 25 Jan 2008 16:33:23 EST

This should be a requirement of the DRE, not the VVPAT.

Impossible

Fri, 25 Jan 2008 16:30:57 EST

This requirement is impossible to verify. It is better to state this non-negatively. For example: "The system SHALL prevent the user..."

Interface?

Fri, 25 Jan 2008 16:29:04 EST

What about standard interface requirements? (e.g. "the printer should communicate with postscript")

Definition of Random?

Fri, 25 Jan 2008 16:18:35 EST

What is the VVSG definition of an acceptable randomization routine? It should be referenced here.

Pollbook is Independent

Fri, 25 Jan 2008 16:10:39 EST

The poll book software is largely independent of the vote gathering and tabulation (unless bound together with activation cards). A better requirement would be that voting stations should report the total number of voters for comparison with a poll book. Poll book software should be certified independently of the voting system unless bundled together with it. In that case, it should be treated like an activation system, not a poll book. The terminology "secure pollbook" is unnecessary. What is the VVSG's definition of a "secure pollbook"? Does it differ from a certified pollbook?

Privacy Concerns

Fri, 25 Jan 2008 15:59:00 EST

Certain types of speech should not be permitted. For example, I should be able to say "Yes" or "No" to candidates spoken to me (in random order), but I should not be able to say "George Bush", as someone would be able to hear me say that.

Observers

Fri, 25 Jan 2008 15:55:35 EST

Coercion is a problem when there is an assistant. You can deal with this problem byhaving observers of opposing parties observe the assistant. The requirement should be changed such that observers can have room to observe theassistant.

Applicable to All Cultures?

Fri, 25 Jan 2008 15:47:17 EST

I have heard that some cultures perceive colors differently. It might be useful, ifthe ballot were presented in a language other than English, that colors conform tocommon convention of the culture to which that language belongs.

Needs a limit

Fri, 25 Jan 2008 15:45:35 EST

The requirement is subjective. What is a reasonable limit to the number of candidates a contest should havebefore this requirement can be ignored? 10? 100?

Improper Term

Fri, 25 Jan 2008 15:43:35 EST

"No Receipts" is misleading, it would be better to say "NoPrivacy Leaking/Revealing Receipts".

Intimidation implies "with cooperation"

Fri, 25 Jan 2008 15:38:35 EST

Obviously, I can intimidate you to cooperate with me to violate your right toprivacy. Every effort should be made to make sure, even with cooperation from thevoter, that privacy is maintained.

Why?

Fri, 25 Jan 2008 15:34:23 EST

Why is it different from undervoting? If anything, this is a specific case of undervoting.

Unverifiable

Fri, 25 Jan 2008 15:32:27 EST

How can you verify that the system can always do this? What if there is a hardwarefailure? For example, what if the screen fails and goes black? How long is a "freeze"? If it sticks for a second or two, does thatconstitute a "freeze"? I feel that this requirement is untestable and unattainable. It would be better torequire that machines have logic that indicates failure (e.g. a blue screen ofdeath that does not say "YOUR VOTE WAS NOT COUNTED" would fail thetest, as would a system who's screen went blank and did not have logic to BEEP orturn an LED RED to indicate machine failure). Also, partially completed ballotsshould not be added to the total (as, we assume, if it dies mid-way, a voter usesanother machine).