Where We Stand – Update on the D.C. Overseas Distance Balloting Project

I’ve been out on a temporary personal leave of absence due to a family crisis, but I want to weigh in on the progress of the D.C. distance balloting project where portions of the TrustTheVote Project elections technology framework are being deployed for the upcoming election in November.  And it appears that an announcement was made today by the BoEE (Board of Elections & Ethics), hopefully consistent with my remarks here.

I commented on 31.August that we believed they set a new timeline in order to make sure everything is correctly in place, and to make sure a public evaluation period could be conducted.  And I wrote that we thought that was a good idea – especially to ensure that public examination period.

In light of the new timetable, however, the D.C. BoEE’s ability to conduct that public review came into question due to MOVE Act’s 45-day requirement for ballot availability and the looming November generation election.

To be clear, the Foundation is committed to verifiable elections, and we would have a difficult time supporting the project in absence of a public examination of the new technology.  The OSDV is founded on the principles of transparency and trust which enforce the organization to stand by not only governmental regulation but also the public’s best interest.  Given that the deadline appears to be upon them to meet their 45-day lead-time for ballot distribution, it would seem that they cannot meet their commitment of a public evaluation period.

That is, unless you know, as Paul Harvey would say, the rest of the story.

And if you saw today’s press release from the BoEE, then you already know most of the rest of the story, but for those who haven’t …..

In fact, the District conducts its Primary on 14.September.  Given the time required to [a] certify that election and [b] produce the final ballot for the November election, it is virtually impossible for them to meet the 45-day requirement for MOVE Act compliance.  We knew this would be a problem but we remained confident they would work something out.  But then the U.S. Department of Justice denied their application for waiver of the 45-day requirement.

However, in fact, the D.C. BoEE has hammered out a separate Agreement with the United States Department of Justice to establish 04.October, 2010 as the new ballot overseas availability deadline.  That 8-page Agreement is presumably publicly available.

And finally, as I noted above, the District announced today that it would start the public examination period of the Pilot this Friday, 24.September and run it for six (6) days.

Here is what I am aware of about that: during the examination period, those who want to test and comment on the technology and usability of the service will be granted access to:

[a] the application,

[b] a complete system architectural diagram,

[c] a detailed 40 page technical white paper authored by the District’s Board of Elections CTO (and reviewed by the Foundation) and of course,

[d] access to the underlying (open) source code including source developed by the Foundation.

While we would’ve liked to have seen a longer public examination period prior to the election deployment, six days is better than nothing, at least an attempt, and potentially adequate because frankly, there just isn’t all that much “code” or that complex of an application to review.

And before someone says it, I really do not believe the BoEE will rush off to post some glowing press release on 01.October about how safe and secure the service is based on a 6-day review cycle.  If they do, I will take exception personally, here.

So, to me, the sliver of good news is there will be a public review before the DoJ stipulated ballot availability deadline.  One thing that should be of value is their CTO’s 40 page white paper — at least to the extent of answering questions about the what, why, etc.  I also have a copy of the DoJ stipulated agreement if anyone is interested.

With all of those points in mind, we continue to support the District’s plan to run its Pilot during the general election incorporating open source elections management software built by the TrustTheVote Project.

I just hope we can have some influence in the future on the length and guidelines of review periods for applications like this – if, in fact, we see any more of them.  Frankly, we’re heads down on framework components (e.g., counters, tabulators, marking devices, poll book, etc.) and have no real interest in any other overseas distance balloting project going forward, unless it is a compelling opportunity to further deploy our publicly available source code for the ballot design studio or elections management system, and the focus is on ballot generation (and not digital return).

Nevertheless, the OSDV looks forward to continuing its support of the D.C. Board of Elections and Ethics to provide greater integrity and efficiency in public elections.

And now you know, “the rest of the story.”

I’m Gregory…
…Good Day! *

[* with apologies to the late Paul Harvey’s signature sign-off]

2 responses to “Where We Stand – Update on the D.C. Overseas Distance Balloting Project

  1. >six days is better than nothing

    No, it isn’t. It’s basically exactly the same as nothing, but with the added danger of a false sense of confidence.

  2. I’m looking forward to a “lessons learned” post after the UMich team pwned the DC system so easily.

    From Halderman’s post, it sounds like the system is wide open — any one security hole compromises the entire thing.

    I’m curious about a few things in particular:

    Will there be an attempt to better “sandbox” the components, so even if there’s a single security hole, an attacker won’t get easy access to the entire system?
    Since the hack violated ballot secrecy, does that mean a trusted system administrator could also violate ballot secrecy? Should there be safeguards against that?
    Did your intrusion detection systems work at all? If not, why?
    Halderman says we should assume any internet voting system is impossible to secure, based on the limitations of today’s technology. Why should we doubt him? Or if we shouldn’t, what technology advances are necessary to create a truly secure internet voting system?

    I’m looking forward to your progress — I hope this setback isn’t a permanent one.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.