http://www.ss.ca.gov/elections/taskforce_report_4.pdfThey seem to recognize the need for the elections officials to be able to better audit the machines they are rolling out to the voting public...
Here are some excerpts:
"There are currently too many holes in the federal qualification and testing process that need to be strengthened in order for the Task Force to be confident that software is being developed, checked, tested, loaded, and run with adequate safeguards to prevent tampering or bugs.
After hearing from experts on computer security as well as election experts versed in election administration security procedures, and receiving no response from several inquiries to Wyle Laboratories and Ciber (two of the three federal ITAs that test DRE voting system hardware, software and firmware), the Task Force agrees that each of these areas is not as strong as they can and need to be.
In addition, some members of the Task Force have significant concerns about the security protocols that vendors have in place during the product development phase and throughout the vendor’s participation in the modification and improvement of software and systems through software patches.
...
A system designed to protect the most valuable aspect of our democracy – our voting systems, must be free from any questions over inadequacy, conflicts of interest, or collusion. Transparency is the only method that will ensure that the public does not question the intensity of the certification process. Therefore, the Federal testing process must increase transparency by incorporating citizen observation and participation and increasing public disclosure throughout the entire qualification process.
...
The Task Force acknowledges that its mission is limited by factors of time and knowledge. Therefore, the State should create a Technical Oversight Committee comprised of technical experts who can improve current testing and code-review standards, provide expert guidance throughout the certification process, and serve as a panel to review software and hardware issues that might arise. The panel members should be independent experts in computer science (especially computer security) and other engineering fields as appropriate who have technical expertise related to software development, computer security, user interface design, and other related fields. Panel members must not have financial or other conflicts of interest with voting equipment vendors. The panel should be convened by July 2003 and its meetings must be open to the public. "
I hope the Task Force can succeed in doing what they recommend. I do think they should push harder for a paper trail at the actual time a vote is cast, instead of at the end of voting. They make printing out a vote summary sound like having to re-invent the wheel.