[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: manual entry password protection



Is Laramie's requirement for password protection required by their election Code?
 
I understand the customers and their percieved need for security for the manual entry process.  I have heard customers tell me in training that they thought the manual entry process was too wide open.  However, security for this process is provided by an NT password and a GEMS database password.  If an unauthorized person can get past both of these, it can't be argued that we didn't provide security for the election system.  If the manual entry process must be safeguarded from authorized election department personnel, that lack of security is not the fault of Global but the fault of the customer's hiring process and employee management.  If the customer is concerned about being able to audit the manual entry process, they can print the Poster Log.
 
It's an old saw, but remember that everything which happens to the database (i.e. teleresults upload, direct upload, manual entry, election night reports, etc.) is unofficial.  The official results are derived from the results tapes which the Accu-Vote prints and the accompanying paperwork which the pollworkers prepare on election night.  Sometimes we have to remind the customer that if someone gets into the Manual Entry screen and puts in incorrect numbers (purposefully or inadvertantly), it does not affect who wins the election.
 
Ken's "...one too many options for GEMS to be usable..." sounds ominous, but it was meant to.  I guess I'm taking the bait.
 
Also, Ken, flagging the manually entered precincts on the SOVC is still unpopular.  I took a poll, there was one respondent, and they gave it thumbs down.
 
Tyler
-----Original Message-----
From: Ken Clark <ken@dieboldes.com>
To: RCR <rcr@dieboldes.com>
Date: Wednesday, August 18, 1999 12:28 PM
Subject: RE: manual entry password protection

Laramie County, Wyoming as well as other counties being supported by Tari Runyan require password protection for the GEMS Manual Entry screen.

This RCR came up before in the guise of "password protection" on resetting vote centers (which is really the same thing as doing manual entry and entering in a bunch of zeros) and was rejected at the time.
 
This is certainly easy enough to do.  I am tempted to give a long diatribe on why it doesn't make much sense (I think I did back for the clear case), but I think I will spare folks this time.  It is too easy to do to reject it twice, and I am just back from vacation(*).  It will have to be some kind of option, since Alaska (and other civilized accounts) will be annoyed after the 23rd time they need to re-enter for manual entry the same password as they did when they logged on.  I caution that one day we are going to wake up with one too many options for GEMS to be usable though.
 
There was no deadline on this RCR.  Follow up with the time frame in which Laramie will cancel their account because of noncompliance with their statutes, and we'll see to it that this feature is added by then.  We will probably add an option "password protect counters" flag to the user dialog, and then nag the operator for:
  • Manual entry
  • Deleting central count decks
  • Resetting vote centers
  • Resetting election
  • Changing election mode to and from set-for-election
In a related topic, we don't do any logging of counters that have been manually modified.  This is a feature that does make security sense, and I have wanted it for a while.  What has held it up is not really knowing where to report it.  We could for example put an asterisk beside all precincts in the SOVC where the results were manually modified, but the reality of how people conduct elections will make that fairly unpopular.  Another GEMS option I suppose...
 
Ken
 
(*) Someone should probably re-submit log printers while I am in this mood.