Avante International Technology , Inc.

• 1: Home
• 2: Company
• 3: Products, Solutions and Services
  • 3.1: VERIFIABLE, AUDITABLE ELECTION & VOTING SYSTEMS
    • 3.1.1: Verifiable International Voting Solutions
    • 3.1.2: Central Count Optical Scan Solution
    • 3.1.3: Mail Voting Solution
    • 3.1.4: Ballot Marking Devices
    • 3.1.5: Precinct-Based Optical
    • 3.1.6: Election Management System
    • 3.1.7: Direct Recording Electronic
    • 3.1.8: Voter Registration System
    • 3.1.9: Proven Records & Facts of Interest
    • 3.1.10: FAQs
  • 3.2: PERSONNEL SECURITY & ASSET MANAGEMENT SYSTEM
    • 3.2.1: Executive Protection System & Personnel Security Management
    • 3.2.2: Hospital Medical Personnel and Asset Visibility system
    • 3.2.3: ART SECURITY AND ASSET THEFT PREVENTION
    • 3.2.4: Personnel and Asset Visibility System For Dangerous Work Environment
    • 3.2.5: Personnel and Asset Visibility System For Campus Environment
    • 3.2.6: Data Center Personnel and Asset Visibility System
    • 3.2.7: RFID Access Control System & Time-Attendance Management Solution
    • 3.2.8: Access Control & Personnel Visibility
    • 3.2.9: ZONER-RELAYER RFID System
    • 3.2.10: Video Monitoring & Event Driven DVR
    • 3.2.11: RSSI Real-Time Locating System
    • 3.2.12: Personnel Initiated RTLS
    • 3.2.13: Safety & Security Without Compromising Privacy
    • 3.2.14: Emergency Response RTLS
    • 3.2.15: FAQs on Personnel & Assets Visibility
  • 3.3: COLD-CHAIN TRANSPORTATION LOGISTICS & STORAGE VISIBILITY
    • 3.3.1: End-To-End Visibility For Cold Chain Security & Efficiency
    • 3.3.2: Real-Time Alerts & Reporting of Exceptions
    • 3.3.3: Transit History & Exception Monitoring
    • 3.3.4: Cold Chain Transportation Logistics
    • 3.3.5: Cold Chain Logistics of Storage Monitoring
    • 3.3.6: FAQs on Cold Chain Security & Visibility
  • 3.4: CARGO TRACKING SOLUTION & INTERMODAL TRANSPORT MONITORING
    • 3.4.1: Real-Time Reporting For Real Security
    • 3.4.3: Intrusion & Tampering Reporting
    • 3.4.4: Enabling Intermodal Container Intrusion Detection
    • 3.4.5: Personnel ZONER Badge & Security
    • 3.4.6: Box Stuffing & Loading Process Monitoring
    • 3.4.7: Inland Transit Monitoring
    • 3.4.8: Port Terminal, Container Yard and Warehouse Monitoring
    • 3.4.9: Ocean Transit Monitoring
    • 3.4.10: End-To-End Visibility For Supply Chain Security & Efficiency
    • 3.4.11: FAQs on Container Security & Visibility
  • 3.5: TRADESHOW & EVENT MANAGEMENT WITH RFID
    • 3.5.1: Attendance Tracking
    • 3.5.2: Lead Retrieval Systems
    • 3.5.3: Online and Onsite Attendee Registration Services
    • 3.5.4: FAQs on Tradeshow and Event Management with RFID
  • 3.6: REAL-TIME LOCATING & TRACKING SYSTEMS
    • 3.6.1: Hazmat & Waste Transport Management
    • 3.6.2: Yard & Garage Management
    • 3.6.3: School Bus & Student Tracking System
    • 3.6.4: Automatic Vehicle Identification (AVI) and Car Park Management System
    • 3.6.5: Vehicle Fleet Management System
    • 3.6.6: Car Theft Tracking & Recovery
    • 3.6.7: Livestock Pedigree & Tracking Management
    • 3.6.8: FAQs
  • 3.7: ENHANCING HEALTHCARE WITH RFID TECHNOLOGIES
    • 3.7.1: Real-Time Asset Location System
    • 3.7.2: Real-Time Inventory of Medication & Supplies
    • 3.7.3: Point-Of-Care Verification
    • 3.7.4: Supply Chain & Pedigree Management
  • 3.8: BIOMETRIC REGISTRATION, IDENTIFICATION & AUTHENTICATION
    • 3.8.1: Biometric Voter Registration System
  • 3.9: TEST SCORING, SURVEY & CENSUS DATA COLLECTION SYSTEM AND SOLUTION
    • 3.9.1: Patented Scoring, Automatic Data Capturing and Tabulation Technology
    • 3.9.2: Test Generation & Scoring
    • 3.9.3: Achieving Error-Free Scoring
    • 3.9.4: Survey Form Generation & Scoring
    • 3.9.5: Census System with Form Generation and Automatic Data Capturing & Tabulation
    • 3.9.6: Registration & Authentication
    • 3.9.7: FAQs on Test & Survey Scoring
  • 3.10: RFID KEY FOB, CARD & INLAY
    • 3.10.2: Reliable & High Temperature RFID Inlay
    • 3.10.3: Reliable RFID Key Fob
    • 3.10.4: Moldable High Temperature RFID Tags
    • 3.10.5: Artwork Specifications & Requirements
    • 3.10.6: FAQs on Key Fob, Card & Inlay
  • 3.11: Document Management and Imaging Services
• 4: News & Shows
  • 4.1: Past & Upcoming Shows
  • 4.2: News Releases on RFID
    • 4.2.1: Personnel Visibility and Emergency Management - August 1, 2007
    • 4.2.2: Tradeshow and Event Management - June 12, 2007
  • 4.3: News Releases on Election Management
  • 4.4: News Releases on Other AVANTE Technologies
• 5: Contact
• 6: Papers, Patents & Resources
  • 6.1: Patents & IP
  • 6.2: White Papers-Reports on Voting & Election
  • 6.3: White Papers and Reports on RFID
• 7: Employment
• 8: Legal

The Most Recent White Papers or Reports on Voting & Election

On the issue of source code escrow and/or disclosure

(AVANTE International Technology, Inc. Rev B May 28, 2007)

Source code disclosure and escrow is becoming critical because of the pending Federal bills on Election System and for this discussion the current New York State Election Code. The escrowing and supplying to election authorities of source code is one of the murkiest aspects of ensuring integrity of our nation’s voting systems. One of the key reasons if the use and for most part the need to use “third party software” that are commercial-off-the-shelf (COTS).

While AVANTE does not think it has much ingenious idea to offer beyond what have been superbly discoursed in several Internet blogs[1] and websites[2], we offer our comments from the perspectives of a manufacturer of voting systems.

AVANTE generally agrees with the approach taken in the EAC 2005 VVSG in terms of reviewing and escrowing of source codes. The following are some of the key aspects:

§      All source codes developed by the voting system manufacturers must be submitted for source code review and certification.

§     Final certified source codes are compiled to produce the “witness build” that serves as “gold” standard.

§     All source codes and execution codes that are certified are escrow in NIST (almost all vendors comply with this voluntary requirement).

§     All source codes and execution codes incorporate “hash” code to ensure authenticity that can be independently verified.

§     Most States required additional escrowing of the source codes and execution codes for the specific voting systems that may or may not have variations that are certified by State certification only.

§     The EAC specific exempt reviewing or certifying commercial-off-the-shelf (COTS) third party source codes such as operating systems, database, firmware embedded in ancillary devices.

§     Most States require the submission of at least a set of certified hardware and software used in their states.

§     The current New York State Election Codes of escrowing can be and is now interpreted to includes all:

o         Vendor developed software modules.

o         Third party operating systems.

o         Third party software functional modules.

o         All drivers for components such as printer, touch-screen, etc.

o         All firmware (software inside hardware components) that may include:

·          Bios

·          Microprocessor codes

·          Graphic chip

·          Compilers, etc.

In an effort to assists the understanding of the issue of source code, the following are the basic descriptions of source codes and execution codes that are compiled by yet another third party compiler software: 

 Note:

1.      Having execution codes that are hashed and verified to be same as those loaded into voting machines confirm that no “tampering” to the system. This is a key process in auditing (along with system event audit log) any voting system. This is the key to ensure system security.

2.      Having source codes developed by vendors help software experts that are familiar with that programming language to find and resolved any errors (unintentional or intentional) that may be made by programmers of such system. Having source codes do not contribute directly to the system security.

3.      Having third party source codes may help to “understand” (not easy) the potential errors due to communications between different functional modules. They do not contribute to the security of the system directly.

4.      Modifications to the vendor source codes and recompiled for testing are the normal diagnostic means to eliminate and confirm source errors.

5.      No one, even those that use Z-80 processor can provide all source codes.

6.      No one can yet provide the compiler source codes.

7.      Requiring the escrowing of all source codes as defined is unreasonable in the search to ensure voting system security.

AVANTE believes the current approach used by EAC with the assistance of NIST is wise and practical. May the following aspects can be made more specific.

§     Require that COTS software and firmware to be defined as those that have established other commercial applications.

§     Require that no modifications on such firmware and software can be made to meet the specific needs of the voting systems incorporating them.

§     If any modifications of such firmware and software is done to meet the voting system applications, such firmware and software should be certified and source codes be placed into escrow in NIST and other State agencies that requiring escrowing of source codes.

§     Incorporate election codes (Federal or State or EAC requirements) that all source codes in the escrow can be reviewed by court appointed experts. Expert opinions can be rendered to any aspects of the source codes without disclosing the actual codes.

AVANTE agrees with ACCURATE in their position on disclosure[3] of the source codes developed by the voting system manufacturers. Our rational has been stated earlier[4] and additional clarifications are outlined below:

§     The fact that voting systems are managed independently by more than 100,000 independent jurisdictions each with different State election codes with different degrees of security protections, it is unwise to have total open source to the public.

§     Very loose penalties are ever imposed for the offenders that changed the source codes for elections. The legal precedence provides very little deterrent to those that are willing to commit such offense with the assistance of available public source codes.

§     AVANTE agrees that source codes should be available for qualified independent reviews.

§     Currently, experts appointed by the State (in some but not all States) can review and examine the source codes used in the voting systems.

§     AVANTE appreciates the desire of the voting integrity communities to have a more transparent voting process. The process may be open up for qualified public review and examination. May be qualification of such public experts should include at least the following:

o      Such experts must be US citizens that are endorsed by publicly registered citizen groups (e.g. 501C, etc.), University, and other public institutions as stipulated by a court of proper jurisdiction.

o      Such examination must be done in environments that are controlled by the Court as to prevent any form of copying.

o      All such experts must signed an agreement of non-disclosure of the actual source codes but allowed to make comments to the manufacturers but not to the public unless sanctioned and allowed by the Court of proper jurisdictions.

o      All such experts having the desire to provide such source code review services on behalf the public must signed an agreement that they will be barred from working on or consulting for any voting systems manufacturers including that of not-for-profit institutions.

AVANTE believes there is an implicit public responsibility of all voting system manufacturers in such public endeavor as election and the nation’s democracy. Such implicit public responsibility should include proper and adequate transparency. However, the public’s right to know must not damage the business interests of the entities that provide such commercial systems and services. We hope the above ideas may be modified to satisfy the public and the commercial interests.

 [1] http://www.bradblog.com/?page_id=4194; http://avi-rubin.blogspot.com/2007/02/hr-811-new-holt-bill.html; http://www.votetrustusa.org/index.php?option=com_content&task=view&id=2276&Itemid=26;

[2] http://www.bbvforums.org/forums/messages/46591/46677.html?1171306118

[3] http://accurate-voting.org/wp-content/uploads/2007/02/AR.2007.pdf

[4] http://www.vote-trakker.com/IS%20OPEN%20SOURCE%20OR%20SOFTWARE%20ELECTRONIC%20VERIFICATION%20A%20SOLUTION%20FOR%20SECURED%20E-VOTING.pdf

Providing accessibilities of “voter verified paper ballot” to visually impaired voters 

(Rev B May 17, 2007)

Most people object to the reading back of the VVPB using the original voting system as placing too much trust on the manufacturers of the voting systems. Some them oppose it even when such portion of the source codes are made public as required by some State election codes.

The objection may be technically correct that such reading back of the VVPB of DRE requires the system to back track to the database or at least the database table of the candidates being selected for reading back. The true and technically feasible way to provide the independent and private verification of paper ballots for the visually impaired voters is having a third party equivalent of machine-person. Such facility must be independent of the voting system manufacturer. This will require a system (hardware-firmware-software) that is commercial-off-the-shelf (COTS) that has open standards. Even a third party developed system that is open-source may not be independent enough if they are not truly COTS. After all, it is dependent on yet another manufacturer.

Most people forgot that all of the current ballot-marking devices (BMD) use templates to print or mark on pre-printed ballots, or print and mark on the same ballot. When they are fed back for reading the ballot, they do not use third party OCR or a barcode reader as independent mechanism. Instead they still go back and use the template to compare on the marked area and use the table to read back to the voters. They are one and the same whether reading from the data stream for printing or reading back by using the template after scanning.

The only commercial-of-the-shelf (COTS) means of reading a paper ballot is the use of optical character recognition (OCR) that still lacks of common industrial standards, or reading a condensed representation such as 2-D barcode (e.g. PDF-417) that has a public standard.

In the case of the BMD system, the use of OCR coupled with a text-to-speech engine represents the most direct method that may be able to use third party or open source software. The accuracy is still not yet adequate to provide 100% accuracy and thus may cause confusion. Even if accuracy is not a problem, it will still have practical issues:

§         OCR with text-to-speech engine system must read a complete ballot including those not selected unless incorporating special software. It will be equivalent to doubling the time of voting that even the visually impaired voters may object to.

§         Even then, it still needs special programming to interpret and “read” only the voters filled ovals as a selection and read back interpretive words like “filled oval” and “unfilled oval”. By itself, COTS OCR will not know what a filled or unfilled oval means. And sometimes, the system may be required to pre-program to “read” the signature of the County Clerk of the jurisdiction or must be programmed to disregard along with all other timing and other marks.

§         If only those that have been selected are read, the use of the original software and database will be a pre-requisite. The reading from the same data stream that is used to print the voter verified paper ballot that some of the blind voters and their supporters object to.

§         Another potential issue is the objection to the use of the “computer voice” that some visually impaired voters object to. If a recorded voice is to be used, it will need yet a separate programming on top of the otherwise open-source or public domain software.

We agree with many experts on the alternative approach of using barcode representation. To use a commonly available and open standard third party hardware and software system to decipher a representation of the selections made and printed on the VVPB may be technically the only feasible and practical solution. The most commonly used machine-readable representations are 1-D and 2-D barcodes. Using the low data density of 1-D barcode will be inevitably cumbersome when there are multiple contests that are typical in US election. It may need as many lines of barcodes as the number of contests.

The use of 2-D such as PDF-417 are common and have relatively high data capacity to accommodate the requirements of reading as much as 500-1000 bytes of characters of 20-50 contests. Even with the data capacity of 2-D barcode, sometimes multiple barcodes may be required. There are technical difficulties inherent with this approach as well:

§         Typical barcode reading using a handheld device is not adequately accurate for close to 100% read rate required for the election application. A detailed scanner such as standard fax machines or document imaging systems may be currently the only means that can provide such accuracy. As Mr. Noel Runyan[1]noted, it may present difficulty for some visually impaired voters to manage and some of them are just physically not possible.

§        AVANTE believes it is possible to engineer a solution that the VVPB from the DRE or BMD and a directly printed 2-D barcode feed into an imaging device without manual handling. Such a system may have to be developed by a third party or by the original manufacturer of the system in terms of hardware “adaptation”. This third party will have to be responsible to develop software to automatically read the barcode and ignore the rest. It may not be as independent and certainly not COTS with an open standard anymore.

§        To be totally independent of the original voting system, the only possible read back voice is again, synthesized voices. Some visually impaired voters may find it objectionable.

In short, we have several options but none are perfect. Like Mr. Runyan, we believe something has to be compromised. This is the state of our technological know-how. We are sure we will be able to continuously improve on them over time. Here are the choices with it’s limitation and costs:

1.      Use a text-to-speech synthesized voice (may incorporate recorded voice of candidates) to read back what was printed from the data stream that is sent to the printer of VVPB. The provisions and points to be aware of are:

§         At least the portion of such read back software be open source to allow independent verification.

§         Incorporate a third party developed software module that is open source (and better yet a public domain developed with sponsorship from EAC) to read the data stream using the database table provided by the manufacturer of the voting systems.

§         This approach costs almost nothing. They are available today from all manufacturers that are providing VVPB solution.

2.      Use a text-to-speech synthesized voice to read the 2D barcode representations of the selections and other relevant ballot identifiers. The provisions and points to be aware of are:

§         Only limited ballot-marking devices such as those made by AVANTE and Populex have the capability to print 2-D barcode. The more popular AutoMARK system is not currently programmed with such capability.

§         All visually impaired voters must accept the synthesized voice.

§         This approach must still incorporate a third party developed software module to extract the barcode data and ignore the rest of the printed data.

§         This third party developer may be sponsored by EAC to provide a public domain software module but must also work with the original voting system manufacturer to ensure proper adaptation to accept the VVPB in whatever form-factor. 

§         It costs at least $2,000 for physical hardware adaptation and incorporation of another computer independent of the original voting system. If such ballot- reading module is to be loaded into the original voting system, some form of “handshake” must be worked out. For the lesser independence, the cost may be reduced to $1000 each.

We hope it is clear to all that it is not the intent of AVANTE to discourage and/or encourage specific approaches. We only wish to point out the reality and facts of the current available technologies and those that have been incorporated in our nation’s voting systems today. 

[1] “Improving Access to Voting-A Report on the Technology for Accessible Voting Systems”, By Noel Runyan; February 14, 2007 (http://demos.org/pubs/improving_access.doc)