[E-voting] Terms of Reference ("TOR")

Patrick O'Beirne mail2 at sysmod.com
Sun Mar 14 17:57:17 GMT 2004

At 15:35 13/03/2004, Dr J Pelan wrote:
>could be end-to-end
>tested with some form of VVAT which is removed for the election proper.

Think of it this way:

In the test, some data was run through the hardware and software. In order 
to know whether the result was correct, the input had to be known, 
otherwise it could not have been checked. If the point is accepted that the 
result could not be known to be right during runs with test data without 
access to that data, equally the result can not be known to be right for 
any run with any data.

Another angle:

Why stop auditing at the nth test? If you are happy to accept the first 
test result as right, why do more? The argument is that another set of test 
data might throw up a different combination or result. If that is accepted, 
then why stop at (say) the 6th set of data? Why not have the same wish to 
check the 7th set which happens to be real data?

  On a technical point, do we know if they used any coverage tools to prove 
that every path through the code was in fact executed?

  Patrick O'Beirne,     Systems Modelling Ltd.
  Gorey, Co. Wexford, Ireland. +353 55 22294
  www.sysmod.com  I.S. management consulting

More information about the E-voting mailing list