So I want to compare the regulatory process it takes to write software for a medical device compared to a voting machine. A thread:
-
-
That's it. Nothing. No mandatory code reviews. No cybersecurity analysis. No versioning reqs. Absolutely nothing.
-
Everything that's done is done at the discretion of the manufacturer. Maybe there's some state regulations out there, but I don't know any.
-
If you want to copy patient data off a medical device using a thumb drive, HIPAA regs require you to have a destruction plan for that drive.
-
For voting machines, it just gets copied to a laptop, whatevs.
-
If you're like, "wow, that seems like there's a lot of potential failure modes" then indeed you are correct.
-
In my precinct, I fill in a scantron thingy. Except it's not really a scantron, it's like a printed word doc. And the machine eats it.
-
Does it get my vote right? Is it robust to dirty fingerprints and pen colors and creases in the paper? ¯\_(ツ)_/¯
-
Can I look up a database and see failures and recalls? ¯\_(ツ)_/¯
-
.
@Slestac points me to this: https://www.eac.gov/testing_and_certification/testing_and_certification_program.aspx … This exists as a certification effort, but seems to lack the FDA's teeth. -
To be clear: industry standards are not enough in high-risk devices. Regulatory oversight by a congressionally-empowered agency is needed.
-
This document contains all state regulations: https://www.eac.gov/assets/1/Page/State%20Requirements%20and%20the%20Federal%20Voting%20System%20Testing%20and%20Certification%20Program.pdf … Most back-trace to federal *certification* requirements.
End of conversation
New conversation -
-
-
@anildash I'd like to be able to look up my own voting record.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.