Re: commissioners presentation this thurs

[Neal McBurnett <neal@xxxxxxxxxxxxxxxxx>]

Thanks.  I did consider that, Bo.

But running systems side-by-side now does very little to demonstrate
that a secret DRE system would be trustable after the oversight stops.
It would help track down simple bugs, but not help with the bugs and
design flaws that allow both insiders and outsiders to compromise the
existing systems, since they wouldn't do so if there was good
oversight.

And DREs are more complicated and expensive since they need to do lots
of extra work to try to preserve electronic votes, like making
multiple copies on multiple disks without compromising anonymity, etc.

I personally can imagine various applications of technology like TCPA
(Trusted Computing Platform Alliance), in combination with full
disclosure of software, that could go a long way toward making these
systems more trustworthy.  See e.g.
  http://enforcer.sourceforge.net
  http://www.research.ibm.com/gsal/tcpa/

But note that in the wrong hands (as with Paladium) I find these
systems more scary than trustworthy.

And convincing the public that these yet-more-complicated systems are
safe enough is not something I'd want to do, even if I could convince
myself some day.

For the foreseeable future, I think spending money on a more
complicated DRE system is buying into a flawed and dangerous vision.

-Neal

On Mon, Dec 01, 2003 at 05:05:43PM -0700, delta@xxxxxxxxxxxxx wrote:
> And why couldn't the "DRE" mark the ballot *and* record it at the same time.
> Making ballots the official vote to be counted and the DRE count to be used
> merely to help verify.
> (Ideally, running the two systems side by side, until the E-system had more
> confidence and *might* eventually be acceptible as a vote count......but for
> now, just a verifying check.)
> 
> Seems to make the best of the situation......;-)
> 
> Bo