[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hand count or open source - voter verification - more...

To: cvv-discuss@xxxxxxxxxxxxxxxxx
Subject: Re: Hand count or open source - voter verification - more...
From: Paul E Condon <pecondon@xxxxxxxxxxxxxxxx>
Date: Mon, 15 Nov 2004 15:19:22 -0700
Delivered-to: mailing list cvv-discuss@coloradovoter.net
List-help: <mailto:cvv-discuss-help@coloradovoter.net>
List-post: <mailto:cvv-discuss@coloradovoter.net>
List-subscribe: <mailto:cvv-discuss-subscribe@coloradovoter.net>
List-unsubscribe: <mailto:cvv-discuss-unsubscribe@coloradovoter.net>
Mailing-list: contact cvv-discuss-help@coloradovoter.net; run by ezmlm
User-agent: Mutt/1.5.6+20040818i

I've been mulling over what was said recently about voter 
verification that there vote was counted. There is more.

I talked about a serial number or ID number on the ballot.

Nicolas B. talked about a scheme for generation of one-time
unique field.

In my head-in-the-clouds view of computer technology, a one-time
unique field is an 'ID number', so it seemed to me to be an
OK way to implement what I perceived to be a requirement.

On further thought I realize that the one-time unique ID can't 
work with paper ballots, which I feel should be preserved. 

The reason is that in the poll booth where the voter is making a note
to himself of what to type into the web site, in that situation, there
is no computer present. The unique code must already be generated and
already printed on the ballot in a form that can be read by the voter,
so that he can make a note of it, and a form that can be read by a
computer scanner, so that it can be made part of the database of
counted votes.

One time unique codes are nice computer science, but they don't work
without a computer.

And another complication: It is not enough to let the voter see a true
record of his vote in a database, he must be able to repeat the whole
tally of his precinct, including the true record of his vote, and see
that this new tally matches the published tally for his precinct. This
is needed because a fraudulent tally can be done and true records of 
each individual vote kept, in order to cover up the fraud. 

So, in order to check, the voter needs to:

1. download the whole database of votes for his precinct, *without*
first indentifying himself. (So, he gets a true copy, not one that is
specially doctored for him.)

2. use his special ID number to check that his vote is correctly
recorded in this downloaded copy of the vote database.

3. run a vote tally program on the downloaded database to check that
the vote records are consistent with the published tally.

(Steps 2 and 3 could be swapped. The important point is downloading
a precinct vote database before revealing who you are.)

These steps might all be implemented in a single software package, so
that they can be done by a voter who is a merely normal human being.
This software would have to be distributed by a 'trusted organization'.
Might this organization be Microsoft? If not Microsoft, who?

Here we get in the very real difference between 'trusted' and
'trustworthy'. In politics, some people who are trustworthy are
not trusted, and some people who are trusted are not trustworthy.

This is the sort of paranoid thinking the cryptography experts engage 
in when they are looking for holes in a secure communications protocol.


-- 
Paul E Condon           
pecondon@xxxxxxxxxxxxxxxx

Follow-Ups:
- Re: Hand count or open source - voter verification - more...
  - From: Nicholas Bernstein

Prev by Date: Re: precincts vs. polling locations.
Next by Date: RE: what "verifiable voting" means.
Previous by thread: Voting right for E Jerusalem urged
Next by thread: Re: Hand count or open source - voter verification - more...
Index(es):
- Date
- Thread