Re: Not your ordinary barcode

From: William B. Cushman, Ph.D. <cushman_at_cox_dot_net>
Date: Mon Apr 19 2004 - 10:28:53 CDT


First let me apologize for neglecting the FAQ . . . I’m afraid that in
my ignorance I didn’t even know it existed. Mea Culpa. But as to the
subject of our discussion, I am still greatly troubled.

Several have argued something like Nathan L. Adams wrote:

> The printed ballot consists of two parts.
> Part 1: A plain text print out of your vote. THIS is the legally
> binding part.
> It is concealed by the privacy folder while you traverse the polling
> station.
> Part 2: Encoded symbology (the barcode). This is used at the verification
> station primarily by blind voters, but optionally by others. It is
> also used
> to assist the count. The barcode sticks out of the privacy folder, so it
> SHOULD NOT be human readable.

Which is all well and good, except for two things. In the real world I
can absolutely guarantee you that the barcode will NOT be used simply to
assist blind voters, it will be used for the actual count . . . falling
back on the “legally binding” part only when a recount is forced. As for
the privacy issue, here’s an idea: use a folder without a hole in it!

I realize that you are all honorable people that would probably think
the teaching of Nicolo Machiavelli despicable. We are forced, however,
to deal with people who are quite open about advocating his practices
and have demonstrated on numerous occasions a willingness to do
absolutely anything to maintain their hold on power. It is very
important that you try to place yourself in their shoes: you have no
moral constraints whatsoever and almost unlimited money to play with.
Your whole being lusts for power. What would you do to maintain control
over our election systems if you suspected that the system you gentlemen
are working on will go mainstream? Remember that political control is
the single most profitable thing any major corporation can accomplish
because with political control competition can be legislated away and
direct access to the public coffers provided under numerous guises. This
is why corporations provide such large “donations” to candidates, to buy
this “access,” and anything that threatens their control . . . such as
an honest election . . . MUST be responded too. So, again, I ask you,
what would you do given the system you are developing? I bet any one of
you can come up with some way to defeat it!

To illustrate, here is what I would do. I would bribe one of your coders
to slip a little Trojan into the code that acted thusly: look for a
special encoding in the barcode. The barcode would need to remain
completely functional in all respects, just like you have designed it .
. . but with a special encoding that could be used to trigger a
particular event. Perhaps an alternative encoding for some particular
symbology character that decoded exactly like the “real” encoding in all
the other software, such as your verification reader. Or even something
as simple as an extra bar at the end. You are smart guys, I have no
doubt you can think of some way of encoding such a trigger.

Now, everything will test out perfectly because I have used an
alternative encoding that will only show up under very special
circumstances, like during an election. Since I am interested in
selecting the “winners” of a particular election myself all I have to do
is to pre-print a ballot with my selections and my special encoding. I
can then slip it into the local precinct and vote with it! When my
Trojan is triggered it would then act like this: adjust the election
outcome so that the picks on my ballot are winners by a random value
from 1 to 5 percent. High enough so that no recount is triggered, but
low enough to be plausible.

A smart operator would only use this mechanism sparingly, so the odds of
anyone catching on would be very minimal . . . and even if they did
catch a discrepancy via a recount (very unlikely, in Florida officials
cannot touch the ballots unless the percentage win is below ½ of one
percent, I believe) we have all been well conditioned by Micro$haft, and
Diebold et al., to expect the occasional “computer glitch” and not give
it much thought.

Moreover, I am faced with the dubious prospect of “selling” your system
in an environment where the government is exercising all options to
PREVENT an honest election. The only way I can imagine doing this is by
saying something like: “Look how transparent and open this system is.
Almost exactly like the Canadian system, in principle, but with the
advantage of machine counting . . . just like you insist on!”

Please believe me when I say that in Florida at least, the existing
powers will NOT be giving up machine counting in one form or another. I
feel confident that they will only adopt a system such as yours over
very strong protest, and quite possibly only as a result of a court order.
Even with the obvious advantages of your system! You probably think that
this would be crazy, and wonder how anyone could be so stupid. But it is
not crazy, and it is not stupid. If, for example, Bill Clinton had been
successful in reducing health care costs in the US by a mere one percent
that would have reduced the money passing through the hands of the
insurance companies by roughly that amount, about 12 billion dollars
annually, and it is so much cheaper to give congress forty million a
year to make sure it doesn’t happen . . . which is exactly what the
insurance industry does. Think about it: how much could you gain by
selling the Trojan I described above? Twenty million? More? It would be
worth every penny to some individuals. Note also that I don’t really
have to bribe one of your coders, I can slip my Trojan in anywhere in
the chain from you to the end user. The mere fact that with your system
you must worry about software integrity in this manner is a major design
flaw! A major unnecessary design flaw.

Please, I beg you to give this issue some very serious thought. The
technology is great as it stands, but so far the practice renders it no
better than most of the many other systems out there!

Bill Cushman

= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Fri Apr 30 23:17:12 2004

This archive was generated by hypermail 2.1.8 : Fri Apr 30 2004 - 23:17:29 CDT