Re: New voting system - Comfidex Corp.'s VoteFiler

From: Douglas W. Jones <jones_at_cs_dot_uiowa_dot_edu>
Date: Wed Apr 20 2005 - 09:43:09 CDT

On Apr 19, 2005, at 9:13 PM, charlie strauss wrote:

> white paper and what "might" be a blurry picture of it:

The white paper gives enough information for me to conclude that:

a) this is an intriguing and sensible idea. The fact that a voter
    can create zillions of ballots and then vote only one of them
    does address many of the security problems of vote-at-home

b) it could be used for vote-by-mail systems, with no serious loss
    of security compared to current (rather insecure) vote-by-mail

c) when used at polling places, as presented in the white paper,
    it is dangerously dependent on live Internet connections. What
    does the polling place do when the net connection or the server
    goes down. I believe the vendor must (underline that, must)
    offer detailed procedures for handling such problems.

I think there are solutions to these problems, but all the easy ones
seem insufficient, so I suspect that the basic model presented in the
white paper will be changed before it is acceptable.

Here is an insufficient solution: If the net is down, accept voter's
envelope and set it aside in a pile marked "voters' envelopes submitted
while net down." When the net comes up again, scan those envelopes and
process as normal.

Problem: The voter is no-longer present when the envelope is scanned.
As a result, if the voter submitted a ballot that was not acceptable
(its number wasn't acceptable to the on-line filtering system designed
to count only legitimate ballots and count them only once), the voter
doesn't find out that his ballot wasn't accepted. If the voter had been
present, he might have been required to fill out a form allowing
investigation of this invalidated ballot, and/or he might have been
directed to a voting booth to prepare a new ballot.

If you try to integrate this with direct generation of compatible
ballots in voting booths, you have an additional problem: What if the
net connection from the voting booth goes down. The polling place must
remain able to function, and to do this, the voting machines must be
able to generate valid ballots without a live net connection. How does
the ballot database know which of these are valid?

In sum, the online database used to determine which ballots are valid is
both a strength and weakness of this system.

                Doug Jones

OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Sat Apr 30 23:17:11 2005

This archive was generated by hypermail 2.1.8 : Sat Apr 30 2005 - 23:17:22 CDT