Re: WHAT THE DEMO WILL DEMONSTRATE -- V.001

From: Douglas W. Jones <jones_at_cs_dot_uiowa_dot_edu>
Date: Sun Aug 24 2003 - 14:15:59 CDT

On Sunday, August 24, 2003, at 10:11 AM, Matt Shomphe wrote:

> 13. WRITE-IN VOTING WITH ELECTRONIC SYSTEM
>
> Selecting "Write-in" will bring up an on-screen typewriter. A QWERTY
> layout
> will appear on the top half of the screen (three rows plus space bar
> below).
> Under the space bar, we'll have two (or three rows) of letters arranged
> alphabetically.
>
> Why will there be both a QWERTY layout and an alphabetical layout?

And what about multilingual ballots? Not that any other voting systems
do this well, but how do you give full support to Arabic, Chinese, Greek,
Hebrew, Russian, Thai and other non-western alphabets for write-in races.
The law, as it stands, is fairly loose about this -- basically, the issue
hasn't been thought through. If the law really insists on giving equal
treatment to voters, no matter what language they are literate in, then
all current systems are insufficient.

> (3) Using commodity printers: I have nightmares about printer jams,
> etc. I don't see any way around it, but it's just something to be
> aware of.

Dechert and I differ about the cost of commodity systems. I believe that
advocates of commodity-machines in voting applications have overlooked
several important hidden costs. Dechert and I agree that a good economic
analysis is needed, and that, pending this analysis, there's no harm done
by keeping the commodity option open.

There are commodity printers that are awful, when it comes to
reliability,
and there are others that run unattended and poorly maintained for ages
without problems (the old Apple Imagewriter II comes to mind, but all
those
receipt printers in ATMs are darned solid printers also).

> (4) Security. I'm no security expert, but I think we need to assume
> that the system is hackable. Maybe it's beyond the scope of this
> project, but perhaps we should consider defining how to detect hacks.

The demo prototype is almost certain to be hackable. Any production
voting system should exhibit security in depth:

   Polling place and county office building procedures should
     stand in the way of most hacks.

   Auditability based on physical records should stand in the
     way of most hacks.

   The computer system itself should be secure enough to stand
     in the way of most hacks.

Having committed to security in depth, each layer, in itself, should
suffice, but if that layer fails (and in the security field, we assume
that failures are unavoidable), the composite system remains resiliant.

                        Doug Jones
                        jones@cs.uiowa.edu
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sun Aug 31 23:17:15 2003

This archive was generated by hypermail 2.1.8 : Sun Aug 31 2003 - 23:17:18 CDT