Re: Reel to reel vote storage

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Mon Aug 16 2004 - 20:25:10 CDT

David Jefferson raises some very interesting ideas here.

On Aug 16, 2004, at 9:03 PM, David Jefferson wrote:
> I have never seen a quantitative analysis of voter privacy...
> (The above analysis could be cast information theoretically as well,
> in terms of the number of bits of vote privacy you have and taking
> account of probabilistic knowledge one may have; but the above
> illustrates the essentials.)

This would be nice to flesh out a bit. I think it's probably possible
to say some quite precise things about the relative anonymity of
various systems. Obviously, subject to a variety of assumptions along
the way, but ones you can state. E.g. "If we assume each voter takes
between 1 and 15 minutes between the time they check in and the time
they select a voting machine... such-and-such degree of uncertainty is
added in the correlation of votes with voters (under a particular
machine/protocol design)."

With such details, it might be possible to say that Sequoia leaks N
bits of voter information, while OVC leaks "only" N-k bits.

But I don't have the formulas ready at this point. It takes some
thought first.

> We can quantify privacy by the uncertainty regarding which vote
> belongs to a particular person. In the days of paper voting, when
> there was only one ballot box per precinct and all ballots went into
> it, at the end of the day the most that could be known about one
> person's ballot was that it is one of the (say) 200 ballots cast in
> that precinct

Well, the old days were last month, here in Massachusetts; and will be
again be this November. But sheets of ballot paper are not perfectly
randomized when they're dropped into a box. They don't get neatly
stacked in exact sequential order. But you have a pretty good sense
that the ballots at the bottom of the pile were casts towards the
beginning of the day; and those on top were cast near the end.

Charlie's point was that even here in MA, you need to have the
elections workers carry out some shuffling procedures--and trust them
to do it. It's not -only- the technology of wooden boxes (which indeed
-are- pretty good technology). The MA system is basically the same as
the OVC system; the only difference is that computers help with marking
the ballots under OVC's design.

Along those lines (as Doug also points out), it's not absurd to imagine
a procedure under which election workers put a ballot roll into a
cutting machine after poll close. And even that they properly invert
the roll to avoid seeing the votes before the cuts are made. And so
on. Sure you have to trust someone; but you need to trust elections
workers (to a lesser extent) under OVC's design.

*Of course* OVC is still the best design floated. But it's better
quantitatively, not as a simple binary. Maybe figuring out exactly how
many "privacy bits" better it is would help our advocacy.

Yours, David...
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Tue Aug 31 23:17:13 2004

This archive was generated by hypermail 2.1.8 : Tue Aug 31 2004 - 23:17:23 CDT