Re: Ballot disclosure and vote anonymity/coercion

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Sun Dec 14 2003 - 15:16:00 CST

"Douglas W. Jones" <jones@cs.uiowa.edu> wrote:
|way of signing your ballot, but there are several:
|1) Agree, before hand, that you will sign your ballot with a
| write-in vote for, say, Mortimer P. Fumbledung for County
|2) Agree, before hand, that you will sign your ballot with a
| specific series of votes on the judicial retention races,
|All you need is an insider in the vote counting center to notice
|your ballot.

True enough. But some security/integrity schemes--including the one I
proposed back in July (and since then)--involve universal disclosure of
the individual ballots (e.g. after polls close).

The burden for a coercer to infiltrate the counters/observers for a
traditional paper ballot race is higher than for a race where the XML
ballots are published on a website after the election.

I do not have a specific belief about the exact degree of these various
burdens. Nor about where enhanced verifiability is a worthwhile tradeoff
for increased risk of coercion. But in terms of the possibilities for
coercion, the order, at least, is:

 1. No individual ballots saved (e.g. lever machines)

 2. Individual ballots visible to election authorities only
     (voter's individual ballot is seen by her, but not others)

 3. Anonymized ballot set disclosed generally

 4. Individual reciept of votes given to voter

The Swiss style of "tear-off" ballots for individual races is very
interesting. It may well be possible to do the electronic equivalent of
this in publishing XML ballots. If so, we may be able to defeat the
coercers' insistence of a demanded vote on the same ballot as random
(but pre-assigned) votes (write-in, ranks, etc).

But I think that's stuff that should go into the "Security Working
Group" Wiki and discussion. I've only recently figured out this flaw in
my initial security proposal... so I've gained a measure of humility
about first guesses (not that I am now -opposed- to my earlier signing
suggestion, I just realize it involves trade-offs I had overlooked).

Yours, David...

--
 mertz@  _/_/_/_/ THIS MESSAGE WAS BROUGHT TO YOU BY: \_\_\_\_    n o
gnosis  _/_/             Postmodern Enterprises            \_\_
.cx    _/_/                                                 \_\_  d o
      _/_/_/ IN A WORLD W/O WALLS, THERE WOULD BE NO GATES \_\_\_ z e
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Wed Dec 31 23:17:11 2003

This archive was generated by hypermail 2.1.8 : Wed Dec 31 2003 - 23:17:19 CST