Re: FAQ # 25

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Mon Dec 15 2003 - 19:51:39 CST

> "it might help if we could compute the odds of a barcode error
> (writing or reading) could get through the ballot reconciliation
> procedure without throwing an error"

Well... the odds of this are certainly miniscule. At least if the
types of errors you are talking about are glitches in the individual
bars, whether bad postscript, or wrinkled paper, or other similar
things.

If we're talking about corruption of the "160 bit number" that encodes
the votes in the first place... well, it's not possible to put "odds"
on it the same way. If those bits get flipped in various ways, the
vote remains valid, and the barcode itself remains fine. But you can't
be mathematically precise about the probability that we made a
programming error; nor about the probability a hacker inserts malicious
code. Obviously, we can take steps to reduce the likelihood of these
dangers, but not in the mathematically exact sense of MD5/ECC
collisions or whatever.

> If people are concerned about barcodes being forged, or containing
> votes
> that aren't what the person voted, or containing additional
> information,
> that really has nothing to do with the barcodes (any opaque encoding
> technology would have those issues), or errors in writing or reading
> barcodes. I'd suggest therefore that we use a different term than
> "barcode
> error." How about "vote tampering"?

Indeed. That's what Doug doesn't like about barcodes: they are OPAQUE.
  Presumably, if the ballot consists of nothing other than plain words,
the whole thing is there for anyone to see. If it contains encoding
technology that is not directly obvious to voters, dangers come up--of
the sort I raised.

> OCR scanners cost more and the scan error rates are higher
> ...I'm also not sure if OCR's data density is high
> enough to encode a vote in a reasonable amount of space.

I don't think scan error rates are higher if we choose OCR-friendly
fonts off the bat. And especially not if we use trim marks to
precisely indicate the positions where fields occur. Kinda like what
the IRS does nowadays with computer-printed tax returns: they are 100%
human readable, but they just happen to choose particular fonts and
exact page positions for data fields.

As to space, this is a non-issue. If the ballot data can be encoded
for humans to read, an OCR can do the same thing. The only question is
the confidentiality thing. A blind voter doesn't want to expose the
face of her ballot to someone else, like to a poll worker. But quite
likely, a BVA booth with a curtain can answer that: The blind privately
feeds the whole page into a scanner, rather than merely scan the
exposed edge.

> - Read the barcode using any barcode reader. Barcodes are easily
> readable,
> requiring no special knowledge or expensive equipment. Unless the
> ballot
> data is encrypted, and not just signed, that would show that it
> contains the
> real votes, and no hidden personal data.

The barcode *IS* "obfuscated" in order not to produce easily visually
identifiable patterns. The obfuscation algorithm is quite simple, but
not so simple that people can do it in their heads. Moreover, even the
way that bits encodes votes, and binary converts to decimal, makes the
barcode non-evident to a voter... even one with a barcode reader.

> - Scan the ballots using a stand-alone OVC barcode reader and compare
> its
> display to the votes printed on the ballot. This wouldn't reveal hidden
> data, but would verify the votes as recorded in the barcode.

Yep. That's what I suggested before as a "spot check".

> - If you're really paranoid, download, read, and run your own copy of
> the
> OVC software, and re-scan your ballots to prove to yourself that the
> barcode
> matches the human readable printed values.

Free Software is a VERY good thing!

Btw. On the statistical tests: I wasn't really asking for clarification
of the details (not that providing them has any harm). The point is
just that working out confidences is *doable*, but not *self-evident*.

Yours, David...

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Wed Dec 31 23:17:13 2003

This archive was generated by hypermail 2.1.8 : Wed Dec 31 2003 - 23:17:19 CST