Re: FAQ # 25

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Tue Dec 16 2003 - 12:20:37 CST

> Makes sense. Is there a spec somewhere for how the vote is encoded
> into the barcode?

I think Alan produced a pretty good description on the list.
Basically, each bubble on the ballot is represented by one bit (this is
not maximally concise, of course). Then that 116-bit number is
converted to a 40-digit decimal number (I guess that's how the size
works out). Then the decimal number is masked, digit-by-digit, by
repeated copies of the ballot-id. Then the masked number is encoded as
a barcode. This is just enough to make sure that, e.g. a certain Prez
vote doesn't look the same way on every ballot.

But this system is just for the demo. Production, at the least, would
have a different initial binary length. And quite possibly we'll go
with a whole different system.

> If the argument is to print OCR, we'll have to also remove the
> obfuscation, and print the data in a human readable format, not packed
> binary, etc. So of course, that blows up the logic behind trying to
> avoid easily identifiable patterns.

The reason for the obfuscation is ONLY because the barcode will be
exposed when the ballot is in the "security envelope". If you get rid
of the barcode, but put the whole ballot in an envelope (while walking
to the BVA station), the ballot is equally well protected from the
glance of a poll worker.

If the barcode itself were physically obscured, there would be no
reason for the mathematical obfuscation we use. But at least for the
demo, we (Alan) felt that a trimmed envelope with exposed barcode was
the best usability model for blind voters. Conceivably, however,
something like a paper flap could serve the same purpose.

The obfuscation is certainly not intended as "encryption." The threat
model is simply the stray eyes of poll workers who might see many
exposed edges during a day (including their own ballot). It would be
easy for them to unconsciously start to recognize the barcode for e.g.
"GW Bush" (especially if Prez came first, or last, in the encoding)

Yours, David...
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Wed Dec 31 23:17:13 2003

This archive was generated by hypermail 2.1.8 : Wed Dec 31 2003 - 23:17:19 CST