Re: Critical analysis of VoteHere

From: Edward Cherlin <edward_dot_cherlin_at_etssg_dot_com>
Date: Fri Dec 19 2003 - 17:32:16 CST

On Wednesday 17 December 2003 06:38 pm, Clay Lenhart wrote:
> On Sun, 2003-12-14 at 19:43, Arthur Keller wrote:
> > That's why we need to have an FAQ, as I have proposed, on
> > the differences between a voter-verified RECEIPT and a
> > voter-verified BALLOT. Even a receipt does NOT ensure that
> > the vote recorded in the computer is correct, and it does
> > not ensure the ability to do manual recounts. Only voter
> > verified BALLOTS do that. This is, in fact, a most
> > important lesson from our demo, a point we need to make loud
> > and clear. It is an important distinguishing factor between
> > us and DREs with printers. Unless the receipts are
> > themselves counted, the computer could print what the user
> > wanted and the user's ballot recorded on the computer could
> > still be wrong.
>
> I agree too, that receipts are not very useful.

Receipts make secret voting impossible, as discussed on another
thread recently.

> The
> verification *data* (the reciepts) is dispersed among millions
> of people. It would be difficult to prove that something
> might be wrong with the electronic copies to force a count of
> the real (paper) ballots since a group of lawyers would not
> have all the verification data in their hands to prove the
> electronic ballots are wrong. The receipts only give a warm
> and fuzzy feeling for voters,

Except those under some compulsion to prove how they voted.

> but do not prove that their
> ballot was counted -- just that their ballot is in a pool of
> ballots *claimed* to be counted correctly. It also does not
> detect if extra illegal electronic ballots are in the pool of
> ballots.
>
> It would be better to have all verification data accessible.
> To give an example, if the electronic ballots are signed with
> public/private keys, then the public keys, signatures and
> ballots would be available for anyone to download, verify the
> signatures, and count the ballots themselves*.
>
> Having voter-verified receipts is not bad, just less useful
> than verification schemes that can verify the *whole* process.
> If they can be included without conflicts, sure.
>
> -Clay
>
> * The simple pub/priv key scheme is not very good: it doesn't
> detect inserts or deletes, but you could add to the
> verification data a signed list of ballot numbers printed by
> the voting machine -- but then you have the paper jam issue
> where you will have signed ballot numbers but the ballots
> legitimately should not be in the count.

Sign a digest of the scanned and verified ballots. This has been
discussed in another thread.

-- 
Edward Cherlin, Simputer Evangelist
Encore Technologies (S) Pte. Ltd.
Computers for all of us
http://www.simputerland.com, http://cherlin.blogspot.com
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Wed Dec 31 23:17:15 2003

This archive was generated by hypermail 2.1.8 : Wed Dec 31 2003 - 23:17:19 CST