Re: Critical analysis of VoteHere

From: Clay Lenhart <clay_at_lenharts_dot_net>
Date: Sat Dec 20 2003 - 00:11:43 CST

On Fri, 2003-12-19 at 22:11, Alan Dechert wrote:
> David,
>
> > I get the feeling that we are looking for reasons to dislike
> > it, instead of looking at the contribution it makes.
> >
> Personally, I'm not much interested in VoteHere. We have two main things
> we're pursuing with the voting-project list.
>
> 1) Demo software development for the OVC system
>
> 2) Production software development for the OVC system.
>
> VoteHere technology has absolutely nothing to do with our demo software.
> This is of immediate concern since we are trying to get something ready for
> early January. I don't want to go off on to tangents, or other things that
> distract from this goal (I realize you didn't bring it up. charlie did!)

I think it would be more productive to point out the pros and cons of
various systems. Comments like these censor the discussion in attempt
to avoid defending an idea.

>
> Secondly, it has very very little to do with our production system. It is a
> different system. It has pros and cons for sure. But the OVC is largely
> about how to deliver our voting technology to election boards. This has
> nothing to do with specifics about VoteHere technology.

We shouldn't dismiss ideas without thought, especially when it has an
underlying tone of "If it's not my idea, it is not acceptable." We will
produce better software if we abandon our egos.

> Our system is very simple: You go to the computer and print your ballot.
> If it's the way you want it, you take it to the ballot box and put it in. I
> rate VoteHere somewhere along with Chaum's proposal. Would your Aunt Edna
> take comfort regarding "the production of a formal, cryptographic-based,
> mathematical proof that no ballots have been lost, forged, or added
> incorrectly, a concept that has no analog in the paper world."? The Uber
> Geek Society might do well with this system for voting for officers. I
> don't think it meets the Aunt Edna test for public elections.

I am going to say it. I'm getting the impression that the off-list
security wiki is a ploy to avoid discussing these issues. Clearly these
things are finalized in Alan's eyes. (I hope I am wrong. Please let me
know otherwise.)

With the idea that these things are not finalized, I'll start with the
pros and cons of Alan's proposed system.

Pros:
* Easy for party officials to understand what needs to be protected
(paper ballots and CDs).
* Party officials understand *well* the procedures to protect paper
ballots. This knowlegdge is useful for protecting CDs.

Cons:
* Comparing paper ballots, CDs, and pub/priv key signatures: CDs take
less time to verify the electronic copy than paper ballots, but take
longer than pub/priv key signatures, b/c with CDs, you have to
physically move them to a location.
* CDs would not allow anyone to verify an election, while pub/priv keys
signatures have that opportunity. Allowing non-partisan individuals,
activists, and journalists verify the elections will lead to a safer
election.

-Clay
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Wed Dec 31 23:17:15 2003

This archive was generated by hypermail 2.1.8 : Wed Dec 31 2003 - 23:17:19 CST