Re: Critical analysis of VoteHere

From: Alan Dechert <alan_at_openvotingconsortium_dot_org>
Date: Sat Dec 20 2003 - 13:14:10 CST

Clay,

> I think it would be more productive to point out the pros and cons of
> various systems. Comments like these censor the discussion in attempt
> to avoid defending an idea.
>
"Censor" is a bit harsh. I'm trying to focus discussion on core OVC goals.
One of the main goals is to get a demo done. I understand and appreciate
the desire to jump ahead and talk about issues for the production system.
But I don't want to do that at the expense of the demo. Does this make
sense to you, Clay?

> > Secondly, it has very very little to do with our production system. It
is a
> > different system. It has pros and cons for sure. But the OVC is
largely
> > about how to deliver our voting technology to election boards. This has
> > nothing to do with specifics about VoteHere technology.
>
> We shouldn't dismiss ideas without thought, especially when it has an
> underlying tone of "If it's not my idea, it is not acceptable."
>
Something you may have missed, Clay. The OVC idea developed over a long
period of time (over three years now). Some issues you are hearing about
for the first time are things considered at length by our team long ago --
long before OVC incorporation, long before our NSF proposal, long before
CITRIS, long before our other proposals. Your charge about dismissing ideas
without thought is extremely presumptuous.

> We will produce better software if we abandon our egos.
>
Maybe. But the OVC will promote the OVC way. Does this surprise you? Even
if we truly believed another technology was equal to ours, we would still
promote ours over the others. However, after spending years developing the
project, I don't think anyone has anything close to our project. The OVC
represents a technology that is superior to all other voting systems --
proposed or in use. The overall concept of the OVC is vastly more
comprehensive than any other voting reform idea.

> > Our system is very simple: You go to the computer and print your
ballot.
> > If it's the way you want it, you take it to the ballot box and put it
in. I
> > rate VoteHere somewhere along with Chaum's proposal. Would your Aunt
Edna
> > take comfort regarding "the production of a formal, cryptographic-based,
> > mathematical proof that no ballots have been lost, forged, or added
> > incorrectly, a concept that has no analog in the paper world."? The
Uber
> > Geek Society might do well with this system for voting for officers. I
> > don't think it meets the Aunt Edna test for public elections.
>
> I am going to say it. I'm getting the impression that the off-list
> security wiki is a ploy to avoid discussing these issues. Clearly these
> things are finalized in Alan's eyes. (I hope I am wrong. Please let me
> know otherwise.)
>
Feel free to say it, but it doesn't make it so. Your charge here is
preposterous. The off-list security discussion is aimed at developing a
comprehensive threat analysis. This is a large project that Amit has taken
on. Formerly, the threat analysis was part of proposals for which we were
seeking funding. One of the large-scale changes in this project is that we
used to work on describing what we planned to do, and then we tried to get
people to give us money to do the work. Now we're just plowing ahead and
doing the work figuring the money will be there when we need it.

> With the idea that these things are not finalized, I'll start with the
> pros and cons of Alan's proposed system.
>
> Pros:
> * Easy for party officials to understand what needs to be protected
> (paper ballots and CDs).
> * Party officials understand *well* the procedures to protect paper
> ballots. This knowlegdge is useful for protecting CDs.
>
> Cons:
> * Comparing paper ballots, CDs, and pub/priv key signatures: CDs take
> less time to verify the electronic copy than paper ballots, but take
> longer than pub/priv key signatures, b/c with CDs, you have to
> physically move them to a location.
> * CDs would not allow anyone to verify an election, while pub/priv keys
> signatures have that opportunity. Allowing non-partisan individuals,
> activists, and journalists verify the elections will lead to a safer
> election.
>
Your analysis is extremely weak. You've set up a false dilemma between the
"valid" (in your mine) security measures (e.g., pub/priv key signatures)
and "invalid" ones (e.g., CDs and paper ballots). What has been repeatedly
stressed by all the experts is that we should have multiple and redundant
secuity measures.

You have shown very little understanding or appreciation of the OVC idea.
Your contribution to the discussion of the production system is mostly noise
(once in a while you say something good). Your contribution to the demo
project is absolutely nil.

You should take a moment to consider whether or not you want to help the OVC
idea. Perhaps you'd like to work on and promote some other idea -- if so
maybe you should figure out where that idea exists and go there.

Alan D.

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Wed Dec 31 23:17:16 2003

This archive was generated by hypermail 2.1.8 : Wed Dec 31 2003 - 23:17:19 CST