Re: Ballot Validation and voting machine initializtion

From: David Jefferson <d_jefferson_at_yahoo_dot_com>
Date: Tue Dec 14 2004 - 10:41:55 CST

Just to chime in here, I am in agreement with Jim March. We have to
get rid of smart cards and stick to dumb ones I think. The potential
for introducing code from the smart card into the voting machine is
just too great.

  Worse, since the smart cards aren't keyed to any particular voting
machine (at least in Diebold's design), the can move from machine to
machine, spreading infection until the whole precinct has been tainted,
and if the code is in writable flash, then over a few elections, the
whole county's fleet of voting machines can be tainted.

Smart cards should be viewed as slow networking. Of course you can
firewall the machine from unwanted interactions with the smart card,
but why take the chance when a dumb card will do?

David

On Dec 14, 2004, at 8:28 AM, Edmund R. Kennedy wrote:

> Hello Kurt:
>  
> Hadn't thought of that!  Otherwise see my reply to Jim Marsh.  Got any
> suggestions?  This is a thorny issue. 
>  
> Thanks, Ed Kennedy
>  
> ------------
>
> dr-jekyll@att.net wrote:
> I have an innate suspicion of using a smart card that contains the
> voter ID.  It could be used to undermine the secret ballot.
> --
> Kurt
>
> This email sent using 100%
> recycled electrons.
>
>
> -------------- Original message from Jim March <jmarch@prodigy.net>:
> --------------
>
>
> > Ed Kennedy wrote:
> >
> > > Hello Ken:
> > >
> > > I have come to believe that we do need intelligent tokens to
> initiate
> > > voting machines (surprise Arthur!). The purpose of these tokens
> woud
> > > be several fold.
> > >
> > > The biggest issue is how does one initialize a voting machine for
> each
> > > voter. Diebold and I suspect others handled this by using an
> > > intelligent token that the voter inserted into the machine to
> start it
> > > up for each voter. I know we went round and round about that last
> > > winter and spring and came with at least 5 different methods that
> had
> > > issues around each one. Since I've been a poll worker I've
> changed my
> > > mind. > >
> > > To handle primary elections where voters must vote by party. They
> > > would declare their party preference to the poll worker at the
> index
> > > who would generate the proper token.
> >
> >
> > Ummm...couple comments here.
> >
> > In the voter registration data collected by the SecState's office,
> party
> > affiliation is listed. They can output Comma Separated Values data
> to
> > the county, which your system then imports.
> >
> > The volume of data is small enough that every voting machine can
> have
> > the whole set. That means there's really no problem at all with
> people
> > voting at ANY precinct(!) because once they identify themselves to
> the
> > system, it "knows" where they live and what party they are, and can
> > present the ballot accordingly.
> >
> > The only remaining issue is "how do they identify themselves"?
> >
> > Avante's answer is ! a si! xteen digit alphanumeric code for each
> voter.
> > They use th e first eight digits to ID the human, the next eight to
> ID
> > the ballot style used (I think two or three of those digits is a
> county
> > ID unique in the nation). This code is on a "dumb card" that's very
> > tough and flexible. Once ANY of the systems records a voter with
> that
> > number as having voted at a specific time, when the totals are all
> piled
> > up, any duplicates result in a flag and all subsequent after the
> first
> > get tossed...copying an ID card doesn't allow fraud.
> >
> > But...we should remember that Avante was using such cards to ID
> people
> > coming in and out of buildings and trade shows. Their voting system
> was
> > originally an attempt to find a new use for the cards . So they
> > were biased towards using said cards and hence we can't assume
> that's
> > the only way to skin this cat.
> >
> > However. They did pro! ve that a "dumb token" can be used to ID
> voters.
> > And ! in their scheme, inserting the card cannot insert extranous
> data or
> > program files. In the Diebold touchscreens, the "smart cards" have
> 128k
> > RAM on board of which only 4k - 8k is needed for "voter ID" - the
> rest
> > is full of God only knows what. I cannot recommend highly enough
> y'all
> > do NOT do like that, or you'll have me outside your office doors
> > protesting yer arses :).
> >
> > Jim
> > _______________________________________________
> > OVC discuss mailing lists
> > Send requests to subscribe or unsubscribe to
> arthur@openvotingconsortium.org
> _______________________________________________
> OVC discuss mailing lists
> Send requests to subscribe or unsubscribe to
> arthur@openvotingconsortium.org
>
>
> --
> 10777 Bendigo Cove
> San Diego, CA 92126-2510
>
> "We must all cultivate our g! ardens."
> Candide-Voltaire_______________________________________________
> OVC discuss mailing lists
> Send requests to subscribe or unsubscribe to
> arthur@openvotingconsortium.org

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Fri Dec 31 23:17:13 2004

This archive was generated by hypermail 2.1.8 : Fri Dec 31 2004 - 23:17:22 CST