Re: Ballot Validation and voting machine initializtion

From: Ken Pugh <kpughmisc_at_pughkilleen_dot_com>
Date: Tue Dec 14 2004 - 22:32:55 CST

Why go electronic at all? Why not issue a "VoterVerified" printed
document at registration, with the precinct number (and optional party)
printed on it. The document can be scanned in by a reader similar in size
to a business card scanner. The computer can then display the appropriate
ballot. The "VoterVerified" document will be pre-printed with an
election-unique pattern and the stock will be carefully controlled.

The document is "voter readable", so they can see that there is no
identifying information on it. The document is "computer readable", via
the scanner. No code will get introduced into the system. It's probably
a lot cheaper than creating smart or dumb cards.

If you want to tie the "VoterVerified" document into the registration
system, then a printer at the registration desk can print the precinct
number/party when the voter signs in.

I would be very leery of any document that had a unique id on it that I
used to cast my ballot. And I would be extremely leery of an electronic
object that I could not tell what was on it.

Does anyone know how the privacy of absentee ballots, provisional ballots,
or the Oregon mail-in ballots is maintained? I presume that these are all
double-enveloped with the outer envelope providing identity information and
the inner envelope providing privacy of the vote.

If a similar "blind" system was instituted for regular voting, then having
a unique id is less onerous. For example, I might seal my ballot/receipt
in an envelope. It would be placed in an envelope that was marked with my
voter ID, my signature, and perhaps a poll worker signature that verified
my ID. The ballots/receipts would be placed in a lock box. The unique
ID's could be matched against the voter sign-in. Those that matched would
be opened and the inner envelopes placed in another container. Then those
ballots could be opened and counted.

This just raised another question in my mind. Consider an electronic
system that keeps the individual ballots for later printout. Does the
printout have identifying information (e.g. time that the ballot was cast
or a sequence number)? When I sign-in, I get a piece of paper that has I
believe has both my precinct number as well as voter count for that
precinct. I then turn in that piece of paper to get my actual ballot. Is
that voter count recorded on the sign-in sheet or is it just used a ballot
give-out check? If it's recorded, then there is a possibility that it
could be matched against the sequence number on the printout. Or if
someone was recording voter entrance into a voting place, then the
time-of-day could provide a possible match-up.

At 11:41 AM 12/14/2004, you wrote:

>Just to chime in here, I am in agreement with Jim March. We have to get
>rid of smart cards and stick to dumb ones I think. The potential for
>introducing code from the smart card into the voting machine is just too
>great.
>
>Worse, since the smart cards aren't keyed to any particular voting machine
>(at least in Diebold's design), the can move from machine to machine,
>spreading infection until the whole precinct has been tainted, and if the
>code is in writable flash, then over a few elections, the whole county's
>fleet of voting machines can be tainted.
>
>Smart cards should be viewed as slow networking. Of course you can
>firewall the machine from unwanted interactions with the smart card, but
>why take the chance when a dumb card will do?
>
>David
>
>
>On Dec 14, 2004, at 8:28 AM, Edmund R. Kennedy wrote:
>
>>Hello Kurt:
>>
>>Hadn't thought of that! Otherwise see my reply to Jim Marsh. Got any
>>suggestions? This is a thorny issue.
>>
>>Thanks, Ed Kennedy
>>
>>------------
>>
>>dr-jekyll@att.net wrote:
>>I have an innate suspicion of using a smart card that contains the voter
>>ID. It could be used to undermine the secret ballot.
>>--
>>Kurt
>>
>>This email sent using 100%
>>recycled electrons.
>>
>>
>>-------------- Original message from Jim March <jmarch@prodigy.net>:
>>--------------
>>
>>
>> > Ed Kennedy wrote:
>> >
>> > > Hello Ken:
>> > >
>> > > I have come to believe that we do need intelligent tokens to initiate
>> > > voting machines (surprise Arthur!). The purpose of these tokens woud
>> > > be several fold.
>> > >
>> > > The biggest issue is how does one initialize a voting machine for each
>> > > voter. Diebold and I suspect others handled this by using an
>> > > intelligent token that the voter inserted into the machine to start it
>> > > up for each voter. I know we went round and round about that last
>> > > winter and spring and came with at least 5 different methods that had
>> > > issues around each one. Since I've been a poll worker I've changed my
>> > > mind. > >
>> > > To handle primary elections where voters must vote by party. They
>> > > would declare their party preference to the poll worker at the index
>> > > who would generate the proper token.
>> >
>> >
>> > Ummm...couple comments here.
>> >
>> > In the voter registration data collected by the SecState's office, party
>> > affiliation is listed. They can output Comma Separated Values data to
>> > the county, which your system then imports.
>> >
>> > The volume of data is small enough that every voting machine can have
>> > the whole set. That means there's really no problem at all with people
>> > voting at ANY precinct(!) because once they identify themselves to the
>> > system, it "knows" where they live and what party they are, and can
>> > present the ballot accordingly.
>> >
>> > The only remaining issue is "how do they identify themselves"?
>> >
>> > Avante's answer is ! a si! xteen digit alphanumeric code for each voter.
>> > They use th e first eight digits to ID the human, the next eight to ID
>> > the ballot style used (I think two or three of those digits is a county
>> > ID unique in the nation). This code is on a "dumb card" that's very
>> > tough and flexible. Once ANY of the systems records a voter with that
>> > number as having voted at a specific time, when the totals are all piled
>> > up, any duplicates result in a flag and all subsequent after the first
>> > get tossed...copying an ID card doesn't allow fraud.
>> >
>> > But...we should remember that Avante was using such cards to ID people
>> > coming in and out of buildings and trade shows. Their voting system was
>> > originally an attempt to find a new use for the cards . So they
>> > were biased towards using said cards and hence we can't assume that's
>> > the only way to skin this cat.
>> >
>> > However. They did pro! ve that a "dumb token" can be used to ID voters.
>> > And ! in their scheme, inserting the card cannot insert extranous data or
>> > program files. In the Diebold touchscreens, the "smart cards" have 128k
>> > RAM on board of which only 4k - 8k is needed for "voter ID" - the rest
>> > is full of God only knows what. I cannot recommend highly enough y'all
>> > do NOT do like that, or you'll have me outside your office doors
>> > protesting yer arses :).
>> >
>> > Jim
>> > _______________________________________________
>> > OVC discuss mailing lists
>> > Send requests to subscribe or unsubscribe to
>> arthur@openvotingconsortium.org
>>_______________________________________________
>>OVC discuss mailing lists
>>Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
>>
>>
>>--
>>10777 Bendigo Cove
>>San Diego, CA 92126-2510
>>
>>"We must all cultivate our g! ardens."
>>Candide-Voltaire_______________________________________________
>>OVC discuss mailing lists
>>Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
><br>
><div>_______________________________________________</div>
><div>OVC discuss mailing lists</div>
>Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
></blockquote></x-html>

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Fri Dec 31 23:17:14 2004

This archive was generated by hypermail 2.1.8 : Fri Dec 31 2004 - 23:17:22 CST