Re: beyond open-source: open-audit elections

From: Teresa Hommel <tahommel_at_earthlink_dot_net>
Date: Tue Dec 12 2006 - 08:20:08 CST

FYI to all,

Luddites were early trade unionists. They broke into the factories where
the new automated looms were used, where each loom was owned by a
different owner, and smashed the ones owned by men who would not pay the
current guild wage. They said that if loom owners could pay less than a
living wage, that they would create a poverty class with attendant
unhealthy long hours required to work in the factories, ill health, and
other side effects of poverty -- all of which came true in the abusive
factories in the late 1800s. They were led by a man known as King Ludd.
At one time more English soldiers were chasing the Luddites than
fighting the French during the war between England and France. Because
the factory and loom owners prevailed, they wrote the history of this
economic struggle, and reframed it as not about people's right to a
living wage and economic dignity but as merely being about the Luddites
fear of new technology.

Teresa Hommel

 Charlie Strauss wrote:

>Hello Ben,
>I'm charlie strauss, I'm not a luddite nor do I hate crypto. Indeed
>one of the earliest scientific codes I wrote on my own (in highschool
>no less) was an implementation of the RSA algorithm when it first
>came out in the 70's.
>That said I pretty much oppose all crypto in voting systems. I have
>three main reasons for this that are very general.
>1) Won't work. I've never actually seen one that worked as claimed
>and did not open up far worse problems like secret ballot
>destruction, vote selling or other unintended problems, usually
>contrary to the stated goals. A good example of this would be Ron
>Rivest's triple ballot. The Triple ballot is probably the single best
>implementation of crypto going because it avoids the achiles heel
>that all others, like Vote Here and chaum, fall prey too--Key
>control. If the keys are ever discovered or leaked then ballot
>secrect is toast. The triple ballot is genius tries to destroy the
>keys yet allow the vote totals to be recoverable. However as I amply
>showed previously (see for example Ed Felton's discussions on the
>holes I pointed out) it also fails to meet any of its objectives.
>Every one I have studied fails. ( I have not yet looked in detail at
>punchscan or vote-a-porter, but unless they solved the key
>destruction problem they will fail too)
>2) No transparency. Even if it did work, and was inviable, this is
>not self evident to joe voter. This lack of self evidence means two
>things first it means Joe voter's ignorance can be used to intimidate
>him. (e.g. tell immigrants you will be able to see how they
>voted). Second, in the event of an audit, no one really believes
>your black box results.
>3) Set's up false desiderata that foreclose more important
>desiderata. Almost every accolyte of the crypto way seems to think
>that the be-all-end-all of voting is that the voter has some
>fictional right to be able to phone city hall and find out if their
>very own ballot was counted as cast. Wrong. All they have is the
>right to help assure that everyone's ballot was counted. It's not
>the same because the former implies a need for tracability of
>individual ballots not the lesser requirement of tracability in
>aggregate. The up shot is that to get individual traceabilty you
>have to give up a lot of much more important desiderata. Like
>transparency, like assurances against vote selling and the secret
>ballot. And most importantly, it forecloses so many simple secure and
>robustly distributed ways to count ballots and moves us to complex,
>centralized, single-point-of-failure prone, ways to count ballots.
>You can't use hand marked paper--well rivest almost pulled it off
>which is to his great credit-- and you can't use simple things like
>OVC which produces simple machine marked ballots with simple
>barcodes. You usually can't count locally at the precint (Rivest's
>method did preserve this) if there are key-control issues.
>So I don't mind being proven wrong so please fire away.. But I will
>not accept individually provable counted-as-cast as a starting point
>of being a requirement for secure elections. It's putting the cart
>before the horse.
>On Dec 10, 2006, at 5:56 PM, Ben Adida wrote:
>>Hi all,
>>Alan Dechter asked me to participate in this discussion, and I
>>thought I
>>would begin by introducing myself. My name is Ben Adida, I'm a
>>postdoctoral fellow at Harvard. I received my PhD in computer science
>>from MIT, where I worked with Ronald Rivest on secure voting.
>>A topic of significant interest in recent years is open-audit voting,
>>which has typically been called "cryptographic voting," though that
>>latter term identified the means rather than the ends. I prefer the
>>"open-audit voting." These protocols achieve true auditing by any
>>observer of the entire voting process, from casting to counting.
>>Proposals like VoteHere's MarkPledge, David Chaum's Punchscan, Peter
>>Ryan's Pret-a-Voter, Josh Benaloh's simple verifiable voting, and a
>>others (including work I've done), achieve this level of auditing. Any
>>organization or individual can directly verify the election, much like
>>the auditing that was done in the early days of our democracy when all
>>votes were "show of hands." Except, of course, with the added
>>benefit of
>>the secret ballot (which show-of-hands elections obviously don't
>>For those who haven't seen these proposals, they're extremely
>>the level of public auditability is far greater than current systems,
>>with or without a paper trail. In addition, the elections run with
>>open-audit technology remain software-independent, as per the TGDC's
>>latest requirement: you don't need to trust any piece of software.
>>So why the lecture? Because I'm interested in finding out whether
>>working with the Open Voting Consortium are interested in exploring
>>open-audit solutions. What are people's thoughts?
>>(I'm happy to provide in-depth explanations if there's interest, I
>>want to gauge interest first. For those who want to dig in
>>here's a pretty good overview:
>>-Ben Adida
>>OVC-discuss mailing list
>OVC-discuss mailing list

OVC-discuss mailing list

= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Sun Dec 31 23:17:10 2006

This archive was generated by hypermail 2.1.8 : Sun Dec 31 2006 - 23:17:16 CST