Re: beyond open-source: open-audit elections

From: Richard C. Johnson <dick_at_iwwco_dot_com>
Date: Tue Dec 12 2006 - 09:48:02 CST

I'm with Charlie! Cryptography can be fun, and it is needed in certain applications, but Charlie has it right as to tracing individual ballots. The security of the overall election process, the ability to insure that all valid votes are counted, and freedom from the traditional corruption of vote buying, ballot box stuffing (and losing!), and fudging the count are the highest priorities. Even technical poll watchers cannot generally read and understand zeros and ones; crypto invariably means a loss of transparency.

-- Dick

Charlie Strauss <> wrote: Hello Ben,

I'm charlie strauss, I'm not a luddite nor do I hate crypto. Indeed
one of the earliest scientific codes I wrote on my own (in highschool
no less) was an implementation of the RSA algorithm when it first
came out in the 70's.

That said I pretty much oppose all crypto in voting systems. I have
three main reasons for this that are very general.

1) Won't work. I've never actually seen one that worked as claimed
and did not open up far worse problems like secret ballot
destruction, vote selling or other unintended problems, usually
contrary to the stated goals. A good example of this would be Ron
Rivest's triple ballot. The Triple ballot is probably the single best
implementation of crypto going because it avoids the achiles heel
that all others, like Vote Here and chaum, fall prey too--Key
control. If the keys are ever discovered or leaked then ballot
secrect is toast. The triple ballot is genius tries to destroy the
keys yet allow the vote totals to be recoverable. However as I amply
showed previously (see for example Ed Felton's discussions on the
holes I pointed out) it also fails to meet any of its objectives.
Every one I have studied fails. ( I have not yet looked in detail at
punchscan or vote-a-porter, but unless they solved the key
destruction problem they will fail too)

2) No transparency. Even if it did work, and was inviable, this is
not self evident to joe voter. This lack of self evidence means two
things first it means Joe voter's ignorance can be used to intimidate
him. (e.g. tell immigrants you will be able to see how they
voted). Second, in the event of an audit, no one really believes
your black box results.

3) Set's up false desiderata that foreclose more important
desiderata. Almost every accolyte of the crypto way seems to think
that the be-all-end-all of voting is that the voter has some
fictional right to be able to phone city hall and find out if their
very own ballot was counted as cast. Wrong. All they have is the
right to help assure that everyone's ballot was counted. It's not
the same because the former implies a need for tracability of
individual ballots not the lesser requirement of tracability in
aggregate. The up shot is that to get individual traceabilty you
have to give up a lot of much more important desiderata. Like
transparency, like assurances against vote selling and the secret
ballot. And most importantly, it forecloses so many simple secure and
robustly distributed ways to count ballots and moves us to complex,
centralized, single-point-of-failure prone, ways to count ballots.
You can't use hand marked paper--well rivest almost pulled it off
which is to his great credit-- and you can't use simple things like
OVC which produces simple machine marked ballots with simple
barcodes. You usually can't count locally at the precint (Rivest's
method did preserve this) if there are key-control issues.

So I don't mind being proven wrong so please fire away.. But I will
not accept individually provable counted-as-cast as a starting point
of being a requirement for secure elections. It's putting the cart
before the horse.


On Dec 10, 2006, at 5:56 PM, Ben Adida wrote:

> Hi all,
> Alan Dechter asked me to participate in this discussion, and I
> thought I
> would begin by introducing myself. My name is Ben Adida, I'm a
> postdoctoral fellow at Harvard. I received my PhD in computer science
> from MIT, where I worked with Ronald Rivest on secure voting.
> A topic of significant interest in recent years is open-audit voting,
> which has typically been called "cryptographic voting," though that
> latter term identified the means rather than the ends. I prefer the
> term
> "open-audit voting." These protocols achieve true auditing by any
> observer of the entire voting process, from casting to counting.
> Proposals like VoteHere's MarkPledge, David Chaum's Punchscan, Peter
> Ryan's Pret-a-Voter, Josh Benaloh's simple verifiable voting, and a
> few
> others (including work I've done), achieve this level of auditing. Any
> organization or individual can directly verify the election, much like
> the auditing that was done in the early days of our democracy when all
> votes were "show of hands." Except, of course, with the added
> benefit of
> the secret ballot (which show-of-hands elections obviously don't
> have.)
> For those who haven't seen these proposals, they're extremely
> powerful:
> the level of public auditability is far greater than current systems,
> with or without a paper trail. In addition, the elections run with
> open-audit technology remain software-independent, as per the TGDC's
> latest requirement: you don't need to trust any piece of software.
> So why the lecture? Because I'm interested in finding out whether
> folks
> working with the Open Voting Consortium are interested in exploring
> open-audit solutions. What are people's thoughts?
> (I'm happy to provide in-depth explanations if there's interest, I
> just
> want to gauge interest first. For those who want to dig in
> immediately,
> here's a pretty good overview:
> )
> -Ben Adida
> _______________________________________________
> OVC-discuss mailing list

OVC-discuss mailing list

OVC-discuss mailing list

= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Sun Dec 31 23:17:10 2006

This archive was generated by hypermail 2.1.8 : Sun Dec 31 2006 - 23:17:16 CST