Re: open-audit elections

From: Kathy Dopp <kathy_dot_dopp_at_gmail_dot_com>
Date: Tue Dec 12 2006 - 21:19:29 CST


I see some logic errors in your statements... which I shall address
one at a time below.

> Date: Tue, 12 Dec 2006 13:06:42 -0500
> From: Ben Adida <>
> Subject: Re: [OVC-discuss] open-audit elections
> Let's start with the one aspect that is the least well understood:
> transparency.

> I disagree with the way you're using the terms "transparency" and "black
> box." We shouldn't confuse complexity with lack of transparency. (We
> shouldn't ignore complexity, of course, but let's call it by its name.)

To the average voter "complexity = lack of transparency".

If the system is too complex for the average voter to comprehend, then
the system is not transparent to the average voter who lacks the
education, training, and skills to verify that the counts are
accurate. That means that the average voter will have to trust
experts to inform him.

> Point #1: Current elections, even if they were to use open-source
> software, lack transparency.
> In Boston, optically scanned ballots are transported by police officers
> from the precincts to City Hall, where they're counted in a
> high-security area called "The War Room." Even with party observers in
> the War Room, there's an obvious lack of transparency: everyday citizens
> can't audit the process. It doesn't matter how hard you try, or how much
> you learn, or how involved you try to be, the election is simply not
> available for you to audit.

It does not follow from the current insufficient transparency of our
elections systems that we should accept this lack of transparency in
the future.

In fact, many of us are proposing an end to this lack of transparency.
 See this set of recommendations:

It also does not follow from the current lack of ability of citizens
to audit the process or to transparently verify the process, that we
should accept this lack of ability of the average citizen to
transparently verify the correctness of election results if they chose
to do so.

In fact, some of us are proposing that transparent, sufficient,
verifiable, scientific manual audits of machine vote counts be
conducted to enable the average citizen who choses to, to verify the
accuracy of election outcomes. See this paper:

> I don't think open-source would change that aspect (though it would
> improve the front end of the process.)

Please correct me if I'm wrong, but as I see it, in order for your
cryptographic system to be verifiably correct by the technically able,
it would require that:

1. all its software be open source, and

2. all its ballots be publicly posted for download by anyone who
wanted to download them, and

3. anyone who downloaded all the ballots in your system, allow voters
to verify that their ballots had been cast correctly, and

4. voters participated in verifying the ballots were cast correctly on
all these satellite systems,

because otherwise:

1. every single voter could verify their own ballots and the counts
could still be tallied incorrectly, and

2. separate sets of ballots could be offered to those counting
ballots, as opposed to those verifying ballots

Do you agree that your system, to be transparent to the technically
able, needs to be open source, or at least publicly disclosed?

> Transparency means that you can see how it works, even if that requires
> some complexity. (Again, I'm not dismissing complexity, I'm just calling
> it by its name.)

I think that your definition of "transparency" is highly unlikely to
be agreed to by ordinary nontechnical citizens.

In our proposals, we define

Transparent: means that an average non-technical citizen can observe
and fully understand the procedures, well enough to determine if they
are being done honestly and properly

> Point #2: Self-evidence is not always a good yardstick.
> There's a huge push in the US to move towards mail-in ballots. Mail-in
> ballots are inherently coercible, with significant anecdotal evidence of
> nursing-home coercion, implicit spousal coercion, and even union or
> place-of-worship "ballot-filling-out parties."
> So, the importance of the secret-ballot is not self-evident to voters,
> even after 115 years of secret-ballot elections in the US. Yet most
> people agree that the secret-ballot is a good thing for the system as a
> whole.

I agree with your analysis re. secret-ballot and mail-in ballots.

> Optical-scanning is also not self-evident. It's not obvious to folks
> that improperly calibrated scanners, improperly filled-in ovals,
> wrong-color markers, or a dozen other issues could result in the loss of
> their vote. How the scanner works is not self-evident by any means.

Yes. True. However, it does not follow that the audits should be too
complex to be self-evident to ordinary citizens. It also does not
follow that optical scan paper ballots are not self-evident themselves
when counted manually. It also does not follow that we should
continue accepting an antiquated election system of unaudited machine
counts. It also does not follow that we should accept the current
lack of "self-evidence" as the norm.

Or perhaps I should just say "So what's your point?"

As you know, opscan paper ballots can be manual counted and that is
self-evident and that is what we are recommending - transparent,
manual, verifiable (by ordinary citizens) counts of optical scan paper
ballots sufficient to verify with at least 95% probability that the
election outcome is correct. Please see:

> Then take typical DREs (without paper or crypto trail.) They are
> *really* simple to use. When they don't fail, voters love them. But we
> know how opaque they actually are. So self-evidence again fails us here.

Yes, so what's your point? Are you saying that because we have a bad
system now (with both optical scan and DRE voting systems), that we
should accept keeping a certain amount of opaqueness in our election

> Point #3: Open-Audit means *anyone* can audit: it means you pick whom
> you trust. It's the exact opposite of a black box.

Don't you mean "anyone" with the technical capacity can audit; and
that anyone without the technical capacity should "trust" those who do
have the technical capacities to do it for them?

> I don't expect that most voters will audit the tally themselves. But the
> point is, in an open-audit system, they *could*. More importantly, they
> could easily call up the organization of their choice: ACLU, LOWV,
> Democrats, Republicans, NRA, Family Research Council, etc... and ask
> that organization: "how did things go?" In an open-audit election, any
> such organization, *even if they have no privileged access to election
> officials*, can perform the audit on their own, using only published
> data about the election.

I think you are leaving out the fact that any such organization, if
they wanted to "audit" the results would need to:

1. hire technical people

2. have Internet connected servers or rent space on such servers

3. have access to all your program code

4. set up systems for voters to verify the pile of ballots that they
had on their servers

And further, that:

1. mathematically sufficient numbers of voters would have to verify
their own ballots on each of these satelite systems set up by these
organizations that wanted to "audit" the results, and

2. their technical people would have to verify your code, or write
their own, or download some open source code

3. this entire system is dependent on things like power supplies,
Internet access, etc.

It hardly seems like an economical way to do something that only
occurs perhaps once a year in each state.

> With an open-source voting system, you can look under the hood of a
> piece of election software. Things look simple, but when it comes time
> to run the election, you have to trust that what you audited is still
> running, unchanged, and that the chain of custody of ballots remains
> un-compromised after casting.

If what is audited is the paper ballots, I don't see how paper ballots
are "still running".

You are right that chain of custody, good election procedures,
detailed record keeping, ballot reconcilation, and public access to
all election records is necessary, I agree. There are many ways to
tamper with paper ballots - stuffing, absconding, substitution, and
tampering - and all of them occur with regularity today in America,
which is why a mixed system of electronic and hand counts can probably
detect and prevent the most types of vote miscount and fraud.

> With an open-audit voting system, you can look under the hood of the
> *actual* election you're running, while it's running, all the way
> through to the tally. It may be a bit complex under there, but you get
> to pick your trusted mechanic who's going to tell you if it looks okay.
> (Or you can learn how to be a mechanic and do it yourself.)

Recent polls have shown that most voters would probably not be willing
to "trust a mechanic" to tell them that their votes were counted
correctly, nor do I see why any voting system makes sense that is
susceptible to disenfranchising voters in the case of power outages,
electronic failures, programming errors, ballot definition errors, or
long lines and that cost much more than optical scan paper ballot

i.e. Why would any able-bodied voter need to have a computer to cast a
vote every one or two years?

(don't get me wrong, I own three computers now and like computers a lot)

> Complexity is certainly worth discussing, but let's not confuse
> complexity and transparency. If anyone can perform the audit, it's
> *more* transparent, not less.

complexity = non-transparency

for the average voter.

Kathy Dopp
National Election Data Archive
Dedicated to Accurately Counting Elections
Subscribe to announcements by emailing
Please donate or volunteer.
"Enlighten the people generally, and tyranny and oppressions of body
and mind will vanish like evil spirits at the dawn of day," wrote
Thomas Jefferson in 1816
OVC-discuss mailing list
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Sun Dec 31 23:17:11 2006

This archive was generated by hypermail 2.1.8 : Sun Dec 31 2006 - 23:17:16 CST