Re: open-audit elections

From: Ronald Crane <voting_at_lastland_dot_net>
Date: Wed Dec 13 2006 - 12:39:17 CST

On Wed, 13 Dec 2006 02:16:53 -0500, Ben Adida wrote
> Ronald,
> You're now making a number of implementation assumptions and fairly deep
> threat analysis against crypto voting. That's certainly fair, but you
> don't seem to go nearly as deep in analyzing the many issues of
> chain-of-custody-based voting systems.
> This is what worries me most about the state of things: new systems are
> placed under intense scrutiny, which is good, but existing
> chain-of-custody systems are not, which is disastrous.

My plan is to put in place better CoC systems. The prototype is a hand-filled
paper ballot system where the ballots are counted at the precincts in which
they're cast, either by hand or via opscans. A randomly-selected subset of
precincts, sufficient to guarantee p=0.99 of finding at least one miscounted
precinct (should any exist) is then hand audited. Upon finding such a
precinct, further recursive audits are undertaken until either all the
precincts are audited or no more miscounted precincts are found. All of this
is done under full public supervision, and ideally by members of the public as

> Regarding your specific points:
> > This is yet another layer of testing that ordinary citizens won't understand
> > the need for, and that must, therefore, be delegated to experts. The deeper
> > you go, the more complex it gets, as with chain-of-custody e-voting systems.
> Testing that a machine presents the right ballot is too complicated for
> ordinary citizens to understand? I disagree. It seems fairly
> straight-forward.

Most citizens won't understand the need, since their officials and the experts
will have told them that their voting system is "secure." Therefore vigilance
will, eventually, fail, and the real fraud will begin.

> > Not so impossibly hard. It's really quite easy for auditors to slip up and do
> > something that permits a sufficiently crafty attacker to distinguish an
> > auditor from a real voter, e.g., using the same voter cards over and over.
> [...]
> Sure, good points. To address this, the machines should be isolated
> in a Faraday cage (fairly easy).

Ah, yet another level of complexity that most citizens won't understand the
first thing about and won't be able effectively to audit. Also built-in
Faraday cages are a fragile solution. If, for example, the door for the voter
authorization card doesn't close really well, the entire cage is useless.

Finally, Faraday cages don't prevent auditing failures like where auditors use
the same voter cards over and over, nor, I expect, will they prevent every
practical attack against the ballot-preparation machines.

> Recall that they require no voter-
> identifying information. Since they're not the ballot casting
> machine, they just help you prepare an un-identified ballot. The machine
> can't tell the difference between a voter and an auditor.

I've already shown how it can. BTW, by "frog," do you mean the type of IDV
system where the voter must verify the correctness of her vote on the casting
machine? If so, that system is subject to the same shortcoming as DREs
w/VVPAT: lack of voter verification. Voters don't like to vote twice, and they
aren't very good at it.

> The separation of ballot preparation and casting tends to make things
> quite a bit simpler on the implementation front, actually.
> > Cryptographic systems do nothing to end this game of cloak and dagger.
> No, this is incorrect. That's exactly the point of cryptographic
> systems. I think there's a major gap in understanding that I'm
> trying to bridge here. This is *very* different from the usual cloak-
> and-dagger situation that is, indeed, typical of all chain-of-
> custody systems like paper ballots or optical scan.

I have already discussed a variety of cloak-and-dagger attacks on
cryptographic systems, as you've proposed patches to prevent them. Just
because a crypto system might let a voter verify whether her ballot was
counted as cast [1] doesn't mean that it is invulnerable to attacks that
involve other facets of the system, like the presentation.
> > Instead, like all e-voting systems, they open attack vectors that are
> > ill-understood and easy to stab yourself upon.
> so you're proposing paper only?

Yes, and ideally counted only by hand. As a practical matter, it'll be easier
to persuade states to adopt precinct-based opscan systems with random sampling
hand audits. These are not as transparent, but they do make it possible for a
small group of citizens at each precinct to supervise the chain of custody of
ballots and their auditing (should the precinct be selected for auditing).
They also make it possible to supervise the choice of precincts to audit. Thus
small groups of citizens, working autonomously (or in coordination) with other
such groups, can supervise their elections with a minimum of expert input
(only the design of the audits).
> > I still need to plow through the VHTI paper to better understand what
> > guarantees crypto systems really provide. Before I do that, I will not venture
> > an opinion on the relative merits of crypto systems' auditability versus that
> > of chain-of-custody systems.
> Okay, I can summarize it for you (though you shouldn't take my word for
> it, do go read the papers):...

Right. I don't, and I will. There's nothing personal in this; I just need to
know for my own satisfaction just how a proposed crypto system (e.g., VHTI)
works and what it really guarantees. Fortunately, I (believe that I) can do
this. Most citizens cannot and would have to trust you (or me).

> > Um, your explanation is a gloss over a very complex machine. I need to
> > understand the machine to judge the gloss.
> Again, I'm not asking for a complete analysis in a handful of emails.
> I'm just gauging whether this direction is interesting to the group,
> or whether it's already been dismissed and there's no use even
> debating it.

I do not represent OVC. I am not even a member, and indeed I differ with OVC
on a variety of issues. I advocate the adoption of voting systems that the
general public can effectively supervise with minimal (ideally no) expert
input. Certainly OVC representatives read this list, and I suppose they'll
tell you what they think of your approach.


[1] Again, I'm assuming this for the sake of argument. I have yet to determine
to my satisfaction whether it's true for any particular crypto system.
OVC-discuss mailing list
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Sun Dec 31 23:17:12 2006

This archive was generated by hypermail 2.1.8 : Sun Dec 31 2006 - 23:17:16 CST