Re: open-audit elections

From: Ben Adida <ben_at_eecs_dot_harvard_dot_edu>
Date: Wed Dec 13 2006 - 13:38:04 CST


> My plan is to put in place better CoC systems. The prototype is a hand-filled
> paper ballot system where the ballots are counted at the precincts in which
> they're cast, either by hand or via opscans. A randomly-selected subset of
> precincts, sufficient to guarantee p=0.99 of finding at least one miscounted
> precinct (should any exist) is then hand audited. Upon finding such a
> precinct, further recursive audits are undertaken until either all the
> precincts are audited or no more miscounted precincts are found. All of this
> is done under full public supervision, and ideally by members of the public as
> well.

I wish you luck with that. I have significant issues with the
auditability of such a system, but it certainly sounds better than what
we currently have.


> Ah, yet another level of complexity that most citizens won't understand the
> first thing about and won't be able effectively to audit.

This seems to be your recurring point.

In my opinion, you've chosen a perception of security over actual
security, for fear that actual security will be "too complicated." I'd
like to work on simplifying truly secure systems so that they are
acceptable enough, but not at the expense of real security.

I may be wrong, of course, that's just my opinion.

> I have already discussed a variety of cloak-and-dagger attacks on
> cryptographic systems, as you've proposed patches to prevent them.

For the record, I disagree that this is a valid characterization of our
discussion. You're trying to make the argument that all systems have
effectively the same security issues. I strongly disagree with that
statement, and there's 25 years of cryptographic research that shows
that there are far greater methods of auditability.

Maybe I did a poor job of explaining things, but I can't let your
statement stand as a valid summary of our exchange.

>>> Instead, like all e-voting systems, they open attack vectors that are
>>> ill-understood and easy to stab yourself upon.
>> so you're proposing paper only?
> Yes, and ideally counted only by hand.

You've chosen to ignore a number of real security issues with this
approach, but it seems that you're okay with that because the system is
simple and understandable. Again, it seems to me you've chosen perceived
security over real security.

I know you're trying to plug these holes, but I believe there are
inherent intractabilities to the chain-of-custody method. That's why it
seems worthwhile to me to explore other methods, like open-audit. Even
though they are still in development and require more thought, I believe
they have far fewer inherent intractabilities and will consistently
yield more auditable, more secure elections.

> Right. I don't, and I will. There's nothing personal in this; I just need to
> know for my own satisfaction just how a proposed crypto system (e.g., VHTI)
> works and what it really guarantees. Fortunately, I (believe that I) can do
> this. Most citizens cannot and would have to trust you (or me).

I'm not taking any of this personally. I'm disappointed that folks have
so little confidence in what the public can understand.

Transparency---using its dictionary definition that anyone can *see*
what's happening, even if it's complicated---is the most important issue
to me. I trust that people will find the experts they need to verify the
system, as long as the user experience is simple enough, and as long as
they can pick any expert they choose.

I think prescribing a single chain-of-custody solution, especially one
that has historically been defrauded with such consistent success, is a
losing direction.

> I do not represent OVC. I am not even a member, and indeed I differ with OVC
> on a variety of issues. I advocate the adoption of voting systems that the
> general public can effectively supervise with minimal (ideally no) expert
> input. Certainly OVC representatives read this list, and I suppose they'll
> tell you what they think of your approach.


It sounds like we have an intractable disagreement :)

That said, I'm glad to see that there are so many folks passionate about
improving elections and our democracy, even if we have strong disagreements.

OVC-discuss mailing list
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Sun Dec 31 23:17:13 2006

This archive was generated by hypermail 2.1.8 : Sun Dec 31 2006 - 23:17:16 CST