Re: open-audit elections

From: charlie strauss <cems_at_earthlink_dot_net>
Date: Wed Dec 13 2006 - 14:10:42 CST

I should add to my comment below that the reason I'm interested in this discussion is that I'd like to see if a good open audit system is possible. The way to do this is to first identify the problems it creates, acknoweldge them, and then fix them. Either that or show the supposed problems don't exist.

-----Original Message-----
>From: Ben Adida <>
>Sent: Dec 13, 2006 2:15 PM
>To: charlie strauss <>, Open Voting Consortium discussion list <>
>Subject: Re: [OVC-discuss] open-audit elections
>Hi all,
>If anyone out there on the list is interested in really exploring
>open-audit voting, then let me know, as right now the feedback is
>entirely negative.
>sounds like I'm getting fairly close to an answer to my question: you're
>not interested in open-audit systems.

Actually, I'm very interest. I consider them a huge positive advantage if they can be had without all their pitfalls and without giving up other positive advantages. I remain fascinated by the Rivest Triple ballot precisely because I'm actively considering how to fix it's defects, since it does not have the key control problems.

What I've been negative about is that alll I'm getting are a bunch of assertions that what I'm saying about vote here is wrong with no substantive refutation. Appels using analogies to secure banking neither demonstrate the security nor do they hold water for voting system requirements. The usability issues are breath taking. Dismissing key control by hypotheitcal destruction or key-chaining does not really answer the problem it just puts up speed bumps and adds complexity. That's not solving the problem. And I remian unconvinced that the receipt proved the votes were counted as cast. According to the documentation on the voteHere site the recepiet IDs are severed prior to decrytion and counting. But perhaps I'm mistaken: it plainly made clear that this step happens in what is said to happen in the extended Lotto Analogy on the VHTi website, though perhaps I take it too literally.

The trouble is that the crypto community seems to think that a good dose of crypto wrapped around an otherwise insecure process is adequate. It's rather wrap it around a secure robust process.

For example even if voteHere had no other probelms the following two make would be show stoppers in themselves as far as the objectives of the robust election activist community goes:

1) in the event of a corrupted electronic record, the proposed DRE implementaiton of voteHere migh discover the problem, but no recount is possible.

2) Finally given a camera phone I would have no problem at all proving how I voted using VoteHERE.

These I feel are all very severe problems.

OVC-discuss mailing list
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Sun Dec 31 23:17:13 2006

This archive was generated by hypermail 2.1.8 : Sun Dec 31 2006 - 23:17:16 CST