VoteHere

From: Charlie Strauss <cems_at_earthlink_dot_net>
Date: Wed Dec 13 2006 - 22:18:27 CST

Here's my own historical perspective on VoteHere. It's important to
understand the big distinction between votehere the company and
votehere the technology.

Back in 2003, the company got a very bad rep in the Verified Voting
community for it's marketing strategy which basically amounted to
ramming it down people throats by trying to make end-to-end crypto
law rather simply letting people see it might actually be a good
idea too. It annoyed people because the system they were pushing
worked only on DRE. That was intentional because Sequoia, an early
adopter of votehere, was making this one of their Stalking Horses to
force DRE and driver a stake through the heart of the paper ballot
community. Hence from the DRE marketing perspective they did not
want it to work on paper. Another Stalking horse for DRE, again
with the VoteHERE fingerprints, was S.E.R.V.E. the remote voting
system for people in the military.

At the time I was fighting the political battle in NM to try to
reverse the swing to touchscreens and these Sequoia efforts were
really causing havoc. For a while it looked like the EAC and
congress was being drawn in by this. People like Micheal Shamos were
talking it up to undermine the case for paper ballots. Thus
"Counted-as-cast" and crypto buzz terms really got a reputation as
paper-ballot killers and as wedge issues. They became something to
stamp out if paper ballots were going to have a chance, not something
to have a leisurely educated debate on their merits.

It's really a shame they got on the DRE bandwagon because it tainted
what was really a noble idea. Use crypto to secure transit issues
and possibly even allow self auditing if some of the tactical
problems could be solved. Ironically of all the systems out there at
the time, OVC, accupol and populex (and now maybe OVS) were probably
actually the ones most suited to getting the good out of crypto while
leaving out the bad parts. But instead it was being used as an
argument against them.

The problem all along has been the fumbling marketing strategy of
VoteHERE--the company. It's even been in the news lately in some
mildly unsettling ways:

Weird but true: Robert Gates and Donald Rumsfeld are tied up with
pushing this:
http://www.bbvforums.org/forums/messages/1954/45174.html?1164123655

VoteHere Now wants to make Internet voting the next thing:
http://www.wired.com/news/technology/1,72113-0.html

and in the end VoteHEre only sold 90 systems and has had to change
it's business model:
http://seattletimes.nwsource.com/html/businesstechnology/
2002268133_btvotehere09.html

Other systems that were proposed in the same time frame all reflected
the DRE only mentality. For example, Although Chaum's was a paper
ballot it required a DRE to produce it. The crypto community sold
themselves on the idea that MATH could do away with a paper, and have
been barking up the wrong tree ever since.

Thus we had a political stalemate pitting two good ideas against each
other: Crypto and Paper.

The biggest reconciliation came this year when Ronald Rivest
proposed the triple ballot. The neat thing about this system was it
was possible for it to be a pure handmarkable paper ballot that would
allow end-to-end voter verification their ballot was counted as cast
(with high probability). This finally proved you did not need
actually a DRE to accomplish the task. Of course the problem was
Rivest's scheme is flawed as he has proposed it and does not have the
safeguards it promised. However I believe the best parts of it can
be salvaged and used to help make vote transport much more secure and
work with paper ballots.

Ben's re-introduction of VoteHere-like concepts to OVC-discuss is
therefore very timely. And I don't doubt that Alan Dechert sees this
too.

My feeling is this. Wrapping cypto around an intrinsically robust
voting system (like OVC) is good. But it can't be done in a
dominating way that changes things to jeopardize or obfuscate any of
the good parts of OVC. The ballot system has to be obvious in
operation to the voters and the operators. Crypto is just an add on,
not the primary security. It It has to work robustly when people
botch the operational details. It has to fail safely and not destroy
the secret ballot if someone spills the keys. It can't impede
recounts. It has to be transparent.

If we can make a system that has those attributes we should embrace
it. The problem is getting the crypto community to acknowledge their
current system have fatal flaws, particularly in the usability area,
get them started on thinking how to fix it. Most importantly we need
to get them to give up on some of it's sexiest but useless features
and settle for robustness and transparency instead.

Now OVC actually may be the best possible platform to do it right.
The reason is that most forms of Crypto need a computer in the ballot
marking process. OVC has that. Yet it also has the paper ballots
too so it has an entirely non-electronic channel we know how to make
robust against election screw-ups and we know how to recount. I
think there is a lot of potential to have the best of both if we
think this through.

I will close by noting that the Crypto folks have not yet realized
that the paper ballot community is where it will finally be made
practical. In the last days discussion Ben remarked that VoteHERE
does not work on hand marked optical scan. Au contrair--it would
work far better than on DRE. I suspect that Ron Rivest is probably
the first to catch on to this.

We should look at it more. Just don't let it become the tail wagging
the dog.

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sun Dec 31 23:17:14 2006

This archive was generated by hypermail 2.1.8 : Sun Dec 31 2006 - 23:17:16 CST