Re: VoteHere

From: Joseph Lorenzo Hall <joehall_at_gmail_dot_com>
Date: Thu Dec 14 2006 - 11:09:03 CST

On 12/13/06, Charlie Strauss <> wrote:
> transparent. Indeed the new system seems less transparent, worse
> usability, and prone to vote selling (with the use of a cell phone
> camera one could sell one's vote by snapping a photo of the on-screen
> correspondence table.)

I'd like to add a few points to this discussion.

I fall in between the dominant strains of conversation on this thread:
I believe that ideas from open-audit and cryptographic systems are an
important frontier in voting systems research, but I remain
unconvinced that the level of understanding of these systems has yet
been brought down to the smart high-school student level and that
we're leaving a major constituency, election officials, out of the
discussion that also need to be able to understand how these systems
work at a basic level (they're having a rough time with integrating
digital technologies, let alone clever voting protocols). Here are a
few points

1. My thesis, which I passed my qualifying exam for last week (yay!),
involves policy mechanisms to embed transparency back into our
election system. However, I urge you all to be more specific when you
use the word "transparency". I've looked at a lot of literature and
when people talk about the need for transparency in elections systems
they generally mean one of four things:

   * Access: How much can people know about the system?
   * Oversight: How much can people supervise the system?
   * Accountability: What mechanisms exist so that good deeds can be
rewarded and anomalies penalized?
   * Comprehension: To what degree can voters understand the system?

    Note that all of these apply to people, processes and machines
(for example, when we talk about accountability of processes and
machines, we usually talk about auditability). Access is the basic
prerequisite for facilitating the rest of these things. Also note
that social science literature tends to conceptualize trust as been
related to risk and uncertainty. I see increasing transparency (the
means) along these dimensions as being fundamentally about reducing
the uncertainty (the end) that voters have in the system (be it
perceived or actual). (When election officials lament a reduction in
voter confidence, what they are really talking about is an increase in

2. There is emerging research from the crypto-voting community that
aims to solve some parts of Charlie's criticisms. That is, most
crypto-methods now have computational privacy, where the secrecy of
the ballot can be compromised by an adversary with unbounded
computational ability. However, there are a few researchers working
on information-theoretic privacy, where a similar adversary (with
unbounded computational ability) doesn't ever learn anything about
individual votes other than what is revealed by the tally. See: Tal
Moran and Moni Naor, "Receipt-Free Universally-Verifiable Voting With
Everlasting Privacy", CRYPTO 06, available at: .

3. Charlie brought up the camera-phone problem. Charlie, is there a
system that doesn't suffer from a camera-phone attack? How confident
would a vote-buyer or vote-seller have to be for this to serve as
proof of a vote cast? This is similar to the ["analog hole"] problem
in DRM/TPM research: if the voter gets to see their ballot, they'll
always have ways of recording it.

["analog hole"]:

best, Joe

Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information
OVC-discuss mailing list
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Sun Dec 31 23:17:14 2006

This archive was generated by hypermail 2.1.8 : Sun Dec 31 2006 - 23:17:16 CST