Re: Hand-marked paper ballots [OVC-discuss Digest, Vol 28, Issue 29]

From: Ronald Crane <voting_at_lastland_dot_net>
Date: Sat Feb 17 2007 - 10:52:50 CST
Hamilton Richards wrote:
At 4:20 PM -0800 2007/2/15, wrote:
Message: 1
Date: Thu, 15 Feb 2007 13:31:59 -0800
From: Ronald Crane <>
Subject: Re: [OVC-discuss] Hand-marked ballots [Re: OVC-discuss
	Digest, Vol 28, Issue 26]
To: Open Voting Consortium discussion list
Message-ID: <>
Content-Type: text/plain; charset="us-ascii"

An HTML attachment was scrubbed...

The attachment included the following:

Hand-marked ballots are not a panacea, just more transparent and more 
secure -- overall -- than machine-marked ballots. While both HMB and 
MMB are susceptible to local attacks, such that you describe,

No, my point was that MMB are NOT susceptible to these attacks.
That's just incorrect. Local officials can -- intentionally or inadvertently -- load an attacker's software into their machines. Or perhaps a single pollworker does it, and perhaps it spreads to the remaining machines via a mechanism like that the Princeton team demonstrated. . The kinds of attacks that can thus be waged locally are just like the attacks, below, that can be waged globally.

MMB are 
also susceptible to global attacks emanating from a few people at a 
vendor, testing lab, or state elections supervisor [1]. These attacks 
can affect many states at a time, instead of only a precinct or a 
county at a time. Some potential attacks on MMB are (1) presentation 
attacks (dropping candidates from ballot, rearranging ballot, 
modulating sensitivity of touch-screen depending on candidate, etc.); 
(2) denial- (or delay-) of-service attacks (which lengthen lines, 
causing selective vote loss); (3) ordinary misprint attacks (misprint 
ballot and bet on voter not verifying it, like most voters won't); and 
(4) ballot spoofing attacks (print ballot that looks fine to humans, 
but that is, e.g., registered so that it scans incorrectly).<br>

Machines just shift the manipulation of voter intent from places that 
can be made relatively visible (like election judges' handling of 
"pregnant chads") to places that are almost entirely opaque -- the 
innards of the voting machines.

But every single one of the global attacks described above depend for 
their success on escaping detection, and every one of them reveals 
itself in ways that are bound to be detected-- not every time, but 
often enough to make the fraud infeasible.

Every one of these attacks, even if noticed and reported by a dedicated, persistent voter (not likely), will get attributed to "voter error," a "glitch," or (at worst) a "single defective machine." Please see the excuses flying over the 18,000 mystery undervotes in Sarasota. Yes, that's a pure DRE -- but voters noticed all kinds of problems, and officials basically dismissed all of them. ; .
Contrast this with the threat of paperless DREs, in which vote counts 
can be altered with absolutely no chance of detection.
Paperless DREs are worse, but ballot printers are also badly problematic.


OVC-discuss mailing list

= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Wed Feb 28 23:17:20 2007

This archive was generated by hypermail 2.1.8 : Wed Feb 28 2007 - 23:17:27 CST