Re: draft of text for new OVC-sponsored bill

From: Ronald Crane <voting_at_lastland_dot_net>
Date: Wed Feb 04 2009 - 12:02:19 CST

Arthur Keller wrote:
> At 11:15 AM -0800 1/28/09, Ronald Crane wrote:
>> Critical review -- though often difficult to hear -- is high-octane
>> fuel for the engine of improvement. OVC's focus on ballot printers
>> for all voters oversells their benefits and understates their
>> security risks, especially versus hand-filled, machine-tabulated
>> paper ballot systems. It also distracts from the benefits that
>> OVC-style tabulators (and potentially OVC-style ballot printers for
>> the disabled) could offer. There has been something of a wave of
>> "open source == secure" rhetoric in the air, and OVC has ridden it,
>> even though the argument's applicability to voting systems is
>> significantly reduced by their special characteristics. Still, OVC's
>> push to open voting systems to public scrutiny is a good one, and
>> could lead to not only equipment improvements, but also process
>> improvements. Some I'd like to see are statistically-justified hand
>> audits of tabulators' counts; the posting of totals outside each
>> precinct; citizen supervision of ballot chains of custody; and more
>> effective equipment certification.
> I have been thinking a lot about hand-marked, machine-tabulted paper
> ballot systems. I can see advantages and disadvantages of the
> Dechert-architecture. But I can also see advantages and disadvantages
> to a system that uses hand-marked paper ballots that can be hand
> tabulated or machine tabulated, with a ballot printer architecture for
> the disabled. My thoughts are that the ballot printer architecture
> can create a ballot identical in form to a hand-marked ballot and
> thereby get tabulated the same way.
Sounds fine.
> I also want the precinct-count optical scanner to present to the voter
> the selections made on the ballot, to help ensure that the ballot was
> interpreted correctly.
This is an interesting idea, but it also raises some security issues. An
attacker could program the device to deceive the voter about the
ballot's proper interpretation, possibly leading her to make an error,
to undervote or to give up in frustration at being "unable" to produce a
"valid" ballot, or to produce a truly invalid ballot. For example, the
attacker might program the device to register some votes for a certain
candidate as "overvotes". Since the output of the "selection checker"
(unlike that of the tabulator itself) is not subject to auditing, this
kind of attack is unlikely to be caught, and if caught, is unlikely to
be taken seriously.


OVC-discuss mailing list
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Sat Feb 28 23:17:04 2009

This archive was generated by hypermail 2.1.8 : Sat Feb 28 2009 - 23:17:06 CST