Re: draft of text for new OVC-sponsored bill

From: Ronald Crane <voting_at_lastland_dot_net>
Date: Sat Jan 24 2009 - 16:56:17 CST

David Mertz wrote:
>> To put it another way: if a voter takes a "fill in the bubble" or
>> similar sheet of paper and marks it, it's not critical that they ever
>> re-read and proof it. They made their marks and it's now 100%
>> impossible that something or somebody else manipulated those marks
>> before it gets to the ballot box.
> This seems like the main flaw in the thinking of the HCPB folks.
> As much as it appeals to a worthwhile distrust of technology, the odds
> of a voter incorrectly marking intention using a pencil and bubbles is
> MUCH LARGER than the odds that an OVC-style ballot printer (with
> admittedly spotty and imperfect voter verification) will incorrectly
> mark it.
> This is equally true for the case of selective presentation and other
> voting-bias attacks, most of which apply equally well to how paper is
> laid out as how a computer screen is.
> There are several factors that go into this, and I admit I am guessing
> on probabilities. My own hunch is pretty darn strong though....
> E1) Nonetheless, SOME voters will accurately proof-read printed
> ballots, meaning that the probability that an undetected, systematic
> error in transmission of the computer interface to the printed ballot
> will be statistically insignificant. Let me emphasize this again:
> errors emerge in the sample size, however poor individual proofing
> might be, as long as it is *better than random*.
And what's the upshot? A few voters notice that their ballots have not
been printed correctly. They report it to officials. Officials say, "You
must have made a mistake; here, we'll void your ballot and let you vote
again." Most voters grumble and accept. The attacker has programmed the
machine not to cheat twice in a row. The voters re-vote, all is well,
officials chalk it up to "voter error" or "a glitch", and nothing is
done. Maybe one or two voters stick with their complaints. Officials
label them cranks (at best) or call the police to charge them with
monkeywrenching or terrorist incitement (at worst). In either case,
nothing is done to find or fix the problem, and the election continues.
Maybe a few voters in other precincts notice mismatches. Nothing is
done. Most voters don't notice the mismatches. The election is
certified. The attacker wins. Nothing useful is done post-election,
either. Officials claim a "successful election" with "only isolated
reports" of "uncorroborated problems" that "did not affect the outcome".
The attacker lives to attack again and again.

Also, as Jim March observed, voters' errors on hand-filled paper ballots
will be random and will lack a partisan bias (unless the ballot is very
badly designed). In contrast, an attack on ballot printers will (by
definition) have a partisan bias. Misrecordings with a partisan bias
are, for obvious reasons, much worse than misrecordings without such a bias.
> ...The overall result is ALMOST CERTAINLY a greater accuracy of
> representation of voter intention in an OVC-style system than in a
> strict hand-filled ballot.
This essay ignores the effects of DoS attacks, presentation attacks,
selection attacks, (and, primarily for E2E machines, social-engineering
attacks). All of these attacks operate before the voter generates a
ballot, thus they cannot be detected (let alone defeated) by examining a
generated ballot. And except for some forms of DoS attack, these attacks
operate upon each voter individually, in the privacy of the voting
booth, and thus are not susceptible of the kind of rock-solid
documentation that might actually motivate officials to do something,
even assuming they knew what to do. Finally, while paper ballots are
also susceptible to presentation attacks, they can at least be randomly
audited (and corrected) before the election begins [1]. Not so with
attacked computers' presentations. A paper presentation is fixed; a
computational presentation is infinitely mutable, and thus a far more
appealing and profitable target for attack.


[1] Hand-filled paper jurisdictions need to implement this kind of
audit. As jurisdictions ditch e-voting systems, attackers will, no
doubt, use this approach to attack paper systems.

OVC-discuss mailing list
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Thu Jan 7 00:09:51 2010

This archive was generated by hypermail 2.1.8 : Thu Jan 07 2010 - 00:09:57 CST