Fwd: Avante Releases White Papers on AVVPAT...

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Sat Jun 12 2004 - 22:24:24 CDT

On Jun 12, 2004, at 9:09 PM, Alan Dechert wrote:
> There is a lot of useful information in these papers. However, there
> are
> many mistakes. There is at least one gross misrepresentation, namely,
> an
> argument against open-source for election software.

Ok... I started to look at Avante's anti-open-source claptrap. It is
every bit as bad as their newly discovered defense of paper ballots is

One of their "arguments" is as follows:

1. Some competing proprietary vendors have installed uncertified
2. Prosecution of this illegal activity has not (yet) been sufficiently
3. Therefore open source would be installed without certification.

(1) and (2) are spot on. Other than following sequentially in Avante's
paper, it's hard to imagine any connection whatsoever between the first
two points and Avante's desired conclusion.

Another thing Avante glosses over in opening source is the anonymity
concern they make so much of (correctly) in another paper. They claim
that smartcards might be easier to reverse engineer if the standards
and interface code for them is opened (of course, Arthur's the one that
wants smartcards, I dislike them for various other reasons). It's the
usual "security-through-obscurity" argument. It's probably true that
the casual techie really is less likely to understand the workings of
close-source smartcards (and their readers, etc)... but the really bad
people who are willing to tamper with elections are people who will go
that extra yard to forge the smartcards.

However, putting aside a sliver of truth about forgery of smartcards,
Avante wants us to forget about preserving voter anonymity. Just like
OVC, Avante suggests using unique random ballot-IDs to correlate paper
ballots against EBIs, and for various debugging/auditing. Ok, great,
I'm with them. Now without seeing the source code, how am I supposed
to know that Avante's ballot-IDs are actually randomly ordered, not
specially selected to reveal voter sequence?! The plain answer is that
NO BLACKBOX testing can EVER give me confidence in this. Secret
algorithms can very easily produce a reproducible sequence of IDs that
is externally indistinguishable from truly random ones! This is a basic
fact of mathematics.

The ONLY way to protect anonymity (provably, not just by hoping for
good intentions from Avante) is by opening the source code. I think I
do a good job with this question in the paper Joe, Arthur and I are
writing (we'll post it sometime soon... a few days probably).

If I seem shortsighted to you, it is only because I have stood on the
backs of midgets.
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Wed Jun 30 23:17:14 2004

This archive was generated by hypermail 2.1.8 : Wed Jun 30 2004 - 23:17:30 CDT