RE: Disclosing EBIs

From: John Payson <jpayson_at_circad_dot_com>
Date: Tue May 04 2004 - 16:45:54 CDT

However, I since came to realize--coming out of discussion here--that
we REALLY cannot publish raw EBIs. Such publication enables an attack
similar to that Teresa Hommel recently described: Trojan votes. There
are many ways a complete cast ballot can contain voter identifying
information (special write-ins, special orders on ranked preferences,
patterns in judicial retention votes). A vote coercer/buyer can
require a voter add the identifying information along with casting the
desired vote on a "major" contest.

A solution to this might be to assign each ballot with a separate unique-ID for
each race. This would allow the recorded ballot results from each race (a list
showing the vote for each unique-ID associated with that race) to be published,
without allowing any correlation between races.

Under such a system, someone who was interested in e.g. a Senate race could
select a few unique-ID's at random from the published Senate-race list and ask
to inspect the paper ballots associated with those unique-ID's. If everything
is on the up-and-up, it should be possible for election officials to retrieve
those ballots and they should have Senate votes that match the Senate-race data

Although software should be open-source to prevent the possibility of illicitly
recording what should be confidential information, there should be no need to
trust the behavior of computers in an election; there should be outside means
such as individual-ballot auditing, to confirm that the computers are operating
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Mon May 31 23:17:12 2004

This archive was generated by hypermail 2.1.8 : Mon May 31 2004 - 23:18:15 CDT