Re: Disclosing EBIs

From: Teresa Hommel <tahommel_at_earthlink_dot_net>
Date: Tue May 04 2004 - 17:14:51 CDT

One way to prevent problems is to have enough (lots of) people at the
precinct all day to observe the proceedings, and in the evening when
the election day ends to observe as the ballot boxes are opened
and the votes are hand counted in front of the observers.

Rather than guaranteeing that one voter got his/her ballot counted,
we guarantee that all the ballots were counted. I like the idea of batches,
where as soon as the ballot box is opened the paper ballots are counted
into batches of 50 or 100. Each batch goes into a separate large envelop.

Then the votes on the ballots are counted, and the totals written on the
outside of the envelop, and the ballots are sealed into the envelop. If a
voter wants to make sure his/her ballot was counted, he/she can attend
the counting procedure and observe that it is all on the up and up.

Also, I like the idea of using the jury-duty infrastructure for calling up
citizens for election duty. It is a civic responsibility, just like jury duty.

Teresa

John Payson wrote:

> <<
> However, I since came to realize--coming out of discussion here--that
> we REALLY cannot publish raw EBIs. Such publication enables an attack
> similar to that Teresa Hommel recently described: Trojan votes. There
> are many ways a complete cast ballot can contain voter identifying
> information (special write-ins, special orders on ranked preferences,
> patterns in judicial retention votes). A vote coercer/buyer can
> require a voter add the identifying information along with casting the
> desired vote on a "major" contest.
> >>
>
> A solution to this might be to assign each ballot with a separate unique-ID for
> each race. This would allow the recorded ballot results from each race (a list
> showing the vote for each unique-ID associated with that race) to be published,
> without allowing any correlation between races.
>
> Under such a system, someone who was interested in e.g. a Senate race could
> select a few unique-ID's at random from the published Senate-race list and ask
> to inspect the paper ballots associated with those unique-ID's. If everything
> is on the up-and-up, it should be possible for election officials to retrieve
> those ballots and they should have Senate votes that match the Senate-race data
> file.
>
> Although software should be open-source to prevent the possibility of illicitly
> recording what should be confidential information, there should be no need to
> trust the behavior of computers in an election; there should be outside means
> such as individual-ballot auditing, to confirm that the computers are operating
> legitimately.

John Payson wrote:

> <<
> However, I since came to realize--coming out of discussion here--that
> we REALLY cannot publish raw EBIs. Such publication enables an attack
> similar to that Teresa Hommel recently described: Trojan votes. There
> are many ways a complete cast ballot can contain voter identifying
> information (special write-ins, special orders on ranked preferences,
> patterns in judicial retention votes). A vote coercer/buyer can
> require a voter add the identifying information along with casting the
> desired vote on a "major" contest.
> >>
>
> A solution to this might be to assign each ballot with a separate unique-ID for
> each race. This would allow the recorded ballot results from each race (a list
> showing the vote for each unique-ID associated with that race) to be published,
> without allowing any correlation between races.
>
> Under such a system, someone who was interested in e.g. a Senate race could
> select a few unique-ID's at random from the published Senate-race list and ask
> to inspect the paper ballots associated with those unique-ID's. If everything
> is on the up-and-up, it should be possible for election officials to retrieve
> those ballots and they should have Senate votes that match the Senate-race data
> file.
>
> Although software should be open-source to prevent the possibility of illicitly
> recording what should be confidential information, there should be no need to
> trust the behavior of computers in an election; there should be outside means
> such as individual-ballot auditing, to confirm that the computers are operating
> legitimately.
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Mon May 31 23:17:12 2004

This archive was generated by hypermail 2.1.8 : Mon May 31 2004 - 23:18:15 CDT