Re: Disclosing EBIs

From: Ed Kennedy <ekennedyx_at_yahoo_dot_com>
Date: Tue May 04 2004 - 23:17:03 CDT

Hello Teresa:

    Very interesting points. However, this may not be the forum for it. If
I understand the program correctly, we're building a machine that prints
ballots and deals with the security problems inherent in ballots. As I've
said in a recent posting, the idea is to fix what's really broken and as
little more as possible. There are many other good things that the EVM
could do and may do so in the future. However, what I hear Alan, Arthur and
David collectively saying, is, "Let's do a good job of producing something
that works well to solve the problem and doesn't preclude additional
innovations." The voting judge/poll monitor system is not the part of the
voting system that is obviously broken IMHO.

Thanks, Ed Kennedy

----- Original Message -----
From: "Teresa Hommel" <tahommel@earthlink.net>
To: <voting-project@lists.sonic.net>
Sent: Tuesday, May 04, 2004 3:14 PM
Subject: Re: [voting-project] Disclosing EBIs

> One way to prevent problems is to have enough (lots of) people at the
> precinct all day to observe the proceedings, and in the evening when
> the election day ends to observe as the ballot boxes are opened
> and the votes are hand counted in front of the observers.
>
> Rather than guaranteeing that one voter got his/her ballot counted,
> we guarantee that all the ballots were counted. I like the idea of
batches,
> where as soon as the ballot box is opened the paper ballots are counted
> into batches of 50 or 100. Each batch goes into a separate large envelop.
>
> Then the votes on the ballots are counted, and the totals written on the
> outside of the envelop, and the ballots are sealed into the envelop. If a
> voter wants to make sure his/her ballot was counted, he/she can attend
> the counting procedure and observe that it is all on the up and up.
>
> Also, I like the idea of using the jury-duty infrastructure for calling up
> citizens for election duty. It is a civic responsibility, just like jury
duty.
>
> Teresa
>
> John Payson wrote:
>
> > <<
> > However, I since came to realize--coming out of discussion here--that
> > we REALLY cannot publish raw EBIs. Such publication enables an attack
> > similar to that Teresa Hommel recently described: Trojan votes. There
> > are many ways a complete cast ballot can contain voter identifying
> > information (special write-ins, special orders on ranked preferences,
> > patterns in judicial retention votes). A vote coercer/buyer can
> > require a voter add the identifying information along with casting the
> > desired vote on a "major" contest.
> > >>
> >
> > A solution to this might be to assign each ballot with a separate
unique-ID for
> > each race. This would allow the recorded ballot results from each race
(a list
> > showing the vote for each unique-ID associated with that race) to be
published,
> > without allowing any correlation between races.
> >
> > Under such a system, someone who was interested in e.g. a Senate race
could
> > select a few unique-ID's at random from the published Senate-race list
and ask
> > to inspect the paper ballots associated with those unique-ID's. If
everything
> > is on the up-and-up, it should be possible for election officials to
retrieve
> > those ballots and they should have Senate votes that match the
Senate-race data
> > file.
> >
> > Although software should be open-source to prevent the possibility of
illicitly
> > recording what should be confidential information, there should be no
need to
> > trust the behavior of computers in an election; there should be outside
means
> > such as individual-ballot auditing, to confirm that the computers are
operating
> > legitimately.
>
> John Payson wrote:
>
> > <<
> > However, I since came to realize--coming out of discussion here--that
> > we REALLY cannot publish raw EBIs. Such publication enables an attack
> > similar to that Teresa Hommel recently described: Trojan votes. There
> > are many ways a complete cast ballot can contain voter identifying
> > information (special write-ins, special orders on ranked preferences,
> > patterns in judicial retention votes). A vote coercer/buyer can
> > require a voter add the identifying information along with casting the
> > desired vote on a "major" contest.
> > >>
> >
> > A solution to this might be to assign each ballot with a separate
unique-ID for
> > each race. This would allow the recorded ballot results from each race
(a list
> > showing the vote for each unique-ID associated with that race) to be
published,
> > without allowing any correlation between races.
> >
> > Under such a system, someone who was interested in e.g. a Senate race
could
> > select a few unique-ID's at random from the published Senate-race list
and ask
> > to inspect the paper ballots associated with those unique-ID's. If
everything
> > is on the up-and-up, it should be possible for election officials to
retrieve
> > those ballots and they should have Senate votes that match the
Senate-race data
> > file.
> >
> > Although software should be open-source to prevent the possibility of
illicitly
> > recording what should be confidential information, there should be no
need to
> > trust the behavior of computers in an election; there should be outside
means
> > such as individual-ballot auditing, to confirm that the computers are
operating
> > legitimately.
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Mon May 31 23:17:13 2004

This archive was generated by hypermail 2.1.8 : Mon May 31 2004 - 23:18:15 CDT