Re: Why PIN or smartcard is REQUIRED

From: Arthur Keller <arthur_at_kellers_dot_org>
Date: Sun May 16 2004 - 14:11:56 CDT

At 12:33 PM -0400 5/16/04, David Mertz wrote:
>>>>Consider San Diego County, California, March 2004, where the LA
>>>>Times estimated 7000 people in such polling places voted the
>>>>ballot for the wrong precinct. It was blamed on the procedures
>>>>for the Diebold voting machine.
>>>This particular error is entirely because of inaccurate "smart"
>>>card configuration. Voters didn't show up at the wrong polling
>>>place, they were given smartcards configured for the wrong
>>Please explain how. What it the fault of the smart card
>>programming or set up in advance? Or was it due to the poll worker
>>choosing the wrong precinct for the voter due to inadequate
>I could be wrong on the causes, since I only rely on the media
>reports I read. I suppose more will come out when the CA AG starts
>prosecuting and suing Diebold.
>However, in the reports I read, the suggestion was that Diebold
>distributed smartcards to precincts. Each smartcard contained the
>whole election configuration, so ANY Diebold machine (of the right
>model) that had a Precinct 1234 card inserted into it would display
>the 1234 ballot options. Diebold, in some cases, distributed, e.g.,
>Precinct 9876 cards into Precinct 1234.
>Under the Alan/Ellen/Ed/David systems, a similar error would occur
>if the EVMix CD for Precinct 9876 was sent to Precinct 1234.
>However, hopefully, when the poll workers booted the CD, and saw the
>welcome message "Configuring voting station for Precinct 9876" they
>would detect the error, and take remedial action, before any voters
>arrived. But under all of these systems, the ballot configuration
>is per-machine (per-CD) rather than per-voter. I'm not sure whether
>Arthur's smartcards are quite as "smart" as Diebold's.

My smart card approach is to have the right ballot type written to
the smart card at the polling place by the poll worker at voter
checkin. This is comparable to the process with paper ballots, where
one poll worker checks you in and the other worker hands you the
"right" paper ballot. Rather than a global private key for this
smart card code, there would be one per precinct, and the EVMix CD's
for that precinct would be configured with the corresponding public
key. This approach would limit forgeries of smart cards. Theft of
smart cards can be reduced by requiring that the smart card be handed
in when you hand in your ballot.

Best regards,

Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Mon May 31 23:17:46 2004

This archive was generated by hypermail 2.1.8 : Mon May 31 2004 - 23:18:16 CDT