Some FAQs

From: Alan Dechert <dechert_at_gmail_dot_com>
Date: Tue May 03 2005 - 15:32:49 CDT

A reader sent me some questions. I provided this response. It occurred to
me that the FAQ on our web site really needs some work. I answered a few
things here but I think the most important FAQ we're heard over and over
goes something like this: "how does open source make that voting software
more secure? -- seems like it would make it less secure."

We have a pretty good answer in our letter to the EAC last year. But we
need to really hammer this one. A lot of people that ask this are Luddites
and need a very non-technical answer. Others need more information. Others
need elaborate proof. So, I guess I'd like some people to volunteer to
shore up the FAQ.

Anyway, here's the answers I typed up just now to a few questions.

> What happens to spoiled ballots (I read the BRP and don't quite get it)?
A ballot is spoiled when a voter looks at it and decides s/he wants to redo
it. The voter should take it to a pollworker and say "I don't want this
one." The pollworker marks it as spoiled (perhaps stamping it on the back:
SPOILED). Originally, I planned to have the pollworker clip off the corner
and save the clipped off part (any corner -- that's why the ballot-id is in
each corner) and shred the rest. For some reason, Arthur and others want to
save the spoiled ballots (not sure of the reasoning). I think that saving
the spoiled ballot could compromise voter privacy somewhat. A spoiled
ballot could also result from printer malfunction.

Sometimes, the voter will spoil a ballot but not turn over the spoiled
ballot to a pollworker. I think this is somewhat more likely if the spoiled
ballots get saved. In this case, the BRP will indicate there are some
ballots that are unaccounted for. This is not a big issue since the act of
voting with the OVC system is putting the ballot in the ballot box. If you
didn't put a ballot in the ballot box, you didn't vote.

In any case, the ballot IDs of the spoiled ballots should be registered in
the BRP. Ideally, we'd like each ballot image produced on the voting
machines identified as one of the following:

1) cast ballot
2) test ballot
3) spoiled ballot

Only EBIs from matched CAST BALLOTS get copied and tallied. The paper CAST
BALLOTS are put in the box after the BRP. The spoiled ballots and test
ballots (maybe just the corners of the spoiled ballots) would be put in a
separate envelope marked "TEST/SPOILED BALLOTS" and placed in the box along
with all other materials from the election activities (roster, CDs, thumb
drives, etc.).

> What happens to the EBI in the case of a power failure?
The EBI gets stored in two places at the time the ballot is printed (maybe
thumb drive, hard drive, floppy disk, or some other flash memory device).
If the power is restored to that PC later (by the time the polls close), the
EBIs get written to CD as usual. If power cannot be restored to that PC,
then the thumb drive will be taken to another PC and EBIs copied to CD
there. This will be an unusual procedure and needs to be carefully
documented. This procedure will also be needed in case of a CD writer

> Will there be paper ballots available in case all machines break down?
Pre-printed ballots -- no. This would not be economical. Avoiding the
costs of pre-printed ballots is one of the major advantages of evoting. The
admin PC and all the voting station PCs should have the capability of
printing paper ballots (Australian, i.e., with all the choices printed) that
can be hand marked (bubble fill-in, or maybe just a box to check).

This capability should be available so that anyone that doesn't want to use
the computer can have a paper ballot (a very small minority will want this).
These ballots will require special handling. I have suggested that a
pollworker (that did not interact with or see the person that wanted to use
the hand marked paper ballot) would enter the ballot into the computerized
voting machine so it would be processed along with all the rest. The
hand-marked ballot would be stapled to the pollworker-generated printed
summary paper ballot for auditing purposes.

There should be adequate preparation and testing so that "all machines break
down" will not happen. There is no way to guarantee that this will never
happen, but there is no way to guarantee the pollsite will be unusable for
other reasons as well (flood, fire, anthrax, whathaveyou). If the pollsite
burns down, you have to go somewhere else to vote. The odds of "all
machines break down" should be less than "pollsite burns down."

> How will humidity in states like Georgia and Florida affect the machine
> and
> the paper?
Last I checked, people use PCs and printers all over the world. I suppose
they may fail at higher rates in some locations. If it's found that they
fail at a higher rate in some area, then more backup equipment should be
supplied to compensate for the higher failure rate.

> When you scan your ballot into the Reading Impaired station, does it show
> you a reconstructed EBI and read your choices back to you, or just read
> your
> chocies back to you?
"Reading Impaired station?" Never heard of it. This is confusing verbiage,
since it's a little hard to say if you mean the voting station for reading
impaired voters or the ballot verification station. I assume you mean the
verification station since you say "when you scan...." BTW, the
verification station is not just for reading-impaired. Anyone can use it to
see if the barcode is correct.

The EBI or REBI has nothing to do with the verification station. The way it
currently works is like this:

The barcode encodes a very long integer (35 digits for our demo ballot).
The scanner reads the barcode and gets the number. This very long decimal
number is converted into a much longer binary string (zeros and ones). This
is very straight forward arithmetic. You know, like the decimal number 432
converts to110110000 binary. Right? It's like that except the decimal
number is long (35 digits) and the binary string is 116 characters long.
That's because our demo ballot had 116 positions.

In the string of zeros and ones, a vote is indicated where there's a one.
So if you voted for Rachel Carson for president (John Muir VP), the first 8
characters in the binary string would be 00100000.

We have stored audio recordings for each of the 116 positions. SEL116.WAV
says, "For county commissioner, a write-in candidate was ranked eighth" (the
last selection you can make on the ballot). SEL003.WAV says, "For
president, Rachel Carson. John Muir for vice president. Green Party." The
software reads the long binary string and builds a play list of wav files.
If you voted for Rachel Carson for president, then SEL003.WAV is the first
file on the list. If you made no selection in the presidential race,
NP01.WAV would be played which says, "For President, no preference was
indicated." The play list is handed to a wav file player and the files are
played one-by-one.

Jan's web app handles playing the audio files a little more cleverly. Jan
strings the files on the play list together into one big wav file. He can
give you the big wave file or convert it to mp3 format which is much more
compact .. a very large wav file can be made into a very small mp3 file,
making it easier to download over the net. There is no advantage to Jan's
technique in a standalone situtation since it runs just fine on an 8-year
old PC.

OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Tue May 31 23:17:14 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT