Re: Brand new concept in audit trails

From: Ron Crane <voting_at_lastland_dot_net>
Date: Wed May 04 2005 - 22:45:53 CDT

On May 4, 2005, at 8:05 PM, Jim March wrote:

[snip!]

>>>> One question is how long after the election states make this stuff
>>>> available. It's useful for *some* degree of coercion all the time,
>>>> but if it's not available until 6 months after the election, I
>>>> think the issue is rather mitigated. Of course, that wouldn't be as
>>>> useful for ensuring election integrity, either.
>>>
>>> They *must* be made available ASAP after the election and by current
>>> law, for the next 22 months after.
>>>
>>> We need them ASAP to be able to decide whether or not to do an
>>> election challenge.
>>>
>>> OK. Say you ran for Mayor and think you lost by fraud. It'll cost
>>> YOU money to challenge because you have to pay for the hand count by
>>> elections department staff.
>>>
>>> Under this "carbon" proposal, you can spot-check precincts yourself
>>> or do an unofficial total hand recount if you have enough
>>> volunteers. You can assess the situation with no financial OR
>>> political risk - the political risk of being seen as a "whiner"
>>> (remember the "Sore Loserman" bumper stickers?) if you order a hand
>>> recount and still loose.
>>
>> I understand that. My issue has to do with current law. Where does
>> "22 months" come from?
>
> Current Federal law on the retension of data from Federal elections.
>
>> Basically, if current law on the disclosure of *ballots* would permit
>> the carbon procedure, I hesitantly will accept it hesitantly
>> because of the minor-party coercion issues I listed earlier. If it
>> requires a change in current law, I'm going to have to see much
>> better justification for its use than I've seen so far.
>
> Well as I said, in California and *most* states there is no legal
> change required and the full ballot image data (or the ballots
> themselves are legally available for viewing.

They're legally available for viewing when? Immediately? 5 days after
the election? Before certification of the election?

>>>>>>> ...Now, if you want to argue for the rights of
>>>>>>> minor-party-voters and get these records sealed nationally, go
>>>>>>> for it. That's a separate issue. I for one will fight you
>>>>>>> tooth and nail on that because there would be NO LIMIT
>>>>>>> WHATSOEVER to vote-hacking by county elections officials.
>>>>>>
>>>>>>
>>>>>> Let's think about that. With our system, they could cast a bunch
>>>>>> of extra votes after the polls close, but not so many as to
>>>>>> exceed the number of voters in the precinct. Carbons wouldn't
>>>>>> catch that. They could manipulate the totals after tabulation,
>>>>>> and the carbons would catch that but you say that ballots are
>>>>>> already public record. What do the carbons add? What I am
>>>>>> misunderstanding?
>>>>>
>>>>>
>>>>> Well you're missing one aspect of how vote security really works.
>>>>> It's connected to the volunteer pollworkers. You have four to six
>>>>> or so per precinct, "ordinary people" - in order to "paper stuff",
>>>>> you have to have them all be crooked. Not too likely, esp. not
>>>>> across multiple precincts. At the end of the day these people
>>>>> tally up their precinct's votes and post the numbers. If somebody
>>>>> tries to stuff more paper in back at elections HQ, the numbers
>>>>> won't add up.
>>>>>
>>>>> This can be defeated but with good system design it's damned
>>>>> difficult. Example: proper audit logs will tell you when each
>>>>> step happened, in what order even if they screw around with the PC
>>>>> system clock. Proper login IDs will tell you WHO performed what
>>>>> step so that if a hack is caught, you catch the perps. Compare
>>>>> and contrast with Diebold: editable audit logs, no login security
>>>>> - good pollworker paper procedures carefully compared to machine
>>>>> records might catch electronic hacking (as happened in Volusia
>>>>> County FL in 2000) but the perps won't be. So if you're a perp,
>>>>> go ahead and hack, you'll always get away with it and some hacks
>>>>> won't get noticed.
>>>>
>>>> Right. And all those reasons tend to mitigate the problem the
>>>> carbons are intended to address.
>>>
>>> Yes, *except* you don't want the non-tech folks to have to trust in
>>> a "tech priesthood" of election observers either.
>>>
>>> Long term that nets you a "two caste" system.
>>>
>>> This "carbon paper" (more likely the perforated single sheet
>>> concept) makes electronic hacking unbelievably difficult.
>>
>> You mean it makes it more difficult for elections staff to hack,
>> though it doesn't prevent them from stuffing the box. Depending upon
>> the precinct, stuffing could be more significant, and it's a hell of
>> a lot easier.
>
> Yes but only with the cooperation of volunteer pollworkers. You might
> be able to corrupt a precinct or two but it won't be widespread.

Then I don't see what the carbon process is protecting against. If it's
hard to stuff the box, it's harder to hack the system -- except at the
very end of the process: posting the totals. But wouldn't the
volunteers have something to say if the totals they see are posted
incorrectly at the end?

>>> You set up something that will satisfy HER and you've really got
>>> something special...
>>
>> Meaning no disrespect to Bev (who's done great work) or anyone else,
>> I will sign off on something that satisfies ME, whether or not it
>> satisfies anyone else. I am not awed by authority, only by argument.
>
> Ron, that wasn't why I mentioned her opinions.
>
> Think of OVC as being a marketing company too. We're doing a sales
> job. Now think of Bev as the nastiest, most skeptical possible
> customer who could ever walk through your door, somebody who eats
> sales pitches, chews 'em up and spits 'em out laced with vinegar.
>
> If you can get HER swung over to your side...

I see. Thanks for the explanation.

>> [level snip]
>>
>>>> Let's see how the conversation develops. We have to consider how
>>>> much security it realistically adds versus its privacy impact,
>>>> particularly any discriminatory privacy impact. Those little
>>>> parties and unknown candidates are the wellspring of renewal.
>>>
>>> Yeah. True. But look on the flipside: if election fraud sets in
>>> long term, there isn't going to be a "wellspring of renewal" from
>>> ANY source. Orwell's "1984" is down that path, or a really nasty
>>> civil war. (Do recall that the "wellspring of renewal" for this
>>> nation was cannons and the Kentucky Longrifle.)
>>>
>>> Ron, part of what really scares me is that election-related violence
>>> is on the upswing. Elections HQs of both parties are being raided.
>>> Tires of vans used for get-out-the-vote drives are being slashed.
>>> THIS IS AMERICA, that shit used to be confined to 3rd world
>>> countries. Public perception of election systems is coming unglued.
>>>
>>> I can make a very serious case that "excessive security" in
>>> elections is now basically impossible.
>>
>>
>> Election-related violence is a *great* reason to *preserve* as much
>> privacy as we can, especially for voters aligned with unpopular
>> parties or candidates. And if "excessive security" is "basically
>> impossible", why not film voters' every move?
>
> OK, you caught me in some hyperbole :).

But what of the argument about the need to preserve privacy because of
the election violence you cited? I'm serious here.

-R

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue May 31 23:17:19 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT