Re: Brand new concept in audit trails

From: Ron Crane <voting_at_lastland_dot_net>
Date: Wed May 04 2005 - 22:45:53 CDT

On May 4, 2005, at 8:05 PM, Jim March wrote:


>>>> One question is how long after the election states make this stuff
>>>> available. It's useful for *some* degree of coercion all the time,
>>>> but if it's not available until 6 months after the election, I
>>>> think the issue is rather mitigated. Of course, that wouldn't be as
>>>> useful for ensuring election integrity, either.
>>> They *must* be made available ASAP after the election and by current
>>> law, for the next 22 months after.
>>> We need them ASAP to be able to decide whether or not to do an
>>> election challenge.
>>> OK. Say you ran for Mayor and think you lost by fraud. It'll cost
>>> YOU money to challenge because you have to pay for the hand count by
>>> elections department staff.
>>> Under this "carbon" proposal, you can spot-check precincts yourself
>>> or do an unofficial total hand recount if you have enough
>>> volunteers. You can assess the situation with no financial OR
>>> political risk - the political risk of being seen as a "whiner"
>>> (remember the "Sore Loserman" bumper stickers?) if you order a hand
>>> recount and still loose.
>> I understand that. My issue has to do with current law. Where does
>> "22 months" come from?
> Current Federal law on the retension of data from Federal elections.
>> Basically, if current law on the disclosure of *ballots* would permit
>> the carbon procedure, I hesitantly will accept it hesitantly
>> because of the minor-party coercion issues I listed earlier. If it
>> requires a change in current law, I'm going to have to see much
>> better justification for its use than I've seen so far.
> Well as I said, in California and *most* states there is no legal
> change required and the full ballot image data (or the ballots
> themselves are legally available for viewing.

They're legally available for viewing when? Immediately? 5 days after
the election? Before certification of the election?

>>>>>>> ...Now, if you want to argue for the rights of
>>>>>>> minor-party-voters and get these records sealed nationally, go
>>>>>>> for it. That's a separate issue. I for one will fight you
>>>>>>> tooth and nail on that because there would be NO LIMIT
>>>>>>> WHATSOEVER to vote-hacking by county elections officials.
>>>>>> Let's think about that. With our system, they could cast a bunch
>>>>>> of extra votes after the polls close, but not so many as to
>>>>>> exceed the number of voters in the precinct. Carbons wouldn't
>>>>>> catch that. They could manipulate the totals after tabulation,
>>>>>> and the carbons would catch that but you say that ballots are
>>>>>> already public record. What do the carbons add? What I am
>>>>>> misunderstanding?
>>>>> Well you're missing one aspect of how vote security really works.
>>>>> It's connected to the volunteer pollworkers. You have four to six
>>>>> or so per precinct, "ordinary people" - in order to "paper stuff",
>>>>> you have to have them all be crooked. Not too likely, esp. not
>>>>> across multiple precincts. At the end of the day these people
>>>>> tally up their precinct's votes and post the numbers. If somebody
>>>>> tries to stuff more paper in back at elections HQ, the numbers
>>>>> won't add up.
>>>>> This can be defeated but with good system design it's damned
>>>>> difficult. Example: proper audit logs will tell you when each
>>>>> step happened, in what order even if they screw around with the PC
>>>>> system clock. Proper login IDs will tell you WHO performed what
>>>>> step so that if a hack is caught, you catch the perps. Compare
>>>>> and contrast with Diebold: editable audit logs, no login security
>>>>> - good pollworker paper procedures carefully compared to machine
>>>>> records might catch electronic hacking (as happened in Volusia
>>>>> County FL in 2000) but the perps won't be. So if you're a perp,
>>>>> go ahead and hack, you'll always get away with it and some hacks
>>>>> won't get noticed.
>>>> Right. And all those reasons tend to mitigate the problem the
>>>> carbons are intended to address.
>>> Yes, *except* you don't want the non-tech folks to have to trust in
>>> a "tech priesthood" of election observers either.
>>> Long term that nets you a "two caste" system.
>>> This "carbon paper" (more likely the perforated single sheet
>>> concept) makes electronic hacking unbelievably difficult.
>> You mean it makes it more difficult for elections staff to hack,
>> though it doesn't prevent them from stuffing the box. Depending upon
>> the precinct, stuffing could be more significant, and it's a hell of
>> a lot easier.
> Yes but only with the cooperation of volunteer pollworkers. You might
> be able to corrupt a precinct or two but it won't be widespread.

Then I don't see what the carbon process is protecting against. If it's
hard to stuff the box, it's harder to hack the system -- except at the
very end of the process: posting the totals. But wouldn't the
volunteers have something to say if the totals they see are posted
incorrectly at the end?

>>> You set up something that will satisfy HER and you've really got
>>> something special...
>> Meaning no disrespect to Bev (who's done great work) or anyone else,
>> I will sign off on something that satisfies ME, whether or not it
>> satisfies anyone else. I am not awed by authority, only by argument.
> Ron, that wasn't why I mentioned her opinions.
> Think of OVC as being a marketing company too. We're doing a sales
> job. Now think of Bev as the nastiest, most skeptical possible
> customer who could ever walk through your door, somebody who eats
> sales pitches, chews 'em up and spits 'em out laced with vinegar.
> If you can get HER swung over to your side...

I see. Thanks for the explanation.

>> [level snip]
>>>> Let's see how the conversation develops. We have to consider how
>>>> much security it realistically adds versus its privacy impact,
>>>> particularly any discriminatory privacy impact. Those little
>>>> parties and unknown candidates are the wellspring of renewal.
>>> Yeah. True. But look on the flipside: if election fraud sets in
>>> long term, there isn't going to be a "wellspring of renewal" from
>>> ANY source. Orwell's "1984" is down that path, or a really nasty
>>> civil war. (Do recall that the "wellspring of renewal" for this
>>> nation was cannons and the Kentucky Longrifle.)
>>> Ron, part of what really scares me is that election-related violence
>>> is on the upswing. Elections HQs of both parties are being raided.
>>> Tires of vans used for get-out-the-vote drives are being slashed.
>>> THIS IS AMERICA, that shit used to be confined to 3rd world
>>> countries. Public perception of election systems is coming unglued.
>>> I can make a very serious case that "excessive security" in
>>> elections is now basically impossible.
>> Election-related violence is a *great* reason to *preserve* as much
>> privacy as we can, especially for voters aligned with unpopular
>> parties or candidates. And if "excessive security" is "basically
>> impossible", why not film voters' every move?
> OK, you caught me in some hyperbole :).

But what of the argument about the need to preserve privacy because of
the election violence you cited? I'm serious here.


OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Tue May 31 23:17:19 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT