Re: Shamos Rebuttal, Draft 2

From: Ron Crane <voting_at_lastland_dot_net>
Date: Wed May 04 2005 - 23:11:59 CDT

On May 4, 2005, at 6:11 AM, Arthur Keller wrote:

> My comments follow.
> 1. Please follow standard North American Typographical Convention. I
> pulled out venerable old copy of Words into Type, 3rd edition,
> Prentice Hall, 1974....


> 2. You use the phrase "democratic republic" without explanation. I
> think an endnote is warranted on first use.


> 3. On the bottom of the first page, the paragraph-opening sentence
> that begins with "Of the second class of error" is awkwardly worded
> and confusing.
> 4. Section 3.1.1, fourth line from end: "systematically can" should be
> "can systematically"

I prefer the existing construction.

> 5. "e.g." should be followed by a comma, particularly when in
> parentheses. Wouldn't you use a comma after if "for example" were
> there instead). Item (2) on page 3 is an example of a place that
> needs fixing.


> 6. In some places you have two spaces between words instead of one.
> Do a global search. One such place is between "of" and "chemical" on
> pagve 4.

Fixed, except in quotations from others.

> 7. Re: Section 3.3, the San Francisco-Oakland Bay Bridge worked fine
> for some 60 years until there was an earthquake....

...for which it wasn't properly engineered. Which, of course, shows
that "it worked yesterday, so it'll work today" isn't always valid even
for continuous systems. But that's really beyond the scope of the

> 8. Re: Section 3.5.1. See the Editorial in the New York Times on
> Sunday, June 13:
> EDITORIAL DESK | June 13, 2004, Sunday
> Gambling on Voting
> (NYT) Editorial; Series 863 words Late Edition - Final , Section 4
> , Page 12 , Column 1
> ABSTRACT - Editorial, in series Making Votes Count, contends that if
> election officials want to convince voters that electronic voting can
> be trusted, they should be willing to make it at least as secure as
> slot machines; maintains that to appreciate how poor oversight on
> voting systems is, it is useful to look at way Nevada systematically
> ensures that electronic gambling machines in Las Vegas operate
> honestly and accurately; holds that electronic voting, by comparison,
> is rife with lax procedures, security risks and conflicts of interest;
> cites ways in which gamblers are more protected than voters


> 9. Section 4.1.1. Change "power-line broadband" to "broadband over
> power lines (BPL)" so that the acronym is defined before use a
> paragraph later.


> 10. Section 4.2. Indicate that the malware could remove itself from
> memory and delete where it was loaded from after operating, so that a
> subsequent audit of the equipment would find no trace of it.
> In particular, may I suggest that the malware be invoked at end-of-day
> voting session closeout by clearing the display in an ideosyncratic
> way. The malware loads (if it is present and otherwise does nothing),
> then alters the votes or vote totals, then erases all traces of itself
> other than the loader, and then exits. A subsequent audit of the
> equipment will find nothing unusual, and the malware loader is ready
> to do its job when the software is reloaded for the next election.

There is no need for anyone to cooperate with the malware ("by clearing
the display in an ideosyncratic way"). Once it's infected the machine,
it has full control. I have added your idea about the malware bootstrap
saving a copy of the cheating application (I speculated in an unused
area of the hard drive), and the malware loader checking for its
availability during future elections. It's an endnote to §4.1.2.

> 11. A nice quote for section 4.3 is:
> "[P]rogram testing can be used very effectively to show the presence
> of bugs but never to show their absence." Edsger W. Dijkstra

A very interesting paper. I'm using the quote you suggested, and also
some of the language about "looking inside the black box" elsewhere.

> 12. Re: Section 4.5. Has ANY election jurisdiction adopted this
> approach?

I have no idea. Shamos provides no cite to one, though some time has
elapsed since he wrote his paper, and someone might be trying the idea.
Does anyone else know?

> There are references to Section 3.1 that should specifically mention
> that they refer to sections in Shamos' paper.


> 13. Section 4.6.
> Comma after (e.g., again.


> Where you cite 85, you should also cite Kevin Shelley's orders for an
> Accessible Voter Verified Paper Audit Trail.
> avvpat_standards_6_15a_04.pdf

Added in a slightly different place.

> By the way, I just noticed
> which I
> hadn't seen before. Anyone have comments?
> Note the Audio Audit trail:
> I couldn't read this file. Maybe someone else can decode it:
> There's also this paper, which may be a good cite for how many people
> actually look at the paper audit trail.
> past_issues/2005Spring.html ("A Day of Poll Watching")
> Someone should do the statistical analysis if 1% of the ballots are
> wrong and 20% of the voters look at their ballots and there are, say,
> 100 votes per machine and, say, 100 machines with the error, what's
> the likelihood of a voter actually catching such an error?

The number discovered will, on average, be 0.01 * 0.2 * 100 * 100 = 20.
Given the 10,000 (100*100) votes cast, each voter will have a 20/10,000
= 0.2% chance of discovering one. Now multiple that by the probability
of the user raising a stink, and the probability of an elections
official actually trying to do something, and the probability of
existing legal procedures actually allowing something useful to be done
before the election become immutable....

> 14. End of Section 5.
> Check out for a good
> rebuttal.
> Also the member opinion poll at
> 86.38% strongly agreed with:
> "ACM's proposed policy position concludes that due to the risks and
> vulnerabilities inherent in many voting systems in use today -
> particularly computer-based electronic voting systems - it is
> important that physical records (e.g., paper) are maintained to ensure
> that a vote has been cast accurately and that a meaningful physical
> record of a vote exists."
> I'd recommend getting an update on the number of signers at Verified
> by category. They no longer have the numbers (or lists) on
> their website.

I don't want to get into a war of numbers here. It's sufficient to
point out his sophistic math and the fact that he provides no citations
to support his proposition about "the other 9,999 out of 10,000".

> Footnote 3. "record, cast, or tabulate votes" not "cast, tabulate, or
> canvass votes


> Footnotes 12, 13, and others without a document cite. I think you are
> referring to THIS paper. If so, you should be explict and say so.

Fixed. I've always wanted to use the words "infra" and "supra".

> Footnote 24 has weird spacing.

Yeah, it's an unfixable Word bug. It does that when the URL is too long
to fit on a single line.

> Footnote 37 needs comma after e.g.


> Footnote 41 uses Section instead of double S symbol.


> Footnote 54, Also cite

That's not so easy to interpret, and, because of the Electoral
College's amplifying effects, is actually not a good example of the
phenomenon I'm trying to illustrate.

> Footnote 64. "would" should be "could"; "address" should be
> "location" (it could be on disk)

No, it's not on disk for this note's purposes.

> Footnote 68. I prefer this cite: Neil F. Johnson and Sushil Jajodia,
> "Steganography: Seeing the Unseen," IEEE Computer, February 1998:
> 26-34.

A nice article. Added.

> Footnote 81. "subordinate" is not quite right. In California, the
> paper audit trail IS supposed to be used for manual recounts and is
> controlling in those cases. I'd say,
> "The VVPAT is maintained for auditing or recount purposes, but in
> general the corresponding electronic record of the vote is the one
> tabulated first. In practice, only a small number of VVPAT records
> are actually tallied, and usually manually and usually as part of a
> statistical test."


> Footnote 91. Cite a source of the 14th amendment. Use
> or

Done, and thanks for the good review! Draft 3 coming soon!


> Best regards,
> Arthur
> At 10:15 PM -0700 5/3/05, Ron Crane wrote:
>> Here it is. While reviewing some of Shamos's citations, I found
>> something I believe to be rather un-kosher. Those of you with
>> academic backgrounds should especially read the end of my section
>> 4.6, beginning at "Finally, and most oddly...."
>> In any case, please comment. I'd like to roll the final version on or
>> before next Monday.
>> -R
>> P.S. I am sorry about the MS word format, but Word doesn't include
>> the endnotes when I save in RTF format.
>> Attachment converted: ARK G4 Powerbook HD:shamos-rebuttal.doc
>> (WDBN/«IC») (001CE623)
>> _______________________________________________
>> OVC discuss mailing lists
>> Send requests to subscribe or unsubscribe to
> --
> -----------------------------------------------------------------------
> --------
> Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA 94303-4507
> tel +1(650)424-0202, fax +1(650)424-0424
> _______________________________________________
> OVC discuss mailing lists
> Send requests to subscribe or unsubscribe to

OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Tue May 31 23:17:20 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT