Re: Shamos Rebuttal, Draft 3

From: Edward Cherlin <cherlin_at_pacbell_dot_net>
Date: Wed May 11 2005 - 14:40:37 CDT

I don't understand your attitude to what I write. You read far
too much into a few words, as though you have made up your mind
what I think, and everything I say must be interpreted according
to your preconception. Note I said, "as though". I didn't accuse
you. I would like an explanation, though, and perhaps a mild
apology over the misunderstanding, such as we have both given in
earlier messages. Or you can forget about that and just come to
the point. There are places here where you ignore the actual
question and focus on something irrelevant like "dragon-fire".

On Tuesday 10 May 2005 16:06, Ron Crane wrote:
> On May 10, 2005, at 3:14 PM, Edward Cherlin wrote:
> > On Tuesday 10 May 2005 13:23, Ron Crane wrote:
> >> On May 10, 2005, at 11:59 AM, Edward Cherlin wrote:
> >>> On Sunday 08 May 2005 18:13, Ron Crane wrote:
> >>>> On May 8, 2005, at 2:11 PM, Edward Cherlin wrote:


> >>>>> It is proverbial in the computer business (unlike
> >>>>> politics) that incompetence is to be suspected before
> >>>>> malice...
> >>>>>
> >>>>> So we should not focus only on the malicious vendor. The
> >>>>> known incompetent vendors together with the known
> >>>>> malicious/corrupt politicians with the money to hire
> >>>>> corrupt programmers and other technical people are here.
> >>
> >> Incompetence has been a huge problem. However, I think
> >> you're treating some events as evidence of incompetence
> >> when they could just as well have been evidence of fraud.

Not in the least.

> > "Once is happenstance, twice is coincidence, but three times
> > is enemy action."--Gen. George Patton

We are way past three times, and we have to take malice
seriously. But we have to deal with incompetence *first* because
there is so much of it, and because it is amply proven and
generally not in dispute, and because Shamos dismisses it as a
problem so he can set up his vendor fraud strawmen and pretend
to knock them down. And *that* is the problem. We can't let him
get away with that, regardless of whether it is an error on his
part, or malice (which you say you don't believe).

> > No, I don't make such a judgment. It would not surprise me
> > in the least to see it proved that a vendor committed
> > election fraud, and I would be delighted for the evidence to
> > come out, if so. The point at issue is whether we should
> > emphasize fraud alone, or point out that Shamos is guilty of
> > overlooking incompetence, and hit the vendors hard on it.
> > Even though he mentions errors, he does not follow up on the
> > point, and this is the greatest failing of his paper.
> I disagree. His biggest failing is trusting vendors, and his
> second biggest failing is trusting himself to be capable of
> identifying all the ways in which vendors might cheat.

Well, I don't care what number you rate it. Is it a failing at
all in your view? Does it not confuse the issue? Does it not
distract the public from real and present danger?

> >> Looking through
> >> shows
> >> many instances of lost votes, switched votes, inability to
> >> cast votes for certain candidates, etc. Your "Occam's
> >> Election Razor" would attribute all of these to
> >> incompetence.
> >
> > I made no such statement. I said incompetence before malice,
> > not to the exclusion of malice.

Where is your reply to the point I am making?

> > You have had trouble reading
> > other statements of mine accurately. Please be careful.
> Thanks for the dragon-fire. I don't smoke, though.

This is what you call dragon-fire? I could show you dragon-fire,
compared to which you would call this snorkelling in a peaceful
lagoon. I cited a fact. Perhaps it will turn out not to be the
relevant fact, but it wasn't meant as an insult or a putdown.

OK, I accept that you read my statement and that you think you
know what it means, and that you object to it. That isn't what I
meant, however. I think we should work on understanding before
we attempt argument or refutation. And we should unquestionably
lower the temperature. Where to start, though?

> Again I disagree. I think "incompetence before malice" is an
> inappropriate guide to understanding the issues. It basically
> adopts Shamos's approach of requiring critics to prove that
> e-voting systems are insecure, rather than the appropriate
> heuristic of requiring their advocates to prove that they are.

There you go again. Absolutely not. It says to consider the
possibility of incompetence, which has been proven many, many
times, **before** turning to the possibility of malice--unless,
of course, you have the goods on them, the smoking gun, the
internal e-mail about planning to steal some election. But one
should always continue on to the possibility of malice. At no
point did I say or imply that the public should blindly assume
incompetence, or that the public has to prove malice, rather
than the vendors proving that their code is both competent and

The operative word in my statement is "before". You write as
though you don't know what that means--No, I guess you write as
though you do know what it means, but you just skipped right
over it. Pay attention, Ron. I mean it. As a recovering
mathematician, I still try to write with mathematical precision
when making a logical argument.

> I do not oppose mentioning error. In fact, I mention a variety
> of cases that might be error -- or might be fraud -- in
> s.3.2.1, next-to-the-last paragraph. But I disagree that error
> should be the paper's focus.

And again. I did not ask you to make error the focus of the
paper. I want at most a paragraph taking Shamos to task for
misdirecting the reader's attention away from error, as though
malice were the only issue.

> Error largely could be remedied
> by better in-vendor review processes and better testing,

You can't test quality into a product. Only public design and
review has a chance of creating safe election software.

> making an open system like OVC's unnecessary.

All right, buddy, that's it. This dragon is loaded, and I know
how to use it. ^_^

If you believe that OVC is not necessary, what are you doing

> It's potential
> fraud (and issues of transparency that are, at base, largely
> worries about fraud) that motivate open systems, not so much
> error.

o The original motivation for Free Software, including Open
Source, is the prevention of limitations imposed by vendors of
proprietary software.

o Security errors in Microsoft products are one of the main
continuing motivations for the development and adoption of
Free/Open Source Software, most notably the Apache Web Server,
and various mail and browser clients. Although plenty of people
think Microsoft is the Evil Empire, I don't know anybody who
thinks that they put these security holes in on purpose.

o OVC is concerned about any lack of transparency that could
cause voters to mistrust elections, and any kind of error that
could compromise election integrity, not just fraud.

On the other hand, it is possible that you didn't mean what you
wrote the way I read it.

> >> I don't
> >> think that's a valid assumption, since it shortchanges the
> >> strong motivation to engage in fraud.

Not so.

> >> I basically disagree
> >> that the Razor is, itself, justified.

It isn't a Razor. It says incompetence **before** malice, not
**instead of**.

> >> And its use makes it
> >> more difficult to address vendor fraud.
> >
> > No. The law requires consideration of intent in criminal
> > cases. The question must always be addressed.
> "Criminal cases"? I don't see what this has to do with the
> paper.

<incredulity>You don't see what "criminal cases" has to do with
vendor fraud? ROTFLOL</incredulity>
> ...

> > I am not calling for much more than we have already written.
> > We can refer to the specific studies of vendor error
> > published elsewhere. We must call attention to them, and use
> > them to discredit Shamos further by pointing out that he is
> > misleading the public more by leaving that topic out than by
> > any of his overt errors. We don't have to incorporate the
> > other material wholesale.
> Write something, then.

I did, and you objected to it. Put it back in, and let's have
done with all this.

> And please include references. I have
> incorporated some of your other material, but do not have time
> to research stuff where you say "[ref]".

Ooh, look, dragon-fire!!

> Please also answer my
> emails in which I asked for a specific reference.

Done, as I said I would beforehand. This hostility has no place
in this discussion.

> > [snip]
> > Please edit your posts to avoid unnecessary verbiage.
> You too.

I don't mind your arguments at all, but this gratuitous snittage
crosses the line. I quote what I am answering. You left a huge
previous post on the end of yours. Apologize.

> -R

Edward Cherlin
Generalist & activist--Linux, languages, literacy and more
"A knot! Oh, do let me help to undo it!"
--Alice in Wonderland
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Tue May 31 23:17:33 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT