Re: Shamos Rebuttal, Draft 3

From: Ron Crane <voting_at_lastland_dot_net>
Date: Wed May 11 2005 - 15:41:53 CDT

On May 11, 2005, at 12:40 PM, Edward Cherlin wrote:

> I don't understand your attitude to what I write. You read far
> too much into a few words, as though you have made up your mind
> what I think, and everything I say must be interpreted according
> to your preconception. Note I said, "as though". I didn't accuse
> you. I would like an explanation, though, and perhaps a mild
> apology over the misunderstanding, such as we have both given in
> earlier messages. Or you can forget about that and just come to
> the point. There are places here where you ignore the actual
> question and focus on something irrelevant like "dragon-fire".

Noted.

>>>>>>> It is proverbial in the computer business (unlike
>>>>>>> politics) that incompetence is to be suspected before
>>>>>>> malice...
>>>>>>>
>>>>>>> So we should not focus only on the malicious vendor. The
>>>>>>> known incompetent vendors together with the known
>>>>>>> malicious/corrupt politicians with the money to hire
>>>>>>> corrupt programmers and other technical people are here.
>>>>
>>>> Incompetence has been a huge problem. However, I think
>>>> you're treating some events as evidence of incompetence
>>>> when they could just as well have been evidence of fraud.
>
> Not in the least.
>
>>> "Once is happenstance, twice is coincidence, but three times
>>> is enemy action."--Gen. George Patton
>
> We are way past three times, and we have to take malice
> seriously. But we have to deal with incompetence *first* because
> there is so much of it, and because it is amply proven and
> generally not in dispute, and because Shamos dismisses it as a
> problem so he can set up his vendor fraud strawmen and pretend
> to knock them down. And *that* is the problem.

I don't see that as the problem at all. His strawmen are strawmen
because of how he builds them. He produces caricatures of legitimate
fraud concerns, and then ignites them. As writ, our paper shows that
there *are* legitimate concerns about fraud, and describes some
practical methods that vendors could use to cheat. It makes no argument
about whether they actually have used these methods, but, by listing a
litany of "errors", lets the reader make her own decision.

> We can't let him
> get away with that, regardless of whether it is an error on his
> part, or malice (which you say you don't believe).

I am trying not to make any judgements about Shamos himself. I have
some opinions and suspicious about the vendors, but have tried to keep
that out of the paper as well.

>>> No, I don't make such a judgment. It would not surprise me
>>> in the least to see it proved that a vendor committed
>>> election fraud, and I would be delighted for the evidence to
>>> come out, if so. The point at issue is whether we should
>>> emphasize fraud alone, or point out that Shamos is guilty of
>>> overlooking incompetence, and hit the vendors hard on it.
>>> Even though he mentions errors, he does not follow up on the
>>> point, and this is the greatest failing of his paper.
>>
>> I disagree. His biggest failing is trusting vendors, and his
>> second biggest failing is trusting himself to be capable of
>> identifying all the ways in which vendors might cheat.
>
> Well, I don't care what number you rate it. Is it a failing at
> all in your view? Does it not confuse the issue? Does it not
> distract the public from real and present danger?

Sure it's a failing, and a real and present danger. But it's not the
worst danger. Please write concise paragraph or two about it, with
cites as necessary, and we can add a section (say 3.6) entitled
"Understating the Significance of Error".

>>>> Looking through
>>>> http://www.votersunite.org/info/messupsbyvendor.asp shows
>>>> many instances of lost votes, switched votes, inability to
>>>> cast votes for certain candidates, etc. Your "Occam's
>>>> Election Razor" would attribute all of these to
>>>> incompetence.
>>>
>>> I made no such statement. I said incompetence before malice,
>>> not to the exclusion of malice.
>
> Where is your reply to the point I am making?

I don't understand what you mean.

>>> You have had trouble reading
>>> other statements of mine accurately. Please be careful.
>>
>> Thanks for the dragon-fire. I don't smoke, though.
>
> This is what you call dragon-fire? I could show you dragon-fire,
> compared to which you would call this snorkelling in a peaceful
> lagoon.

Which would not encourage me to continue this discussion.

>> Again I disagree. I think "incompetence before malice" is an
>> inappropriate guide to understanding the issues. It basically
>> adopts Shamos's approach of requiring critics to prove that
>> e-voting systems are insecure, rather than the appropriate
>> heuristic of requiring their advocates to prove that they are.
>
> There you go again. Absolutely not. It says to consider the
> possibility of incompetence, which has been proven many, many
> times, **before** turning to the possibility of malice--unless,
> of course, you have the goods on them, the smoking gun, the
> internal e-mail about planning to steal some election. But one
> should always continue on to the possibility of malice. At no
> point did I say or imply that the public should blindly assume
> incompetence, or that the public has to prove malice, rather
> than the vendors proving that their code is both competent and
> non-malicious.
>
> The operative word in my statement is "before". You write as
> though you don't know what that means--No, I guess you write as
> though you do know what it means, but you just skipped right
> over it. Pay attention, Ron. I mean it. As a recovering
> mathematician, I still try to write with mathematical precision
> when making a logical argument.

And what *does* "before* mean in this context? That we should make a
survey of the reported "errors" and first examine whether each one
really is error, and if we can't plausibly say so, attribute it to
malice? But what of the possibilities of malice that Shamos glosses
over? This stuff is theoretical in the sense that we have no solid
proof it's been done, but it's a very real possibility.

>> I do not oppose mentioning error. In fact, I mention a variety
>> of cases that might be error -- or might be fraud -- in
>> s.3.2.1, next-to-the-last paragraph. But I disagree that error
>> should be the paper's focus.
>
> And again. I did not ask you to make error the focus of the
> paper. I want at most a paragraph taking Shamos to task for
> misdirecting the reader's attention away from error, as though
> malice were the only issue.

Great! See my offer above. Perhaps we finally have reached agreement on
this as far as the paper is concerned.

>> Error largely could be remedied
>> by better in-vendor review processes and better testing,
>
> You can't test quality into a product. Only public design and
> review has a chance of creating safe election software.

Oh, now you're talking about "safety". That's different from "error",
since it includes the possibility of fraud. But a vendor alone could,
with sufficient effort, produce a system very resistant to error.
Obviously vendors generally have not chosen to do so, but there's no
theoretical impediment to it. Vendors of proprietary software of all
kinds produce great quality products without any public design or
review. But I wouldn't trust them to produce voting systems without
total public review, not because of error, but because of the
possibility of large-scale fraud.

>> making an open system like OVC's unnecessary.
>
> All right, buddy, that's it. This dragon is loaded, and I know
> how to use it. ^_^
>
> If you believe that OVC is not necessary, what are you doing
> here?

My dragon's loaded, too. And he's named "Ancalagon the Black" (pat,
pat). You seem to want a demonstration. But I'll refrain, and only
mildly note that you've misrepresented my argument, which was to show
the logical consequences of focussing nearly exclusively on error. I
think we've come to some agreement on this topic for purposes of the
paper, so I'll keep the leash on. But please don't do this anymore. It
is singularly unproductive.

>> It's potential
>> fraud (and issues of transparency that are, at base, largely
>> worries about fraud) that motivate open systems, not so much
>> error.
>
> o The original motivation for Free Software, including Open
> Source, is the prevention of limitations imposed by vendors of
> proprietary software....Microsoft....

What you quote was meant to be specific to voting software, and was
written in that context, not in the context of all free software. Your
examples are inapposite. The main (though not exclusive) motivation for
open voting software is concern about vendor fraud.

> On the other hand, it is possible that you didn't mean what you
> wrote the way I read it.

Right. See above.

>>>> And its use makes it
>>>> more difficult to address vendor fraud.
>>>
>>> No. The law requires consideration of intent in criminal
>>> cases. The question must always be addressed.
>>
>> "Criminal cases"? I don't see what this has to do with the
>> paper.
>
> <incredulity>You don't see what "criminal cases" has to do with
> vendor fraud? ROTFLOL</incredulity>

No, basically I don't see what "criminal cases" have to do with the
possibility of vendor fraud. They might have something to do with
already-executed vendor fraud, or pending conspiracies -- if we're
lucky. But since we haven't been so lucky thus far, "criminal cases"
have little to do with our paper.

>> ...
>
>>> I am not calling for much more than we have already written.
>>> We can refer to the specific studies of vendor error
>>> published elsewhere. We must call attention to them, and use
>>> them to discredit Shamos further by pointing out that he is
>>> misleading the public more by leaving that topic out than by
>>> any of his overt errors. We don't have to incorporate the
>>> other material wholesale.
>>
>> Write something, then.
>
> I did, and you objected to it. Put it back in, and let's have
> done with all this.

Please refresh my memory. I offered to include a paragraph or two on
the topic above, under a heading like "Understating the Significance of
Error".

>> And please include references. I have
>> incorporated some of your other material, but do not have time
>> to research stuff where you say "[ref]".
>
> Ooh, look, dragon-fire!!

Ooh, look, facts! Most of your previous text included only "[ref]"
where an actual reference should appear. It is not inappropriate for me
to ask you to provide actual references.

>> Please also answer my
>> emails in which I asked for a specific reference.
>
> Done, as I said I would beforehand. This hostility has no place
> in this discussion.

You had not as of the point I asked.

>>> [snip]
>>> Please edit your posts to avoid unnecessary verbiage.
>>
>> You too.
>
> I don't mind your arguments at all, but this gratuitous snittage
> crosses the line. I quote what I am answering. You left a huge
> previous post on the end of yours. Apologize.

I apologize for any "huge previous post[s]" I have left in any
correspondence. I don't mean to clog up your inbox, and will try to
trim posts to the bone henceforth.

Now, why don't you apologize for misrepresenting my position on the
necessity of OVC's existence?

-R

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue May 31 23:17:34 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT