Crypto #3

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Thu May 19 2005 - 13:01:50 CDT

> From: David Mertz <voting-project@gnosis.cx>
> Date: May 16, 2005 3:48:24 PM EDT
> To: "David Webber \(XML\)" <david@drrw.info>
>
> On May 16, 2005, at 8:39 AM, David Webber ((XML)) wrote:
>> I believe this comes down to a philosophical point - how can you
>> state you have voter verified paper ballots - if the voter cannot
>> directly verify the information on the ballot?!?
>
> Barcodes and/or crypto *do not* contain any extra information though,
> not in a meaningful sense.
>
> Sure, the string '329048712-905871430897' at the bottom of a ballot,
> whether encoded with regular fonts or in a barcode, is not
> self-evident. But however it encodes votes and security checks is
> fully documented. That is, the fact it encodes only what it should
> can be checked by the various neutral trusted parties (e.g. the groups
> like League of Women Voters that I mentioned).
>
> Of course it is -possible- that the funny numbers actually encode
> something other than "John Smith for President" (which is what is
> printed in directly human readable form). But two points:
>
> (1) If the encoded stuff doesn't match the human readable stuff, the
> human readable stuff wins!
> (2) If there is a mismatch, it is easily detected by observers (who
> probably make random spot checks of ballots; though in a challenge
> maybe they hand count everything).
> (2a) If observers detect a mismatch, that triggers heightened
> scrutiny and an audit.
>
> Btw. If you are concerned about leaking information, skipping barcodes
> is no panacea. We discussed numerous steganographic ideas on the list
> that don't involve barcodes (nor obscure strings): micro-spacing
> variation in characters; distribution of ink specs that look like
> random hardware effects; subtly modified watermark/background. If you
> want sneaky, I can hide information in plain sight.
>
> Hmmm... I wonder if I should create an example: Two "identical
> ballots" that actually encode different confidential information: say
> one that encodes the value "David Webber" and another than encodes
> "David Mertz", but with identical "votes"... all on a piece of paper
> (I suppose distributed as two PDFs). I might not get around to it,
> but I guarantee you couldn't tell which was which (or even that they
> differed) w/o a microscope and a lot of time spent.
>
> Of course, the openness of the source code is the remedy against this.
>
>> BTW - the VoteHere(tm) approach was of this ilk - and I'm glad
>> to see they have stepped out of the marketplace
>
> I entirely agree about the non-transparency of VoteHere. You can see
> me making that point quite vocally throughout the list archives, and
> elsewhere.

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue May 31 23:17:42 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT