Re: Security markings on the ballot

From: Clay Lenhart <clay_at_lenharts_dot_net>
Date: Sat Nov 01 2003 - 09:00:32 CST

On Fri, 2003-10-24 at 13:13, David Mertz wrote:
> Moreover, in my mind, the main threat to ballot integrity is not from
> casual voters (say with the extra ballots stuffed in their shirt), but
> rather from corrupt poll workers (it's not that hard to get the gig,
> after all). So those who are most likely to cause the problems almost
> by definition already have access to the special paper.

After reviewing David's security plan, I found a hole in it that allows
a poll worker to submit fake public and private keys with ballots after
(or during) the election.

Having poll workers submit both the public key and the ballot is
inherently insecure and allows anyone up the chain the ability to forge
votes, since they all have a chance to insert or remove public keys and
ballots electronically.

I think paper ballots are important to verify the electronic version,
but the expense of counting them in a timely manner as compared with the
electronic version will mean that they will not be counted in all cases
before the officials take office. What will happen is the paper ballots
will be used to learn from our mistakes from the electronic ballots well
after the election. Before we get to the point of learning from our
mistakes, lets try to come up with a framework that separates the public
key people and the counting/administration people.

Below is another method that has been discussed here before. We don't
have to use this, but we should have a better electronic security


= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Sun Nov 30 23:17:01 2003

This archive was generated by hypermail 2.1.8 : Sun Nov 30 2003 - 23:17:12 CST