Re: securing electronic ballots

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Mon Nov 24 2003 - 12:37:29 CST

clay@lenharts.net (Clay Lenhart) wrote:
|David, you forget that the scheme I had can detect deleted ballots.

I know. But the problem with your scheme is that it is in contradiction
to the Constitution of the United States. I know the founding fathers
didn't know about RSA and all that... but as it works out, the conduct
of elections cannot be constitutionally centralized to the degree you
propose; there are States Rights issues that stand against your scheme.

The thing to keep in mind about EVM2003/OVC is that it is primarily a
political project, not a technical one.

Btw. I recommend you followup on David Chaum's idea that I mentioned in
my note on meeting Rebecca Mercuri. From a math/crypto perspective it
seems pretty cool--although I have not read through the math details
yet. But among other things, Chaum's system allows anonymous
verification that votes are recorded.

Part of what Mercuri was showing off was the physical receipt in Chaum's
system. It was kinda cool looking; there is an underlay and a
transparency layer. Each has a bunch of random looking dots on it, but
they line up in such a way as to show your vote when combined. As I
understand it, you keep one layer--take it home with you (the other
layer is destroyed after voter verification). However, your one layer
DOES NOT contain enough information to reconstruct your actual vote (and
therefore voting compliance cannot be coerced by 3rd parties). However,
the layer DOES contain enough information to validate (e.g. on the
internet) that the corresponding vote was centrally recorded (just not
what the vote WAS).

An advantage of Chaum's system is that it does not have a constitutional
obstacle the way Lenhart's key centralization (with parties) does. If
one state, or one county, decided they wanted to use the Chaum system,
that's fine--voters in that one county can verify that their vote was
counted, without requiring any larger central administration.

However, the problem with both Chaum's and Lenhart's systems is that
voters simply cannot understand them. It's easy for people who DO
understand the math in crypto to gloss over this point. I believe I can
explain my protocol to an average voter (if the voter has a little
patience), to a sufficient degree that she has confidence that her
anonymity and vote integrity are preserved. If I were to try a similar
explanation of Chaum's or Lenhart's systems, the best I could do was say
"A bunch of really complex mathematics happens that you can't
understand... trust us." Voter confidence ranks, in my mind, at least
as high as cryptographic strength (obviously, a false confidence is very
bad... just fooling people about a bad system isn't right either).

Yours, David...

--
---[ to our friends at TLAs (spread the word) ]--------------------------
Iran nuclear neocon POTUS patriot Pakistan weaponized uranium invasion UN
smallpox Gitmo Castro Tikrit armed revolution Carnivore al-Qaeda sarin
---[ Gnosis Software ("We know stuff") <mertz@gnosis.cx> ]---------------
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Sun Nov 30 23:17:07 2003

This archive was generated by hypermail 2.1.8 : Sun Nov 30 2003 - 23:17:13 CST