Re: electronically detecting tampering

From: Amit Sahai <sahai_at_CS_dot_Princeton_dot_EDU>
Date: Thu Nov 27 2003 - 11:14:55 CST

This is a great start. I would suggest one thing -- if using e-mail to
add to our "security database", please take the time to ADD your points to
previously stated ones. Ideally, we should have one evolving document.
(We don't want to lose good concerns in the confusion of messages.)
charlie strauss is looking into a better forum for doing this than e-mail;
but given the familiarity of e-mail, let's try to do this as well as we
can while we still use e-mail. David, could you re-post your message
merged with Clay's concerns?

Best,
Amit
------------------------------
Prof. Amit Sahai
Department of Computer Science
Princeton University

On Thu, 27 Nov 2003, David Mertz wrote:

> I agree with Clay's initial list of concerns. I would add some related
> ones:
>
> * Illegal modification of the ballots (insert, update, and delete
> operations on ballots)
>
> - Electronic ballots
> + During local creation/storage
> + During transmission
> - Physical ballots (ballot-box stuffing/destruction)
>
> * Monitoring people's vote (via easter eggs or numbers to identity a
> voter's ballot)
>
> - Inferring votes via timestamp information (i.e. if time or sequence
> information is recoverable from a collection of ballots, this can
> be correlated with a covert videotape of all the people who enter
> the polling place).
>
> * Being able to verify that all ballots were counted
>
> * Removing the "black box" aspect to electronic voting. To me this
> refers to voters not being able to see how the electrons are stored
> on disk to verify the votes they casted are accurate.
>
> An unrelated (or only very loosely related) issue is:
>
> * Validating accuracy of system in recording voter intent.
>
> Let me explain the last. There are many cases where cast ballots, even
> where nominally authentic, clearly vary--at least statistically--from
> inferrable voter intent. All the Jewish retirees in Palm Beach who
> became Buchanon supporters is a famous case. Another recent one comes
> from the California recall: counties with Sequoia touchscreens recorded
> an aberrantly large percentage of votes for "minor" candidates. This
> almost surely reflected either voter confusion with the user interface
> and/or errors in electronic recording of votes (the system was
> paperless)--both bad things, though in somewhat different ways.
>
> It's not enough for a system to allow a voter to POTENTIALLY determine
> an accurate vote was cast... the system should reflect voter intent in
> actual practice (even in the face of voters who e.g. put very little
> effort into verification of vote accuracy).
>
> Yours, David...
>
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sun Nov 30 23:17:10 2003

This archive was generated by hypermail 2.1.8 : Sun Nov 30 2003 - 23:17:13 CST