Re: Observing process in Placer County CA 4th CD -- Brown v. McClintock

From: Ronald Crane <voting_at_lastland_dot_net>
Date: Tue Nov 11 2008 - 18:26:47 CST

Ballots are different in almost every conceivable way from boarding
passes. Ballots must be anonymous; boarding passes must not be. Election
vendors have significant incentives to falsify your ballot, the votes
recorded on it, and the way it's counted; airlines have no incentive to
print false or defective boarding passes, and airport officials have
little incentive to accept them [1]. Hackers have significant incentives
to attack both, and ordinary PCs' security is so poor that they often
will succeed. SSL is basically ineffective against attacks that
compromise your browser; they can redirect your traffic to a hack site
and then say that it's "secure" and "signed" by someone "traceable" to a
"valid" "root certificate". Then there are social-engineering attacks.
Phishing exists for a reason: it works. And it will work just as well to
get people to give away their voting credentials as it does to get them
to give away their bank passwords.

Also, I am not convinced that the "bunch of screwed up ballots" issue is
a significant problem, nor that home-printed ballots would not make the
problem worse. Just wait until people print their ballots on inkjets
during the rainy season, or in color (!), or scaled incorrectly, or cut
off because they used portrait mode instead of landscape or vice versa,
or otherwise broken because their browser is using an incorrect color
profile, or their printer is set to "economode", or it can't print close
enough to the paper's edge, or the paper fed incorrectly, or the drum
has a little toner leak, or they printed the thing on onionskin paper,
or who knows what.

The best use -- and maybe the only good use -- for this technology is to
assist voters who cannot otherwise vote independently, even with, e.g.,
a Vote-PAD.

-R

[1] And also, apparently, little incentive to check them; Bruce Schneier
recently faked up one and used it to finagle his way into an airport's
secure area. http://www.theatlantic.com/doc/200811/airport-security/2 .

Alan Dechert wrote:
> I think it should be possible to do this with reasonable security. I
> can print from home my boarding pass on Southwest (also uses PDF417
> barcode).
>
> It differs from "polling-place e-voting" in that the vote is not
> stored electronically.
>
> Alan D.
>
>
>
>> Alan Dechert wrote:
>>> ...2) If we are going to have absentee voting, the ballot should be
>>> machine printed like the OVC pollsite system (we need to develop a
>>> system to transmit a form electronically for the remote voter to
>>> make selections and print the ballot). Optical scan systems are not
>>> too bad when employed at the pollsite since they can catch anomalies
>>> like overvotes and stray marks. But you run a significant portion of
>>> hand-marked ballots though the postal system, you're going to end up
>>> with a bunch of screwed up ballots. This is not a big problem for
>>> contests won by a large margin, but when you get under 1/2 of one
>>> percent (like our congressional race), you have a problem.
>> I'm not sure I understand this proposal. If it is for voters to print
>> machine-filled ballots on their home printers, it opens the door to
>> all of the attacks inherent in polling-place e-voting, and then adds
>> the internet hazards of viruses, network stack vulnerabilities,
>> social engineering attacks, and the like.
>>
>> -R
>
> _______________________________________________
> OVC-discuss mailing list
> OVC-discuss@listman.sonic.net
> http://lists.sonic.net/mailman/listinfo/ovc-discuss
> By sending email to the OVC-discuss list, you thereby agree to
> release the content of your posts to the Public Domain--with the
> exception of copyrighted material quoted according to fair use,
> including publicly archiving at
> http://gnosis.python-hosting.com/voting-project/
>
>

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sun Nov 30 23:17:15 2008

This archive was generated by hypermail 2.1.8 : Sun Nov 30 2008 - 23:17:22 CST