[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [election-services] Defining a trusted voting process
Paul,
I'm not known for being a Luddite ; -) but I really
appreciate the alternate view of "all digital is good".
The big issue that I cannot find a way around with digital
media is verification. Example - the Diebold machines here
use PCMCIA cards for vote tallying. If I'm an election
official and I'm holding one of these things in my hand
I'm not able to verify anything. If I stick the thing in a
reader and the software tells me some details, I have
no way of knowing if that software is misleading
me, either intentionally or by mistake.
So - yes - I'm seeing that UUIDs or equivalent can
mark ballots - snag is the human cannot verify these
and "ballot-stuffing" is trivially easy - there's some
blank sequence in the code run that was never
allocated to any citizen, but all these votes are cast
using those codes. They appear legitimate, even to
separate counting software. To stop that you have to
put UUIDs on electoral rolls - and then its not
anonymous anymore.
To head this all off at the pass - VVPB - voter-verified
paper ballot appears to be the tried and tested method
here. Actual citizens holding a paper ballot in their
hand, inspecting it, and then placing it in the ballot box
or mailing it in secure post, after the evote machine has
generated that ballot for them.
So - the role of the digital e-Votes combined with
the paper ballots brings four things :
1) Speed - politicians love fast election results - so
not having to wait for scanning and the mail works.
2) Accuracy - scanning is not perfect and being able
to crosscheck is good - plus printing the ballots
beats trying to punch holes in cards when it comes
to enhancing scanning accuracy.
3) Preventing traditional paper-based fraud like
paper ballot stuffing - since the two have to be
done in tandem and that's really much harder
to do - especially as we are forcing the printing
and eVoting to be two separate systems!
4) Open access for voters. Easier to vote, more
choices in locations to vote and can do
language localization automatically.
So the Luddite view here is re-introducing paper back
into the digital process to ensure the process is
verifiable again. I believe this is optimal - and
because of the need for anonymous actions - unique.
We are able to replace paper everywhere else in
business - because e-records are associated with
a person or a company - but I think this is a special
case where you need the paper retained.
DW
----- Original Message -----
From: "Paul Spencer" <paul.spencer@boynings.co.uk>
To: "David Webber (XML)" <david@drrw.info>;
<election-services@lists.oasis-open.org>
Sent: Friday, February 18, 2005 7:36 AM
Subject: RE: [election-services] Defining a trusted voting process
> Why can a fully digital system not remain truly anonymous? What if a
system
> produced UUIDs and issued these to voters? A record could be kept of the
> UUID (so proving the right to vote) without any record of the voter's ID.
>
> And why should they not be directly verified by citizens? What if the vote
> were passed to a vote tallying system (from a different manufacturer from
> that of the voting system) and the feedback on how the vote was cast is
> provided by this system? If the counting process compares the vote from
the
> tallying system with that from the voting system, falsification can only
> occur by collusion. If you don't trust the counting system, use two (from
> different manufacturers).
>
> I think paper is a red herring to placate a few Luddites. Far more
important
> is the issue of intimidation, which applies to many systems including
postal
> votes.
>
> EML messaging already supports all of this. What you are looking at is an
> architecture. The question is whether it is right to standardise that
> internationally, when there are so many different voting methods in use.
>
> Paul Spencer
>
>
>
> > -----Original Message-----
> > From: David Webber (XML) [mailto:david@drrw.info]
> > Sent: 18 February 2005 03:41
> > To: election-services@lists.oasis-open.org
> > Subject: Re: [election-services] Defining a trusted voting process
> >
> >
> > Folks,
> >
> > Received feedback from the Maryland side - so I've
> > enhanced the slides a little to do some "scene-setting".
> >
> > I was kinda assuming the audience was e-vote saavy
> > here!
> >
> > The revised PPT slides are here:
> >
> > http://drrw.net/backup/Ballot%20Processing%20Systems.ppt
> >
> > and the PDF is here:
> >
> > http://drrw.net/backup/Ballot-Processing-Systems.pdf
> >
> > Thanks, DW
> >
> >
> > ----- Original Message -----
> > From: "David Webber (XML)" <david@drrw.info>
> > To: <election-services@lists.oasis-open.org>
> > Sent: Thursday, February 17, 2005 5:10 PM
> > Subject: [election-services] Defining a trusted voting process
> >
> >
> > > Team,
> > >
> > > I few weeks back I joined the Maryland True Voting technical
> > team here in
> > > the USA.
> > >
> > > Attached PPT is the results of that interaction.
> > >
> > > It's just a draft right now - but what my aim is here is to understand
> > what
> > > can
> > > make a trusted voting process - where you combine paper and e-Voting
> > > together to make use of the best of both worlds.
> > >
> > > I'm not sure what research has been thrown at this in the past
> > - if any -
> > > but
> > > I just came at this from sound engineering principles in
> > building systems.
> > >
> > > So - I want it to be:
> > >
> > > 1) simple and obvious
> > > 2) doable with off-the-shelf stuff - no fancy patented techniques
needed
> > > 3) fault tolerant - in that it thwarts all obvious attacks by the
nature
> > of
> > > its
> > > process.
> > >
> > > Obviously nothing is foolproof - because conspirators could
> > > pose as legimate staff and negate the safeguards - but that's a
> > > social problem not a software engineering problem!
> > >
> > > Clearly the level of detail in the PPT is just intended as an
overview.
> > > If you are going to spec' this out completely - you need to define
> > > each mechanism rigorously - and also create lots of XML - but
> > > then we are good at that here in OASIS!
> > >
> > > Thoughts?
> > >
> > > Thanks, DW
> > >
> > >
> >
> >
> > ------------------------------------------------------------------
> > ----------
> > ----
> >
> >
> > > To unsubscribe from this mailing list (and be removed from the roster
of
> > the OASIS TC), go to
> > http://www.oasis-open.org/apps/org/workgroup/election-services/mem
> bers/leave_workgroup.php.
>
>
>
> To unsubscribe from this mailing list (and be removed from the roster of
the
> OASIS TC), go to
>
http://www.oasis-open.org/apps/org/workgroup/election-services/members/leave
> _workgroup.php.
>
>
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]