Re: [election-services] Further musings on the need for VVPAT...

["David Webber \(XML\)" <david@drrw.info>]

Simon,

That's exactly my thinking. Due diligence is required
of course.  And trust is an essential element.

Here in the USA they make a big event out of tax day
and processing returns.  The post office have staff in
the roadway outside the post office till midnight -
collecting envelopes - issuing receipts and taking
money right there in the street.  We all know our
local staff and its very much a hands-on event.

No reason why you could not have a similar special
dispatch around the postal votes too.  And as you
say its a community thing and that adds to the whole
event.   You vote at work - and then you drop the
envelope off later that day to catch the deadline for
the mail-in votes Freepost.   I think the USPS error
rate on this would be very low.

DW

----- Original Message ----- 
From: "Simon Bain" <sibain@tendotzero.com>
To: "David Webber (XML)" <david@drrw.info>
Cc: <election-services@lists.oasis-open.org>
Sent: Thursday, February 24, 2005 9:54 AM
Subject: Re: [election-services] Further musings on the need for VVPAT...


> Ahhh Perception is king, I am afraid.
>
> OK lets look at the "I really have no way too of knowing - just
> because I got that email - that my vote was really
> recorded that way electronically into the system". true, But nor do you if
> you post it.
>
> Has the post lost it??? I have a camera at this moment somewhere in USPS
> vans lost now for 5 weeks. Our post office here loses Millions of letters
> a year.
>
> Has the little man or lady really verified it or have they just got bored
> and thrown it away.
>
> At some point a person has to start believing in something, or at least a
> combination of 2 things which is why I like the dual approach. However I
> do not see that postal on its own is viable, (UK experience). But I do see
> it as being a very good method of verification for e-Voting methods. Which
> can be made secure and easy to use.
>
> Bring the 2 together and maybe perception will change. Just as it has with
> online purchasing.
>
> Cheers
> Simon
>
>
> <quote who="David Webber \(XML\)">
> > Simon,
> >
> > OK - neato method - certainly an option to give
> > people voting remotely.  Personally I'd still
> > feel edgy about typing in my email address...as
> > I have no guarantee what the client software is
> > really doing with it.
> >
> > However - I really have no way too of knowing - just
> > because I got that email - that my vote was really
> > recorded that way electronically into the system.
> > That of course is the point of having the paper
> > record in my hand and submitting it as verification.
> >
> > Cheers, DW
> >
> >
> > ----- Original Message -----
> > From: "Simon Bain" <sibain@tendotzero.com>
> > To: "David Webber (XML)" <david@drrw.info>
> > Cc: <election-services@lists.oasis-open.org>
> > Sent: Thursday, February 24, 2005 9:35 AM
> > Subject: Re: [election-services] Further musings on the need for
VVPAT...
> >
> >
> >> David hi.
> >>
> >> On point 1 you are only partially correct. Yes some part of the process
> >> must have details of where to send a confirmation. However not all of
> >> the
> >> process needs this. In fact it is far better if only one part does.
> >>
> >> User logs in by a PC passing their login credentials.
> >> Server verifies them and sets up a session on a remote database which
is
> >> encrypted by a hash set at the time the process was started at login.
> >> This
> >> has with it a SessionId which is internal to the process.
> >>
> >> This SessionId is passed with seperate undisclosed and unknown (Created
> >> at
> >> this time) details to the voting server which registers the vote and
> >> passes back the SessionId to the verification server. It matches the 2
> >> and
> >> responds with a "great thanks very much" or an "O I have screwed up"
> >> email.
> >>
> >> The Voting server has no idea who the user is and does not need to
know.
> >> The SessionId dies before the confirmation email is sent as does the
> >> session on the database, which itself holds no identifying details.
> >>
> >> Yes somebody could hack in at this point. But to decrypt thi slot would
> >> take one hell of a rack of servers, a while and details of at least 3
> >> seperate IP addressess and login details.
> >>
> >> Cheers
> >> Simon
> >>
> >>
> >> <quote who="David Webber \(XML\)">
> >> > More from the Vote Here discussions today.
> >> >
> >> > Here's what I compiled to support the need for paper
> >> > in an all digital process involving DREs only!
> >> >
> >> > DW
> >> >
> >> > 1) You cannot have an anonymous trusted verifiable computer
> >> >     process. eBanking works because it is not anonymous.
> >> >     Every eProcess out there gets to know your email
> >> >     address or account ID to send a confirmation
> >> >     somewhere in the process.  If it does not send a
> >> >     confirmation - then you have no verification - the
> >> >     DRE is thus reduced to an entertaining arcade
> >> >     gaming machine - for which you have no
> >> >     guarantees to actually what reality is.
> >> >     That theoretical stumbling block is key to
> >> >     understanding the need for a verifiable paper record
> >> >     in anonymous voting systems.
> >> >
> >> > 2) Voters need trust (and US Gov HAVA demands it).
> >> >     Paper is the most trusted mechanism everywhere.
> >> >
> >> > 3) The banks have a trusted process that handles
> >> >     billions of paper cheques annually.  Their error rates
> >> >     are infintesimally small.  These technologies are
> >> >     simple, proven and secure.  We need to base a
> >> >     trusted voting process around such crosschecking
> >> >     and accounting methods.  There will always be
> >> >     enticing exotic proprietary and uncertified and
> >> >     potentially compromisable technologies offered
> >> >     up - but a trusted process needs to be simple
> >> >     and obvious.
> >> >
> >> > 4) We need to develop open public specifications
> >> >      so that there is an open marketplace for solution
> >> >      providers.  This is the lesson of railways, telephones,
> >> >      automobiles and electricity.  The software industry is
> >> >      no different.
> >> >
> >> >
> >> >
> >> > To unsubscribe from this mailing list (and be removed from the roster
> >> of
> >> > the OASIS TC), go to
> >> >
> >
http://www.oasis-open.org/apps/org/workgroup/election-services/members/leave_workgroup.php.
> >> >
> >>
> >>
> >> --
> >> Simon Bain
> >> TENdotZERO
> >> 0845 056 3377
> >> 44 1234 359090
> >> 44 (0) 7793 769 846
> >>
> >> To unsubscribe from this mailing list (and be removed from the roster
of
> > the OASIS TC), go to
> >
http://www.oasis-open.org/apps/org/workgroup/election-services/members/leave_workgroup.php.
> >>
> >>
> >>
> >
> >
>
>
> -- 
> Simon Bain
> TENdotZERO
> 0845 056 3377
> 44 1234 359090
> 44 (0) 7793 769 846
>
> To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/election-services/members/leave_workgroup.php.
>
>
>