Re: [election-services] Further musings on the need for VVPAT...

["Simon Bain" <sibain@tendotzero.com>]

David.

Please remember the rest of the world as well. A "standard is only a true
standard if it is open to all. EML should not just be for the ODPM's
office in the UK to run with and drop at will, nor should it be the sole
property of the US and it's ways. If a standard is to work it has to be
cross border just like XML (£ and $ aside :-) ) is and html. That is
one of the reasons that they are both so widely taken up.

You know the UK well. Can you imagine our post office staff waiting for
tax returns and collecting the money? They would riot, and I really cannot
see myself handing a voting paper to some guy (or lady) on the corner of a
Moscow street come polling day.

I believe for EML really to take hold it has to stay nationally
independent, something that in my humble oppinion it has struggled to do,
and it should concern itself with the message format and also the message
process. This I believe includes the dual process e-Vote and paper
confirmation which I agree with. Processes should be looked into and where
appropriate added. However the implementation of these should be left to
the election managers. I do not believe that EML has a place for
implementation of the standard. Guidelines to its' use yes. Specification
no. This should be down to individual countries laws and where an
organisation uses EML down to their own rules and internal regulations.

Cheers
Simon
<quote who="David Webber \(XML\)">
> Simon,
>
> That's exactly my thinking. Due diligence is required
> of course.  And trust is an essential element.
>
> Here in the USA they make a big event out of tax day
> and processing returns.  The post office have staff in
> the roadway outside the post office till midnight -
> collecting envelopes - issuing receipts and taking
> money right there in the street.  We all know our
> local staff and its very much a hands-on event.
>
> No reason why you could not have a similar special
> dispatch around the postal votes too.  And as you
> say its a community thing and that adds to the whole
> event.   You vote at work - and then you drop the
> envelope off later that day to catch the deadline for
> the mail-in votes Freepost.   I think the USPS error
> rate on this would be very low.
>
> DW
>
> ----- Original Message -----
> From: "Simon Bain" <sibain@tendotzero.com>
> To: "David Webber (XML)" <david@drrw.info>
> Cc: <election-services@lists.oasis-open.org>
> Sent: Thursday, February 24, 2005 9:54 AM
> Subject: Re: [election-services] Further musings on the need for VVPAT...
>
>
>> Ahhh Perception is king, I am afraid.
>>
>> OK lets look at the "I really have no way too of knowing - just
>> because I got that email - that my vote was really
>> recorded that way electronically into the system". true, But nor do you
>> if
>> you post it.
>>
>> Has the post lost it??? I have a camera at this moment somewhere in USPS
>> vans lost now for 5 weeks. Our post office here loses Millions of
>> letters
>> a year.
>>
>> Has the little man or lady really verified it or have they just got
>> bored
>> and thrown it away.
>>
>> At some point a person has to start believing in something, or at least
>> a
>> combination of 2 things which is why I like the dual approach. However I
>> do not see that postal on its own is viable, (UK experience). But I do
>> see
>> it as being a very good method of verification for e-Voting methods.
>> Which
>> can be made secure and easy to use.
>>
>> Bring the 2 together and maybe perception will change. Just as it has
>> with
>> online purchasing.
>>
>> Cheers
>> Simon
>>
>>
>> <quote who="David Webber \(XML\)">
>> > Simon,
>> >
>> > OK - neato method - certainly an option to give
>> > people voting remotely.  Personally I'd still
>> > feel edgy about typing in my email address...as
>> > I have no guarantee what the client software is
>> > really doing with it.
>> >
>> > However - I really have no way too of knowing - just
>> > because I got that email - that my vote was really
>> > recorded that way electronically into the system.
>> > That of course is the point of having the paper
>> > record in my hand and submitting it as verification.
>> >
>> > Cheers, DW
>> >
>> >
>> > ----- Original Message -----
>> > From: "Simon Bain" <sibain@tendotzero.com>
>> > To: "David Webber (XML)" <david@drrw.info>
>> > Cc: <election-services@lists.oasis-open.org>
>> > Sent: Thursday, February 24, 2005 9:35 AM
>> > Subject: Re: [election-services] Further musings on the need for
> VVPAT...
>> >
>> >
>> >> David hi.
>> >>
>> >> On point 1 you are only partially correct. Yes some part of the
>> process
>> >> must have details of where to send a confirmation. However not all of
>> >> the
>> >> process needs this. In fact it is far better if only one part does.
>> >>
>> >> User logs in by a PC passing their login credentials.
>> >> Server verifies them and sets up a session on a remote database which
> is
>> >> encrypted by a hash set at the time the process was started at login.
>> >> This
>> >> has with it a SessionId which is internal to the process.
>> >>
>> >> This SessionId is passed with seperate undisclosed and unknown
>> (Created
>> >> at
>> >> this time) details to the voting server which registers the vote and
>> >> passes back the SessionId to the verification server. It matches the
>> 2
>> >> and
>> >> responds with a "great thanks very much" or an "O I have screwed up"
>> >> email.
>> >>
>> >> The Voting server has no idea who the user is and does not need to
> know.
>> >> The SessionId dies before the confirmation email is sent as does the
>> >> session on the database, which itself holds no identifying details.
>> >>
>> >> Yes somebody could hack in at this point. But to decrypt thi slot
>> would
>> >> take one hell of a rack of servers, a while and details of at least 3
>> >> seperate IP addressess and login details.
>> >>
>> >> Cheers
>> >> Simon
>> >>
>> >>
>> >> <quote who="David Webber \(XML\)">
>> >> > More from the Vote Here discussions today.
>> >> >
>> >> > Here's what I compiled to support the need for paper
>> >> > in an all digital process involving DREs only!
>> >> >
>> >> > DW
>> >> >
>> >> > 1) You cannot have an anonymous trusted verifiable computer
>> >> >     process. eBanking works because it is not anonymous.
>> >> >     Every eProcess out there gets to know your email
>> >> >     address or account ID to send a confirmation
>> >> >     somewhere in the process.  If it does not send a
>> >> >     confirmation - then you have no verification - the
>> >> >     DRE is thus reduced to an entertaining arcade
>> >> >     gaming machine - for which you have no
>> >> >     guarantees to actually what reality is.
>> >> >     That theoretical stumbling block is key to
>> >> >     understanding the need for a verifiable paper record
>> >> >     in anonymous voting systems.
>> >> >
>> >> > 2) Voters need trust (and US Gov HAVA demands it).
>> >> >     Paper is the most trusted mechanism everywhere.
>> >> >
>> >> > 3) The banks have a trusted process that handles
>> >> >     billions of paper cheques annually.  Their error rates
>> >> >     are infintesimally small.  These technologies are
>> >> >     simple, proven and secure.  We need to base a
>> >> >     trusted voting process around such crosschecking
>> >> >     and accounting methods.  There will always be
>> >> >     enticing exotic proprietary and uncertified and
>> >> >     potentially compromisable technologies offered
>> >> >     up - but a trusted process needs to be simple
>> >> >     and obvious.
>> >> >
>> >> > 4) We need to develop open public specifications
>> >> >      so that there is an open marketplace for solution
>> >> >      providers.  This is the lesson of railways, telephones,
>> >> >      automobiles and electricity.  The software industry is
>> >> >      no different.
>> >> >
>> >> >
>> >> >
>> >> > To unsubscribe from this mailing list (and be removed from the
>> roster
>> >> of
>> >> > the OASIS TC), go to
>> >> >
>> >
> http://www.oasis-open.org/apps/org/workgroup/election-services/members/leave_workgroup.php.
>> >> >
>> >>
>> >>
>> >> --
>> >> Simon Bain
>> >> TENdotZERO
>> >> 0845 056 3377
>> >> 44 1234 359090
>> >> 44 (0) 7793 769 846
>> >>
>> >> To unsubscribe from this mailing list (and be removed from the roster
> of
>> > the OASIS TC), go to
>> >
> http://www.oasis-open.org/apps/org/workgroup/election-services/members/leave_workgroup.php.
>> >>
>> >>
>> >>
>> >
>> >
>>
>>
>> --
>> Simon Bain
>> TENdotZERO
>> 0845 056 3377
>> 44 1234 359090
>> 44 (0) 7793 769 846
>>
>> To unsubscribe from this mailing list (and be removed from the roster of
> the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/election-services/members/leave_workgroup.php.
>>
>>
>>
>
>


-- 
Simon Bain
TENdotZERO
0845 056 3377
44 1234 359090
44 (0) 7793 769 846