As a member of this TC I believe we need to be cognizant that
this is an OASIS TC, not an anti eVoting group (I am sorry if I step on toes
saying that but I participate in this TC to improve the ability of electors to
have confidence in elections using computers). If we are presenting this
paper as a TC work, we MUST address it from an EML stand point – NOT from a
standpoint of what we personally believe about computers in voting.
The point is here that we want to show how EML can support eVoting -
but also the challenges. We're not trying to solve this. It's a
complex problem - that involves not just software but process and laws too -
and that is why NIST is having the workshop - to understand what is available.
Similarly it would be wrong for us to say - eVoting is easy - here is how
you do it with EML. However - saying - if you do eVoting then here are
the safeguards you need today - is prudent - so if people do
this without those safeguards we are not at fault.
There is no prohibition in providing voters a receipt for their
vote. There are many reasons and places where a receipt showing how a voter
voted would not be given but a receipt showing the voter voted and the vote was
received for processing is often given (an “I voted today” sticker at the
polling place is very common).
There's a huge difference between a confirmation and a receipt. Many
states legally forbid receipts. For FVAP they have also ducked even
sending back an email saying "Confirm ballot received" or similar.
Now of course the point here is that in the banking world - you do get a
receipt - in your monthly statement and your returned checks. In the
voting world there is no equivalent - that say summarizes your ballot - 6 votes
cast, 1 undervote, or similar - so you know that not only was your voted
counted - but that the vote reflected your actual cast selections.
Once I, as a voter put my paper ballot in the ballot box, I have
nothing that ties that back to me; nor do I ever get anything that allows me to
see that my exact vote was counted the exact way I think I marked it. So,
I refrain from drawing that parallel.
That's not what is happening for FVAP. States will
authenticate your returned ballot - so its only partly secret ballot.
Otherwise anyone can duplicate ballots and cast them. Once the
ballot is authenticated - then it will be added to the UOCAVA votes pile and
hence become anonymous at that point.
The point on votes sold/influenced is a good one and holds true
for all unobserved voting (voting that does not take place in an environment
where the voter is given privacy by way of a controlled facility/process.
The listed mitigation aspects seem correct, regardless of voting
method.
I believe transparency and auditability are our primary points
and are the strengths most obvious for EML.
I do not agree that a “paper ballot is required to ensure audit
trail and verification”; dual pathing and encrypting/signing offer techniques
that can yield an independent validation/audit. I don’t think it has not
been deployed in any election but we need to avoid mandating something based on
personal bias or lack of common usage.
While good tools dual pathing and encryption both fail the need to
be able audit independently of the computers. As we have seen repeatedly
in the US - having solely digital records has led to inability to verify actual
cast votes - and or loss of cast votes. Plus what FVAP is currently
contemplated for UOCAVA does not involve dual pathing. The Figure 2
with the A and B verification hints at dual pathways - without going into the
complexity details at this stage. Then there is the fact that NIST with
their VVSG SI have de facto required paper as the single foolproof means to
ensure that is met currently. So the conclusion is that paper is the
preferred dual path mechanism today - that is simple and clear for legislators
to comprehend and is also easiest for existing election boards to handle and is
the common usage today.
From: David RR Webber (XML) [mailto:david@drrw.info]
Sent: 2010-07-13 11:40 AM
To: eml
Subject: [election-services] Draft position paper for EAC/NIST UOCAVA
workshop
Importance: High
Attached word doc. This follows the approach we used for the
previous NIST workshop.
Notice they limit to 5 pages of content and PDF - so once everyone
is happy with content - we can generate PDF from this.
I've deliberately made this high level - since they are calling
merely for topic input at this time - more formal papers and presentations
would be at the actual event.
From my work with UOCAVA - and knowledge of the previous SERVE
project - the biggest challenge I see is that legislators have only a slim
grasp of the issues - have a hard time comparing e-voting and the internet with
say online banking - and so I've tried to break this down using pictures and
bullet points for now - to compare the similarities and differences.
I see our audience here is beyond the technical one at NIST itself
- and more to the decision makers at the state and federal levels who need
clear answers.
Obviously for the actual event we'd want to do something much more
formal.
The deadline is COB July 16th on this - Friday - so our group here
needs to make quick review and comments so we can hit that.