*****SPAM***** [Politech] More on electronic voting, security, and seeing source code

From: Declan McCullagh (declan@private)
Date: Thu Jul 29 2004 - 21:53:05 PDT


SPAM: -------------------- Start SpamAssassin results ----------------------
SPAM: This mail is probably spam.  The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM: 
SPAM: Content analysis details:   (6.3 hits, 5 required)
SPAM: Hit! (2.7 points)  Subject contains lots of white space
SPAM: Hit! (1.6 points)  BODY: Contains "Casino"
SPAM: Hit! (1.0 point)   Received via an IP in dynablock.njabl.org
SPAM:                    [RBL check: found 200.244.200.151.dynablock.njabl.org.]
SPAM: Hit! (1.0 point)   DNSBL: Received via an IP in dynablock.njabl.org
SPAM: 
SPAM: -------------------- End of SpamAssassin results ---------------------



-------- Original Message --------
Subject: RE: [Politech] Who's afraid of digital voting? Jim Lucier 
points     to John Fund article...
Date: Tue, 27 Jul 2004 10:57:28 -0700
From: Popkin, Laird (WMG Corp) <Laird.Popkin@private>
To: 'Declan McCullagh' <declan@private>, politech@private

I participating in writing the LCCR recommendations, so I'm fairly familiar
with this area.

There are a couple of points that I'd like to make regarding this article:

It is important to differentiate between "electronic voting", which has
immense promise to make voting more accessible to many people, as well as
improving the efficiency and accuracy of the voting process, and
"Direct-Recording Electronic" voting systems, a type of electronic voting
system that record votes _only_ electronically, with no human verified
physical record, which raise many concerns, and have had numerous
operational problems in actual use, leading to (for example) decertification
of DRE's in California.

It's critical to be aware that there are many electronic voting systems that
provide all of the benefits that the LCCR cares about (prevention of
overvotes, reduction of undervotes, spoken prompts for hearing or reading
impaired voters, support for multi-lingual ballots, voters like touchscreen
voting), but that are not DRE's.

For example, the Open Voting Consortium
(http://www.openvotingconsortium.org/) has an open source voting system
based on the principle that we should use public software to run public
elections. The system uses touchcreen stations to print ballots, which are
then reviewed by the voters for accuracy and handed to a poll worker for
tallying. Of course, there are also several commercial electronic voting
systems that aren't DRE's, and many of the DRE vendors are tacking on
printers (with debatable value) in order to address the trust issues.

Once this distinction is clear, we can discuss the issues separately. My
personal opinion is:

1) Electronic Voting is good. When accompanied by appropriate procedures, it
allows for rapid, transparent, efficient elections. I am particularly
enthusiastic about the use of open software for elections, since
transparency in the election process is critical, but every aspect of the
voting process (i.e. not just the software) be open to public inspection,
including not only the polling stations, but also the central tabulation
systems (a far more efficient place to commit fraud than the individual
voting stations). For example, if every polling station publishes its
records immediately after the close of voting, independent observers could
perform their own tabulation in order to verify the official results.

2) Direct-Recording Electronic systems are bad (and Voter Verified Paper
Ballots are good), because the lack of a voter-verified physical record of
each vote cast means that it is impossible to prove that the system is
trustworthy. Yes, there are many software testing methodologies, but they
are intended to detect errors in design or implementation, not intentional
efforts to evade detection. Nevada's Gaming Control Board, which regulates
slot machines for casino's, has the experience of detecting attempted fraud
in electronic devices, and
http://sos.state.nv.us/press/voting%20machine%20security.pdf was the result,
after which Nevada announced that they're requiring a voter verified paper
trail for the 2004 elections.

Please keep in mind that the "Recommendations of the Brennan Center for
Justice and the Leadership Conference on Civil Rights for Improving
Reliability of Direct Recording Electronic Voting System"
(http://www.votingtechnology.org/) is _not_ an endorsement of DRE's. The
recommendations are narrow in scope -- steps to be taken by jurisdictions
that "own certified DRE voting systems that will be used in the 2004 fall
elections" that "will help to alleviate certain risks of security breaches
and machine malfunctions and to improve public confidence in the election
administration in the target jurisdictions". It's important to keep in mind
that "these recommendations should not be seen as an endorsement or
indictment of such systems or their use", which raises issues that aren't
feasible to address for the 2004 elections.

Finally, I'll point out that elections are significantly different from
other sorts of electronic transactions. For example, all voting must be
anonymous, and open to all voters even if they do not have formal
identification, so none of the participants are authenticated. Voters cannot
retain a physical record of their votes, because that would enable vote
buying. The presentation and content of the ballots are regulated uniquely
in every state. Making a system that is trustworthy under such constraints
is harder than it looks.

- Laird Popkin
   lairdp@private
   917/453-0700


	

-------- Original Message --------
Subject: Who's afraid of us seeing voting-machine source-code?
Date: Tue, 27 Jul 2004 11:30:09 -0400
From: James M. Ray <jray@free-market.net>
To: Declan McCullagh <declan@private>
CC: politech@private
References: <4105E259.4030806@private>

At 1:04 AM -0400 7/27/04, Declan McCullagh wrote:
>For a long time I have wondered how anyone who believes that properly
>constructed, authenticated, and encrypted paperless transactions can be
>safer and more secure than paper based transactions by any reasonable
>standard can buy into the theory that digital balloting can never work
>unless it achieves some impossible degree of perfection.
...

Hi Declan.

I'm not demanding an impossible standard like perfection, but I DO
need reasons why the source code for voting machines apparently
must be proprietary, and THAT's an issue Mr. Fund (conspicuously)
missed, even though it is central to critiques of Diebold & has-been
since the issue first popped-up... One wonders why? It's not like this
kind of programming is rocket-science, and one would THINK that
an ability to "look under the hood" might silence the critics Mr. Fund
complains-about. (Please feel free to send this to your list, I get so
much spam that you needn't bother to hide my email address, and
if you have his email address you can also forward it to Mr. Fund.)
Thanks, and I hope all's well.
JMR

-- 
Regards, James M. Ray <jray@free-market.net>
"In 1972, when Richard Nixon declared a war on drugs, the annual
federal budget for the war was around $101 million. Next year, it will
be $17.8 billion." -- Joseph D. McNamara, former police chief of both
Kansas City, MO, and San Jose, CA. (He said that a few years ago,
it's much more money now -- north of $40 billion by all estimates)





-------- Original Message --------
Subject: Re: [Politech] Who's afraid of digital voting? Jim Lucier points to
Date: Wed, 28 Jul 2004 15:53:41 -0400 (EDT)
From: Dean Anderson <dean@private>
To: declan@private

Hopefully, the message below explains why "secure paperless transactions"
don't mean that you have a fair and trustworthy election.  There are other
conditions that have to be met, such as "one person, one vote". Another
condition is that the machine itself has to be secure from tampering.

Anyone who has ever had a SSL protected server compromised knows that a
secure protocol is worthless if the server is compromised.  A cracker does
not need to break SSL to read all the messages.  Similarly, a "secure
paperless transaction" is not truly secure if the server (voting machine)
is compromised and unaudited.

Besides illustrating the flaws in the current crop of machines, I also
described a proposal that is cheaper and more secure.

Dean Anderson
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)



This archive was generated by hypermail 2.1.3 : Thu Jul 29 2004 - 22:39:37 PDT