[SGVLUG] Vote stealing

Emerson, Tom Tom.Emerson at wbconsultant.com
Mon Sep 18 18:05:48 PDT 2006 

> -----Original Message-----
> [mailto:sgvlug-bounces at sgvlug.net] On Behalf Of Zack, James
> 
> I am all for technology, but it needs to be done right.  So 
> if you were going to build the perfect, fairest, most secure 
> voting machine, what would you include?
> 
> My list includes paper receipts for each voter to visually 
> confirm on paper their votes cast

While this sounds nice, does it actually do any good?

  -- more than likely, the "paper receipt" will be thermally printed,
which will degrade in ordinary sunlight, placed in a wallet (body heat),
or just "time"; by the time a recount arrives, you're "ballot" will be
as unreadable as a butterfly-ballot from Florida...

  -- Even though you have a receipt that says "voted for G. Washington",
when you hear he "lost by a vote of 3-2", you're going to figure you
were one of the two -- you would /HAVE/ to know that three other people
voted for him, and that's the point behind our current system, you
/cannot/ know how specific people voted, so you /cannot/ know that three
other people voted for him unless you asked (and you're not supposed to
ask...)

  -- having lost, and having called for a recount, given the usually
dismal turnout to begin with, how many people are actually going to
bring out their faded, torn, crushed, or otherwise obliterated receipts?
Chances are, if you voted for "the sure thing", you probably tossed it
the minute you got home (or a week later when you find this wad of paper
in the bottom of the laundry...); if you voted for the "underdog" that
somehow won, you'll have likely kept the receipt in as near pristine a
condition as possible AND be all jazzed to help "prove" he or she was
the rightful winner (because, after all, you were for that person to
begin with...)  The "sure thing" folks will also think "there are enough
/other/ people who /must/ have voted for this guy, they don't need
me..."

  -- and having brought those faded-or-otherwise "receipts", how many
will be challenged on the grounds that they were forged or otherwise
"made up" -- you'd have to have a system that would allow you to tie
back a receipt to a specific ballot, which you cannot legally do
either...

Now, having said all that, I can't think of anything better either... :(


...although (thought brewing here...) 

The video pointed out that it's driven by smart cards -- your card could
be your receipt since (also as the video pointed out) once you've "used"
the card, the system marks it as such so it cannot be re-used.  Smart
cards have non-volatile memory, so your "choices" could be recorded on
the card, cryptographically "signed" by the machine [even if as
brain-dead as a straight md5sum] and that "checksum" printed on the card
[thinking along the lines of the "laserscribe" CD/DVD writers...]  The
checksum by itself would not reveal how you voted (each card would have
it's own salt, or you could be asked for a passphrase, etc. to ensure
that two identical casts would have different checksums)

Since you would retain your "receipt", (which is far less susceptible to
the elements than thermal paper...) you would be in control of how, if,
and when your "vote" becomes public knowledge (as it would have to in
the above scenario for a recount)  It could be placed in a
physically-separate (and secured) reader for recounting purposes --
checking the inscribed checksum against the calculated one; printing
hard copy for the voter to review and confirm, etc.

More information about the SGVLUG mailing list