In comp.os.linux.advocacy, Roy Schestowitz
<newsgroups@xxxxxxxxxxxxxxx>
wrote
on Mon, 13 Nov 2006 16:33:42 +0000
<1274285.JoBqVBD4kt@xxxxxxxxxxxxxxx>:
> Did Your Vote Get Counted?
>
> ,----[ Quote ]
> | Vote tallies are stored in easily changeable files. Machines can be
> | infected with viruses. Some voting software runs on Microsoft Windows,
> | with all the bugs and crashes and security vulnerabilities that
> | introduces. The list of inadequate security practices goes on and on.
> `----
>
> http://www.forbes.com/2006/11/10/voting-fraud-security-tech-security-cz_bs_1113security.html?partner=yahootix
> http://tinyurl.com/y79dvj
It's probably overly complicated,
but an interesting variant is at
http://theory.csail.mit.edu/~rivest/Rivest-TheThreeBallotVotingSystem.pdf
which among other things requires that the voter fill
out three identical ballots in a special way, and the
ballots then get separated and cast in such a fashion
so that they cannot be put together again (one simple
method: a four-knife slicer that leaves thin sheets of
paper along with the cut ballots; that way one can't play
"puzzle piece", especially if the slivers are shredded and
discarded right away; the resulting three ballots are then
placed in three of four or five separate boxes, which are
periodically rotated by poll workers in an attempt to keep
them equally full of ballots).
http://www.schneier.com/blog/archives/2006/10/new_voting_prot.html
has some discussion as to some possible flaws in this
voting method.
This voting method is extensible if one wants to bother;
given N = 2n+1 ballots one would mark n+1 bubbles for a
candidate he likes on any of the ballots, and only n
bubbles for a candidate he dislikes. Of course for
N > 3 it gets very tedious; N=3 is bad enough.
The real problem with electronic voting machines is that
the *display* of the vote choices the user is making on
his ballot has no relationship whatsoever to the *tally*
later on. In other words, I could set up a procedure
whereby the user gets a correct display (in his lights) and
even a correct printout (the Sequoia machines in my county
have a scrolling printout on their left side, which can be
used for auditing purposes, though I'm not sure how useful
it really is since the printscreens have a backbutton --
do they reprint the options?), but the little box receiving
the vote card could do pretty much anything it damn well
pleases with my vote -- assuming the main display terminal
correctly registered the vote in the card to begin with.
Admittedly, I for one might design the system such that
the tally box has no brains at all, but there are some
issues either way in detecting inadvertant misvotes,
deliberate ballot box stuffing, and voter identification
(a true democratic system must have methods to verify the
vote without compromising the voter's identity; otherwise
blackmail could be used later).
One of the nice things about the old punch system is that
one can verify the vote by looking up the number in the
handbook, but without the handbook one hadn't a clue as
to whether #57 punched on a card means voting for Jones,
voting for Smith, voting for proposition number 22A, or
invalidating the vote because it's not lined up with Smith,
Jones, or proposition 22A. But we replaced that in 2004
or 2005.
Ideally the user could check the vote on the card using
his own equipment but that could get downright peculiar,
as checking is a little too close to modifying without
some sort of public-private key encryption system.
One could encrypt the vote on the card using the machine's
private key; the tally box would know what machines
are nearby and decrypt using the machine's public key.
Modification by the user would therefore be very difficult
unless he physically steals one of the voting machines.
Verification, however, is simple if he has the public key,
which the machine might put on the card in a separate area,
digitally signed. (If the user tampers with that the
tally box will invalidate the vote as well, presumably.)
At least with punchcard voting systems and scribble-mark
paper ballots one can keep the ballots. (The tri-ballot
variant detailed above also has that advantage, though it
does triple the paper handling.)
Of course the voting machines are very convenient for the
major networks. Ideally, from their lights, at 8:00 the
polls close up shop, and at 8:01 the networks announce
the results. (They do now anyway but those are primarily
based on exit polls, except for the very close races.)
Of course one might ask whether it would be better if they
took 2 hours to tally the vote, so that they can announce
in time for the evening news.
Welcome to Electrodemocracy(tm). I'll admit I'm glad
the Dems won but do wonder if the Republicans will try
something even sneakier in 2008.
--
#191, ewill3@xxxxxxxxxxxxx
Linux. Because life's too short for a buggy OS.
--
Posted via a free Usenet account from http://www.teranews.com
|
|
