From: Lee Daniel Crocker (lee@piclab.com)
Date: Fri May 16 2003 - 17:01:51 MDT
> (Hal Finney <hal@finney.org>):
>
> I see two problems here. The lesser one is that no paper
> is left at the polling place.
Well, yeah, that was kind of the idea. The definitive auditable
result is supposed to be the published lists.
> The greater problem is that this system facilitates selling votes.
> After the election, an official receipt showing a certain vote will
> probably be able to be turned in for cash in many jurisdictions.
That's a good point. I'm not sure if it's possible to avoid that
without sacrificing total user-auditability. After all, if the user
can prove to himself that his vote was counted correctly, he can
prove it to someone else. Frankly, though, I'm not convinced that
this is such a bad thing.
Your suggested method requires a trusted party, and that's exactly
what we're trying to avoid. I want a system that /assumes/ the
government will do everything it can to cheat, because it will (and
has, many times).
> Here it may be getting a little too complex. Many voters won't have
> the ability to run these algorithms, especially the elderly, who vote
> in large numbers. I don't see why you can't just use the same receipt
> numbers that are already on the ballot, though.
That's a non-issue; I certainly don't expect every voter to sit down
and write code. I expect most of them to go to some public website's
"vote check" service, or to simply not bother. But it has to be
/possible/ for anyone to do it from scratch from published algorithms.
> There may also be a privacy concern here. Especially in smaller towns,
> distinctive votes on certain issues may give people a good idea of
> who certain ballots belong to.
That's a legitimate concern too. After all, if Fred Farkle got only
vote in his district, and Fred Farkle voted, there's a fair chance
that the vote was Fred Farkle's (and would therefore reveal his other
votes as well). The only around this is to use the system only for
large elections. For elections so small that this is a problm, a
simpler paper system is probably better anyway.
> In any case, this auditing procedure looks reliable in theory.
> But I'm not sure that we could confidently say that it is as good
> as the present system.
I can gurantee you it's better than the current system /as implemented/,
though perhaps not better than the current system as designed. The
design of the current system doesn't include polling place workers
dumping bags of ballots into a shredder, for example, or lots of votes
from dead folks.
> Some elections are very close, and even a fraction of a percent
> will swing the results. If it were possible to get away with a small
> amount of "virtual ballot stuffing" then people would lose confidence
> in the system.
People seem to have some irrational confidence in our current system,
which is totally broken.
> And if they do get motivated and check the results the first few times,
> over the years, they are likely to become careless.
Yep, that's a big concern of mine, too. Eternal vigilance, and all that.
> The harder type of fraud to catch would be added votes, which means
> putting fake names onto the voter rolls. I'm not sure how the
> vulnerability of your approach to this problem would compare with how
> things are done today.
About the same, I imagine.
-- Lee Daniel Crocker <lee@piclab.com> <http://www.piclab.com/lee/> "All inventions or works of authorship original to me, herein and past, are placed irrevocably in the public domain, and may be used or modified for any purpose, without permission, attribution, or notification."--LDC
This archive was generated by hypermail 2.1.5 : Fri May 16 2003 - 17:14:43 MDT