Maryland Town Tests New Cryptographic Voting System 227
ceswiedler writes "In Tuesday's election voters in Takoma Park, MD used a new cryptographic voting system designed by David Chaum with researchers from several universities including MIT and the University of Maryland. Voters use a special ink to mark their ballots, which reveals three-digit codes which they can later check against a website to verify their vote was tallied. Additionally, anyone can download election data from a Subversion repository and verify the overall accuracy of the results without seeing the actual choices of any individual voter."
Cost of printing? (Score:3, Interesting)
Maybe I'm missing something, but for this to be truly secure against the problem of being able to see who somebody else voted for, you would have to have a distinct set of three-digit codes for every ballot, or at least such a large number of distinct ballots that no person could practically conspire with a few other people to figure out that XWP in the third field means Hillary Clinton. Wouldn't printing each ballot individually result in a tremendous cost compared with traditional ballot printing? I'm just trying to understand how this could be feasible on a large scale....
What are the options? (Score:3, Interesting)
Election workers keep eyes open. At the end of the day reps of all the people involved stand around in a open room and count.
Takes time, expensive, but hard to fake.
If you cannot make it, postal or an election worker comes to you.
As for digital, open source, simple and all parties can see the unit, code.
On the day you press and its collected at a central point.
Instant and the press love it.
The problem with the above is no room for profit or stuffing.
Your part of the world has to have been so corrupt, at war or new to democracy to get it working.
In the US you are told its so open free and fair and transparent every day.
Is it? Why are AMT sellers making the closed source units? With cable pundits and talking heads screaming at you "they are used in banks, its fine", dont mind the party political rants by the owner.
Enigma, cryptoAG ect all gave perfect service on the day.
In Capitalist West a nice man owns the IP to your vote.
In Soviet Russia a nice gov owns the IP to your vote.
In both parts of the world, you have a right to vote.
As Stalin said "It's not the people who vote that count. It's the people who count the votes."
The end count is the elephant in the room, not just the cute open source, optical-scan $x,000 input device.
Re:Web Logs? (Score:4, Interesting)
Even simpler. Have the system display ranges of ballot numbers and codes, not just single ones. If I have serial number 12345 and I click on a link to examine papers 12300-12399, the eavesdropper doesn't know which of the 100 ballots displayed I checked.
It's Takoma Park, folks (Score:3, Interesting)
This is the place they like to call the "Berkeley of the East". It's so liberal it's almost a parody. I think the MD Democratic Party keeps it around as a pure strain in a petri dish so that they can pretend they are also liberal.
It also means that if Takoma Park thinks it's a good idea, everyone else in MD will think it's a joke and ignore it.
Is voter verification really desirable? (Score:3, Interesting)
I have real doubts about allowing voters to check how they voted AFTER they leave the polling place. By allowing a voter a way to verify how he voted you open the door to all sorts of abuses. A voter could sell his vote and the buyer could have a way to check he indeed did vote the way the buyer wanted. Another abuse is employers threatening his employees with firing if he did not vote the way the employer wanted.
The problems might be overcome if the voter would have to visit the election clerks office and prove his identity and was also alone when he viewed the way he voted.
Re:Great on paper - but in real life? (Score:1, Interesting)
Everyone is sane - individual voters do not lie about about their vote to game the system, cast doubt on the election, etc.
Again, isolated cases will occur, but that happens regardless. In the absence of significant numbers of reports from generally honest and reliable people, then we'll have more confidence in the accuracy of the vote than any other system can provide.
Interesting. I hadn't thought about this before reading this comment, but to effectively lie about which vote you cast, you'd have to know the code ("secret") hidden behind one of the alternative selections. You'd have to find a way to figure it out without spoiling the ballot by marking both the alternative (lie) selection and your real (affects election results) selection, which would make the ballot invalid.
It might be possible (technologically). I'm not sure what you'd gain from such an exercise though. You would need to conspire secretly with a number of people to do this on a large enough scale to be newsworthy, and all you'd gain is another election and possibly a different voting system.
Re:The Real question... (Score:1, Interesting)
Ok, so this system proves that your vote reached the tally server, but how does it prove that your vote is actually in the total?
I'm serious. Just because your vote wasn't lost, doesn't mean it was counted. This helps guard against grievous mistakes, not against wholesale fraud.
This is covered in their paper:
http://www.scantegrity.org/papers/ScantegrityII-EVT.pdf
It can be done via independent auditors, and the code is available so you can do it yourself if you want.
Re:Interesting, but... (Score:2, Interesting)
Er, unless I'm missing something, it's still possible to prove to someone how you voted. You just need to take a picture of your ballot, showing that the code "JX" is in the bubble next to "John Smith" -- this is pretty easy if you're voting absentee, or if you aren't frisked and metal-detected on your way into the voting booth. When the local thug comes around to verify your vote, you show him the picture and your ballot ID, and then he goes online to make sure that your ballot ID and your "JX" vote are in the system.
I believe there is a fundamental choice here. Either you can
a) have the design flaw be your vote is discovered
or
b) have the design flaw be a stolen election
Either way, I guess we must contend with thugs. Thugs in "a)" system have to go after voters individually and run afoul of numerous laws in front of innumerable witnesses. In the "b)" system, you target a few polling places with few witnesses, possibly none if done over a network.
On another note, I may favor anonymous speech ;), but I have mixed feelings about anonymous exercise of political power. That is what voting is. Our legislatures are not allowed to hide their votes (except for near-unanimous voice votes).
It completely misses the point (Score:3, Interesting)
It completely misses the point. The point is not that a system is "impossible" to manipulate. The point is that _every_ voter has the ability to check the vote.
Just compare it with the pen and paper based system. Everybody can understand it. You have a box which must be empty when they start voting. And people come in, get a piece of paper each, fill it out in private fold it and throw it into the box. At the same time his name gets crossed out on a list. Now everybody can check this fairly easily.
Now let's look at whatever machine-based system you've got. You've got this machine, either mechanical or electronical. You usually cannot look inside of it. You cannot tell if the levers are labelled correctly or if the firmware is really what it's supposed to be. Even if you have sourcecode that's completely unusable for the 90% of people who cannot read code. Relying on others is not an option as the others could be against you. Just imagine a party forming beeing against computers, which programmer would help them?
Re:The Real question... (Score:2, Interesting)