Maryland Town Tests New Cryptographic Voting System 227
ceswiedler writes "In Tuesday's election voters in Takoma Park, MD used a new cryptographic voting system designed by David Chaum with researchers from several universities including MIT and the University of Maryland. Voters use a special ink to mark their ballots, which reveals three-digit codes which they can later check against a website to verify their vote was tallied. Additionally, anyone can download election data from a Subversion repository and verify the overall accuracy of the results without seeing the actual choices of any individual voter."
Very interesting stuff. (Score:2, Insightful)
All that really matters after reading TFA:
Chaum says he hasn’t decided on a cost yet for jurisdictions who will license it after the initial adopter but says he can easily sell it for half the cost of current optical-scan voting systems, which run about $6,000 apiece.
Very good stuff. I would just avoid using the word "subversion" when talking about it. You know, because of its double meaning
Re: (Score:2)
I can see you've never been to Takoma Park, MD.
Cost of printing? (Score:3, Interesting)
Maybe I'm missing something, but for this to be truly secure against the problem of being able to see who somebody else voted for, you would have to have a distinct set of three-digit codes for every ballot, or at least such a large number of distinct ballots that no person could practically conspire with a few other people to figure out that XWP in the third field means Hillary Clinton. Wouldn't printing each ballot individually result in a tremendous cost compared with traditional ballot printing? I'm just trying to understand how this could be feasible on a large scale....
Re: (Score:2)
Each ballot has a unique ID number to start off with, so they have that system in place already.
They just need to add printing a unique cryptographic IDs with special ink to the process - might not even require a 3rd reprint
Re:Cost of printing? (Score:4, Informative)
The printing of ballots in most jurisdictions already falls under the category of "custom" printing. Ballots are unique every election (despite an enormous preponderance of re-elected incumbents). Ballots can vary from precinct to precinct to the extent that, in theory, no two precincts are alike, because of differing jurisdictions (different counties, different cities, different municipalities of various flavors). That combined with the relatively low number of copies made for any particular precinct means that the cost of printing each one uniquely isn't different. The printing won't be done by high-speed high-volume expensive-setup full-color color-separated presses anyway. It'll be done by laser printer or thermal printer or such.
Re: (Score:2)
It depends on what the three digit code represents. It's too short to be a hash and since the ballot isn't printed by a computer, it can't be any form of error-correction or tamper-proofing code. And although there's not going to be 1000 candidates in a given district, there's probably going to be in the hundreds in some cases, so there's a limit to the number of codes that could equal an individual.
Personally, I'd have gone for a 5 or 6 digit code. I'd also have the ballot papers printed by an electronic v
So how long... (Score:2)
Re: (Score:2)
I doubt they'd sue. Not effective. Much better to bribe the elected officials. Proven technique and all that.
Chaum's system is very cool (Score:5, Insightful)
It does what many people would have said is impossible: It allows voters to verify that their votes were cast and counted correctly, but does not provide them with any way to prove to anyone who they voted for. An audit trail, without opening the door to coercion. This is a major improvement over traditional voting technologies.
Re: (Score:2)
but does not provide them with any way to prove to anyone who they voted for.
But can I check to make sure not just that my vote "was counted" but that my vote was for the right person?
Re:Chaum's system is very cool (Score:5, Informative)
"But voters can't be sure just by looking at their ballot image that the system interpreted the codes accurately to apply the vote to the correct candidate. That's where independent auditors come in."
TFA to the rescue.
Re: (Score:2)
Re: (Score:2)
but does not provide them with any way to prove to anyone who they voted for.
But can I check to make sure not just that my vote "was counted" but that my vote was for the right person?
You can verify that your vote was received correctly. This still doesn't tell you that your vote winds up in the final tally. There's an important distinction there.
Re: (Score:2)
Who the heck cares? My State already has this "check your vote online" deal, and I didn't even bother to look it up when I got home. I don't honestly believe that if my choice McCain had won, anything would be any better. So what's it matter whether my vote was counted or not.
I have this novel idea that we should follow the KISS principle. Take a piece of paper. Circle your guy. Toss it into a box. Count the ballots by hand. Keep. It. Simple.
Re: (Score:2)
I don't honestly believe that if my choice McCain had won, anything would be any better. So what's it matter whether my vote was counted or not.
This is a major problem, but it is a separate issue. We can't have a healthy democracy without solving both of them. You can't tell me which needs to be solved first.
first the machines, then the system (Score:3, Insightful)
Hear hear!
I believe FPTP is killing our political system by making it a constantly devolving lesser-of-two-evils non-choice.
Getting a well-working computerized voting system is a first step to implementing something more sensible than First Past The Post.
Re: (Score:3, Informative)
I have this novel idea that we should follow the KISS principle. Take a piece of paper. Circle your guy. Toss it into a box. Count the ballots by hand. Keep. It. Simple.
That's how my town does it - each volunteer counts 100-200 ballots. It's not a hard ratio to achieve in any way. On average, each citizen would only have to volunteer once per hundred elections, not bad.
It is, however, second best. There's no stopping an organized gang from switching out the ballot box like Chaum's system does.
Still, on a
Re: (Score:2)
Now, can I start a flamewar about our system being inferior to Condorcet methods, please?
You have my vote. ;)
Just about anything is better than first-past-the-post. I'm partial to the Condorcet Principle, but every time I bring it up, I either get blank stares, or get slapped with Arrows Theorem.
Re: (Score:3, Insightful)
Arrows Theorem.
thanks for the pointer. If the Wikipedia article is correct, the big problem seems to be his requirement that any sub-set of elections should turn out the same as the whole election if considered separately. I'm not sure that's a sensible expectation in a real election.
Re: (Score:2)
I'm going to argue that for electing Senators, they'd do better by doubling the size of the Senate and allowing both first- and second-place candidates a seat with voting power equal to their percentage in the election.
(That way, a person who wins 50.1% of the vote has 50.1% of a vote. Proportional representation that's proportional.)
It's not KISS, it would be a bugbear to administer, but it would stop a lot of the razor-edge fiascos we've seen in past elections. Winning an extra few votes wouldn't win you
Re: (Score:2)
Interesting! Walter E. Williams has calculated that the US Congress should be up to about 3500 people by now, proportional to historical judgement about how many people a legislator can represent (this has anti-corruption themes behind it).
Re:Chaum's system is very cool (Score:5, Informative)
but does not provide them with any way to prove to anyone who they voted for.
But can I check to make sure not just that my vote "was counted" but that my vote was for the right person?
Yes:
Voters make their selections on a paper ballot using special pens with ink designed by Chaum. When a voter fills in an oval on the ballot, the ink in the pen, which is similar to the yellow ink in highlighter pens, reacts with invisible ink in the oval and turns most of the oval black. At the same time, a unique three-letter code pre-printed on the ballot inside each oval is revealed to the voter.
After making their choices, voters use a form to write down the serial number that is printed on their ballot as well as the three-digit codes inside the ovals they’ve chosen. The codes are generated cryptographically and are different on every ballot to prevent someone from deciphering the voter’s choices and engaging in vote-buying.
So that's the "verify that it was recorded correctly" part. For the "verify it went to the right candidate part":
Voters can also see, based on the three-letter codes, that the system seems to have recorded their selections accurately. But voters can’t be sure just by looking at their ballot image that the system interpreted the codes accurately to apply the vote to the correct candidate. That’s where independent auditors come in.
Scantegrity uses a process called “zero knowledge” that allows skilled, independent auditors to verify that the codes result in votes going to the right candidates, without actually revealing an individual voter’s selections.
I don't know how it works exactly, but I assume it's similar to a public/private keypair given that they describe it as a cryptographic mechanism. The interesting thing is that anyone can audit the election results to demonstrate that votes were counted accurately: https://scantegrity.org/svn/data/takoma-nov3-2009/PUBLIC/PUBLIC/ [scantegrity.org]
Re: (Score:2)
Re: (Score:3, Informative)
How exactly do we verify that the choices we didn't pick on the form don't have the same set of verification characters as the candidate we did choose?
That's handled by pre-election auditing. There's more information on how at http://scantegrity.org./ [scantegrity.org.]
Or, go straight to the research paper at http://www.scantegrity.org/papers/ScantegrityII-EVT.pdf [scantegrity.org]
Approval voting (Score:2)
It appears as though we can only see the code for a candidate if we reveal it with the invisible ink; checking the others would ruin the form.
Lobby your legislators to switch your jurisdiction to approval voting [wikipedia.org]. This system allows voters to sort candidates into two bins: desirable and undesirable. Once your jurisdiction uses approval voting, you can mark two candidates that you'd be happy with (e.g. a Democrat and a Green, or a Libertarian and a Conservative), and both votes will be counted.
Re: (Score:2)
But the practical implementation could provide a way to prove that they voted for someone. My cynical suspicion is that by the second or third election, they'll use mass-produced ballots ballots that only have three or four different sets of codes on them to reduce the cost of ballot printing. And no one will be the wiser except for the people exploiting it. Where this system fails is in proving that the codes are truly unique. The only way you can guarantee that is if instead of using fixed printed cod
Re: (Score:2)
But the practical implementation could provide a way to prove that they voted for someone. My cynical suspicion is that by the second or third election, they'll use mass-produced ballots ballots that only have three or four different sets of codes on them to reduce the cost of ballot printing.
See section 4.9 of the paper [scantegrity.org] (actually, read the whole thing). Auditing is done both by candidates and by independent auditors.
Re: (Score:2)
No, apparently it's only "skilled auditors" who can verify things. And voters can prove who they voted for to anyone who has access to the ballots post election.
Re: (Score:2)
yeah, one problem: the moment you enter that code, you are giving up personal information that can be tracked to you, individually. Don't forget, an IP address is traceable. Private citizens may not know how you vote, but data correlation means the voting authority may.
Re: (Score:2)
It is cool. I proposed something similar, albeit electronic voting, in the past on Slashdot but I'm thinking their approach has many advantages - not least that it reduces the number of attack vectors.
A three digit code is probably adequate, but I'd have probably opted for a longer value. It depends on how the code is used and what it represents. I'm assuming it represents a given candidate, as you're unlikely to have more than 1000 candidates for a given district but will likely have more than 1000 voters
Re: (Score:2)
Of course with a little help from your local ISP, they can see who is viewing what ballots, tie that to an IP and an IP to a home or in some cases a specific user.
They haven't really done what others said was impossible, but the process requires enough different organizations to be involved in the fraud to be an improvement over the existing methods since they added another layer to the process.
You want to have it so no one holds all the data so correlations can't be made without everyone being in on it, wh
I think I know what the 3 letter code is... (Score:2, Funny)
Let's hope that this new system prevents premature revelation of election results... [youtube.com]
What's a digit? (Score:2)
Re: (Score:2)
Specimens need not be perfect renditions is my guess.
Question? (Score:2)
Re: (Score:3, Insightful)
The objection to receipts is that receipts that show voting choices can be used for Vote buying.
If we stick to codes, vote buying is not so easy.
You'd need a crib sheet as well.
But all you know is that your vote entered this machine, not that it was tallied by Deep Thought at election central.
Transparency fail. (Score:2)
Transparency fail.
Re: (Score:2)
Scantegrity uses a process called "zero knowledge" that allows skilled, independent auditors ...
Looks to me like yet another example of how mainstream reporters lack basic knowledge of the topics they're reporting on. Based on the description of the system, it sounds like the process is actually called a zero-knowledge proof [wikipedia.org], which allows you to verify certain properties of data without actually seeing the data. And the whole point of ZKPs is that you don't need skill or a specially-designated auditor set to verify the data.
Looks like "Kim Zetter" was in over her head and couldn't even keep track of
Web Logs? (Score:4, Insightful)
Quoting TFA
"When polls close, voters can go to the election office website, type in their ballot serial number and see a rendition of a ballot, showing the three-digit codes for their votes. This way voters can be assured that their ballot was included in the final tally."
One would hope there are no web logs kept, because simply checking your ballot would reveal your identity, and someone is sure to wrangle a subpoena for that.
Re: (Score:3, Informative)
One would hope there are no web logs kept, because simply checking your ballot would reveal your identity, and someone is sure to wrangle a subpoena for that.
Reveal your identity and.... what? The ballot you check on-line just has some random letters on it that should match what you wrote down in the voting booth. It says nothing about who you voted for. So if someone identifies you from the web log, all they've verified is that (a) you voted and (b) you verified your ballot.
Re: (Score:3, Insightful)
Re: (Score:2)
So? Seems to me that the proper countermeasure if you want to verify your vote and keep someone who has access to your ballot from determining who your voted for is quite simple:
Go home. Select N random serial numbers. I am assuming the ballot serial numbers are not random, but wel
Re: (Score:2)
Really depends on ballot distribution. Looking up a vote from a location you didn't vote at will do nothing to increase anonymity.
Re:Web Logs? (Score:4, Interesting)
Even simpler. Have the system display ranges of ballot numbers and codes, not just single ones. If I have serial number 12345 and I click on a link to examine papers 12300-12399, the eavesdropper doesn't know which of the 100 ballots displayed I checked.
Re: (Score:2)
;)
Nice. Now that I'm laughing at the curmudgeons who are rationalizing objections to match their ornery feelings about computer voting I'm made to think that we should be careful in mocking them. All critiques should be welcomed! Only the attitude of "mumble mumble... there's still something wrong with it I bet" should be ruthlessly denigrated.
Re: (Score:2, Insightful)
That is not at all what it says.
The info displayed on line does not indicate a candidate by name.
But the whole system wouldn't work at all if there was not a linkage between your three letters and the Candidate's name SOMEWHERE.
That SOMEWHERE happens to be in the hands of the SAME people who would have the web logs showing IP address of the person looking up ballot number 2879193274.
Re: (Score:3, Informative)
But the whole system wouldn't work at all if there was not a linkage between your three letters and the Candidate's name SOMEWHERE.
Incorrect. Those letters have nothing to do with your vote selection, they're just an integrity check.
Again, read the paper [scantegrity.org].
Re: (Score:2)
Table P.
Again, transparency fail.
Re: (Score:2, Informative)
But the whole system wouldn't work at all if there was not a linkage between your three letters and the Candidate's name SOMEWHERE.
Incorrect. Those letters have nothing to do with your vote selection, they're just an integrity check.
Again, read the paper [scantegrity.org].
Read what he's saying. I have ballot 24664971 in my hand. I download apache.log and find the IP address of the person who accessed votecheck.net/check?ballot=24664971 and I trace that back to you. I now know who you voted for. It has nothing to do with the three-digit numbers.
Now, in my opinion, that's not a big deal, but I thought I'd explain it to you anyway.
Re: (Score:2)
You are correct. If someone has access to both the physical ballots (which no one should; the system is designed so that no such access is needed for normal verification), and to the web logs, and can link the web logs to individual identities, then that person can find out how voters who verified their votes voted.
Not keeping web logs is a good idea. Securing the ballots is a good idea.
Re: (Score:2)
Finally!!!
So now that you understand the issue, and the fact that ALL elements needed to identify you AND your vote are in the hands of the voting authority will you go back and re-read the paper http://www.scantegrity.org/papers/ScantegrityII-EVT.pdf [scantegrity.org] with a more critical eye?
Re: (Score:2)
:-)
Actually, I hadn't finished this version of the paper. I was basing my comments on previous iterations, which were slightly different.
That said, if the Scantegrity II sytem is begin operated as designed, it is not the case that the voting authority has the paper ballots. After scanning, they should be locked away, since they're not needed for counting or integrity verification. They're only needed to handle disputes, and even then the voting authority doesn't need to actually handle the ballots.
Re: (Score:2)
Re: (Score:2)
That only applies if the web server requires one to input one's specific ballot ID. If on the other hand all ballot numbers and codes recorded are displayed on the same (long) web page, or say 100 at a time are, then there's no way from the logs for you to know which ballot ID the individual was checking.
From skimming the paper I can's see which of the two solutions is intended. But since the solution it to the problem you suggest was so simple it occurred to me in 30 seconds, I suggest that the system de
Re: (Score:2)
Re: (Score:2)
Except the 'ballot's unique ID number' of course. Have you read the paper?
Re: (Score:2)
You are correct. I hadn't fully read the paper, but was basing my understanding on previous incarnations of the system.
Scantegrity II assumes that the physical ballots are stored security after scanning and not made available to anyone trying to link voters to ballots.
I wouldn't consider this a fatal flaw in the system, though. If ballots are handled properly, there is no risk to voter anonymity, and the system is designed so that the paper ballots are not needed to verify the integrity of the electio
Re: (Score:2)
Clearly you understand the SOMEONE knows exactly which candidate those letters on your specific ballot refer to?
Re: (Score:2)
Just because table P isn't published doesn't mean that it doesn't exist and can't be accessed.
Great on paper - but in real life? (Score:5, Insightful)
This system assumes three things:
Re:Great on paper - but in real life? (Score:5, Insightful)
Re:Great on paper - but in real life? (Score:5, Insightful)
This system assumes three things:
Per TFA, only about 5% of participants have to validate their vote afterward to assure the election's integrity to within normal margins. Also, exit polls in the Maryland town showed that about 30% of voters copied down their validation info. If a third of them bother to go online to check their ballots, that will be double the required participation.
Everyone is perfect - people who incorrectly cast their vote will always suspect fraud, calling the entire election into question.
Individuals will always have suspicions, but unless there is a widespread pattern of "errors", rational voters will be able to have greater confidence than they do in any other system. Unlike any other system, this one actually provide a way where lost or altered ballots have a chance of being discovered.
Everyone is sane - individual voters do not lie about about their vote to game the system, cast doubt on the election, etc.
Again, isolated cases will occur, but that happens regardless. In the absence of significant numbers of reports from generally honest and reliable people, then we'll have more confidence in the accuracy of the vote than any other system can provide.
Basically, your objections boil down to "Nothing is perfect". Well, duh. But it doesn't have to be perfect, it just has to be better. And it is.
Re: (Score:2)
The system doesn't assume "everyone" does anything. Statistically, only a small sample is necessary.
FTFA: "People who don't want to do it or don't care can completely ignore it," Chaum said. "We only need 3 to 5 percent of people to verify their votes [to make it effective], depending on how close the contest is. If it becomes close, then you need a larger percentage to get the same level of confidence."
Re: (Score:2)
Not everyone has to verify their vote. An attacker will have to throw away a large number of ballots in order to sway an election. If each voter has a 5% probability of checking their vote and only 100 votes are thrown away, the probability that the attacker is at least detected is greater than 99%.
There's also no need for perfection. The number of reports will be higher when the election is attacked. Apply basic statistics to figure out how likely it is the election was stolen instead of just people making
Re: (Score:2)
I don't. At least not when it's Diebold computers.
Adaptable to a ranked voting system? (Score:2)
A quick surfing of the Scantegrity Wikipedia article [wikipedia.org] and the links above didn't definitively answer an interesting (to me) question: can it be applied to a ranked voting system such as IRV [wikipedia.org] or Condorcet [wikipedia.org]?
The offhand solution would be to use Scantegrity's technology with a matrix of bubbles for ranks vs. candidates. Anyone familiar with this work know whether this has been addressed? I skimmed through the IEEE article as well, and found no mention of any ranked voting systems.
What are the options? (Score:3, Interesting)
Election workers keep eyes open. At the end of the day reps of all the people involved stand around in a open room and count.
Takes time, expensive, but hard to fake.
If you cannot make it, postal or an election worker comes to you.
As for digital, open source, simple and all parties can see the unit, code.
On the day you press and its collected at a central point.
Instant and the press love it.
The problem with the above is no room for profit or stuffing.
Your part of the world has to have been so corrupt, at war or new to democracy to get it working.
In the US you are told its so open free and fair and transparent every day.
Is it? Why are AMT sellers making the closed source units? With cable pundits and talking heads screaming at you "they are used in banks, its fine", dont mind the party political rants by the owner.
Enigma, cryptoAG ect all gave perfect service on the day.
In Capitalist West a nice man owns the IP to your vote.
In Soviet Russia a nice gov owns the IP to your vote.
In both parts of the world, you have a right to vote.
As Stalin said "It's not the people who vote that count. It's the people who count the votes."
The end count is the elephant in the room, not just the cute open source, optical-scan $x,000 input device.
Re: (Score:2)
http://openvotingconsortium.org/ [openvotingconsortium.org]
Please support.
Re: (Score:2)
Open source voting software isn't really going to help.
You can see the open source software is safe.
You can't see what the binaries or even hardware on the system is doing. You can't verify that its running the code you see. You can't even copy it off the system and be sure you're looking at what was running rather than a copy put there just in case you try to copy it off.
creepy (Score:2, Insightful)
It's Takoma Park, folks (Score:3, Interesting)
This is the place they like to call the "Berkeley of the East". It's so liberal it's almost a parody. I think the MD Democratic Party keeps it around as a pure strain in a petri dish so that they can pretend they are also liberal.
It also means that if Takoma Park thinks it's a good idea, everyone else in MD will think it's a joke and ignore it.
Is voter verification really desirable? (Score:3, Interesting)
I have real doubts about allowing voters to check how they voted AFTER they leave the polling place. By allowing a voter a way to verify how he voted you open the door to all sorts of abuses. A voter could sell his vote and the buyer could have a way to check he indeed did vote the way the buyer wanted. Another abuse is employers threatening his employees with firing if he did not vote the way the employer wanted.
The problems might be overcome if the voter would have to visit the election clerks office and prove his identity and was also alone when he viewed the way he voted.
This allows vote buying! (Score:3, Informative)
I don't see a single thing in this system that would prevent vote buying. You get a receipt with your choices on it, encoded in some form, yes? You can then go to a website, and enter codes, to see who you voted for, yes? True, only the individual voter (or someone possessing the receipt) can do this.. but that doesn't matter a damn to a vote buyer. Why? Because, as this system's designers seem to have forgotten, the voter is complicit in vote buying. The voter gets money for turning over his receipt and secret knowledge, whatever that may be, to the person who wants a verified vote for his candidate.
Re:This allows vote buying! (Score:4, Informative)
The website only shows you: serial number 1234567 voted for these codes: two-letters two-letters two-letters, etc.
It completely misses the point (Score:3, Interesting)
It completely misses the point. The point is not that a system is "impossible" to manipulate. The point is that _every_ voter has the ability to check the vote.
Just compare it with the pen and paper based system. Everybody can understand it. You have a box which must be empty when they start voting. And people come in, get a piece of paper each, fill it out in private fold it and throw it into the box. At the same time his name gets crossed out on a list. Now everybody can check this fairly easily.
Now let's look at whatever machine-based system you've got. You've got this machine, either mechanical or electronical. You usually cannot look inside of it. You cannot tell if the levers are labelled correctly or if the firmware is really what it's supposed to be. Even if you have sourcecode that's completely unusable for the 90% of people who cannot read code. Relying on others is not an option as the others could be against you. Just imagine a party forming beeing against computers, which programmer would help them?
Re: (Score:2, Funny)
I know the Florida ballot count debacle wasn't all that long ago, but are we that concerned about votes not being counted?
If we were concerned about people's votes not being counted would we be testing a Cryptic New Voting System? ... Oops sorry, Freudian misread.
Re:Interesting, but... (Score:5, Insightful)
but are we that concerned about votes not being counted?
I was about to write a long reply about how democracy depends on the fact that bla bla bla... and how you cannot trust people, especially what in politics and bla bla bla... but you asked a simple question so I'll give you a simple answer:
Yes.
The Real question... (Score:5, Insightful)
Ok, so this system proves that your vote reached the tally server, but how does it prove that your vote is actually in the total?
I'm serious. Just because your vote wasn't lost, doesn't mean it was counted. This helps guard against grievous mistakes, not against wholesale fraud.
Re: (Score:2)
Ok, so this system proves that your vote reached the tally server, but how does it prove that your vote is actually in the total?
I'm serious. Just because your vote wasn't lost, doesn't mean it was counted. This helps guard against grievous mistakes, not against wholesale fraud.
I'm confused, are you replying to me? I only answered his question if we are concerned about votes not being counted. I never said nor did I imply that this was the right or the wrong way to do it.
But to answer your question, the only way to make sure of this is if the software that is in use is completely open source. That way anybody who's interested may view the source and follow the the procedure, from submission to results.
Re: (Score:2)
I know the Florida ballot count debacle wasn't all that long ago, but are we that concerned about votes not being counted?
(Implying issues about votes being lost accidentally)
.. and how you cannot trust people, especially what in politics and...
(I interpreted this as votes being lost intentionally; inline with my post)
I was pointing something out. It was both on-topic (closely related to your "simple answer"), and highly visible (near the top of the thread).
This is Slashdot. A reply doesn't need to be a direct response to be on topic. There'd be very little discussion if there were. Maybe I should have shoehorned my response, rephrasing it to more closely match the wording and context of you
Re: (Score:2)
I dunno. But, at least this appears to be a step in the right direction. Open government - wow.
There's supposed to be some independent monitoring scheme, which is good. I suppose that in and of itself, this isn't enough to keep things honest. But the concept of allowing a citizen to look into the workings of the ballot system any further than the booth is good. Given some time, some interest, and some ingenuity, we could be looking much further inside the system.
Open source. Open government. Transpare
Re: (Score:2)
Let's just say that we have different standards.
East coast is out of the question, except for maybe Maine and Vermont. The only place I'd want to live on the west coast might be in the Cascade mountains. Texas is a bit warm for me, but I can tolerate it. Moving north from Texas, the further north I get, the happier I am. I prefer mountains, but low hills work alright. The more trees there are, the more beautiful the land is. I wouldn't last to long in Colorado, thanks to the huge influx of liberal city
Re: (Score:2)
You can get, say, 100 friends, download the subversion repo and check that all your votes are counted in your copy of the repo.
Therefore official count very likely has all votes, and without grand scale fraud definitely your vote. I'd say more likely than in paper ballot.
Similarly *I assume* the repository can be checked that there are not (many) extra votes.
Re: (Score:2)
And this is different from existing methods how?
In reality, since the the data is available and public information, someone could create an entirely seperate website, with the tallies based on the information in svn. People could check their votes there.
Then if the secondary website notices discrepancies reported by users checking their own votes or in the totals, the fraud is reveled.
Its much harder to commit fraud in the view of the public. It can be done I'm sure, just harder.
Re:The Real question... (Score:4, Informative)
Good question. They use "zero knowledge" proofs: [wikipedia.org]
"Scantegrity uses a process called “zero knowledge” that allows skilled, independent auditors to verify that the codes result in votes going to the right candidates, without actually revealing an individual voter’s selections."
It's super-cool stuff every slashdot geek needs to know. So, this allows us to insure our vote was counted without enabling us to sell our votes. Very cool! However, it still not fool-proof. A friend of a friend of mine has gotten so worked up over an election that she went to the polls early, and often, and voted for her whole extended family. Without requiring photo-IDs, it's really easy to do. Every show up to a poll and see your name has already been crossed off?
Re: (Score:2)
Re: (Score:2)
I'm far more concerned about phantom votes being counted than real votes not being counted.
There is a long history of not counting write in candidates and absentee votes when the total number of such ballots does not exceed margin the winner holds.
Many people just start whining when you tell them this and insist every vote be counted, but it is irrational emotionalism unswayed by 3rd grade math skills.
Re:Interesting, but... (Score:4, Informative)
I'm far more concerned about phantom votes being counted than real votes not being counted.
Both are real issues. There are plenty of examples of ballot boxes getting "lost", so those are real problems. Dead people voting, multiple votes, systematic exclusion of voters (not losing their ballots, but preventing them from voting), all of these things are problems.
This system doesn't solve all of those other problems, but it does solve the problem of votes getting lost, altered or counted incorrectly. And it does it in a mathematically-provable fashion.
See the paper [scantegrity.org].
Re: (Score:3, Insightful)
but are we that concerned about votes not being counted?
I was about to write a long reply about how democracy depends on the fact that bla bla bla... and how you cannot trust people, especially what in politics and bla bla bla... but you asked a simple question so I'll give you a simple answer: Yes.
To most people it's only "Yes" if the election doesn't go their way.
Re: (Score:2)
I'd trust it a lot more if I could log on online and verify my vote. I have heard one reason against it: Suppose you work for a company that enjoys putting [illegal, but still] pressure on employees to vote for the Baby Eating party because it supports their economic policy. They could then demand that employees tell them their numbers so they can check that they didn't vote for the Cute Animal Hugging party instead.
There are ways to mitigate this, and it isn't a huge concern, buth worth mentioning.
Re:Interesting, but... (Score:4, Informative)
Not sure I'm reading you properly, but this system allows you to verify your vote was COUNTED, nothing more. You can't show or prove to anyone HOW you voted, just that you did and that your vote is in the tally AS CAST.
This is huge. I've been waiting for chaum's election stuff to actually be used for quite some time now. I'm hugely excited.
Re: (Score:2)
If you take a photo of your ballot, what prevents you from proving who you voted for?
Re:Interesting, but... (Score:5, Informative)
Not sure I'm reading you properly, but this system allows you to verify your vote was COUNTED, nothing more. You can't show or prove to anyone HOW you voted, just that you did and that your vote is in the tally AS CAST.
Er, unless I'm missing something, it's still possible to prove to someone how you voted. You just need to take a picture of your ballot, showing that the code "JX" is in the bubble next to "John Smith" -- this is pretty easy if you're voting absentee, or if you aren't frisked and metal-detected on your way into the voting booth. When the local thug comes around to verify your vote, you show him the picture and your ballot ID, and then he goes online to make sure that your ballot ID and your "JX" vote are in the system.
Re: (Score:2)
But it doesn't scale, imho. Everybody voting absentee in a district? Red flag. Digital camera in the booth too often? (Some people are savvy enough to turn off the sounds, and some people are savvy enough to hide their camera. But most people are not.) Red flag. Game over.
Besides, buying people off is expensive. Much easier to move corrupt ops to a district that isn't as secure as this one. Remember, you o
Re:Interesting, but... (Score:5, Informative)
But it doesn't scale, imho. Everybody voting absentee in a district? Red flag.
In the state where I live, 37 of the 39 counties have nothing but absentee voting. You can go to the election office to drop off your ballot, but everyone gets a ballot weeks in advance.
On the other hand, that means we've already conceded the battle against this sort of voter intimidation/bribery. The thug can just watch you fill out the ballot. Hasn't been a problem in practice, though... yet.
Digital camera in the booth too often? (Some people are savvy enough to turn off the sounds, and some people are savvy enough to hide their camera. But most people are not.) Red flag. Game over.
I don't know about your camera, but mine is cleverly hidden inside my cell phone. Doesn't take much savvy to get one of those, and before long, almost everyone will have a 3+ megapixel camera in their pocket -- if we're not there already.
Re: (Score:2)
And not long after that, every phone will have photoshop on it.
No more verification for mister vote buyer.
And if you suggest cheapo film cameras, what stops me from taking a picture of my phone's screen while badly out of focus? Besides a beating, anyway...
Re: (Score:3, Insightful)
Countries where voter intimidation is a significant problem are normally so screwed that you'd be glad you're actually getting paid to vote however they want, rather than them just announcing the results (before the elections even
Re: (Score:2, Interesting)
Er, unless I'm missing something, it's still possible to prove to someone how you voted. You just need to take a picture of your ballot, showing that the code "JX" is in the bubble next to "John Smith" -- this is pretty easy if you're voting absentee, or if you aren't frisked and metal-detected on your way into the voting booth. When the local thug comes around to verify your vote, you show him the picture and your ballot ID, and then he goes online to make sure that your ballot ID and your "JX" vote are in
Re: (Score:2)
I have a few concrete suggestions but none are complete fixes. For example, you have many more voter-verification numbers than actual votes, distributed uniformly, so it's easy for any employee to find a number that corresponds to any vote and claim it was his. Problem: What if the company gets the same number from two employees. This isn't an issue for integrity because while everyone knows there are loads of fake votes in the numbers, he can still look up his own number.
Have the system only give you a loo
Re: (Score:2)
Scantegrity is the successor [scantegrity.org] to Punchscan, developed by the same people (David Chaum et al). The only detailed analyses that I can find about their differences are behind journal paywalls like this one at the IEEE [computer.org].