(The zapkitty sighs... the first day he's back online and stable the Crypto Crusaders show up...)

"NAtional: Paper Trails Don't Ensure Accurate E-Voting Totals, Group Charges..."

Ahhh... the Crypto-Crusaders... we've been expecting you... lemme guess... you're here to make elections safe and secure by burying the actual methods and end results in the metaphysical equivalant of concrete bunkers and to hell with ordinary citizen oversight of elections, right?

And of course these bunkers will be vulnerable to the same folks who have the most powerful cryptographic tools on the planet, a crypto-cracking budget in the billions (at a minimum), and an extremely vested interest in cracking anything they can get their hands on... the same people who are kept in power by the voting systems at risk.

Didn't we just go through this exact same shit with DRE's ?...

Well, yes... but this was expected... after all, it's the ACCURATE techno wet dream version of "election reform"...

(Side note to Ancient while I catch up on threads I've been following intermittently... from where I sit Feinstein's "separate but equal" motif applies to both her backing the nomination of a judge with a racially troubled past and her version of an "election reform" bill that mandates racial profiling for voter disenfranchisement... I think she has "old Democrat disease"... so the HR 811 stunt of treating people's paper ballots and people's DRE "ballots" as if they were equal when they are demonstrably not equal would seem to be right up her alley...)

the_zapkitty: I think you misunderstand these systems. Most claim (and a few mathematically prove) unconditional integrity and conditional privacy, which means that no matter how much money or resources you have, breaking the codes only succeeds in figuring out what ballot ID number matched to what result. So, if you can track who got what ballot ID in a definitive manner, the most you could do is find out who voted for who.

That said, when a cryptographer uses the word "conditional" that typically means it will take 50 or so years to do with the fastest known computer to date (including supercomputers).

The Information Technology and Innovation Foundation correctly argues that paper trails don’t ensure accurate e-voting totals. We agree with that argument. However, rather than use that argument in a move to ban non-transparent DRE voting machines, this group makes that argument and then argues that more non-transparent, unverifiable technology should be used along with the DREs.

I am looking forward to hearing what they have to say. I am becoming a fan on cryptographically secure voting systems such as PunchScan where a voter can have ready assurance that their vote was actually counted as cast.

Electronic voting machines enable a kind of wholesale fraud that was not easy with paper ballots. But hand counted (or optical scan) paper ballots alone are not enough to prevent fraud.

I don't believe anyone here has ever suggested that paper ballots alone were enough to prevent fraud, AllAboutVoting.

Rather, we have come to learn that without a paper ballot for every vote cast --- one that is actually counted, and recountable by any citizen who'd like to --- we don't have even a chance of preventing fraud.

The Punchscan system, from the little I've been able to look into it, makes a few assumptions that seem dangerous to me. For a start, it seems that we've got to both trust the encryption system was working accurately to determine which hole/letter represents which candidate, and secondly, we've got to presume that folks understand that a Candidate listed as first, may have his letter listed last, or in the middle, etc.

You saw what happened with the infamous "butterfly ballot" in Palm Beach. I see no reason to trust that the Punchscan system would be any less confusing. Worse, we'd have no way of verifying later that the option chosen was actually for the candidate that the voter intended.

Those are just some kneejerk early responses to what I've been able to look into regarding Punchscan. I am, however, always open to further information on any such system.

{Ed Note: Deleted. Same Obama video comment has now been spammed over several items. Please knock it off, or your will be banned from posting at all. Thanks! --- BF}

I should mention that PunchScan is not the only cryptographically secure voting system that is being developed. However, of the ones I have investigated, I have found them to have the most polished presentation to those less technically inclined.

For example at the 2007 VoComp competition (yes, ES&S was a sponsor; no, that does not bother me) there were a number of submissions. There were also mentions of other systems that were not submitted such as Ron Rivest's tri-ballot scheme. (Ron Rivest is the R of RSA encryption).

Here is some analysis of tri-ballot by Warren Smith of range voting fame.

I would like to see laws that at least allowed experimentation with such systems. I know that I have voted using absentee ballots for a long time and never had much confidence that my vote was actually counted. A system that can reliably prove to me that my vote counted would be very welcome.

I encourage you to take a look at the report we put out on electronic voting. In our report we advocate universally verifiable voting technology, where any voter or election observer can verify that the final election results are accurate. This type of voting technology is currently not used in our elections, even though it is superior to any of the current paper based or electronic voting systems out there right now. The problem we see is that some policymakers would pass legislation requiring the use of paper audit trails, which would prevent this use of some of these new, innovative voting systems.

Our full report, which includes a description of the cryptography involved, and some systems that exist today which use it (hardly "unproven"), can be downloaded from our website at ---

http://www.itif.org/files/evoting.pdf

Mr. Castro #7

The problem we see is that ITIF is supporting an industry that wants to provide non-transparent solutions to what are already non-transparent DREs. You are essentially saying "Trust Us" and we should never have to trust anyone in regards to elections.

We need to ban DREs, put your industry friends out of business, and have elections where we can all be assured of verifiability.

I have not had a chance to read the ITIF report yet (which is now online).
But here is my view on the teaser for the report.

Brad #4:
>Those are just some kneejerk early responses to what
>I've been able to look into regarding Punchscan.
>I am, however, always open to further information
>on any such system.
I don't have any magical source of further information about the PunchScan system. I recommend that you spend the time to become thoroughly acquainted with their system as presented at their website.

John Gideon #8:
I can not speak to ITIF's activities as I have never heard of them before a few days ago. I can say that it is inaccurate to describe E2E (end-to-end) transparency as "non-transparent". On the contrary, it is radically transparent. The message of an E2E transparent system is not "trust us". It is "if you don't trust us here is how you can prove to yourself that the system is working and that your vote was counted".

So am I a champion of E2E systems? I don't think of myself as one. I do think that:

they should be part of the debate about how to ensure the integrity our voting systems
there should be provisions for at least experimentation with such systems

This viewpoint is consistent with what some of the E2E academic developers have said:

(Regarding HR811...)
An alternative approach that they could take is to add a provision for use of “experimental systems” — where they would be permitted to be used on a small scale if they met certain criteria (e.g. the blessing of the EAC). This would still allow for testing/use of a fundamentally new approach, and would solve the WaPo writer’s aircraft analogy he uses at the beginning of his piece.

I've now read the report and written up my views (summary and lengthy point-by-point).

In brief:
I am basic agreement with the thesis of the report which is that the debate about eVoting should move beyond voter-verified paper audit trails to include systems that can prove to a voter that their vote was counted as cast. However, I found the tone and focus of the report disagreeable and I disagreed with much of the material in the report advocating for eVoting and against voter-verified paper audit trails.

The Punchscan system, from the little I've been able to look into it, makes a few assumptions that seem dangerous to me. For a start, it seems that we've got to ... trust the encryption system was working accurately to determine which hole/letter represents which candidate,...

I believe that this criticism is inaccurate. With Punchscan, any observer can determine whether the necessary commitments were made, and whether they contradict the reveals. Each voter can determine whether the applicable reveals contradict his receipt. Any error that would cause a single-vote discrepancy has (at least) a 50% chance of forcing a contradiction. Where is the need for trust?

I suppose that we have to worry about the Election Authority breaking the commitment scheme, but that's just a matter of choosing a strong scheme. (We all believe that such a thing exists, don't we?) We do have to worry about the EA screwing up and making bad commitments, but such an error would certainly be evident.