Daniel Castro has responded to review of the ITIF eVoting report that he wrote.
In that review I agree with his thesis that “end-to-end verifiable” voting systems should be encouraged and be part of the debate on electronic voting and I basically agree with his recommendations. But I strongly disagreed with his assessment of the relative risks of paper systems, electronic voting systems, and electronic voting systems that print a voter verified paper trail. I also found much of the tone of his report offensive.
My assessment is:
e2e verifiable system > paper system > eVoting with voter verified paper trail > eVoting
His appears to be:
e2e verifiable system > eVoting > eVoting with voter verified paper trail > paper system
And I believe that we both agree the e2e voting systems need more support and some trial runs but are not yet ready for widespread deployment.
To put it pithily, “I agree with the thesis of this disagreeable report“.
Here is his response. This is posted with his permission:
Thank you for sending me this link. I enjoyed reading your perspective, even if we disagree on certain points.
A few comments in response to some of your points:
1. “Poisonous labeling of opposing views” – I understand that many people did not like some of the labels we put out there, but I want to clarify a point. I recognize and agree that many people who are opposed to e-voting without paper trails are technophiles and/or computer scientists. But if you’ll notice I always used the word “many”, which I do believe is an accurate representation of certain people and beliefs. But I did not use the word “most”, nor did I mean to imply that every person opposed to it was in this category.
I sent the following comments to somebody else, but I think they apply to your comments as well:
I do not think that everyone opposed to DREs is technophobic, but I do think “a growing technophobic movement believes that no computer can be trusted for electronic voting.” For example, there are a number of statistics the Eugene Spafford cites in his recent article that show people distrust technology:
“A number of indicators show that some of the voting population does not have confidence, or is losing confidence, in the technologies that have been deployed as a result of HAVA. A study by the Pew Internet Trust found that groups of minority voters in the South do not trust the technology and believe it has been manipulated, or could be manipulated, so that their votes would not count. They expressed a significantly higher rate of distrust in computerized voting technology than the general voting population.”
Now, is this mistrust a result of technophobia or a result of legitimate concerns about the security of the voting machines? Probably a little of both. But I do see a lot of comments on blogs from people who say they want to go back to a paper and pencil voting system. We also had Rep. Kucinich introduce a bill calling for a return to hand-counted paper ballots in presidential elections. If the fear is unrealistic or exaggerated (which I believe it is), is it technophobia?
I also say “Many opponents of electronic voting machines are motivated by a distrust of technology, anger at election results, and conspiracy theories about voting companies.” But again, I do not say (or believe) this applies to everyone. However, again, I do think many people feel this way.
But in the end, it does appear that these comments have distracted people from the real message – which is that we want more secure elections.
2. “Misleading arguments about reasonable security of digital data” – Actually, I have been a reader of RISKS Digest for a number of years! I disagree with your statement that I say all computers should be trusted. Obviously that is not the case. As you see in RISKS, many security flaws are from poor implementation or design. But there are also some systems that have avoided security problems from good design and good implementation. My point was that we can trust computers systems in many areas (finance, aviation, health) — certainly not all systems, and they need to meet high quality standards. And we cannot simply say “because computers have problems, we cannot use them for voting.” By that logic, we would also need to not use them in all these other areas. Instead, we should have a deeper analysis of the costs and benefits of different systems.
3. “Misleading arguments about reasonable security of digital data… the credit card system is a good example of” – I think we have to focus more on overall risk and likelihood of a threat. The credit card system is not very secure, but it also does not pose much of a risk to consumers. Everybody is capped at a maximum liability of $50, and most banks would never even charge consumers this fee because they do not want to lose anyone’s business. Similarly, I do think we should focus more on how serious the risk is from e-voting. This report is directed at policy makers. Before they decide to spend upwards of $1 billion (a huge amount, even by Washington standards), Congress should evaluate the current level of threat now, and the expected (reduced) level of threat after spending this money. Personally, I do not think the current benefits of paper audit trails justify this expense. I do think other improvements (i.e. — better testing standards, more research on universally verifiably voting systems) would be a more cost-efficient use of money, and give us better improvement in voting security.
4. Importance of e-voting for disabled voters. – I believe that this should be a top priority / criteria for voting systems. Disabled voters are a minority group — many who depend on government to provide services or legislative support for their communities –- and I think to have a strong democracy we should all make sure that every group is able to vote privately and independently, especially if the technology exists to allow it.
5. “No system currently deployed in the US allows a voter to know that his or her vote was actually counted. Voting systems that attempt to address this are worthy of research support a limited deployment but are not, in my assessment, ready for wide deployment.” – I mostly agree (although I think VoteHere might be ready). I think one of the main points of the paper is to ask the question, should we spend $1 billion on paper audit trails now, or spend $50 million now on research for universally verifiable voting systems, and then the $1 billion or so to upgrade to much more secure voting systems).
This email is getting long, so I will stop here. I am glad that we (mostly) agree on the thesis and recommendations –that is the most important part.
My discussions with him seemed to indicate E2E > DRE w/ VVPAT & OpScan >= paper system > DRE
I think he recognizes that a lot of the work on DREs was flawed at a fundamental level. They simply didn’t follow best-practices regarding security and quality. The most obvious being an audit log that was not append-only…