Category Archives: security

More thoughts on Rasing the E2E Profile in the Public Eye

A bit more brainstorming about ways to aid the end-to-end verifiability meme. Other suggestions are welcome.

  • Have a forum for discussing E2E verifiable systems. For example a yahoo group or a google group. Initially I would suggest an open all-purpose forum covering both technical discussion and general advocacy and discussion.
  • Have a website promoting the general idea of E2E verifiable systems – not just specific systems
  • Each E2E project should have a website dedicated to it with clear descriptions of how it works intended for non-academic readers. (It should of course also include sections targeting academic readers) The Punchscan web site does very well here. But many others do not – even projects involving the same people.
    Some examples:

Rasing the E2E Profile in the Public Eye

Aleks Essex of Punchscan, prodded by one of my comments, posted his thoughts about raising the profile of end-to-end verifiable systems in the public eye:

The allaboutvoting suggestion was to establish an outreach to the broader public about E2E. Of course this is a good idea, and something that’s overdue. But that’s going to be tough. As for Punchscan, our approach to raising its profile has always been by “doing.” First we designed and built it. Then we debuted it in a binding election. Then we won an international competition. I think that these milestones were all necessary; people need things they can “touch.” Pictures and movie of real voters using Punchscan I think helped “make it real” to people, because it was real. Winning the ten thousand dollars sure got people interested. So I’d say it’s these “press” moments that will see E2E find its way into “normal” conversation, if only for a moment.

My prodding comment was:

Unfortunately much of the talk about E2E is pretty off.
I’ve seen:
* “there is no problem”
* “your solution is something only geeks can understand”
* “your solution is to just ‘trust us’”
* hijacking of E2E potential as a call to inaction with respect to the use voting machines without any verification
* lots of heavily technical bureaucratic jargon that I don’t quite follow yet

Does the E2EV movement have any umbrella outreach and discussion place? My perception of it right now is that it is gaining momentum academically but that there is little advocacy intended for a general audience. What little there is seems to be partitioned into individual E2E projects (like punchscan) rather than movement wide.

An active yahoo group might be a helpful start.

I’m thinking of just starting an E2EV yahoo group myself but I’m not yet sufficiently committed to research and invite all the people needed to jump start a community.

ITIF’s eVoting report: point-by-point

Here is my point-by-point review of Daniel Castro’s ITIF eVoting report.

This is a long post. I recommend that you first read a summary of my views.

I am basic agreement with the thesis of the report which is that the debate about eVoting should move beyond voter-verified paper audit trails to include systems that can prove to a voter that their vote was counted as cast. However, I found the tone and focus of the report disagreeable and I disagreed with much of the material in the report advocating for eVoting and against voter-verified paper audit trails.

Continue reading

summary of ITIF’s eVoting report

I’m writing up a full point-by-point review of the ITIF eVoting report. [Update 9/20/07: It’s written. Here is the point-by-point review]

For now, here is a quick summary of my impressions.

I agree with the basic premise of the report that the debate about electronic voting needs to be broader and include other verification technologies than voter-verified paper audit trails. I am in basic agreement with the policy recommendations of the paper but I feel that these recommendations need some caveats. I discuss the recommendations below.

I disagree with much of the setup of the report. The susceptibility to fraud of electronic voting machines is downplayed too much as is the ability of voter-verified paper audit trails to mitigate that. The tone of the report when talking about organizations promoting voter verified audit trails or promoting distrust of eVoting is absolutely poisonous and Mr. Castro should be ashamed. I suspect that much of the poor reception this paper is getting is due to that.
Continue reading

Buzz about ITIF’s eVoting report

[Update 9/20/07: I have read the report and review it here: summary and points-by-point]

I just got an interesting comment from Daniel Castro, the author of an Information Technology & Innovation Foundation (ITIF) report on electronic voting. Castro’s comment:

I just wanted to make sure you were aware of the report we just released on electronic voting. We discuss the limitation of paper audit trails, alternative technologies (to paper) that can be used for audit trails, and suggest that we should focus the national discussion not on whether or not we should have paper trails, but rather on how to implement universally verifiable (or end-to-end verifiable) voting systems.

From the report’s teaser:
Continue reading

seeking clarity on ‘Software independence’ in voting systems

In response to the Timothy Ryan op-ed “A Damaging Paper Chase In Voting”, Rick Carback (one of the punchscan developers) wrote about HR811:

…the article makes an excellent point — mandating a specific technology (which has been known to be problematic since the inception of voting) is a bad idea. By contrast, the authors of the bill could have taken the approach of Software Independence, where the outcome of an election can be determined independently of a piece of software. Any software independence approach would rule out paperless DREs, a hidden audit trail printout, and other ill-conceived technology. DREs with unreliable printers for a VVPAT approach could also be excluded, but you would need to add a reliability requirement (not hard to do). Our system, and similar systems like PAV, would more easily fit into such a definition.

Continue reading

washingtonpost points out that HR811 conflicts with systems like punchscan

Punchscan; see your vote count

From A Damaging Paper Chase In Voting by Timothy J. Ryan for the Washington Post comes this piece opposing HR811. Among other things it points out that HR811 would conflict with voting systems that cannot provide a paper trail (like Prime III, an Auburn University project that I am not familiar with and hence do not endorse in any way) or cannot preserve all paper records (like punchscan) I would be interested in hearing the reaction of people involved with punchscan to this piece.

Continue reading

The punchscan voting system

Punchscan was the winning system in the 2006 2007 VoComp competition.

In their own words:

Punchscan is a voting system invented by David Chaum that allows voters to take a piece of the ballot home with them as a receipt. This receipt does not allow voters to prove how they voted to others, but it does permit them to:

  • Verify that they have properly indicated their votes to election officials (cast-as-intended).
  • Verify with extremely high assurance that all votes were counted properly (counted-as-cast).

It uses simple cryptographic techniques to ensure election integrity. The demos on their ‘learn more’ page shows how a voter casts and verifies their vote as well as showing how election integrity can be audited.

After you go through the demos you should also review the excellent FAQ.

The system that is demonstrated can only handle ballots for which there are two candidates for each race. I believe that they have extensions to the system to handle multiple candidates and well as handling

  • alternate voting systems
  • improved support for disabled voters
  • write-in candidates

So it ready for prime-time use?
I don’t know. It has only been used for a few elections and is a very new system so I suspect that it is not ready for wide deployment.

If you are interested in following the development and deployment of punchscan you can join their mailing list.

VoComp conference (July 16-18)

VoComp (the university VOting systems COMPetition) is a conference and competition that fosters innovation and student involvement in the technology of democracy. It is actually both a competition and a conference. This year is was in Portland, Oregon from July 16-18.

The conference gives academics who research voting systems a chance to present their research and conclusions. From the VoComp overview page:

Presentations include descriptions of the competing systems, attacks on the competing systems, metrics for evaluating voting systems, and demonstrations of other voting technology. Prizes include best presentation, best attack, and best paper on voting system metrics.

The competion itself allows student teams to design, implement, and demonstrate election systems.

Here is more from their press release:

Four finalist teams of researchers, from the U.S., Canada, Poland, and UK, face off 16–18 July at the Portland Hilton in front of a panel of top experts. … Each of the four finalist submissions is a complete open-source voting system, something that has been called for by many but not realized until now. The competition framework also serves to demonstrate what may be a better way to vet and choose voting systems.

In advance, each team publicly posted rigorous documentation and all source code for its system. At the competition finals, each team will carry out a mock election and critique the other systems in front of the judges. All sessions are free and open to the public.

Three of the competition systems are based on revolutionary “end-to-end (e2e) secure’’ technology, which enables each voter to verify that her vote was correctly recorded and tabulated. This new technology promises to surpasses the lower level of results assurance afforded by popular “paper record’’ technologies such as precinct-count optical scan and VVPAT advocated by Senator Holt and others.

I have never attended a VoComp conference. One of the conference presenters this year wrote about his experience there. Here is some of what Warren Smith had to say about his experience at VoComp 2007:


VoComp was actually a lot better than I expected in terms of the talks.

David Chaum spoke on “scantegrity”, an impressive new framework for secure secret-ballot voting which is in at least some ways superior to Rivest+Smith’s approaches. www.scantegrity.org

Ron Rivest (MIT) spoke on the Rivest-Smith low-tech secure voting protocols.

The whole VoComp thing made it more publicly known that secure voting protocols do exist, and are just light years ahead of what the USA uses now in terms of guaranteed security properties.