Category Archives: security

Post-Election Auditing Summit

I’m continuing my tradition of posting about conferences that I have not attended…

The Post-Election Auditing Summit was held in Minneapolis October 25-27, 2007.

Continue reading

Advertisements

A random post

From Joseph Hall’s blog:

(This is funny, but you have to let me build it up with context…)

In elections, especially in election audits, we often have to produce random numbers that an observer can prove to themselves came from a true source of randomness.

The RAND corporation also publishes a book of random numbers, which you can buy: “A Million Random Digits with 100,000 Normal Deviates”.

So, where’s the funny in all of this? Check out the reviews on Amazon for the RAND book. They’re drop-dead hilarious. My favorite is the first one:

A truly amazing genre-breaking work of art unlike any that has ever been or ever will. I was captivated from the moment I opened the cover until the extremely suspenseful moment I turned the last page. With that said, I was a little disappointed that 71602 was knocked off by 92937 just as the plot was unfolding, but the arrival of 96240 really got my blood pumping and I just couldn’t put the book down from that moment on.

I am so glad that Amazon.com is offering the “Search Inside This Book” option for this book so that it can be enjoyed by countless other avid readers who otherwise may not have come across it. I wait, impatiently, for the audio CD version of this fine book

Be sure to read Joseph’s whole post and to look through the reviews for this book as well. There are some gems in there.

(Joe describes himself as a politechnologist and PhD student at UC Berkeley’s School of Information. He was involved in at least the documentation part of the CA secretary of states Debra Bowen’s top-down review of electronic voting machines.)

Daniel Castro’s response to my ITIF review

Daniel Castro has responded to review of the ITIF eVoting report that he wrote.

In that review I agree with his thesis that “end-to-end verifiable” voting systems should be encouraged and be part of the debate on electronic voting and I basically agree with his recommendations. But I strongly disagreed with his assessment of the relative risks of paper systems, electronic voting systems, and electronic voting systems that print a voter verified paper trail. I also found much of the tone of his report offensive.

My assessment is:
e2e verifiable system > paper system > eVoting with voter verified paper trail > eVoting

His appears to be:
e2e verifiable system > eVoting > eVoting with voter verified paper trail > paper system

And I believe that we both agree the e2e voting systems need more support and some trial runs but are not yet ready for widespread deployment.

To put it pithily, “I agree with the thesis of this disagreeable report“.

Here is his response. This is posted with his permission:
Continue reading

More thoughts on Rasing the E2E Profile in the Public Eye

A bit more brainstorming about ways to aid the end-to-end verifiability meme. Other suggestions are welcome.

  • Have a forum for discussing E2E verifiable systems. For example a yahoo group or a google group. Initially I would suggest an open all-purpose forum covering both technical discussion and general advocacy and discussion.
  • Have a website promoting the general idea of E2E verifiable systems – not just specific systems
  • Each E2E project should have a website dedicated to it with clear descriptions of how it works intended for non-academic readers. (It should of course also include sections targeting academic readers) The Punchscan web site does very well here. But many others do not – even projects involving the same people.
    Some examples:

Rasing the E2E Profile in the Public Eye

Aleks Essex of Punchscan, prodded by one of my comments, posted his thoughts about raising the profile of end-to-end verifiable systems in the public eye:

The allaboutvoting suggestion was to establish an outreach to the broader public about E2E. Of course this is a good idea, and something that’s overdue. But that’s going to be tough. As for Punchscan, our approach to raising its profile has always been by “doing.” First we designed and built it. Then we debuted it in a binding election. Then we won an international competition. I think that these milestones were all necessary; people need things they can “touch.” Pictures and movie of real voters using Punchscan I think helped “make it real” to people, because it was real. Winning the ten thousand dollars sure got people interested. So I’d say it’s these “press” moments that will see E2E find its way into “normal” conversation, if only for a moment.

My prodding comment was:

Unfortunately much of the talk about E2E is pretty off.
I’ve seen:
* “there is no problem”
* “your solution is something only geeks can understand”
* “your solution is to just ‘trust us’”
* hijacking of E2E potential as a call to inaction with respect to the use voting machines without any verification
* lots of heavily technical bureaucratic jargon that I don’t quite follow yet

Does the E2EV movement have any umbrella outreach and discussion place? My perception of it right now is that it is gaining momentum academically but that there is little advocacy intended for a general audience. What little there is seems to be partitioned into individual E2E projects (like punchscan) rather than movement wide.

An active yahoo group might be a helpful start.

I’m thinking of just starting an E2EV yahoo group myself but I’m not yet sufficiently committed to research and invite all the people needed to jump start a community.

ITIF’s eVoting report: point-by-point

Here is my point-by-point review of Daniel Castro’s ITIF eVoting report.

This is a long post. I recommend that you first read a summary of my views.

I am basic agreement with the thesis of the report which is that the debate about eVoting should move beyond voter-verified paper audit trails to include systems that can prove to a voter that their vote was counted as cast. However, I found the tone and focus of the report disagreeable and I disagreed with much of the material in the report advocating for eVoting and against voter-verified paper audit trails.

Continue reading

summary of ITIF’s eVoting report

I’m writing up a full point-by-point review of the ITIF eVoting report. [Update 9/20/07: It’s written. Here is the point-by-point review]

For now, here is a quick summary of my impressions.

I agree with the basic premise of the report that the debate about electronic voting needs to be broader and include other verification technologies than voter-verified paper audit trails. I am in basic agreement with the policy recommendations of the paper but I feel that these recommendations need some caveats. I discuss the recommendations below.

I disagree with much of the setup of the report. The susceptibility to fraud of electronic voting machines is downplayed too much as is the ability of voter-verified paper audit trails to mitigate that. The tone of the report when talking about organizations promoting voter verified audit trails or promoting distrust of eVoting is absolutely poisonous and Mr. Castro should be ashamed. I suspect that much of the poor reception this paper is getting is due to that.
Continue reading