Open voting: Our Democracy Rests Upon This Question

Introduction
Since the inception of democratic societies, the right of "one person, one vote" has been recognized as the
most basic process needed to allow equal participation by the people. One person, one vote is also depends
on a voting system that minimizes the chance of votes being inaccurately counted, or fraudulently cast,
or fraudulently changed by officials with neferious motives after the vote was cast.

The quickest way to count votes is using automated methods. There is no question about that. But speed
is the least important aspect of vote counting if that speed makes it possible for fraud to exist. If we
wanted speed, we could count only 1 vote in a 100. That would certainly be faster. Do you want to be one
of the other 99? -- no, nobody does. A desire for faster counting must not comprimise the intent of the voter.


Our Democracy Rests Upon This Question

If you did not see with your own eyes the physical ballot with your vote on it go into the certified ballot box,
how do you personally know that your vote would not be changed? If it was an electronic vote, it could be
changed. Do you trust a computer programmer who says his program is trustworthy? Virtually all
programmers don't trust computers enough to rest our democracy on that clandestine technology. Programmers know
that even the most extensively reviewed programs still have a chance of having an error, and that the hardware
the programs depend on also have errors. How do you audit a vote incorrectly tallied by program which has an
error causing your vote to be incorrectly cast? -- you cannot. There is no way to see how the program changed
your vote, because computers transfer information from one part to another using electrons, and those electrons
are long gone when it comes time for an audit. How do you know the programmer did not create a program designed
to fool everyone during the election, and erase it's own neferious parts as it shuts itself down? You will not
know as you stare into the face of the monitor, and neither can your election officials, they are not computer
specialists either. Even a computer specialist staring into the face of a monitor of a computer-only based
system has no way of knowing if the votes are being tallied properly, either due to unintential errors or
intentional fraud.


Safeguarding Your Vote

Your vote, to be safeguarded, needs to be permanently recorded on a piece of paper, birch bark, piece of metal,
something, anything that is a permanent physical ballot. You look at that ballot, and know that your choice
is immediately obvious to anyone who later looks at that ballot, either to count your vote, or to undertake
an audit of an automated vote counting system which is being challenged.

What can you do?

If you care about your vote, then you need to demand "voter verified paper ballot" systems from your legislator. Goto

http://www.blackboxvoting.org/

for more information on how to get involved.

--
On edit, changed *anything* to anything

Thank you for posting this.

its own thread. Hopefully this can evolve into a one page "flyer", promoting the open voting (or whatever we should call it) concept.

n/t

No other issue really matters unless this one is addressed.

Candidates running for public office must address express their positions on electronic voting machines, their position on abolishing the Electoral College, their position on establishing a national primary, and on making both the primaries and general elections public holidays.

If democrats are unable to answer these basic questions, then we must not give them our votes!

Paper based voting systems do not provide any greater assurances of correctness of tabulation than the poorly implemented technology straw man presented here. The paper ballot can be fed incorrectly into the tabulating machines (Republican votes fed through multiple times, other votes tossed, etc). The machines themselves can be rigged to count incorrectly. This is true whether the tabluating machines are mechanical or human.

A system with appropriate controls and audit capability would come much closer to facilitating a fair system than any manually based system ever will.

Without getting bogged down in a technical discussion, simply consider your bank statement, and your use of ATMs. These systems are marvelously accurate. There is an appropriate method by which these systems are implemented that guarantees their accuracy, and these same principles can be applied to voting systems.

"There is an appropriate method by which these systems are implemented that guarantees their accuracy, and these same principles can be applied to voting systems."

Oh.. yes.. indeedy. There is that possibility. Too bad that what we are getting instead is hackable junk. At what point in man's evolution do you feel it would be safe to "privatize" our election system?
I don't know about everyone else, but when I go to an ATM I get a receipt and later check the transaction on my bank statement. The electronic machines do not give me that opportunity with my vote. The simple 3 step solution......paper ballots...paper ballots and paper ballots for recount protection.

:kick:

We have evolved more than adequately to have electronic voting systems that are accurate, failsafe, economical, and fast.

It is not a question of technology. It is a question of will and intelligence to implement a controlled system.

Paper ballots are the simplest of all possible systems by which to commit fraud or make mistakes. They are a technology, just as computers are a technology. If the application of the technology leaves open the ability to manipulate the results without traceability, the system is flawed. All one has to do to subvert a paper trail is copy, dispose, or improperly process the paper. The fact that someone can show you a receipt has no bearing on whether it was processed properly. Once you punch your vote on a ballot, and deposit it in a ballot box, you (the indivual) have lost audit control, and there is no traceability to your input.

The manual ballot system depends on a trusted player (the election commisioner) to insure that the ballots are handled properly. In conjunction with some other manual checks and balances, there is a notion that the ballots are controlled. This process is easily and demonstrably subverted.

A computer system can have the same fallability. To prevent this system failure, audits and checks must be implemented. The advantage of the computer system over human based systems is that many more checks can be feasibly implemented. This is the strength of the ATM system. Although it can be subverted (all systems can) it is very, very difficult.

The reason that it is difficult is that there are two parties interested in insuring the transaction is completed properly. You, and the bank. Each acts in their own self interest to insure the transactions are conducted properly. A third party (the government/IRS is also interested in the proper handling of the transaction)

Any computer based voting system that does not allow you to check on your vote at any time subsequent to the election is missing the critical component of auditability and will be subverted.

I have not thought about the design of such a system to cover all of the possibilities. But clearly, the ATM system is an obvious model for how a system can be successfully deployed.

...that didn't give a PAPER receipt of the transaction.

A paper receipt is part of the audit trail. It is the audit trail that is necessary, not the paper.

There are many ways to provide audit trails. If paper happens to be the simplest or best mechanism, then fine.

But in a voting system (and my bank system) I prefer more comprehensive auditablity. If I voted on an "ATM", I would want the receipt I get to have a transaction ID that I can then use to reference against another electronic database that allows me to verify the details of my votes.

...folks, this is a discription of VoteHere's system. :puffpiece:

Sure, they'll give you a piece of paper and glorify INDIVIDUAL auditing, but there is no way to conduct a recount because the individual has the paper/ballot/receipt. Then you have to just trust the computer tally for election results.

Oh, by the way, there is nothing in a system like this to prevent the Diebold multiple set of books syndrome. You can verify all you want, your individual vote. What gets counted can still be something else.

And note how this person is again relying on "certification." We all know by now certification is in the hands of the people controlling that process and is a complete sham. This argument is predicated on the idea that certification can become infallable enough and will never fall prey to foul interests. Right....

ATM's are wonderful, no agument, but they have a backup, that piece of paper. However, ATM's do not have to verify a whole election, only your transaction.

Yes, no fraud proof system has yet been developed. But the paper you put down has the single advantage of being much harder to corrupt on a massive scale. Taken from a security angle, it wins, hands down. By the way, if the security is such a big deal with these computer systems, just arrange the same for paper ballots. And those ballots? Count them at the polling place, please, first, in front of witnesses. Really cuts down on those ingenious transportation glitches.

This is just another sales pitch for fraudulent systems, I'm afraid. Here, put your faith in technology, technology will solve your woes.

Nope.

Voter verified paper ballots that are dropped in a ballot box and used for recounts and audits of the systems.

But oh, one good thing has come out of technology. Every vote gets assigned a random number but it's not traceable to the voter. To make sure no shenanigans occur with the paper, since each paper ballot can have a bar code or optical code on it, IN ADDITION to the voter verified, readable results, you can run a cross check with the computer votes and easily determine which ones are valid and which ones are not.

NOW we have the best of both worlds. Paper keeps computer voting honest, and computers can help provide a cross check for ballot box stuffing.

In ATMs I get a receipt which I can later check against my account statement. It serves as evidence in case of a dispute. But ATM systems can and have been hacked so that some portion of the electronic transfers get diverted, even though individual statements may appear OK.

It is further flawed because there is some reasonable expectation that most ATM customers will monitor their accounts thus exposing some crude attempts to divert money. But using some sort of receipt to allow voters to confirm that their vote is correctly recorded in some location is no assurance that these or, more importantly ALL, votes were honestly counted and reported.

Giving people a printed record of their votes also creates other problems. Encrypted receipts, or anything not immediately human-readable, means that if some receipt later allows me to check into some database to check on "my vote," and if I actually am allowed to read from "real" (how could we ever know?) election data and discover an error, how can anyone ever tell if it was my boo-boo or a crime against democracy.

The only way to know if a count is flawed is to compare the tally with the evidence, and the only possible evidence has to be some unalterable document that each voter has read and approved as accurate evidence.

Sure there are ways to cheat in elections (see Florida2000), but unverifiable computerized systems make cheating very cost-effective, potentially even automated on a wide scale, and almost impossible to prove. This is a new danger that goes beyond the more familiar ways the most powerful groups in various localities manipulate results.

(I think we are mostly agreeing on basic principles here...)

When an electronic system breaks down, how can it be independently audited? How can the claim ATM's are marvelously accurate be verified (do a google search, I think you'll be amazed how often they aren't accurate, but I agree they are still amazing).

The million dollar question is how are you going to audit an electron? Answer is you can't. I write programs for a living, and I know one way to rig a voting machine to alter the election and leave no trace. I'll bet many other programmers would have many other ways. Simply altering the vote before it enters the phase of the recording process renders any auditing function entirely mute. This can happen by computer error, or malicious intent. And then, you are completely stuck. There is no legitamate way to have an independent audit to prove the tabulated results were incorrect.

When a paper system breaks down, I will audit it the old-fashioned way, with people, eyeballs, paper and pencils.

The whole point of an audit system, is to use a completely independent method to get to the same answer. When that basic philosophy is compromised, you get Arthur Anderson and Enron. I think democracy deserves better.

You don't audit an electron. You audit the system.

If the software altered the vote prior to its registration in a database, then the system is flawed. This is easily verified when the software is certified. The challenge is to certify a system and then have the controls to insure that the software that runs during the election is the same software that was certified, and that there are no means of applying external influence to the software's operation. This is not trivial, and cannot be done with 100 per cent certainty.

But the alternative manual systems are so easily subverted that audits almost meaningless. I can give the election commissioner money to have bogus paper introduced into the system, with real votes removed, the tallies can be modified with a 2 cent eraser, etc, ect. Manual audits are only as valid as the trusted sources that control the paper, and if you have lived through more than one election, you probably are not starry eyed about how much trust you can place in people when oversight is not possible.

The central difficulty of auditablity is the idea of the secret ballot. If every individual could audit their vote then a highly effective auditing vehicle could be unleashed. The problem with that is can you trust the keepers of the correlation database not to allow anyone but yourself to see how you voted. Back to the trusted entity again.... Its not easy.

Apply equally well to the electron system. I can bribe a commissioner to use a different program, etc, etc. And I agree with all those principles by the way, that the entire system needs to be operated with oversight.

The difference, is when the voter casts his or her ballot, he sees what's going into the system. There is no doubt. That is a huge difference from the fully electronic system. With a paper ballot, we at least have a fighting chance for an independent audit. I don't discount the possible role of a computer in the process, perhaps printing out the ballot first. But we must have a physical ballot as the primary record of the vote to enable an independent audit system.

The physical ballot as a primary record is irrelevant to an audit system since you cannot trace it back to its source and validate it.

The voter does not really see what goes into the system with a paper ballot. The ballot is read electronically or mechanically, and these systems have the same problem that you are attributing to computer based systems.

Ballots read by humans can/are easily influenced with cash, ideology, malice, or judicial decisions.

An electronic system could just as easily provide the feedback to the voter. At any rate, I have never been able to read the hollerith cards and ascertain whether my vote was punched correctly, so this piece of paper has always been worthless to me.

It would require alot more expense and a great deal more sophistication to bribe a commissioner to use a different program than to simply bribe them with cash or ideology to subvert a manual proceedure. Software can have security built in that would make it practically impossible to replace it with counterfit algorithms (one key, drop Microsoft as the OS!!!)

Even if we could have an open source application, with an open source OS (which demonstrably provides the highest level of credibility), I disagree with the basic premise that I can get the same verifiable feedback from an electronic system as a paper system. An electronic system can purposely, or accidentally give the wrong feedback. Photons hitting a piece of paper cannot do the same thing. The point is, that the initial vote may be altered in the fully computerized system, and there is absolutely no way to say for certain that an error occurred. I can't get around that piece of logic.

BTW, I'm not thinking punch cards here, I'm thinking printed ballots.

While it is true that the paper ballot may subsequently be fed into an automated counting system, and the voter doesn't know exactly how the ballot was counted at that point of entry, the difference lies in the fact that those ballots can be independently audited by people with eyeballs.

I don't want the security of my vote to come down to trusting if the technical arguments of someone like you and I are correct. I want to know that, if worse comes to worse, and a recount via audit is needed, then normal people can look at a pile of ballots and declare the winner using only their eyes. Same way we do it now.

That the software CAN be secure (which I do not agree with) but for the sake of argument, let's do that.

Now we get to move to the hardware hacks that can be implemented in the computer system.

The bottom line is simple - no system is secure. But your suspiciously sounding "VoteHere argument" is even less secure than any of the systems in use today.

are nicely and clearly articulated. This is helpful to the discussion, in my view. In your comments above I think you miss the point of paper ballots as original, unmodified, raw data and as the ultimate evidence in case doubts arise about the accuracy of the subsequent tallying process, whether done by human hands or mechanical or electronic devices. Voters see the same ballot that serves as data in subsequent counting routines -- routines which can be cross-validated by human observers. Punchcards are flawed precisely because the paper card may not have actually registered the intent of the voter, and double-checking the ballot as part of the voter verification stage is impossible. But in all-electronic devices the voter cannot even verify that what is shown on the screen has anything to do with the "data" generated.

With human-readable ballots the voter sees the raw data, and it continues to exist in the form in which it was originally verified and cast. Electronic ballot-generating machines have the advantages touted for paperless systems, but don't have the limitations of the TrustMe-MePerfect systems (like preventing validation tests on election reports -- not to mention the new possibilities for fraud).

The audit verifies the result, not the system. Particularly a system that is sooooo easy to change as a computer system, and can be altered before, during, or after the election so as to render an audit useless.

This is the problem with the Georgia result. We have polling data suggesting several candidates lost, who probably should have won. The system is in question, and we quite literally cannot audit the system that was in use.

If a recount is demanded, and you want to verify the result, there has to be an independent method of assessing the election result, or you really can't audit the initial result at all. Hand recounts are nothing new, they are the defacto independent audit method.

But the alternative manual systems are so easily subverted that audits almost meaningless. I can give the election commissioner money to have bogus paper introduced into the system, with real votes removed, the tallies can be modified with a 2 cent eraser, etc, ect. Manual audits are only as valid as the trusted sources that control the paper, and if you have lived through more than one election, you probably are not starry eyed about how much trust you can place in people when oversight is not possible.

Just how friggin familiar ARE you with election procedures, kcwayne?? I challenge you to tell me just what state you are referring to, and give me the link to their ballot control procedure, and tell me just HOW that procedure can be subverted on such a massive scale so as to throw an election.

And then please explain to me ALL the details of an electronic voting system. Because, you see, you cannot expect little ol' me to understand the electronic voting system, so YOU are required to explain to ME so I can UNDERSTAND that my vote is not going to be stolen. You are NOT allowed to DESIGNATE another person (via any fool certification process) as taking the place of MY understanding.

"... is to use a completely independent method to get to the same answer. When that basic philosophy is compromised, you get Arthur Anderson and Enron. I think democracy deserves better."

If the audit method is not independent, and completely transparent, you have a situation ripe for the crooks.

--
That's a shameless self quote, but I find myself thinking it's a pretty powerful statement.

Whether you use paper or computers is not the crucial matter in whether the system is secure. The critical point in any auditable system is the number of "trust points" that are required to process results.

In a manual election, you have thousands upon thousands of trusted sources you are relying on to accurately handle the vote. An electronic system has the advantage of reducing these points to a handful. I know of no such system, and am not in this business, I am speaking philosophically about possibilities.

So as a choice of system, it comes down to whether you would place more trust in a system that requires the monitoring hundreds of thousands of individuals responsible for monitoring thousands of transactions, or whether you would prefer to have a few points around which opposing parties insure that the transactions that run through these systems are secure.

I don't have a problem with using paper. I do have a problem with dead people that vote, thugs that prevent minorities from appearing at the ballot box, recounts that never come up with the same results, lost ballots, found ballots, unreadable ballots, and misleading ballots.

In my opinion, relying on a hand marked ballot as assurance that the rest of the system that handles that ballot is therefor auditable is naive. Eelying on an electronic ballot is no different. The entire set of control points through which a ballot is collected and tabulated must be secure, reproducable, and verifable.

To that point, I just don't see how manually implemented systems can ever handle millions of votes with any hope that there is integrity in the system.

And it's this:

The Constitution of the US requires the states to hold free and fair elections.

Turning the counting of the votes over to corporate America means the states have abdicated their constitutional responsibilities.

I ask only one further question:

How many votes did the state of Georgia count in the general election of 2002?

Answer: Zero

Summation: The State of Georgia violated the Constitution of the United States.

Now, you've gone from trusting many people, to TENS OF THOUSANDS of lines of code, each and every one has become a "trust point". As a programmer, I can tell you that scares the bejeezes out of me.

Arguing that a manually implemented system can't work, is just not facing the simple reality that they do work, and have been working for centuries. Are they perfect? No. Do ringers slip through like dead people voting, yeah. But don't make those arguments with out showing that it could be prevented in a computer based system, or a computer-enhanced paper ballot sytem.

If you are going to call every line of code in a system a trust point, then you must also call every artifact that touches a ballot a trust point. And that is simply not what trust points are.

I know that you know what a trust point is, but your latest arguments are more about semantics than issues, and I think this is unproductive and not interesting. So I will sign off and say, welcome to your system. I disagree with your assertion that the manual balloting has been working for centuries, and if I had the time would pull out endless references to bogus results. Chicago under the first Daly administration is a prime example.

If you really believe what you are saying, you should withdraw all of your money from banks and security institutions. You should also use your skill as a programmer to hack the electronic interfaces of these institutions and make a grand living dodging the audit trails and security that these systems throw up for amusement.

IN fact, for a system like voting, it has been generally accepted that the scope of fraud is reduced with the "many eyes" method -- the MORE eyes are on the counting, the better.

For this reason, it is generally more trustworthy to have the ballots counted at each precinct by each set of pollworkers/machines (with proper auditing) than to centralize the count.

While it is true that this provides more attack points, each attack point has access to only a few votes. It is simply not feasible to run around to 200 precincts in every county (and there are over a hundred counties per state!) to rig the vote on a grand scale.

There will always be points of weakness, but a properly designed counting system is really quite simple:

1) It is audited. Auditing, by definition, requires two independent sources of data which must match up. The key word is "independent." My main objection to the current system is not that it uses computers, but that it does not contain a proper audit trail.

Immense efforts and vast sums of money are being spent to get rid of auditability, in these two ways: a) Eliminating the voter as a source for verifying the evidence: A paper ballot verified by a voter provides an independent source of evidence to match against the machine tally, again, with "many eyes" involved. b) When we have voter-verified paper, as with optical scan machines and punch cards, making it illegal to use these records to audit the machine tally. Yes, it's true, that's what many states have done!

2) The vote-counting must be public. Any system which requires a computer science degree and/or access to examine secret proprietary software automatically fails the public counting test. Now, I can live with having one of the two matching audit sources requiring computer expertise to evaluate, though it needs to be open source (I'll explain why below). We can NEVER allow both vote-counting sources to be understood only by computer scientists, because that fails the public counting requirement.

Many eyes vs centralized counting When you reduce the number of people involved in counting votes, you also exponentially increase the number of votes they supervise. The many eyes system means someone, somewhere may be compromised, but the central count system means that someone will probably still be compromised, but instead of affecting a couple hundred votes, will be in position to affect 10,000, 100,000, or even a couple million votes.

This changes the equation for vote-tampering. One method of tampering with the vote is bribery. It's nigh-on impossible to bribe 10,000 pollworkers at once, but somewhat practical to target one programmer, or one county supervisor who has access to 100,000 votes.

Suppose you are a profiteering multinational company that is ethically challenged, and your budget to rig the state of California is $2 million. With the many eyes method, you'd have to divide that $2 million into a huge number of people with local access -- at least 1,000 (and that won't even give you the all the biggest metro areas), if audited counting is taking place at the polling place, giving you perhaps $2,000 per person for bribes and getting too many people into the act. If you weaken the audit trail and consolidate counting, though, you can approach very few people, selecting the most vulnerable and offering huge sums of money.

In fact, it is much more dangerous to consolidate the counting of the votes into very few hands.

To reduce fraud with the many eyes system

The best system I know of is a hybrid system. A machine counts the votes, and a separate system counts the same votes, and the tallies must match. There are several ways to achieve this, but under no circumstances should both systems be proprietary, and especially not to the same vendor!

Open source I wasn't one of the people who clamored for open source, at first. I have always looked at this as an accounting problem, and one which must, by its nature, presuppose attempts at fraud; therefore, the auditing methods must be designed to catch fraud, not just random error. Here is what changed my mind -- even if the vote was audited perfectly and trustworthy to a "T":

When examining the Diebold code, it became apparent that the relationship between personal data and our private vote had become a bit too cozy. In the voter card activation program were commands like "get firstname, lastname, birthdate, streetaddress, city, state, zip." (Diebold, it should be noted, also owns a computerized voter registration company called DIMS, and began writing its vote-tallying software to interface with DIMS some years ago.)

The above example shows that, even if our vote was fully and satisfactorily audited, our privacy would still be at risk if the code was allowed to be kept secret.

Just my two cents.

Bev Harris

1) Many eyes means that a small fraction of the votes could be tallied wrong in the worst of situations.

2) Automated counting means any systematic biases will potentially affect every single vote.

Thanks for your two cents. I'd say it was worth a nickel, at least :-)

You are a true American.

You are one that cares about our most undervalued RIGHT to vote, which unfortunately so many of us, including myself, have taken for granted. I hope no longer.

To be redundant, but to be straight from the heart, thank you for your tremendous insight, your courage, your heartfelt and steadfast concern for our nation, and for what makes this country so wonderful, you are a hero. Or heroine. You are one (among others like Demactivist and Sharon Ann, Eloriel, and many others**) that have taken their skills and given back to this country which SO NEEDS IT RIGHT NOW.

Thank you for caring. For showing so many of us what we need to know and what we need to work towards. I hope we are able to make it right, so that Democracy is salvaged. So many, if not all Americans want this and want our country to be the absolute best it can be. This is about all of us, Republicans and Democrats alike. If any issue will bring us together, this one will.

This deal has surpassed ANY party lines now.

God bless you!! and as Tiny Tim says " God bless us everyone"!

Truly, God Bless us everyone........

If you want to talk about things that really matter, not just abstractions that hide the details, I'm here. If not, that's ok too.

I really believe what I'm saying. Worse yet, I have a boatload of experience with computer systems to back it up. And, no, I'm not going to use my skill as a programmer to hack institutions. That would be illegal, unethical, and immoral. Not my style.

This is old stuff now, but ATM records can be traced. If fraud happens, there is proof somewhere.

When you vote, your identity and relationship to that vote is supposed to be gone. You can't trace a vote back, you can't find out it's history and where something went wrong. (If you can, we've got a problem....)

Now, as to the paper issue and fraud. With the new voter verified paper ballot touch screens, that ballot gets a voting session number. It is a random number that is created the moment the paper is printed. (In this system) It is not tied to any specific voter information or time. It is printed for all to read. Trying to stuff a ballot box just got a lot harder and more security features are built into the printing and you could use watermarked paper, optical scan marks, bar code, whatever. Then, run the ballots against the machine. Extra ballots in the box are going to show up.

In the end, to thwart electronic vote fraud, you need the voter verified paper ballot.

With both the computer and the paper, I think you can come to a pretty fool proof system. Remember, we're not talking about how paper ballots were in the past. These can be ID'd.

Now, I do think open source code isn't a bad idea, for the reason Bev mentioned- some of these companies are not treating random numbers in the spirit intended. (Most of the Touch Screens do generate the random number, whether the ballot is printed or not. It's how that's handled internally that matters)

Any links to more info?

is intended to create an untraceable voterID number for database purposes. A good thing for privacy, although some random number generators are less random than others.

In my view databases that compile voting records into voter profiles in themselves compromise privacy. A better model would be a random voterID for each item on the ballot. This is something that could be enforced in computer driven ballot generators and in the counting/reporting systems. (Fifty ballot qustions and a "Start" button that generates 50 random IDs.) Paper "allows" this kind of compilation of voter profiles, but the labor costs are prohibitive if that type of computer analysis of the ballots is prohibited.

That's the part I don't understand. Why is a random ID better than no random ID (blank ballots)?

Is it because at the polls we can have a list of random ID's separate from the ballots which is kept physically separate and can later be used in a recount or audit to verify the ballots?

Pobeka,

I don't think you can assign or call up information without giving it a designation or ID of some sort.

A random ID is generated in the computer and is not connected to the voter sign in.

I believe this way you can count up the number of votes one at a time, and there is a space for that vote via that number.

It would also tend to help store information for that whole ballot, not just assigning votes wherever they go.

Otherwise, I think you'd just get a jumble of votes and no way to ascertain if someone voted more than once. Of course, that can still be done but could in theory be checked if the program was honest.

You don't need a random ID in the 'puter. You don't need an ID at all, for that matter -- an anonymous list of records is just as easy to count as a list with ID's. Now, if you're using a database (still boggles the mind why you'd want that, but that's a whole other topic), you need a unique ID for each record because virtually every database requires that records somehow be unique.

My paradigm is these (absentee) opti-scan ballots we have in Tacoma. I just double checked, and my wife's ballot and mine are identical, there is no unique ID. So, that does open up the possibility that someone could scan a ballot more than once, if there aren't "many eyes" watching the whole process.

What I was thinking, is that a printed ballot becomes the ballot of record. The printed ballot is subsequently scanned to determine the actual election results. If there was a list of random ID's generated during the election for the precinct available to election officials, and ID's printed on the ballot too, then during a recount or audit, a ballot could be challenged as being fraudulent, and a crosscheck could be made back to that independent list of ballot ID's, or the entire stack of ballots could be crosschecked back to the independent list if desired. The computer, then, becomes a bit less of a black box, only printing the actual ballot and assigning the random ID. This of course moves the blackbox problem to the optical scanner, and those in the end may prove more daunting to publicly review than a full open source system (Operating system is open source as well as the vote tally-ing software). The key of course, with any voting system is that we have physical ballots available for the public to hand count.


I think there is another trick one could do here with public key cryptography, using other information printed on the ballot to verify it's own random ID, and make it doubly difficult to create a fraudulent ballot. But I haven't thought this through very well...

Thanks for your help!

My paradigm is these (absentee) opti-scan ballots we have in Tacoma. I just double checked, and my wife's ballot and mine are identical, there is no unique ID. So, that does open up the possibility that someone could scan a ballot more than once, if there aren't "many eyes" watching the whole process.

Proper election procedures use multiple eyes from both major parties when ballots are being handled/counted.

The privacy of one's vote demands that there be no identifying mark on the ballot. In fact, MN election procedure DEMANDS that if a voter puts any identifying mark on the ballot, that ballot is discarded and its votes not counted.

And yes, absentee ballots can be identical to ballots used on election day. I believe that is true in Minnesota, where I think (upon reading the MN manual on election procedures today) each absentee ballot is counted on election night in the precinct in which the voter is registered.

I was thinking about what could happen at the polls -- where you sign in to vote as usual, and then proceed to the computer which generates a random ID. That random ID would never walk out of the polling place with you.

So I will sign off and say, welcome to your system.

Signing off?? Well, I am sorry I am so late to the party I missed you.

If you are going to call every line of code in a system a trust point, then you must also call every artifact that touches a ballot a trust point.

I have no problem with that at all, because it helps make the paper ballot point. Ballots pass through the hands of humans at most 1 or 2 times before they are counted, and while they are in the hands of humans, multiple election judges are watching. So for paper ballots I have 2 "trust points" that need to be carefully secured. For electronic ballots I have thousands lines of code, or "trust points", that need to be secured.

Not because the logic wasn't obviously flawed, but because the debater gave up.

But following up with your response, this is what I would have said:

The total failure in the logic was to introduce yet another term "artifact". Of course, the key point would be "potentially vote-altering artifact", which makes it quite clear what the problem is, since every line of code can alter a vote, but only a few dozen people in a precinct could alter a vote.

And, if we are talking about an application that sits on a multitasking operating system, then we must consider the OS itself, which now involves millions of lines of code.

:kick:

most important issue. Sad they are doing such a good job of ruining everything good about our country, it wasn't supposed to be so easy.