[ale] OT: Electronic Voting in GA

John Mills jmmills at telocity.com
Sun Oct 20 17:42:42 EDT 2002


Joe, all -

On Sat, 19 Oct 2002, Joseph A Knapka wrote:

> John Mills wrote:

> > How would you compare auditing a direct-electronic voting system with
> > auditing a state's old-style mechanical lever machines?

Context - when I said 'mechanical' I meant the old lever style.
 
> With mechanical voting machines you have an absolutely irrefutable
> physical representation of each voter's vote.

You don't have any way to know if your vote was actually added to the
counter for your candidate, since the counters are out of sight (for their
protection). Ultimately the totals were transcribed manually. Anyway,
no one can afford to maintain or set up these beasts any more.

> With any automated
> system, you need some way to be sure that there isn't some code
> in there that says, "No matter what buttons the voters press,
> record 65% of the vote for candidate A and distribute the
> remainder randomly among the other candidates."

I certainly don't say this _can't_ happen, but there are some measures
that can make it a bit trickier:

1. Keep the counting code separate from the database which defines any
particular set of contests. [Plays directly with (5), below.]

2. Test the counting code for logical correctness in all legal types of
contest.

3. Escrow the counting code.

4. Limit or eliminate the OS used (a tough one, I know).

5. Require that elections be configured in clear, readable, logically
testable text files (XML, anyone?), _by_ the election authority or other
certified parties. [Some manufacturers of voting systems count on
providing this service in their business model - terrible, in my opinion.]

6. Naturally the 'logically testable' part should actually _be_ tested.

7. Verify the configuration of each election under the active supervision
of all interrested parties.

8. Keep and confirm records and backups of all the above.

9. Forbid 'shortcuts' in processing returns and accept any necessary
extension to the window within which an election must be certified.

10. For distributed systems, separately confirm the consolidation
(totaling by voting station) - ideally using competitive products from
different vendors - and keep a record of each station's subtotals. (This
is a potential 'audit' function, to beat the original thread's now dead
horse.)

There is also some information you should _not_ retain. For the GA
systems, no correlation between the identification of the voter and the
'voting key' value used to enable the vote, nor the resulting votes,
should be possible.

DISCLAIMER - I don't know the status of any of these points in either
Georgia election regulation nor US/FEC requirements.

That said, I agree that the stakes are very high compared to the price of
a few skilled people to corrupt the process. Im many electons the margin
of victory is probably small enough that only a small fraction of ballots
need be 'thrown' to affect the results.

I just don't think the electronic systems are worse (once we get over the
'new technology' buzz) compared to the known problems of the older
systems (which are _terrible_ to maintain, use, and test).

We do have some work to do (as a society) to apply the standards to ALL of
our new technologies we applied to the old. (DMCA, anyone??)

The same issues apply to banking, lotteries, etc, etc. I don't see this as
specfically a voting nor technology issue.

 - John Mills


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list