[ale] OT: electronic voting info

[Joe Knapka]

Ronald Chmara <ron at Opus1.COM> writes:

> My ideal touch-screen system would have a user verified spool tape, a
> user receipt, and electronic tallying. If the votes were challenged,
> the spool tape could be consulted. Worst case would require
> user-receipt checks.

The problem with this, as I see it, is that it's not obvious what
would prompt such a review of the paper records. Elections could still
be manipulated in subtle ways, and if everyone *assumed* that a "more
secure" voting system was actually more secure, it seems unlikely that
any huge public outcry for a review of the paper records would occur.
"This election didn't go the way I expected," all the voters would say
to themselves, "but hey, we're using the new 'more secure' touchscreen
voting system, so it must be OK. Beats punched cards, don't it?"

My ideal electronic voting system would be cryptographically secure
and would provide these features:

(1) gauranteed(*) anonymity - there's no way for anyone
other than me to find out how I voted;

(2) a means for an individual voter to verify that his vote
was properly tabulated;

(3) guaranteed(*) security - there's no way for a voter to
vote multiple times, or for an election official to
manipulate the ballots.

(*) Where "guaranteed" means that the best available
cryptographic algorithms are used in the implementation.
Of course, the development of better hardware or
cracking algorithms might invalidate the guarantee.
But that's better than no guarantee at all, which is
what we've got now.

Bruce Schneier outlines protocols that achieve those goals in "Applied
Cryptography". They would be straightforward to implement (although
there would be logistical issues, such as provisioning voters with
the required keys and tokens). All of the existing touch-screen voting
systems look like collaborations between Mickey Mouse and Rube
Goldberg in comparison.

-- Joe Knapka