Even after a bit, I'm still not sure where to start, so I'm going to keep it pithy and I'm sorry I'm not dropping links (they exist so if you have a particular interest in any of this, please reply and I'll send a link or two).
Thinking in this area goes back to before the disaster of the 2000 election; Rebecca Mercuri's PhD thesis (working with Peter Neumann) was the first treatment of a concept we now refer to as "software indpendence" (the proposition that no undetected error in the vote count could cause an undetected error in the election outcome) which was formalized by Ron Rivest and John Wack. (And, of course, Josh Benaloh and David Chaum did very early work on cryptographically-secured elections, inventing the mix-net and related concepts that we now use for things beyond voting). There are a variety of other PhD theses that are a great comprehensive treatment of some of this history and development, including those of Ping Yee, Dan Sandler, and myself (all students funded by the NSF ACCURATE project (A Center for Correct, Usable, Reliable, Accurate, and Transparent Elections) in the last decade). No, hand-counted paper ballots are not an answer. First, human-counting protocols are hard -- humans just can't count well easily -- and they require designs that may seem pretty crazy at first blush: a typical counting protocol involves four people and requires sorting ballots into stacks for each contest and choice and then having one person read each ballot ("obama, obama, obama, ...." "mccain, mccain, mccain") with two people making independent tally marks and then announcing each factor of ten, and a final person looking over the shoulder of the ballot caller to make sure they read it right. Sure, that might be possible if the US had simple ballots and a parliamentary system, but we do not. Our ballots typically are quite long and contain races across all levels of government, from federal races like president and vice-president to state races, to county races, to local races to even things as obscure as "mosquito abatement district commissioner" in places like California. This can result in (not uncommon) three page ballots front to back with contests sometime split between ballot cards. Moreover, the manpower that it would require to hand-count paper ballots in a jurisdiction like Los Angeles with 5 million voters is absolutely untenable; they already have to hand-count 1% of ballots which can take all 30 days of the post-election canvass process with teams working 24/7. To put it in perspective, Los Angeles has 12 languages it has to support (one of which has no written form) and they literally pick up ballots using a fleet of helicopters on county-wide election days (they run an election every month, but not necessarily county-wide). And there are very good reasons to use computerized interfaces to mediate the voting process. Usability and accessibility being the primary ones, and people make fewer mistakes that result in invalid ballots when they can use a good interface (that being said, many of these interfaces are quite horrific). I have been involved for the past 6 years in an effort in Los Angeles county to build their own voting system that 1) keeps no state (no computer adding votes); 2) has a amazingly usable user interface; and 3) is planning on having as much of the system be open source licensed (we can't open it all because it uses some things for which there are only proprietary components, like trusted computing elements). We have every intention to make this system part of a foundation that can hold the code and allow other jurisdictions (or whomever, as I'd like it to be modified-BSD) or even vendors to hack on it and produce downstream products. San Francisco has also been working through how much of their voting system they can open source, and have recently decided to focus first on a common component (the election-night reporting software that people and journalists reload constantly to get updated election results). I wrote what I think was the first paper on the potential use of free and open source software in voting applications in 2006 and it's part of my thesis... the conclusion there still holds: voting is very different than general purpose computing (these things are used infrequently and cannot be easily updated legally as we don't want software that hasn't been reviewed and tested running in live elections) and many of the goals we would like to get from an open source licensing model or open source development model (two different things) accrue from allowing and encouraging independent expert security evaluation (as well as other properties), of which there have been a number of such efforts including the 2007 California Top-to-Bottom Review of Voting Systems and the 2007 Ohio EVEREST (Evaluation and Validation of Election-Related Equipment, Standards and Testing) Review. And the best book out there on this whole mess I would argue is still the wonderful tome by Doug Jones and Barbara Simons called "Broken Ballots" that does a wonderful job of explaining why this is one of the hardest problems in sociotechnical systems, and one that we could use good minds to help out with... but very much ones that are ready to dig into the complexity and understand how complex the context is: https://www.amazon.com/Broken-Ballots-Center-Language-Information/dp/1575866366 Ok, I'll shut up now. On Thu, Jul 19, 2018 at 6:04 AM Joseph Lorenzo Hall <j...@cdt.org> wrote: > That is a great point and I'll send a short review with links later today. > Take care, Joe > > On Thu, Jul 19, 2018 at 00:25 Yosem Companys <ycompa...@gmail.com> wrote: > >> Joe, >> >> No offense taken. But as an expert on this subject, you should suggest >> some resources that list subscribers should read so they may be able to >> sift through the media sensationalism. >> >> We're all experts at certain things and amateurs at others. >> Unfortunately, we all don't have time to do extensive research on every >> topic that affects our world. That's why we have intellectual communities >> of experts to enlighten us. >> >> My understanding from having read a number of studies on voting machines >> is that they're closed source, outdated, and riddled with vulnerabilities. >> If that is true, then wouldn't a world that decided to use only voting >> machines increase the likelihood of malicious hacking influencing voter >> outcomes? I don't see how such a scenario doesn't jeopardize fair elections. >> >> I'm not saying that voting machines are better or worse than pen and >> paper or punch ballots. God knows that there was a time in this country >> when there were no secret ballots and political henchmen would beat you up >> for not voting "appropriately." Such scenarios also jeopardized fair >> elections and were outlawed thanks to the progressive movement. >> >> Thanks, >> Yosem >> >> On Wed, Jul 18, 2018 at 8:58 PM, Joseph Lorenzo Hall <j...@cdt.org> wrote: >> >>> I'm quoted in the Zetter article, did my PhD at Berkeley hacking voting >>> machines, have been working on this for fifteen years and this thread is >>> already ridiculous after just two posts. >>> >>> Please take the opportunity to do your homework before thinking any of >>> what you've written below is true. >>> >>> I know it sounds snarky for me to respond like I'm about to but Matt >>> Blaze summed it up well today with this: >>> >>> https://twitter.com/mattblaze/status/1019671716119896064?s=21 >>> >>> "I should have realized that our decades of focused experience working >>> on this exact problem would be no match for your gut reaction after reading >>> about it on the Internet. Why didn't you tell us sooner?" >>> >>> I'm usually not this pointy, so I'll apologize now. Best wishes, Joe >>> >>> On Wed, Jul 18, 2018 at 21:36 Douglas Lucas <d...@riseup.net> wrote: >>> >>>> A crucial topic, thanks for posting Yosem. There's no reason to expect >>>> one's vote in the United States counts, given our corporate, >>>> proprietary, closed-source computerized voting. The standard should be >>>> paper ballots handcounted in public, as in Germany >>>> >>>> https://www.dw.com/en/german-election-volunteers-organize-the-voting-and-count-the-ballots/a-40562388 >>>> and Netherlands >>>> >>>> https://www.nytimes.com/2017/02/01/world/europe/netherlands-hacking-concerns-hand-count-ballots.html >>>> >>>> One would expect the transparency, free/open source software movement >>>> nonprofits to be all over this topic, but it's typically crickets, I >>>> guess because it's seen as loony bin third rail stuff. Good books to >>>> read on the subject -- which include recommendations for action -- >>>> include Bev Harris' BlackBoxVoting.org and Jonathan D. Simon's >>>> codered2014.com/ (the books basically have the same titles as the >>>> websites). >>>> >>>> Douglas >>>> >>>> On 07/18/18 13:58, Yosem Companys wrote: >>>> > Seems like an issue that goes to the heart of democracy and its >>>> > survival in the 21st century: >>>> > >>>> > >>>> https://motherboard.vice.com/en_us/article/mb4ezy/top-voting-machine-vendor-admits-it-installed-remote-access-software-on-systems-sold-to-states >>>> > >>>> -- >>>> Liberationtech is public & archives are searchable on Google. >>>> Violations of list guidelines will get you moderated: >>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech. >>>> Unsubscribe, change to digest, or change password by emailing the moderator >>>> at zakwh...@stanford.edu. >>>> >>> -- >>> Joseph Lorenzo Hall >>> Chief Technologist, Center for Democracy & Technology [ >>> https://www.cdt.org] >>> 1401 K ST NW STE 200, Washington DC 20005-3497 >>> e: j...@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key >>> Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 >>> >>> -- >>> Liberationtech is public & archives are searchable on Google. Violations >>> of list guidelines will get you moderated: >>> https://mailman.stanford.edu/mailman/listinfo/liberationtech. >>> Unsubscribe, change to digest, or change password by emailing the moderator >>> at zakwh...@stanford.edu. >>> >> >> -- >> Liberationtech is public & archives are searchable on Google. Violations >> of list guidelines will get you moderated: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech. >> Unsubscribe, change to digest, or change password by emailing the moderator >> at zakwh...@stanford.edu. > > -- > Joseph Lorenzo Hall > Chief Technologist, Center for Democracy & Technology [https://www.cdt.org > ] > 1401 K ST NW STE 200, Washington DC 20005-3497 > e: j...@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key > Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 > -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] 1401 K ST NW STE 200, Washington DC 20005-3497 e: j...@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing the moderator at zakwh...@stanford.edu.