As a way of "Correcting"
the problems with all types of voting system(paper,punch cards,tally machines
and such)
Use Triple audit system
like credit card transactions use.
In the credit card world
it goes - Initial transaction (electronic) - paper signature (now going local
sig capture) - end of day reconciliation(electronic).
1) Electronic Voting machine to enter votes and register
to the first electronic copy of the vote. (Copy #1 Electronic)
2) Print out a paper "Ballot" from the Electronic Voting
machine with votes registered. (Copy #2 Paper)
- Voter can confirm that the votes were recorded correctly
- Card would be encoded with a RSA type authentication signature for copy type
attacks.
- The Voters receipt would have the RSA type authentication signature - thus
statically voter audits could be performed.
3) Voter
feeds the paper "Ballot" into a OCR vote counter. (Copy #3
Electronic)
This system has 2
electronic copies for initial fraud detection. If designed right the two systems
would be independent and separate.
Thus remove the
possibility of a single inside person hacking the system.
The paper
"Ballot" provides a physical ballot for recounts and fraud
detection.
Final vote tallies would
require that all three copies match.
Just a idea.
Mark
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Irwin
Sent: Friday, March 24, 2006 9:45 AM
To: Biofuel@sustainablelists.org
Subject: Re: [Biofuel] Fw: "How To Steal an Election"
Hi All,
Although I tend to enbrace technology when it helps, what is the problem
with giving each person a paper copy of their own vote. Then take this paper
copy to another location at the voting place to be tabulated against the machine
count as part of the voting process. This count would be the real count with the
machine being the preliminary count. Just a thought.
Tom Irwin
From: Evergreen Solutions [mailto:[EMAIL PROTECTED]
To: Biofuel@sustainablelists.org
Sent: Fri, 24 Mar 2006 13:24:20 -0300
Subject: Re: [Biofuel] Fw: "How To Steal an Election"
Don't get me wrong, I'm a fan of the open-source, publicly moderated type systems, however...I'll point out some flaws...
First off, the wide reaching level of conspiracy you're suggesting with the idea that "he rigged the vote" would in NO WAY be challenged by any of these mechanisms...the only possible issue would be more people on the payroll...but even then...
1. I don't trust my elected type people to look @ the guts of the software in the voting machine, and I sure as HELL don't want it made public for scrutiny. I'm not saying they don't need better protection, as the DeBolt machines were given to "hackers" last year and within about 3 hours they had dialed in and modified information. But...There's WAAAAY too many people with WAAAAY too much to gain to have source code filed away in some public office. Besides, anyone who understands anything about real hacking will tell you that half the fun is NOT having the source code...
2. "Elected officials have no chip to compare..." Again...none of my legislators would know the difference between an eeprom and a cpu, so...what's the point? A separate leislative/controlling entity to do checks? First off, they already exist, and second off....they're a *cough* publicly funded group, no less susceptible to the degree of conspiracy you're suggesting. Now, furthermore, the "chip" in a vegas slot machine that they're talkng about is the random number generator algorithm stored on an eeprom. All they do is an MD5 footprint to compare that the right algorithm is on the chip...randomly, which is about twice a month per machine. A casino can lose hundreds of thousands of dollars a day from re-chipped machines, so they have more REASON to check, plus there's no random number generator in an election machine. Apples to oranges comparison.
3. You don't want to know how many "programmers" have histories. Seriously. I have a friend who was one of those people who, when finally busted, was told "come work for us or go to prison." Now he makes $200,000 a year working for the company who busted him. DeBold and Wells Fargo have invested millions of dollars into the development of these machines. Consider the challenges...they have to be excruciatingly easy to use, very hard to open, extraordinarily easy to maintain, and capable of reporting every single daily interaction, all while maintaining the fun encryption that uses jumping keys in case the data stream gets intercepted. My point is that they've got safeguards in place to monitor the people on the teams...a slot employee can swap an eeprom and never get caught and his friends'll make hundreds of thousands of dollars. What's a programmer going to gain? Well, he'll definately get caught when the review team comes in, he'll get fired, lose his job, lose his entire career, and not be able to go to the machine and recoup his losses.
4. You want public information on how testing is done? Seriously? Let's tell all the people who want to circumvent the system EXACTLY where they're looking for security, and therefore exactly what's NOT scritinized as closely? Thanks but no thanks, private security firms charge a lot of money for a reason, and a lot of it is because they DON'T share the specifics of how they do their work.
5. This one's a dual edged sword. You don't necessarily want any tom dick or harry to be able to log-in/pop open the machine and say "Yup Delores, your vote DID go to Kerry, not Bush", but you also need voters to feel secure in knowledge that when they pressed KERRY the machine's variables weren't swapped and the vote didn't go to Bush. They don't want a papertrail exactly, and none of us want barcoded ID's with which to vote...but in most cases if you trust the people who are paid $50 a DAY for 15 hours of working the polls over the machine w/ automatic tally, then I think your reasoning is flawed. I'm not saying the system is right yet, or that it doesn't need significantly more work, I'm saying I personally believe it's just as secure if not more, simply by being LESS acceptable to the random poll workers in your small town.
Just my 2 cents, feel free to disagree to your hearts content.
_______________________________________________ Biofuel mailing list Biofuel@sustainablelists.org http://sustainablelists.org/mailman/listinfo/biofuel_sustainablelists.org
Biofuel at Journey to Forever: http://journeytoforever.org/biofuel.html Search the combined Biofuel and Biofuels-biz list archives (50,000 messages): http://www.mail-archive.com/biofuel@sustainablelists.org/
