A while back I visited the Black Box Voting online forum trying to elicit collaboration with what I saw as a shared goal of our respective projects: voter verifiability of election results. They weren’t interested. I don’t think it was the ends that was the problem as much as the means. BBV attempts to address with paper that which Punchscan attempts to address with paper and some cryptography. Although I understand what they find attractive about the old-school approach (being a practitioner of hand counting myself) I just don’t agree with any totalistic views in connection with computers being wholly bad for voting.

Today I received an email announcing a new BBV investigative report, which I took a read through and pulled out this:

When you introduce computers into the voting process this forces the citizens - who own the government - to trust government insiders to tell the truth about election results. [...] Citizens can see paper ballots counted in public at the polling place, but we can’t see what goes on inside a computer.

• Sentence one: Disagree - Punchscan proves (or disproves) election results to voters… independent of government insiders (whomever they’re supposed to be).
• Sentence two: Agree. We can’t see what happens inside, but we voters can see and control what comes in and out. And that forms the basis for an information based solution.

One of the requirements of an E2E system is no single trustee is able to decrypt ballots, in the exact same way that no one returning officer may have unobserved custody of a ballot box. Same idea. What you’re doing is distributing trust across several people or groups. There’s a physical solution obviously: chain of custody and observers. There are also ways to distribute trust across an information system. Simply put: everyone gets a key, and you can only run your election correctly with all the keys.

We proposed and implemented an open-source verifiable trust distribution system where everybody gets a copy of the software, and everyone checks everyone else’s copy matches theirs. It uses passwords and USB keys. We demoed this at VoComp.

For the record, Punchscan doesn’t really use that much cryptography and the entire system can actually be explained without any crypto at all. But for all the bellyaching that frequently accompanies the mention of the word, it really does buy you something: integrity of election results. The government insiders can’t change the outcome.

Punchscan is built on the use of digital bit commitments. That’s just a fancy way of saying: I write my wife a love letter, put it in an envelope, lick it, seal it, give it to her, and tell her to open it on Valentine’s day. Then when she reads it, she knows I really was capable of saying those “3 words” on more days than one.
But hey, obviously this is way too hard for the “average person” to understand… so just forget about it. (Note to self: Hash “I LOVE YOU” and email to Anna).

This entry was posted on Thursday, September 20th, 2007 at 4:28 am and is filed under Voting Goals, Voting Policy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.