Rasing the E2E Profile in the Public Eye
September 25th, 2007 by Aleks Essex and Richard Carback in : Voting GoalsOur colleague at allaboutvoting.com has pointed out a few of the top misconceptions about E2E floating around out there on the internet. I know them well.
The allaboutvoting suggestion was to establish an outreach to the broader public about E2E. Of course this is a good idea, and something that’s overdue. But that’s going to be tough. As for Punchscan, our approach to raising its profile has always been by “doing.” First we designed and built it. Then we debuted it in a binding election. Then we won an international competition. I think that these milestones were all necessary; people need things they can “touch.” Pictures and movie of real voters using Punchscan I think helped “make it real” to people, because it was real. Winning the ten thousand dollars sure got people interested. So I’d say it’s these “press” moments that will see E2E find its way into “normal” conversation, if only for a moment.
But what aberrations do we have to deal with in the mean time?
“There are no concerns with present electronic voting machines”
I think there’s been enough treatment in the news to allow me to go ahead and skip this point.
“Your solution is something only geeks can understand”
This one always bothers me. Not because I think the “average person” should understand cryptography, but because you don’t need cryptography to understand Punchscan.
The entire Punchscan process can be explained and performed using paper — without math, without computers.
Certainly I think anyone can understand our goals: to give voters the ability to prove their vote made it into the tally.
Certainly I think anyone can check their receipt: either online or give it to someone you trust (e.g. Democracy Watch) to check for you. This receipt data can even be published in a booklet or newspaper. This is (in the worst case) equivalent to the “hand counted paper audit” solution.
Certainly I think anyone with the internet can download and run the open source audit application on the election data, or ask someone you trust (e.g. Democracy Watch) to do it for you.
Certainly I think that anyone can understand how Punchscan works because the entire process can be explained using only paper products and simple steps (no crypto, no math, no computers). This will be the subject of a future post.
“Your solution is to just ‘trust us’”
Independent Verification. What does it mean? Exactly what it says, that’s why they chose the words!
THE ENTIRE REASON we designed Punchscan was to give voters a mechanism to prove to themselves, and by themselves THAT:
- their vote made it into the election tally
- all votes were counted as they were cast
Now this is an academic project, which means you’re entirely welcome to examine and critique the method by which we attempt to realize these goals, however this particular critique is just another way of saying “I haven’t even read your home page.” :-p
September 25th, 2007 at 10:27 pm
[...] No Comments Aleks Essex of Punchscan, prodded by one of my comments, posted his thoughts about raising the profile of end-to-end verifiable systems in the public eye: The allaboutvoting suggestion was to establish an outreach to the broader public about E2E. Of [...]
September 28th, 2007 at 2:06 pm
I think that the problem that most people have with Punchscan is not that it would be too difficult to use (although a human factors study would have to be carried out before Punchscan should be taken seriously), but rather that it’s too difficult to understand why tampering would be evident. It’s not good enough for thousands of experts to agree that it works, and it’s not even good enough that no one has demonstrated how to defeat it, even given control of the election computers.
Without a firm belief that the machine can’t alter the results, the opposition justifiably prefers a system in which changing the outcome requires the misappropriation of many pieces of paper (notwithstanding the fact that this is known to have happened throughout history).
If you you think that you can explain the security of Punchscan in a way that most people can understand, then more power to you. (And let me know if I can help.) As for the current explanations, well, my wife says that they make her head hurt. Moreover, there is a natural tendency to believe that anything that requires effort to understand must be a fraud.
But if you are so confident that the system is secure, why not put your money where your mouth is? Offer a cash prize for anyone who can demonstrate how to decisively alter 100 or more votes with a detection probability of less than 99%.
September 28th, 2007 at 2:18 pm
Anders, this isn’t RSA labs. If we were selling a product at this point I would tend to agree. Maybe we can do the old $100 in Scientific American, otherwise I’d need to save up my grad stipend for a while.
As for the explanation, I’m working on it. I’m writing a way to explain the entire process with paper and no math. If you can understand and follow the procedures for a conventional Australian paper ballot election (such as the one happening in Ontario in two weeks), you should be able to follow along with this. At least that is my literary intent.
I tend to view simplification and education as the paramount direction at this point. Believe me, my wife’s head hurts too.
September 28th, 2007 at 5:07 pm
I agree that education is of utmost importance. I look forward to your simplified explanation.
In terms of a cash prize, I don’t think anyone will ever claim it. If you can find an impartial expert to referee the challenge, then it should be easy to obtain financial backing.
September 30th, 2007 at 1:00 am
“In terms of a cash prize, I don’t think anyone will ever claim it.”
That depends entirely on the contest. If we publish the public representation of the Punchboard and then say “tell us who voted for whom” then yes I agree. It’s in the neighbourhood of the AES128 challenge (if there were to be one, which there isn’t!).
In the history of Punchscan, folks have blown us off on unsubstantiated suspicions of (un)usability and conceptual complexity. But I don’t think we’ve ever been accused of being at an unestablished echelon of security, if you can believe it.
October 3rd, 2007 at 1:59 pm
I agree that there has not been a *rational* refutation of the system’s security, but most people don’t know the first thing about cryptography, and they can’t even get their heads around the concept that the computers couldn’t misstate the results. As we have seen, many of these people are all too eager to refute the system loudly and irrationally.
I think it’s easier for people to grasp the significance of an unclaimed bag of money waiting for the first person to show us where we’re wrong.