Wired’s Threat level has an interesting post on a story by VanityFair on Aristotle, a political data mining company. The title is “Voter Privacy Is Gone — Get Over It”, but I think that is slightly misleading.

A campaign or other entity could certainly take advantage of (abuse) the information provided by Aristotle. However, the data only shows which way you are likely to vote, not necessarily that you will vote that way. Being allowed to vote (which is what this data is abused to determine) is only half the equation. You also need to be protected from being forced to vote differently than you otherwise would.

I see a problem, but I don’t see how Aristotle or any political data mining company is contributing to it per se. Any entity, private or political, with enough resources is going to be capable of gathering this data. Whether that should be regulated/illegal or not is another matter entirely. I will say that their false claims of buyer verification in the article do not inspire confidence…

This week I started disseminating news of my latest project, the VVSG-OF. The idea is to provide a discussion board-like setting for discussing the latest VVSG Draft. The hope is that, through open discussion, a few new ideas might come up that would not otherwise happen in the short times available in conferences on the document.

This is not to be confused with EAC’s own comment tool, which is a convenient, albeit mostly one-way, avenue to express your opinions on the document. When the comment period is over in early March, I will print out all the comments and mail them to the EAC (by me on behalf of each commenter).

If you are at all interesting in the voting process and where that will be heading in the coming years, I urge you to take a look!

The EAC provides a list of registered equipment manufacturers. It includes the more well known vendors such as Premier Election Solutions, Inc. (formerly Diebold), a name according to them “synonymous with security.” Another, perhaps lesser known, vendor is Precise Voting. Here is a selection of information from their website:

• Precise Voting’s primary product is the “AEVS (Advanced Electronic Voting System).” Features include:
  • AEVS Security:
    • “Verified paper trail” (as opposed to “voter verifiable paper audit trail” or “voter verifiable paper record”).
    • “Security Encryption”
  • Complete privacy: “You vote in complete privacy, simply by touching an electronic screen. The screen is constructed with a state of the art privacy film rendering it black to anyone who may be looking over your shoulder. Visual barriers also block the view of any onlooker. “
• There is a demo. You are “not authorised to view the resource” unless you are logged in.
• According to the site, “Voting With Technology” is a registered trademark.

The New York times has an interesting opinion editorial on voting that talks about Rivest and Smith’s Twin protocol. The author, William Poundstone, has a new book on elections coming out that might be worth reading. He was also recently interviewed by Mother Jones.

There seemed to be some misconceptions in the comments that Twin is/is not an “electronic system”. It’s a protocol, and an implementation of it would likely be mixed. The piece outlines the most obvious implementation: it would use a website for ballots, and requires a “ballot randomizer” that will give you a
copy of someone else’s ballot. I also found this claim from the article to be interesting:

Yet another opportunity for fraud, perhaps more likely than outright vote buying, would be created if voters were given paper records of their own ballots. Many voters would ditch their receipts in the first trash can they see. Then, crooked election workers could retrieve the discarded receipts and change the corresponding electronic votes, confident that there would be no evidence of their fraud.

I think this was meant to be a jab at Punchscan and other receipt-based systems, but It should be noted that the same opportunity exists for fraud in Twin, you just have to game the ballot randomizer. You deal with the problem by giving copies of the receipts to any observers who want a copy.

At least one commenter asked about its relationship to Punchscan. One difference is that in Punchscan, the receipt never indicates who you voted for, but one commenter noted that in the other system:

Ballot images are secret for good reason:
It is easy to buy or coerce votes if ballots can be recognized by combinations of downballot contests, patterns of zig-zag oval filling, or “stray” marks.
See scantegrity.org for a real solution.

I also add that, if you write down your serial number and call it in before it is posted you can pretty convincingly sell your vote. The crypto can really help in the confidentiality department, but it also helps with integrity, because, unless you’ve broken the cryptography, you can’t know what data to
change until after the results are posted (also note that, even if you break the crypto, you can’t rig the counting process, you can only change the publicized data that is entered into the counting process). At that point, observers have already downloaded all the ballot data and there’s many people who could catch you changing the data.

Smith also has responses to comments on the article.