Our colleague Ben Adida offers an interesting recap in his blog of this week’s EVT conference in Boston.

VoComp judge and voting systems researcher Josh Beneloah presented a ballot casting protocol and touched on the issue of usability; the ability to cast a vote the way you intend to. Ben explains Josh “mentioned VoComp to point out that there seems to be a dilemma between verification and usability: can we make it look identical to a DRE?”

This brings up an excellent point, because a point we tried to make at VoComp was that usability includes two aspects;

• accuracy
• feel goodness

and more importantly that one does not necessarily imply the other. But I think people have got it in their heads that something that feels easy to use makes it more accurate. But it doesn’t require much conscious thought to push a button. So what if a DRE is less accurate even if people think it’s easy to use? Isn’t accuracy the more important attribute? Somehow I doubt people feel that way.

Kinda like the 80’s architectural trend of putting little shutters on windows - it doesn’t really do what it’s supposed to, but who cares if it looks cool?

I mentioned in a recent post that in talking to a Diebold rep at last month’s VoComp he stated to me that their voting machines store ballots in memory in random order. I had indicated my skepticism to him at the time.

Now I read that in fact the Diebold AccuVote-TSX actually does “record votes in the order in which they are cast, and (it) records the time that each vote is cast.”

I will give the gentleman the benefit of the doubt that he was misinformed.

Alternatively in a cryptographic voting system such as Punchscan, the thing that records your vote only ever sees an encrypted version. So it doesn’t matter if they get stored in order.

UPDATE: Looks like we weren’t the only ones they were telling that lie too.

That we won the VoComp grand prize has resulted in some attention from wired, the baltimore sun, ID trail, CBC radio and more recently slashdot.

• What are the details on the security flaw you found? Stefan Popoveniuc was looking through the Java source code to Pret a Voter, and found that they were using Java’s Random() and not SecureRandom() pseudo-random number generator. Strong pseudo-random number generation is essential for privacy protection in their system. NEVERTHELESS this was one line of code — easy enough to fix — and if you ask me, made way too big a deal of.
• Why does your (and similar) systems use random-looking numbers? Is your bankaccount PIN “1234?”
• What is the “chit” component? If you take a look at the video on our main site, you will see it. Basically, it’s a little paper copy of the (encrypted) ballot receipt printed in the bottom corner. The poll worker cuts it off and keeps it. It’s a “if the computer blows up, we can still have the election” mechanism. Don’t underestimate the psychological comfort of paper — we developed this for the University of Ottawa’s graduate students’ union at their request.
• Doesn’t the receipt allow vote selling? This indicates the reader hasn’t made it to the *middle* of our homepage.
• Which voting system did the judges use to decide the winner? 6 judges choosing 4 teams? That’s how Canada can still use a hand-counted ballot!
• More people need to know about OSS voting systems. Being OSS is not sufficient, because the software being open source isn’t what makes a voting system like this secure.  Think about it, if the software was open for review, does that mean that exact version is running on the DRE you’re using? In Punchscan we use cryptography, and we use it to prove the correctness of the results, not the correctness of the software version. For example, the polling place scanner never actually sees your (unencrypted) ballot. So it can’t spy on you. And if it decides to record your marks incorrectly, you have a means to prove it. So the nature of the software running at the polling place is irrelevant to proving integrity of results. This is a cryptographic voting system, not just an OSS system.
• Voting company X is evil. In case you didn’t notice, a business becomes successful doing what its customers want. Blaming corporate America is lazy. And if you no longer believe in the democratic process, then why are you reading this anyway? Otherwise remember, the people buying the voting machines ultimately answer to you, the voters. The voting company you blame, 10 years from now, might be the company that saves democracy by moving toward this new technology. If that’s the what its customers want.

We’re here to tell you that there’s an alternative to dropping your vote down a big black hole. It’s called independent verification. In our case, we’ve even developed, built, and used independent verification in a binding election. We call our system Punchscan.

If you want to help, you can begin by letting people know that there’s an alternative to the current state of affairs in voting.

[L-R, Ron Rivest, David Chaum, Stefan Popoveniuc, Aleks Essex, Rick Carback and John Groh]

I had the good fortune of having dinner with all of the other teams at various points throughout the competition. There was this little restaurant called “South Park” (yes, I’m serious) that David somehow kept convincing people to return to. It was this snobby gourmet place that, although had a burger on its menu (it’s America), insisted that it was accompanied with “pommes frites.” I’ve lived in Europe, I’ve been around the States, but I’ve never been asked how I want my burger cooked (and what’s more, have them actually hit the target). But the greatest part about those dinner was getting to chat one on one with our competitors. And what a treat it was. From fishing to DSLR’s, we were able to, if only for a moment, put voting aside and have a good time; as friends.

This is what I take away from the event. Long after prize money is sunk into student loans, I’ll remember those happy conversations. These people, our competitors, kept me awake at night for months worrying… is our work good enough? Did they lie awake thinking about us? I don’t know. But what I do know is that these teams poured their heart and soul into this competition. I respect them.

The judges had it worse in a lot of ways. I think they found themselves in sensory overload. And why not? Take it from me, practical voting systems design is very complicated. There are so many design decisions to make along the way. Communicating these decisions, and then justifying them? It’s too much for three days. These judges, all of whom are distinguished in the field of voting systems research found themselves in the middle of an information flood. We’ve had month of dedicated thought on the matter; long nights drawing on the chalkboard (yes, Jeremy Clark, our fourth Musketeer has one) thinking about the details.

I think my only regret from this conference was that the nitty gritty details at times distracted from the central message that we, and others like us, are trying to further: independent verification is the next step in the future of elections.