Reliable voting

[Dave Farber <dave () farber net>]

------ Forwarded Message
From: "R. Stockton Gaines" <gaines () acorntech com>
Date: Sat, 17 May 2003 13:04:34 -0700
To: dave () farber net
Subject: Reliable voting

Dave,

I would like to express a strong concern about whether Internet or
electronic voting will ever be acceptably free from manipulation.  The
essence of security in voting is the ability to verify later that the votes
reported were precisely the votes cast.

A story from the 1970's will illustrate the point.  California had a ballot
initiative to restrict the rate at which property taxes could be raised
(the famous Prop. 13).  A Los Angeles County Board of Supervisors member,
Pete Schabarum, became concerned that government workers, who, potentially,
might lose their jobs if the proposition passed, would sabotage the
election by manipulating the computer that counted and reported the
votes.  He convened a panel to review the county's system for vote
counting, including me, Clark Weissman and Bob Patrick among others.

The three of us had considerable background in computer security.  The
county system, an IBM 360, was clearly full of security holes as we
reviewed it, including the fact that outside access through a modem was
possible while the vote counting software was in use.

However, we concluded that the county's method of gathering, tallying and
reporting the election results was close to foolproof.

Here is how it worked.  Each precinct collected the card ballots, which
were placed in a specially designed box, under close supervision by several
people representing different interests (Republicans, Democrats, League of
Women Voters, etc.), and carried securely to county premises.  The box was
opened, the cards placed in a card reader and then returned to the box, and
the box was placed in a specially designed vault with rectangular slots for
the boxes from each of the precincts.

After all the votes had been entered into the computer, results of all the
races and issues on the ballot, both by precinct and in total, were
generated and printed.

A couple of days later, a group of people gathered to verify the
votes.  This group represented the political parties, the League of Women
voters, and other interested and public interest constituencies.  This
group opened the vault and selected boxes at random.  They hand counted the
votes for all the races and issues, and compared them with the totals
reported by the computer.   They verified that the overall totals generated
by the computer were precisely the sum of the all the precinct totals that
the computer had generated.  They provided various other cross checks both
on the numbers themselves and on their hand generated results from the
cards they examined.

It became clear that because of the hand reexamination of a sufficient
number of samples of the 1000 plus precincts, with the actual evidence (the
paper ballots) securely retained for this purpose, that there was no
reasonably way in which any broad-scale manipulation of the results
generated by the computer could remain undetected.  Significant errors
could be determined and corrected.  Small errors associated with individual
precincts could still occur, but would, with very high probability, have
minimum effect.

Without the physical evidence, securely maintained, of the individual votes
cast in an election, together with post-election methods to make use of
that evidence in verifying the election results, I am extremely skeptical
that a voting system can achieve the level of confidence our group had in
the Los Angeles County system.

  


------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/