[LINK] Fwd: FC: Request for help on Los Angeles e-voting system security

Peter Chen pche at unimelb.edu.au
Wed Apr 30 06:59:12 EST 2003 

>X-URL: Politech is at http://www.politechbot.com/
>Date: Tue, 29 Apr 2003 07:15:08 -0400
>From: Declan McCullagh <declan at well.com>
>Subject: FC: Request for help on Los Angeles e-voting system security
>Sender: owner-politech at politechbot.com
>X-Sender: declan at mail.well.com
>To: politech at politechbot.com
>Reply-to: declan at well.com
>X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
>X-Author: Declan McCullagh is at http://www.mccullagh.org/
>X-News-Site: Cluebot is at http://www.cluebot.com/
>X-MIME-Autoconverted: from quoted-printable to 8bit by 
>myriad.its.unimelb.edu.au id h3TBaDC7022659
>
>
>---
>
>From: "Thomas Leavitt" <thomasleavitt at hotmail.com>
>To: "Declan McCullagh" <declan at well.com>
>Subject: Need politech folk's advice on securely implementing electronic 
>voting systems without a paper trail.
>Date: Tue, 29 Apr 2003 02:47:09 -0700
>Organization: B40
>
>Declan,
>
>  I received the following *DRAFT* working paper from a participant in the
>Los Angeles Voter Empowerment Circle, a group formed to shape the upcoming
>development of California's plan to comply with the new mandates of the 2002
>Federal Help America Vote Act (HAVA). Among the members of this group are
>the ACLU, the League of Women Voters, Common Cause, the Asian-Pacific
>American Legal Center, People for the American Way, the Green Party,
>Neighbor to Neighbor and others (so they have a lot of heft). It was
>produced by their Voting Technology subcommittee.
>
>  The concern that precipitates this email, is recommendation #5: "Do Not
>Require Contemporaneous Paper-Trail at This Time." The rationale behind this
>recommendation is purely cost driven - the people who drafted this paper are
>afraid that the additional costs and complications inherent in producing a
>printed ballot for each vote cast will tip the scales in favor of less
>flexible systems (such as optical scan systems) that are unlikely to permit
>the implementation of alternative voting systems in multiple languages. This
>concerns me greatly - a voting system without an audit trail invites abuse,
>and even when no abuse occurs, endangers the integrity of the result when no
>answer can be made to accusations about the accuracy and validity of the
>ballot count.
>
>  As it appears that the choice was framed purely as secure and expensive
>(DRE with paper ballot) and insecure and inexpensive (DRE with no paper
>ballot), I'd like to invite the input of politech readers on the following
>subjects (as there is continuing internal debate within some of the
>sponsoring organizations about the wisdom of recommending DRE without an
>auditable paper trail):
>
>a) what are the security risks inherent in not having a paper trail?
>
>b) how can a DRE system be implemented, in a purely digital format, in such
>a way as to provide a very very high level of confidence that the end result
>has not been tampered with, and in fact, cannot be tampered with in a way
>that is not easily detected? And what would the costs of such a system, vs.
>a paper trail system, be in the long run?
>
>  It seems to me that (b) is a known problem, which has already been
>discussed in great detail, and that parallel solutions much have been
>implemented in the private sector, and in the defense sector. The paper was
>forwarded to me on the basis of my technical expertise - I'm forwarding it
>to politech readers, in turn, because while I am generally aware of the
>security issues inherent in an all digital system (and some of the
>solutions, such as requiring binaries produced from open source that are
>signed with authenticateable digital signatures, and recording votes to
>multiple and independently managed and trusted hosts) and the set of
>processes surrounding it, I'm sure that politech readers are vastly more
>informed and knowledgeable on these issues and can make much more informed
>and coherent recommendations (or point me to existing discussions and papers
>on this issue) than I can formulate on my own.
>
>  This is an opportunity for politech readers to have a direct impact on how
>voting systems are implemented nationwide, as I'm sure many other states
>will follow California's lead on this matter. I have strong connections to
>the highest levels of leadership in both the Green Party of California and
>the California League of Women Voters, so I can ensure that their concerns
>and feedback are given significant weight when a final decision on these
>matters is made by both organizations.
>
>Regards,
>Thomas Leavitt
>
>***
>
>Los Angeles Voter Empowerment Circle
>
>Working Paper
>
>Voting Technology
>
>Legal Requirements
>
>1.            Common Cause v. Jones.  Pursuant to the final order and
>judgment issued in this case, the Secretary of State¹s office has
>decertified Votomatic and Pollstar pre-scored punch card machines effective
>March 1, 2004.  This means that the nine counties using these systems (Los
>Angeles, San Diego, Alameda, San Bernardino, Santa Clara, Sacramento,
>Mendocino, Shasta and Solano) must convert to another certified system by
>this date.
>
>2.            Proposition 41.   Enacted by California voters in March 2002,
>Proposition 41 provides for a $200 million bond issue to purchase new voting
>equipment.  These monies are administered by the  five-person Voting
>Modernization Board (³VMB²) that Proposition 41 created. Proposition 41
>requires any that do not require the voter to mark a ballot to ³produce, at
>the time the voter votes his or her ballot or at the time the polls are
>closed, a paper version or representation of the voted ballot or of all the
>ballots cast on a unit of the voting system.²
>
>3.         Help America Vote Act.
>
>a.            System Requirements.  Section 301 (³Voting System Standards²)
>requires the voting systems (1) permit the voter to verify his or her vote
>privately before it is cast, (2) allow the voter to change his or her ballot
>before it is cast, (3) notify the voter of overvotes, and (4) ³produce a
>record with an audit capacity,² specifically a paper record, that is to be
>available for any recount, (5) meeting ³error rate² standards in effect
>October 29, 2002, and (6) have a uniform definition of what constitutes a
>vote.   The deadline for meeting these requirements is January 1, 2006.
>
>b.            Disability Access.  Section 301 also requires that voting
>systems be accessible to people with disabilities, including those with
>visual impairments, and ³at least 1 direct record electronic voting system
>or other voting system equipped for individuals with disabilities at each
>polling place.² The deadline for meeting these requirements is January 1,
>2006.
>
>c.            Punch Card Replacement.  Section 102 (³Replacement of Punch
>Card and Lever Voting Machines²)  provides funding to be used for the
>replacement of punch card and lever voting systems, for those states that
>³ensure that all of the punch card voting systems or lever voting systems in
>the qualifying precincts within the State have been replaced in time for the
>regularly scheduled general election for Federal office to be held in
>November 2004.²
>
>Current Status
>
>Many California counties have already made substantial progress toward
>converting to new systems.  The VMB has had eight meetings since June 2002.
>The Board approved an allocation formula at its July 2002 meeting, and has
>now approved allocation amounts for almost all California counties planning
>to purchase new voting systems, including all nine of the counties required
>to convert to new systems under the Common Cause v. Jones decertification
>order.  Payments have been made to five counties as of this date, including
>Alameda.
>
>Considerable attention has been devoted to the question of whether Direct
>Record Electronic (³DRE²) systems acquired by counties should be required to
>have a contemporaneously generated ³voter-verifiable² paper trail ­ i.e., a
>piece of paper that the machine prints out prior to the vote being cast,
>that each voter can check to make sure it accurately reflects his or her
>choices and that would be retained as a backup for any necessary recount.
>
>Those advocating a contemporaneously generated paper trail urge that is
>necessary both for security and to ensure public confidence.  They have
>raised the spectre of foul play or human errors that might go undetected
>without a paper trail verified by the voter.  Others argue that such a paper
>trail would cause more problems than it creates, and that it may create a
>disincentive for counties to convert to DRE systems, which have significant
>advantages for people with disabilities, linguistic minorities, and people
>of color.  Opponents of a contemporaneously generated paper trail question
>whether it will appreciably increase security, and note the likelihood of
>printers breaking down and slowing down the voting process.
>
>At present, only one contemporaneously generated paper trail system has been
>certified for use in California.  Those who support a contemporaneously
>generated paper trail have succeeded in urging Santa Clara County to adopt
>such a system   Sacramento County is also planning to convert to such a
>system, and tested it during 2002 elections.  A task force appointed by the
>Secretary of State is currently considering this issue, and is expected to
>issue a report and recommendations by late April.
>
>Recommendations
>
>1.            Convert to DRE Systems.  DRE systems offer many advantages for
>voters, especially people with disabilities, linguistic minorities, and
>people of color.  DRE systems are also better able to accommodate
>alternative voting methods such as Instant Runoff Voting.  We therefore
>believe that DRE systems are preferable to paper-based systems, such as
>punch cards or optical scans.  Accordingly, the State of California should
>take steps to promote conversion to DRE systems as expeditiously as
>practicable, and counties upgrading their voting technology should move to
>DRE systems.
>
>2.         Certify New DRE Systems.  The State should act promptly to
>consider and act on the certification applications for new DRE systems that
>meet the requirements of state and federal law, to ensure the widest
>possible choice of systems to counties in the process of converting.
>
>3.            Consider Decertification of Other Systems. In the long term,
>the Secretary of State should consider decertifying systems other than
>DRE¹s.  Such a decision, however, should not be made until at least the
>conclusion of the 2004 election cycle, through which the benefits of DRE
>systems may be more clearly established.
>
>4.            Educate Voters and Train Poll Workers. Those counties that are
>converting to DRE¹s or other new voting systems should undertake extensive
>voter education and poll worker training.
>
>5.         Do Not Require Contemporaneous Paper-Trail at This Time.  The
>State of California should not at this time require that DRE systems have a
>contemporaneously generated paper trail. While such a paper trail may have
>some benefits in terms of security and confidence, it goes beyond the
>requirements of state and federal law.  They may also result in mechanical
>problems, complicating the voting process and resulting in longer lines at
>the polls.  Mandating a contemporaneously generated paper trail for all
>DRE¹s could deter counties from moving to this technology, and that they
>might instead choose optical scan systems which are less desirable.
>
>      ___________________________________________________
>      Kevin McKeown            |  Santa Monica, CA  (USA)
>      email: kevin at mckeown.net |  310 393-3639 /-3609 FAX
>      http://www.mckeown.net   | "Choose to be conscious"
>      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
>
>
>-------------------------------------------------------------------------
>POLITECH -- Declan McCullagh's politics and technology mailing list
>You may redistribute this message freely if you include this notice.
>-------------------------------------------------------------------------
>To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
>This message is archived at http://www.politechbot.com/
>Declan McCullagh's photographs are at http://www.mccullagh.org/
>Like Politech? Make a donation here: http://www.politechbot.com/donate/
>-------------------------------------------------------------------------

_ __________________ _

Dr Peter Chen
  Centre for Public Policy
  Department of Political Science
  Faculty of Arts
  University of Melbourne
  +61 (0)3 8344 3505 (phone)
  +61 (0)3 8344 7906 (fax)
  pche at unimelb.edu.au
  www.politics.unimelb.edu.au

More information about the Link mailing list