[EM] Voting debate - missing the target

Jan Kok kok at surfbest.net
Sun Jul 27 22:09:06 PDT 2003

The white paper referenced at the bottom of this post describes a
cryptographic method of generating voting receipts which
- Allows you to verify that your vote is properly counted
- Maintains the secrecy of your vote.  Once you leave the voting area, no
one can read your receipt.  Thus, you can't use the receipt as proof of how
you voted.

I'll admit that I haven't read the white paper carefully enough to
understand it fully, but it did look plausible when I read it several months

I would caution those who would promote legislation mandating such a scheme
to make the legislation state _requirements_ (secrecy, verifiability, etc.)
rather than specifying a specific method (e.g. Dr. Chaum's method).
Mandating a specific method would tend to freeze the state of the art, and
prevent competition and innovation.

- Jan

This is from http://www.vreceipt.com/.  It is linked at

Voting receipts possible for first time-and maybe just in time!
Los Angles, CA: Receipts showing exactly who you voted for-just what people
want and generally expect these days-have been outlawed to prevent vote
selling and other abuses; now a scientist has come up with the first receipt
that cannot be abused and additionally ensures that the vote you see on it
is actually included in the final tally.

The new type of receipt is printed in two layers by a modified version of
familiar receipt printers. You can read it clearly in the booth, but before
leaving, you must separate the layers and choose which one to keep. Either
one you take has the vote information you saw coded in it, but it cannot be
read (except with numeric keys divided among computers run by election

The half you take is supplied digitally by the voting machine for
publication on an official election website. These posted receipts are the
input to the process of making the final tally. A lotto-like draw selects
points in the process that must be decrypted for inspection, but not so many
points as to compromise privacy. Anyone with a PC can then use simple
software to check all such decryptions published on the website and thereby
verify that the final tally must be correct. Such audit cannot be fooled, no
matter how many voting machines or other election computers are compromised
or how clever or well-resourced the attack.

The cryptographer, Dr. David Chaum, known as the inventor of eCash and for
his pioneering company DigiCash, came up with the system. He said "The more
you look into how elections are actually run, even in this country, the more
shameful the gap between what's done and what we could and really should be
doing." Chaum also said "Today's trusted black-box mentality has led to very
high costs, meaning computerized voting mainly for rich counties, an utter
lack of real control, and no way to re-deploy the hardware for other
purposes such as schools or libraries."

At a time when the House of Representatives has passed the first-ever
federal subsidy for voting, at $2.65b, and a similar bill is on the Senate
floor with a $3.5b price tag, one has to wonder: Will receipts and other new
solutions have a chance, or will the subsides backfire and put
currently-certified computerized systems in place on such a scale that major
change will be a very long way off? There is a complex interlocking of state
laws, federal agencies, and quasi-governmental bodies that has erected a set
of design specifications and time-consuming steps that new systems must
navigate, first at the federal level and then for most states separately.
"When this was all set up more than a decade ago" Chaum quipped, "the
rationale was to keep unscrupulous vendors out, now it may just keep
innovation out."

Contact: Jim Dolbear, Larkin Associates:
(310) 621-3580 jim at larkin.com.

For further information, see the white paper.

More information about the Election-Methods mailing list