[EM] Electronic Voting Bill of Rights?

Dave Ketchum davek at clarityconnect.com
Sat Nov 15 12:52:05 PST 2003

On Sat, 15 Nov 2003 10:36:58 +0100 David GLAUDE wrote:

> Ernest Prabhakar wrote:
>> On Nov 14, 2003, at 1:55 PM, David GLAUDE wrote:
>>> I think that before any electronic system get introduced, you need to 
>>> carefull set the goal and define what democratic election are.
>> I actually think that this is an excellent point.    We may disagree 
>> about how easy a technical solution is, but I think we agree that we 
>> need to explicitly state what the requirements are.
> The point is that the requirement are and should be technology 
> independant. There is no reason why you would apply a different standard 
> for electronic voting than for traditional (paper) voting.
>> Has anyone put together an "Electronic Voting Bill of Rights" to 
>> specify what criteria should be required of electronic voting 
>> systems?  If not, I think it would be awesome if electorama could 
>> draft and ratify something like that.   Touch-screen voting seems to 
>> be a hot issue, and it might generate some good publicity.
> Strange goal that you have. You want publicity... rather than the 
> protection of democracy.
>> I'm sure many people here have their pet list, but I haven't seen 
>> anything systematic.  Mine would include things like:

ZERO.  MUST NOT allow other people to verify that I voted a particular way

This one belongs UP FRONT.  For some elections the temptation to cheat 
will be irresistible, if it is made possible.

ZERO.1  MUST be designed to maximize probability of accurately recording 
voter intent.
      Going back to 2000, at least one Florida county did a layout of a 
paper ballot that confused many voters enough that they voted invalidly.
      When using the lever machines in New York City, confused voters can 
reset the levers to nulls before leaving the booth (thus voting for no 
one).  Machine designers recognized this problem and corrected for it by 
sensing for only nulls.  Then somebody disconnected the sensors, 
destroying this protection (done long enough ago that no one seems to 
remember why).
      Using lever machines in upstate New York, there were a LOT of 
write-ins in one district this year.  One puzzle, big enough to affect 
whether the write-in candidate should, or should not, win was that many of 
the write-ins were written upside down (and gave headaches to those doing 
the counting).  Should they be counted as valid???  Write-in slots are at 
top of machine, above voter's head - but these voters managed to reach 
them.  Write-in slots are slanted, making them convenient for the 
right-handed.  INconvenient for those who are left-handed, and they can be 
tempted to write upside down, as more convenient for them.

>> 1.  MUST enable potential recounts

I am not against this, so long as it does not get in the way of secrecy, 
etc., and is not used as an excuse for failing to do open process.

In my DVD post I specified recording each ballot on the CD or DVD so that 
they could be recounted if anyone chose.  I specified with that that they 
should be in random order to preserve secrecy.

> It is important to know what a recount mean. In Belgium we do recount 
> the magnetic card (in case power is lost in the computerised magnetic 
> card ballot box)... or we get impossible result. But this give us no 
> garantee since we have no proof that what is on the magnetic card is the 
> voter intent.

Seems worthwhile to make voting machines immune to power problems.  In my 
DVD post specify recording the ballots on disc, after which they do not 
require power to protect them.
> Also the word potential is risky. What should be done is to make some 
> full recount (in random locationç and partial recount everywhere else to 
> detect hardware/software failure (or worst). If partial recount go 
> wrong, then full recount is required.
> The recount must be technology independent, imagin a recount made using 
> the recount program from the e-vendor. "Print me one more time the 
> result, they ask for a recount."
> Also we must recount something that was voter verified (without 
> technological help).
>> 2.  MUST be developed in an open process, allowing external accountability
> All software and procedure MUST be open for review by all the citizen 
> (transparency). So source code, reference compilation, hardware 
> specification, sample content of booting device/encryptiong 
> key/initialisation data. The source code must be writen in standardised 
> non-proprietary language for which refence open source implementation exist.

"review by all the citizen" is neither practical nor useful, for few are 
willing and able to do this.  HOWEVER, the ability should be required, 
such that any citizens who are willing and able can do this service for 
themselves and others.

To expand on this:
      Design should be open.
      Developing of hardware and software properly belongs to the vendor, 
though some details, such as hardware selection and programming 
language(s), are properly specified.
      Program source, etc., are properly deliverable items, and must be 
available for review by citizens, as noted above.

In my DVD post I specified that everything of possible interest must come 
to the polling place on a CD or DVD, and everything of interest that 
happens there must be recorded on that same DVD.
      In response to a thought about substituting:
           Something unique should be recorded as part of preparing to 
open the polls.  This means no substitute can be prepared in advance.
           After polls close, copies of the DVD should be made (before 
there is opportunity for substitution) and distributed, meaning:
                Substitution of one of these mostly makes noise.
                The program on the DVD can be compared with a fresh 
compilation of program source (available elsewhere).

>> 3.  MUST allow me to verify that my vote was entered and counted correctly

Some propose printing a paper ballot that the voter can inspect before 
leaving the machine, and then the ballot being deposited by the machine in 
a ballot box.  This requires manual shuffling of ballot box content when 
polls close, but is workable.

Anything less protective of secrecy should be rejected.

> In a technology independant way.
>> 4.  MUST NOT allow other people to verify that I voted a particular way

I move this up, consistent with its importance.

> MUST respect the secrecy of my vote.

  davek at clarityconnect.com    people.clarityconnect.com/webpages3/davek
  Dave Ketchum   108 Halstead Ave, Owego, NY  13827-1708   607-687-5026
            Do to no one what you would not want done to you.
                  If you want peace, work for justice.

More information about the Election-Methods mailing list