CDR: Re: [ca-firearms] voting

petro petro at bounty.org
Wed Nov 15 22:41:01 PST 2000 

>>  From: petro <petro at bounty.org>
>>
>>  	It would be fairly simple to eliminate *most* of the current
>>  voter fraud schemes, and fairly inexpensive.
>
>Please provide details of this simple technique for
>eliminating voter fraud.  I've always found utopian
>fantasies intriguing.

	"Reading Comprehension Counts".

	Please re-read the sentence you quoted.

	I do not claim that it would be fairly simple to eliminate 
*all* voter fraud, simply to eliminate *most* of the current schemes, 
and at only a fairly small increase over what is now spent.

	Heck, in the long run it might even save money.

>
>(In formulating your prospectus, please keep in mind
>and provide detailed specifications for dealing with the
>old bugaboo identified by our old pal Juvenal:  "Sed
>quis custodiet ipsos Custodes? [Who will guard the
>guards themselves?]"

	Statistics.

	Keep in mind that I haven't spent days or weeks working on 
this, and I am sure that this will open up *new* methods of fraud, 
but I don't claim to be able to prevent that.

	As in many security protocols, the goal is simply to make it 
more "expensive" to cheat the system than it is to go along with it, 
so the first step is to make registration require a little more 
effort.

	All rolls are purged after every general election. This way 
you need to re-register after every election.

	All registrations *must* be done in person, with the 
exception of those not *physically* present in the state for more 
than 5 consecutive business days during the registration period. For 
those people, they may request an "absentee registration request 
card", which they fill out, have notarized (the notary is simply 
notarizing that the card is filled out, not that the person filling 
out the card did so accurately).

	If constitutional (and I assume this is questionable) and 
feasible (this part I haven't worked out yet) one must show "proof of 
citizenship". It's tough, because we don't yet have "papers", and I 
don't really advocate mandating "papers". In fact I strongly disagree 
with papers.

	One suggestion I've heard is to require the presentation of 
some sort of proof of paying income tax, or at least filing for 
income tax, on the theory that anyone who pays into the system ought 
to have a say in it. I don't necessarily disagree with that.

	At the time of registration a "registration card" is handed 
to the individual. They are informed (in writing) that in order to 
vote they *must* present this card. This card contains a mag strip 
with a unique number (that is not linked to the individual), and a 
bar code that is the encrypted version of that number done with a the 
public half of a key (to prevent forgery). That key changes from 
election to election.

	The registrant must also sign for the card, and print their 
name. This is not to be tied to the number on the card, but just to 
account for every card.

	Each polling place has a swipe card reader and a bar-code 
scanner. These  are used to check that each card is "proper" by 
checking that the number on the back is encrypted with the proper 
key. (this way the private key isn't released until *very* shortly 
before the election).

	At the polling place, the "voting machines" are changed so 
that when you punch a whole, it records vote electronically, as well 
as providing a swipe card reader. When you are finished voting, it 
prints the ballot with your choices for each office in an OCR font, 
and a bar code with a hash of votes at the bottom (using a different 
large random number). The machine then wipes everything *but* the 
hash, and this new number. (this completely disconnects the voter 
from the ballot).

	The voter then visually examines the ballot to make sure it is correct.

	If they are happy with it (well, that it's correct anyway) 
and then presses a "I'm done" button. This checks in the voter number 
and the hash, and the new random number, (stores it either on board, 
or on a machine on a "lan" (wire the polling place) the machine on 
the lan can be made fairly fault tolerant) (the voter number is to 
check for "double spending", the hash is a checksum for validation, 
the random number is for later verification). The "I'm done" also 
prints out a second card identical to the first. One is for the 
individual, should they wish to keep it, to later validate that their 
vote was counted properly. The other (since they are identical) goes 
into a sleeve (to prevent prying eyes) and into the ballot box.

	If they are not happy with it, they push the "do over" 
button, and start back from the top. Repeat as necessary until 
satisfied.

	After the polls have closed, the ballots and the vote counter 
(the machine storing the hashes and numbers) are taken to the 
collection point, where the hashes & random numbers are uploaded (at 
this point I think the voter number will no longer be needed), and 
the as each ballot is counted, it is marked off against the hash it 
matches. Then this list is made public (the list of hashes and random 
numbers). Each voter can then (if they care to) check their random 
number (either on line, or in a trip down to the local polling place).

	There would also be a reduced number of "ruined" ballots, 
since each ballot is human readable, and printed twice if one side 
gets screwed up, the other should still be useful. If that fails, 
then a human *should* be able to read as much of it as possible. 
Failing that, it simply gets listed as "unreadable", and if they 
voter checks, they can come down with their original ballot and 
present it for the count.

	Absentee ballots would be slightly problematic in this, but 
much of this could be done using a simple PC/Macintosh program, so 
Military bases could easily accommodate their soldiers & sailors. 
(Well, the marines and the flyboys as well).

	I would also provide a 96 hour period for counts to take 
place, as well as for people to be able to challenge the vote--if 
they can show that their vote wasn't properly counted (provable by 
presentation of a ballot) then things are rechecked.

	Since the ballots are now printed with an OCR font AND a bar 
code, they can still be machine read *AS WELL AS* easily verified by 
hand. The voting process remains (absent the registration process) 
almost identical to the current one. There is no use of cryptographic 
protocols to *protect* the voting, only to check for fraud and 
provide strong accounting.

	I believe that this would make fraud *much* harder to get 
away with, and eliminate much of what I have seen and heard about in 
the way of fraud--the "stiff wire" used to create invalid ballots, 
the dumping of large numbers of ballots in the trash, the "lost" 
ballot boxes, etc.

	It also makes things like voting the dead harder--since each 
card has to be signed for each election.

	Maybe there are things I've missed, and maybe this wouldn't 
be as cheap as I believe it to be, but I belive it would be a damn 
sight more secure than we have today.

-- 
"To be governed is to be watched, inspected, spied upon, directed 
law-driven, numbered, regulated, enrolled, indoctrinated, preached 
at, controlled, checked, estimated, valued, censured, commanded, by 
creatures who have neither the right nor the wisdom nor the virtue to 
do so. To be governed is to be at every operation, at every 
transaction, noted, registered, counted, taxed, stamped, measured, 
numbered, assessed, licensed, authorized, admonished, prevented, 
forbidden, reformed, corrected, punished."--Pierre Proudhon

More information about the cypherpunks-legacy mailing list