Chaumian blinding & public voting?

[Tim May]

On Monday, November 3, 2003, at 02:44  AM, ken wrote:
> If we here can't agree on how to make machine voting  both robust and 
> private, then  EVEN IF A PERFECT SYSTEM COULD BE DESIGNED it is 
> extremely unlikely that a large number of people could be persuaded 
> that it /was/ perfect.
>
> So if public confidence in the mechanisms of voting is considered 
> desirable, no electronic or digital system is viable.
>
> > You can run an algorithm on any subset of codes, including just
> > your own,
> [...]
>
> you already lost 94% of the electorate.  They are saying "huh?" and 
> going back to whatever they were doing before the election rudely 
> interrupted them.
>

I should have mentioned in my last response that there have already 
been cases where the "electronic vote results" were accidentally posted 
before the election polls had closed. This did wonders for belief in 
the system.

One of the reported cases was somewhat understandable, not that this 
affected overall suspicion of the system: some or most of the absentee 
ballots had already been counted and recorded into the electronic 
system. They were of course not supposed to be agglomerated with the 
other electronic vote totals until after the polls closed. Someone made 
a typical computer error and the partial totals were released ahead of 
the polls closing. Apparently some number of voters planning to vote 
thought the election was over and didn't vote.

Now with conventional, slow, paper-based systems of the sort we mostly 
still use in the U.S., there are various "ontological safeguards," or 
"speed bumps," which make this kind of "computer error" less of an 
issue.

Any computerized system is likely to have glitches like the above, each 
of which will cause some fraction of the electorate to think things are 
rigged. As they probably will be.

(By the way, there are some possible crypto fixes, such as 
"timed-release crypto." A beacon could broadcast an unlocking key at 
some time well after the polls had closed, simultaneously unlocking the 
many sealed ballot messages. Of course, Joe Sixpack will not understand 
or trust this kind of complexity, either.)

SSL works because it is transparent (hidden from) to the user. 
Likewise, the crypto used in lottery tickets (e.g., the Scientific 
Games model) is transparent to the user and he doesn't have to pore 
over crypto explanations before buying a ticket.

(I bought _one_ lottery ticket, for $1, just to see how the numbers 
were done. Lotteries are of course a tax on the gullible and stupid.)

I see less chance that a crypto-based electronic voting system will be 
adopted in the U.S. than that Robin Hanson's and John Poindexter's "let 
CIA gamble on who gets assassinated" betting pool will rise from the 
dead.

--Tim May