Firm invites experts to punch holes in ballot software

[Trei, Peter]

> Michael_Heyman at NAI.com[SMTP:Michael_Heyman at NAI.com] wrote:
> 
	Peter Trei wrote:
> > 
> > Frankly, the whole online-verification step seems like an 
> > unnecessary complication.
> >
> Except to those of us who don't trust the system.
> 
> Implemented correctly it could be cheap and complications could be
> hidden from the voter. It could be cheaper - no need to pay people to do
> an audit when "the people" will do it for you. You only need a small
> fraction of "the people" to verify their votes to get a high level of
> confidence that the election is valid. You only need one failure to cast
> doubt on the election. This requires an un-forgeable receipt that cannot
> be used for coercion. Un-forgeable we have been doing for a while now
> with lots of different PK options. A receipt that cannot be used for
> coercion cannot give any indication to others of who you voted for.
> Right now this is a big complication (at least to me - I don't know how
> to create such a receipt that doesn't require mental gymnastics on the
> part of the voter).
> 
As Ian has noted, self-auditability and uncoercibility seem to be to be 
mutually exclusive requirements.

If you're going to assume that the whole system is untrustworthy,
you're still screwed despite the receipts - if the website says that 
yes, your vote counted in the final total, that still does not tell you 
that the right candidate was declared the winner. That would only 
happen if enough voters pooled their verifications to show that that
had to be the case (this is equivalent to a recount).

In a close-run two candidate race, if a number of voters equal to 
half the gap between the the candidate's totals failed to verify
and report that their vote was recorded correctly, the result
is still untrustworthy.

....and any system which relies on advanced mathematics
will be unintelligible and mistrusted by the average voter.

Peter