Domain: vreceipt.com
Stories and comments across the archive that link to vreceipt.com.
Comments · 20
-
Re:KISS
It's obviously not easy to ensure a verifiable voting process that still guarantees that your vote remains secret. The only solution I've seen so far that seems satisfying in every respect (correct me if I missed something) is this one (PDF) by David Chaum.
-
Re:NO NO NO NO NO
In practice coercion in a first world country is irrelevant and there are laws in place to protect you.
Whereas corruption of votes is a real and ongoing threat.
Verification of votes is important and there are ways to reduce chances of the already irrelevant coercion:
the physical copy contains two sheets that seperate to in effect obscure the result, but can still matched up for verification.
http://yro.slashdot.org/article.pl?sid=03/11/25/21 3206
An explanation with pretty pictures here
Though there are concerns:
http://gnosis.python-hosting.com/voting-project/No vember.2003/0126.html
Really you should support the Open Voting Consortium. -
Safe paper ballots are possible?
I found this paper by Chaum interesting.
It describes (if I've understood it right) an approach to having paper receipts which couldn't be used for vote selling. I got the original reference to this off /. several months ago, IIRC.
The idea is to print the receipt on two paper with two translucent layers - together you have a complete legible receipt, destroy one half (in the polling both) and the remainder can no longer reveal your vote to outsiders. Similar to the PK approach, I think.
Warning, IANAC (...Crytographer). -
Re:First Glance
Question: Does the proposed OVC system use David Chaum's secret ballot receipts, or something at least as strong?
-
Re:Today, digital votations in Spain
Did the consortium consider anything akin to David Chaum's secret-ballot receipts (previously mentioned on Slashdot)? The idea seemed kinda brilliant to me (speaking as a complete layman).
It would be very comforting to be able to verify, after the fact, that my personal vote had been counted. -
Re:Workaround
I don't think it is important, or even a good idea for me to have a paper copy of my vote. In fact, sending me out of the polling place with a copy of how I voted is a potential violation of the secret ballot.
Cryptographic methods allow you to have a verifiable voter reciept that can't be read to see how you voted.
And the abuses you mention can already happen - I can threaten you into obtaining an absentee ballot, and completing and mailing it in my presense.
-
Re:anonymous receipts anyone
The short answer is that it is probably illegal because it allows you to prove to a third party how you voted and thus violates the secret ballot principle. Read the intro to Secret Secret-Ballot Receipts and Transparent Integrity where he describes a different type of receipt.
-
Re:Voting with a receipt?
The most robust system for getting people a secure voter-verifiable receipt that they take with them is described here.
Essentually people leave with an one of two copies of an encrypted receipt (the other copy is saved at the polling place and can be visually compared). The receipt contians the vote information and can for instance be scanned by a "trusted" organization to make sure that the code represents the voters intent.
While certainly rubust, this solution only complicates the matter of giving people paper receipts without actually solving any of the problems. Who has access to scanners? How do you keep them from the vote buyers and vote intimidators (particularly when you are giving them to the groups with the most stake in the election outcome)? Why should people trust any more that their vote will be counted correctly, and that poor code won't correctly interpret their intended vote, but then subtract one from the candidate the voted for instead of adding (as happened in one polling station in GA in '00)?
-
Re:Need paper receipts
Voters should not have any way of obtaining proof they voted a certain way, because that'll lead to kickback schemes and bosses requiring their employees proving they voted a certain way.
This could happen right now with absentee ballots. Most states don't have any requirement that you be "absent" to vote by absentee ballots; your boss, or someone offering to buy your vote, could make you get one, fill it out under his/her watchful eye, seal it and mail it.
And there are schemes for secret ballots with anonymous receipts, like this one.
-
Re:Hell, no!
You're basically talking about eliminating the idea of a secret ballot. No effin' way.
There are schemes that provide a verifiable vote receipt, yet preserve secret balloting. David Chaum has an interesting one that uses a cut-and-choose protocol.
-
Re:Need paper receipts
-
Re:What? No receipt?Yes, it has been said here before, but then again, a viable solution has been mentioned on
/. before too.A receipt that stay at the polling place does me no good if they don't count it, and I don't trust them too. Furthermore, a receipt I take with me does no good to me if I can't use it to prove my vote wasn't counted. There is no accountablitiy in current electronic *OR* paper systems, and until there is, voting is nothing more than opium for the masses.
-
Re:Why is this so hard to get right?
-
Re:Vote loggingThis PDF article (site) by David Chaum describes a mechanism for being able to use your receipt to validate that your vote was recorded correctly (even after leaving the polling station), but without being able to read what your vote was.
The method is a little byzantine for my tastes, but still an interesting read.
-
Re:Vote loggingThis PDF article (site) by David Chaum describes a mechanism for being able to use your receipt to validate that your vote was recorded correctly (even after leaving the polling station), but without being able to read what your vote was.
The method is a little byzantine for my tastes, but still an interesting read.
-
The obvious flaw:Each voter after voting would receive a confirmation receipt showing who he voted for (human readable)+ ser no + date etc + nonce + digitally signed (e.g. pgp), with a code for the voter to later verify online who he voted for (the voter not being easily identifiable by the code).
...
Sure there are probably flaws with this.
There's one flaw: if you let the voter take a human readable receipt out of the booth, it's no longer a secret ballot, and it becomes possible to bribe, blackmail, or simply pressure someone else into voting the way you want.
If that was the price we had to pay for untamperable elections, I'd willingly pay it; but it's not. Plain old pen-and-paper voting is untamperable within a couple percentage points, which is good enough for me; I don't care too much if someone gets elected by 24% of the voting age public instead of the usual 25%.
Even electronic voting can be made untamperable: now that their website's back up (if it goes down again, check Google's cache) I'd like to post Yet Another Plug for vreceipt.com's white paper on verifiable voting receipts. Basically you give the voter a receipt which:
- Lets them verify that their vote was recorded correctly inside the booth, but not outside.
- Lets them verify that their (multiply encrypted) vote was included in the final tally, and lets that vote be published instantly so as to prevent any votes from being lost.
- Lets them verify (given a trustworthy public random number generator) that the final tally was decrypted correctly.
Then, as long as nobody is adding votes to the final tally (so yes, we still need honest poll workers to make sure that the number of people walking into booths is the number of votes reported by the computers), the election results will be instantly countable, completely verifiable, and perfectly accurate. The only drawback is that it would require lots of expensive custom printers.
Granted, I don't expect to ever see this system in use; I suspect public-key encryption may be next to Condorcet voting on the list of "stuff too complicated to explain to the politicians"... but just reading about the possibilities puts all the "why is my broken smart card sending out negative numbers?" incompetence at Diebold in perspective. -
You can have voting receipts
Tell two of your friends about vreceipt, and have them tell two of their friends, etc. We need to have everybody asking their congressmen not only "Why are we implementing easily tampered with voting systems?", but "Why are we implementing them instead of mathematically verifiable alternatives?"
There's a lot to the white paper at that link, but here's the part that makes voting receipts possible: The receipts are given out and are identical to an entry in the published "first stage" election results, so you can verify that your vote was counted. The receipts have been repeatedly encrypted with different election officials' public keys, so nobody who wants to buy/blackmail your vote can tell who you voted for (but you can, by examining the original "2-ply" receipt which you pull apart before leaving the booth). Election officials scramble the order in which results are published after each decryption stage, so nobody can trace your vote from first stage to final cleartext results, but half of the published decryptions are randomly checked so any corruption on the part of the election officials will be caught. You still need to have poll watchers to make sure that a polling site doesn't report more votes than there were voters (since the vreceipt process protects against lost or altered votes, but not illegitimately added votes), but that's much easier than attempting to make sure that even an open source voting machine is doing it's job right. -
Karma Whoring For Freedom
I would have expected someone else to mention this already, but I don't see it among the high-scoring posts, so let me spread the meme:
First, as some people have pointed out, open source is not a magic bullet or even close to being a sufficient solution for preventing election tampering. Even if you know that the published voting machine source code is secure (and it will be a lot harder to verify this in a situation where the coders may have a huge incentive to insert accidental-appearing back doors deliberately) you still have to make sure that the hardware has no back doors, that the compiler has no back doors, that the computers used to load the software onto the voting machines have no back doors... it's just not feasable to make a trustworthy system that can do all that. We'd be better off sticking with paper.
But now that meme I was getting to: we'd be best off combining electronic voting with paper. The obvious way to do so is with paper ballots designed for optically scanned counting (which would give fast results but still leave a paper trail to settle disputes), but cryptographer types have come up with better ideas still. The best system I've seen so far is at vreceipt.com, which lets you verify that your vote was included in the total (but in a way that makes it impossible for anyone else to know who you voted for), and makes it impossible to alter any counted votes (or to add new votes, assuming independent observers are making sure that polling places aren't padding their numbers) or count them inaccurately without a 1-2^bignum chance of being caught.
It is possible to obtain election results in a way that prevents tampering but is more convenient and reliable than counting paper ballots. Perhaps it's too early to hold our elected officials over the coals until they implement such a system, but for now we can at least spread the word that such things exist and that for some reason a few people are trying to push tamper-prone closed systems on us instead. -
Damn straight
You're right about the problem: even with open source there's no good way for Joe Voter to be certain that the code running on his voting machine is exactly the same as the code he can pull down off some website, and hasn't been tampered with (or subverted in hardware) anywhere along the way.
If you want to see an even better system than randomly unique numbers, though, check out the paper at vreceipt.com. Not only can voters in this guy's system know their vote was tampered with, but they can prove it with their cryptographically signed receipt. Better, still, even though you can use the receipt to prove that your vote was recorded accurately, nobody else can use your receipt to tell what your vote was (and pay you for it, blackmail you about it, or in any other way violate the secret ballot concept).
You'd still need people in the polling places to make sure the number of votes reported matches the number of people who walk into booths, but that's not so hard. -
Ballot Integrity by Printed Obfuscated Receipts
One way of maintaining the integrity of a ballot is to have the machine ossue a printed receipt, but the major objection to this is that it allows post hoc determination of who an individual voted for, removing one of the 'tails' of the four-tailed (secret, universal, direct and equal) ballots which are considered the Gold Standard*.David Chaum (one of the original inventors of electronic cash) published a fascinating article about splitting printed receipts into two parts which are both required for the vote to be reconstructed, and handing half off to the voter, and retaining half until the election has been completed successfully. Highly interesting reading, and contains mathematical details and proofs of the integrity of the system.
*Don't get me started about the Electoral College system of electing the POTUS. Deliberately designed by the Founding Fathers to remove the 'direct' and weaken the 'equal' tails...