Black Box: What fresh hell is this?

http://www.votehere.net/products_tech.htm

Okay, the voting machine vendors have come up with a new way around the paper trail.

On first glance, it appears to me that this is a tech solution that capitalizes on a common misconception people have: "If I can verify that MY ballot was counted as cast, that proves the totals are correct."

No, it only means your vote was correct in a spot check, and DOES NOT guarantee that when your vote was thrown into the hopper with all the others, it was counted correctly.

An example of how flawed this thinking is shows up in my report on the multiple set of books, where the spot check comes from one set and the totals come from another. http://www.blackboxvoting.org/access-diebold.htm

What is missing in their description is a detailed explanation of what the "trustee" is and how they verify that all the votes in the database are the real thing. Who are they? How does this verification occur? Did I just not see the details?

What am I missing?

Bev Harris

for those of you not in the know, she answered her phone WHAT FRESH HELL IS THIS ???

....Shakespeare. :-)

These sleazy companies are just trying to capitalize on the customer's (general public's) lack of knowledge of computer systems and programming.

Try to buy a computer at Best Buy or CompUSA or any other computer retailer. What are your chances of getting a clerk who will try to schmooze you into buying something you don't need? If you're average joe off the street, you go along with it because you don't know.

Stick to your guns, Bev. You are doing great work and I salute you!

:toast:

In a press release, they imply that Dr. Dill is on board with this solution, though a careful reading indicates he is just considering putting it up for evaluation on his web site, and I don't see it there.

Look, I'm wondering if one of our resident experts can review that page and post a plain English summary of what their system is, along with a critique of what is missing in their explanation.

Because basically they are saying "buy our software, it shuffles your vote, posts them all on the Internet and you can check your vote with a specific number, and the trustees will verify that the whole pool of votes (1) was not added to (2) did not contain votes that aren't legitimate (3) didn't change any votes from the ones you checked.

This can be trickier than you think. When one of my sources showed me the double set of books, what he pointed out was that Table 1, used for the spot check, holding millions of votes, would need to have you manually add up each vote to make sure its total matched Table 2, where the totals come from.

I can visualize something similar here -- massive table that no one can check line by line, with a comforting "totals" line at the bottom.

Bev

Quoted text in italics.

Because basically they are saying "buy our software, it shuffles your vote, posts them all on the Internet and you can check your vote with a specific number, and the trustees will verify that the whole pool of votes (1) was not added to (2) did not contain votes that aren't legitimate (3) didn't change any votes from the ones you checked.

This can be made to work--to a point--but the devil is in the implementation. Even something as simple as giving out the vote number after a vote has been registered rather than before would open the door to organized fraud as multiple votes for the same candidate could be stacked onto the same number.

The most damning problem for public tables is that they offer no protection against ballot box stuffing: there's no inverse mapping to tell if all the votes on the table are real or fabricated. There is no way to solve this problem, either, while preserving voter annonynmity.

I can visualize something similar here -- massive table that no one can check line by line, with a comforting "totals" line at the bottom.

One assumes that the overall vote table will be in a machine-readable format (CSV, XML, etc). Tallying up the counts becomes a simple matter of using a spreadsheet or writing a script.

Good point, of course one could transfer the data into a spreadsheet and have it do the math.

However, counting millions of votes in a spreadsheet would require breaking it up. Most Excel sheets will only accept something under 100,000 lines of data. Not a big problem, though, especially if they are required to split it up by precinct, which is what should be required.

Yes, ballot box stuffing is a problem, though. A procedural check against that is to have a manual voter sign-in and compare that, at each precinct, against number of votes cast.

But even that is a problem, because these systems are now hooking up directly with the voter registration databases. So, instead of a kindly poll worker sitting at a table checking your name off a printout, we will get the new, sleek, fancy method where the computer simply logs you in. Then, the computer can stuff the ballot box by going into the voter registration database and yanking out registered voters who did not cast ballots. Since our turnout rates are about 50 percent at best, it wouldn't be hard to skim some extra numbers out of that.

I don't see a way around that problem, does anyone?

Bev

I don't have any refs at hand but there's been a fair bit of acedemic computer science study devoted to tackling the problem of anonymous and fully auditable voting. The general concensus is that it's impossible to create a self-contained voting machine which is both stuff-proof and untracable.

There are ways to reduce the risk of stuffing at a cost of leaving enough of an information trail that a sufficently motivated attacker could determine who voted for which candidate. This obviously isn't acceptable in an environment where a large number of candidates are roving around asserting that it is treasonous to vote for their challengers.

Ultimately, it boils down to a matter of trust in the suppliers and in the equipment they provide. Open source (GPL) software would be a help but is by no means a panecea as there's no way for Joe Public to verify that the code in the voting machine is the same as the code that has been published and vetted as safe.

I have an idea of how it might be possible to a reasonably secure voting system in an environment where all voters are issued with smartcards containing RSA encryption processors but it would be far too costly to implement.

CVS takes up a lot of room in memory with all those quote marks etc.

I'd go for a much more concise data structure that wouldn't necessarily be human readable.

When the type of problems you mention above are brought up, you are fired. When I get my hands on all the documents for my case, I will show you.

to continue with the literary...

hell has become "the continuous present" - Gertrude Stein, and she was not referring to 'present' as 'gift'...

even FURTHER o/t:
i'm reading exciting stuff on the voting story... hope you're holding up!
?W is (except for some new art) virtually inert. (more hate mail than spam, more spam than real mail to ?W <sigh>
but, pushing mid-summer seems pointless. W is (finally) being questioned. the meme may have stronger legs after labor day.

hope to chat soon. (gotta plan my pacific northwest vacation window)

nost

Hello,

Regarding your new VHTi electronic voting system:

"VHTi allows the voter to electronically confirm that their submitted ballot is recorded as intended and that it is contained in the ballot box."

I am a 20-year veteran of the technology community, designing analog integrated circuits and coding hundreds of programs. Ahem: That is NOT a verified vote. That is NOT a "ballot box"

Go straight to Jail. Do not pass Go. Do not collect $200.

Paper, dude. The voter must verify a PAPER BALLOT and physically put the PAPER BALLOT into a locked ballot box or optical scanner (which then drops the ballot into a locked ballot box)

Why is that so hard to understand??

Regards,

A friend of mine who works for the Democratic party likes to infer that I am a conspiracy junkie (whatever) and that the same problems existed with the ATM's.

How does one respond to that comparison, and how do we communicate in the fewest words possible why paper is important?

why would a criminal waste time with my measly bank account when he can steal the whole country?

People notice when their bank balance doesn't reconcile with their records. With paperless voting, THERE IS NO RECORD, at least not a verifiable one.

In addition, the bank gives monthly statements, which people compare with their own records.

This is a triple paper trail.

A single paper trail for peoples' votes is hardly too much to ask.

Vitruvius

a paper receipt is not good enough for a voting machine, because it could say something different from the transaction the machine records. Now, a touchscreen that let you select a candidate by his/her picture, and then printed a completed paper ballot based on your input, which would then be stuffed in an official ballot box, would be good. They could even use the machines to tally votes, and only keep the paper ballots they produced for backup. But they CANNOT be permitted to have no auditable paper ballot trail left behind, or to get away with letting each voter walk away with his/her own paper ballot (incorrectly labeled a "receipt").

I figured maybe he knew something I didnt!

Thanks so much, I haven't been smiling much today.

Bev

... because that's their domain name. Not votehear.net.

:)

reductio ad absurdum of said process. My guess is that it is a warmed-over attempt to proffer the "yeah, we know what you meant, but that doesn't mean that we're going to count your vote" process - perhaps with a twist that if everyone verified their vote (which, of course, they won't do) the process could insure a correct tally.

Look, all the first-rate programmers are also mathematicians, so if it's what I think it is, it won't fly with the likes of Dr. David Dill, or Dr. Peter Neumann.

Also, if it's what I think it is, it can be filed under "they really must intend to cheat, look at the lengths they go to to avoid an honest audit".

http://www.votehere.net/news/archive03/072903.htm

<snip>
Stanford University Professor David Dill has agreed to host the material on the website www.verifiedvoting.org to encourage rigorous, objective review by computer scientists and election experts. "We need to know whether VoteHere’s claims are valid before we trust this technology with our votes," he said. Verifiedvoting.org educates the public about the risks of electronic voting systems that lack meaningful audit trails.
<snip>

They say patent pending. If they gave us a patent pending number, we could lookup the patent application. Oh well, I have every confidence in David Dill.

....a method of organizing the organizations that have a track record of mobilizing the public! We need to brainstorm a strategy to mount an effective 'TAKE BACK THE VOTE' campaign!

First we need to decide on what course of action will work best for the people. Just telling the elections people what we don't want will not suffice. We need to tell them what we want in one loud voice as we the people!
Just asking for a paper trail is not enough! We need to pin down all of the factors that threaten the sanctity of our vote and publish that list ASAP! We need a 'white paper' describing our demands that we can all get behind! That, IMHO, is the first step in getting people fired up and active! Give the people a list of DEMANDS they can understand and rally behind!

Then we need to gather a list of proven organizers of grass roots campaigns. Groups like Move On and the League of Woman Voters.
We must convince them with overwhelming logic of the rightness of our cause and enlist them in the fight to get a coordinated 'action plan'
in place.

We could try to do it one person at a time but it seems to be a better strategy to devise a plan of action and enlist the help of other organized groups to help carry the message to the people. :)

We need a simple MESSAGE that Americans will GET, and reveals the importance of this problem and how it threatens the Democratic process PERIOD.

paperless machinery is not there. They say that when we (the people) cast a vote, it is magically transported to the hard drive fairy who will (being a good Disney scout) correctly and accurately tally the votes. The "trustee" is the application (or well paid republican that emulates the application via remote access) that watches the hard drive fairy - its job is to make sure that for every dem vote cast, 2 rep votes get tallied next to it, maybe the algorithm calls for a varied ratio based on Dubya’s boxer short size, but the outcome will always favor the house (BFEE). The way it works is somewhat how slot machines are always hardwired to give the casino the advantage on odds.

Oh yeah, and anyone who says that an electronic device such as a computer (which can't shout "thief") is absolutely secure, actually means that the system has already been compromised from the inside.

A voting system that does not provide tangible proof yields an election result for which there is no tangible proof.

If no tangible proof of the vote, then no tangible proof of the vote total.

Bev. :thumbsup:

I know you are usually elsewhere than the Black Box threads, and I always like to see your political perspectives.

This thing has me too damn busy and I'll be glad when the LAST big story is out the door!!!!

This one is big, and we've done the hard part, and we're stuck on the last, last, last, last bit: finding someone with bulletproof academic credentials to confirm what four independent sources have already confirmed, and put their name to it, WHO IS NOT ON VACATION!!!! (Calling bulletproof credentials in OS and security and a serious set of 'nads PLEASE.)

Thanks everyone for your take on the VoteHere stuff. So my instincts are right: more secret source code, more patting everyone on the head, more ways to avoid doing an actual audit.

Cripes this is getting annoying.

Bev Harris

I find it fortuitous that this announcement is coming at this point in time. This has a couple of unfortunate- maybe deliberate, effects:

1) Remember the people on the California Task Force, who agreed we needed an audit trail but were kind of looking at a "someday" solution and ignoring the present, urgent, need? Were they lobbied by this company? If people get all jacked about this, they won't focus on the right now and 2004 will be a goner, guaranteed.

2) Takes the focus off the Blackboxvoting topic. Almost sounds like a Carl Rove move. The Election Center has done its job of conditioning election officials against paper, anything but paper. So, "Ta Da!", here's someone with a solution.

3) We'll just wait and put this system in our machines at some unknown future time. Meanwhile, elections go on....

4) How many ways and places can an Internet election be subverted? We know that cryptography is only part of it. Votes can be hacked at either end of the cryptography.

5) How do you realistically audit such a system? I can see maybe individual audits, but that's not how you recount an election.

6) The election process gets closed up again. Maybe the program is clean now, but you can never guarantee that all the time. What is the continuing cost in upgrading it? How many ways can it be manipulated while upgrades are installed? Somebody better clue in counties that buying the program is only a small part of the cost. This could make paper look real cheap.

7) A program is a sitting target. It's done, in the bag. Hacking is a mobile entity. It can respond very fast, ever changing. A voting program can't do that, hackers have time to exploit every vulnerability they can find.

8) Is a true, independent, audit trail produced? I don't see how you can do that with a computer program. HAVA Act, Title III, requires a PERMANENT PAPER RECORD with AUDIT CAPACITY. Period. That record can only be produced by the voter filling in the tangible evidence of their vote, or by witnessing/verifying the computer printout. I totally disagree that this program can fulfill HAVA requirements. See Wold article below Internet security article.

9) See the article below on the speed of hacking and the impossibility of security. I believe this author has an excellent point, and I've already mentioned part of it.

10) If their security is so cool, why have they contracted with Bruce Schneier's company Counterpane? Does Counterpane provide security for this company on a day to day basis? (I emailed Schneier about it, and whatever Counterpane does, it's not working on the voting program and Schneier reiterated that he would never endorse Internet voting. Schneier and Kitkat may be two people to get to review it)

11) Look at the program, yes. AFTER we've researched Diebold's programs and others, and secured voting for the time being with paper ballots. Say, very nicely, that you're glad they are working on it and we'll take a look AFTER WE PUT OUT THIS BLAZING INFERNO OVER HERE!!! You don't get distracted over a new, unproven, firefighting gizmo while the inferno rages. Keep the eye on the goal. Secure elections first. Then we can play with other people's new toys.



Security Attacks' Speed Outpaces Time To Respond

By , InternetWeek
May 19, 2003 (9:28 AM)
URL: http://www.internetwk.com/story/showArticle.jhtml?articleID=10000220

Symantec CTO warns of the increasing gap between speed of security attacks, speed of response. By Michael Vizard, CRN
Symantec Corp. chief technology officer Robert Clyde is warning that there's a growing gap between the speed at which security attacks are being launched and the industry's ability to respond. Speaking at the Global E-Commerce Summit at the United Nations on Thursday, Clyde said that, historically, most attacks on Web sites are classified as Class III threats because they tend to take several hours and even days to execute. But in recent months, the industry has seen the emergence of Class II attacks--also known as Warhol attacks--that manifest themselves in minutes. "Over 90% of hosts that came under attack from SQL Slammer were hit in under 10 minutes," Clyde said. "We call these Warhol threats because they make themselves famous in about 15 minutes." Before long, Clyde predicts that groups of hackers working in concert will be able to launch attacks in seconds to create a set of Class I attacks, also known as Flash attacks. "The attacks are increasing in frequency and in complexity," noted Clyde. "And the bar to becoming an attacker is being lowered because the tools are getting more sophisticated. Someone can now learn to use the tools effectively in weeks to months rather than years." The eventual rise of Flash attacks means that the industry will have to take a more proactive approach to security because the attacks will happen faster than humans can respond, Clyde said. "The vulnerability threat window is shrinking and in theory could become zero. We used to have six months between when a vulnerability was discovered to come up with a patch before somebody exploited it. But for Code Red, the time was only 28 days." To deal with this eventuality, Clyde said patches need to be developed more quickly and deployed continuously in an automated mode. Other areas that need to be worked on include adaptive management and lockdown of networks so an attack on one router is automatically recognized by all routers on the network; the ability to throttle back the throughput of suspicious packets on the network in order to limit damage; automated tools for ensuring that all network clients are compliant with security policies; and advances in securing Web services technologies that do not interfere with application performance, he said. In addition, Clyde said Symantec will also begin focusing beyond the network layer by researching application-level security to protect business processes. All of these efforts will be needed to combat hackers that Clyde expects will soon be working as coordinated sets of teams. "It will not be long before well-funded teams of hackers sponsored by countries or other organizations begin to create Flash attacks that can be launched in seconds," he said.

This story appears courtesy of CRN, the newspaper for builders of technology solutions.




THE HAVA REQUIREMENT FOR A VOTER VERIFIED PAPER RECORD

Darryl R. Wold (1)
July 23, 2003

This paper explains that the Help America Vote Act of
2002(2) requires that any voting
system used in an election for Federal office must produce a paper record
of the vote cast by
each voter that has been seen and verified by the voter. HAVA further
requires that this voter
verified paper record be available for a manual audit of the voting system,
and for any recount.

HAVA requires, in section 15481, subdivision (a)(2)(B), that:
“(i) The voting system shall produce a permanent paper record with a
manual audit
capacity for such system.
“(ii) The voting system shall provide the voter with an opportunity
to change the ballot or
correct any error before the permanent paper record is produced.
“(iii) The paper record . . . shall be available as an official
record for any recount . . ..”

Taken together, these provisions requiring a “paper record” that is
to be used for a
“manual audit” for the “voting system” make it apparent that HAVA requires
a paper record that
is seen, verified, and turned in by the voter.

The suggestion has been made, however, that the requirement of a
paper record to be
used for a manual audit can be satisfied by a paper record of votes that is
produced for the first
time after the polls have closed – that is, a printout of what the computer
has stored, and that has
never been seen by the voter.

This interpretation, however, that a post-closing printout of what
the computer has stored
would satisfy HAVA, would permit an audit or a recount to be conducted on
the content of a
computer and not on a contemporaneous paper record of votes cast, and would
make the
requirement for a “manual audit capacity” virtually meaningless.

_______________
1 Mr. Wold served as chairman of the Federal Election Commission
in Washington, D.C., during
2000, and as a Commissioner from 1998 to 2002. He is currently an attorney
in private practice
in Orange County, California. His practice emphasizes political and
election law, including
campaign finance compliance issues, ballot access, and recounts. His
clients include AccuPoll,
Inc., Irvine, California, a manufacturer of electronic voting systems.
2 Help America Vote Act of 2002 (“HAVA” in this paper),
enacted as Public Law Number 107-
252, October 29, 2002, 116 Statutes 1704, and codified at 42 U.S.C. §15301
et seq.. All
references in this paper are to 42 U.S.C. §15481 unless otherwise noted.

page 1
_______________
A paper record consisting solely of ballots printed by the computer
after the closing of
the polls -- and therefore never seen by the voters -- would mean that a
manual audit or recount
would simply amount to reviewing what was stored in the computer. The audit
or recount could
not manually verify that the computer had accurately recorded the voter’s
intent, or had
accurately stored that information, or had accurately printed out that
information. Both an audit
and a recount, therefore, would miss the key element of the system –
whether the voter’s
intention had been accurately recorded.

At most, even a complete manual count of paper ballots printed by the
computer postclosing
could only verify that the computer had accurately tabulated various totals
– that is, that
the computer had “done the math.”

Such an audit or recount could not manually determine whether the
computer had
accurately made a record of voter intent – that is, that the paper record
printed post-closing
actually represented the votes intended to be cast by the voters.

An audit using a record of votes printed post-closing, of course,
could not be considered a
manual audit of the complete voting system – it would be a partial audit,
at best, limited to the
math performed by the computer. It would not be an audit of whether the
voters’ intent was
accurately recorded by the computer – and that is the critical issue.

HAVA’s requirement of a “manual audit” compels the interpretation of
“paper record” as
meaning a record that has been seen and verified by the voter.

First, it is apparent from the common meaning of the words “manual
audit” that HAVA
requires that this audit be conducted by visual examination and counting by
hand, and not by
machine. A common dictionary definition of “manual” applicable to this
context is “worked or
done by hand and not by machine.” The term “audit” applicable to this
context means “a
methodical examination and review.” (Both definition’s from Webster’s Ninth
New Collegiate
Dictionary.)

So far, therefore, we have a requirement for a methodical review by
hand. The next
question is: What is to be reviewed?

HAVA provides that it is the “voting system” that is to be audited
(§15481(a)(2)(B)), and
defines the voting system as including “the total combination” of equipment
that is used “(A) to
define ballots; (B) to cast and count votes; (C) to report or display
election results; and (D) to
maintain and produce any audit trail information . . .” (§15481(b)(1)). In
other words, the system
to be audited is the complete process of casting and counting votes. There
cannot be a “manual”
audit of the casting of votes, of course, unless there is credible and
contemporaneous evidence of
the votes cast that can be reviewed by hand, as a check on the electronic
portion of the system.

Further, the critical issue in any voting system is whether the
system has accurately
reflected voter intent. The question raised in counting the votes in
Florida in the 2000
Presidential election, for instance, was not whether the machines had
accurately done the math –
it was whether the ballots that were counted actually reflected the voters’
intentions. That issue

page 2
_______________
can be determined in an audit of a voting system only by examining what the
voter has seen and
approved -- a paper record reviewed and verified by the voter.

The importance of a paper record verified by the voter is also
emphasized by HAVA’s
use of the term “audit” rather than some other term that would merely
require some lower level
of examination. Requiring an “audit capacity” for the voting system,
including the accurate
recording of the votes cast, clearly contemplates a paper record as the
source document – as the
original record of the voters’ actions – and not a secondary document
produced after the fact as
evidence only of what is in the computer system at that time.

The distinction between an original paper record of an act and
electronic records as
indirect evidence is an important one in the field of auditing, as
indicated by the standards of
auditing practice promulgated by the American Institute of Certified Public
Accountants in its
Statements on Auditing Standards (AICPA Professional Standards, 1998,
American Institute of
Certified Public Accountants, New York). The AICPA’s “Standards of Field
Work” require that
“Sufficient competent evidential matter is to be obtained through
inspection, observation . . . and
confirmations to afford a reasonable basis for an opinion.” (AU §150.02, ¶
3.) Under “Nature
of Evidential Matter” the standards recognize that “Corroborating
evidential matter includes both
written and electronic information” (AU §326.17), and that “In certain
entities, some of the
accounting data and corroborating evidential matters are available only in
electronic form” (AU
§326.18). Thus, the AICPA standards draw a distinction between a source
document that is an
original written record, on one hand, and an electronic record, on the
other. The standards for
field work do not contemplate that an electronic record printed out after
the fact is the same as an
original written record.

In this light, the significance of the HAVA requirement that the
system produce “a
permanent paper record” for use in a “manual audit” or a recount is again
apparent. HAVA does
not provide for a manual audit of an electronic record of votes cast (or of
a printout of an
electronic record, which is the same thing). HAVA requires a permanent
paper record of votes
cast, and that can only be read as meaning a contemporaneous paper record,
that the voter has
seen and verified.

This distinction between an original paper record of a transaction or
an act and electronic
records as indirect evidence of that matter is also found in standards
promulgated for government
auditing promulgated by the Comptroller General (Government Auditing
Standards, 2003
Revision, General Accounting Office, June 2003), which incorporate the
AICPA standards for
field work for financial audits (§4.01). In addition to financial audits,
government audits also
include performance audits. In that context, the field work standards
require that “Sufficient,
competent, and relevant evidence is to be obtained to provide a reasonable
basis for the auditor’s
findings and conclusions” (§7.48). Guidance provided for concluding what
constitutes
“sufficient, competent, and relevant evidence” provides that “Evidence
obtained through the
auditors’ direct physical examination, observation, computation, and
inspection is more
competent than evidence obtained indirectly” (§7.53, ¶ b) and “Examination
of original
documents provides more competent evidence than do copies” (§7.53, ¶ c).
Thus, these
government auditing standards also contemplate that an original written
record is the better
evidence of a fact than indirect evidence or a copy. Applied to the context
of an audit of a voting

page 3
_______________
system, it is apparent that a paper ballot that the voter has seen and
verified is better evidence
than a printout of an electronic record that the voter who purportedly
created the record hasn’t
seen.

In summary, it is apparent that the requirement of HAVA that a voting
system used in a
Federal election provide a paper record for a manual audit can be satisfied
only by a system that
produces a paper record that the voter sees and verifies, and that is
retained by the election
official as the record of votes cast for purposes of an audit and any recount.

This statutory requirement is not a bare legal requirement without
practical significance.
To the contrary, a paper record that has been reviewed and verified by the
voter is an essential
element of a transparent and open voting system. A voter verified paper
record that will be
available for an audit of the system and for any recount greatly reduces
the possibility of fraud
and provides a means of detecting and correcting unintentional error in the
electronic system.
Equally importantly, it assures each voter that the vote has been
accurately cast, and that there is
a paper record of that vote to serve as a check on the electronic system,
and eliminates the
suspicion of impropriety. An open and transparent voting system increases
the voters’
confidence in the system and the public’s trust in the results. It is an
essential element of the
democratic process by which we elect the government of this great republic.

page 4
-----------

Lots of meat and potatoes in there!

Bev

Bev,

Have you looked at David's resolution list, technologists?

I'm plowing through it now.

Names that come to mind, some obvious:

Peter Neumann
Jason KitKat
Bruce Schneier (www.counterpane.com)
Ben Rothke, Baltimore Technologies, Inc.
Wrote on Internet voting, don't have email address, have site:
www.spectrum.ieee.org/Pubs/spectrum/0201/spearoth.html
Lauren Weinstein, of Wired. Might know someone. www.wired.com
Ron Rivest (really big!) again, I don't have email info
David Jefferson

know nothing whatsoever about Windows.

Amazing, really. We've got whole universities full of "experts" who can't analyze interactions with Windows. And they admit it. Favorite academic response "I've tried to stay away from learning about Windows."

You've got some good suggestions there, thanks. I'll start acting on some of them tonight.

Bev

Programmers in computer science are often mathematicians. They are attracted to math often because unlike humanities and social sciences, there are no "gray" areas. Math has theorems which can be proven true or false.

Windows is totally antithetical to this sort of rigor. The most mathematically minded programmers will always shun Windows, because it lacks a rigorously defined semantics. Remember how Einstein said "God doesn't play dice with the universe." Mathematicians (except those who specialize in probability!) aren't really interested in a crapshoot, which is all Windows really is.

David told me in a phone conversation that some people signed on to that list intending to have *electronically* verifiable votes, perhaps at some point in the future. I am not sure when this signing happened, perhaps before the paper resolution was put out?

I lean towards paper verification, because it is the only practical solution at this time for punch cards, for a number of reasons I will be outlining on my new website.

No matter what the requirement, paper or electronic, we certainly need to look at what happened to put us all in this predicament, when we all thought HAVA election reform was a done deal.

What about that?

Dan S.
Spillane vs. VoteHere

Requirements describe the capabilities a product or a system
must have: *what* the system must do, as opposed to *how*
the system does it.

For example: we might require that a voting machine count
"ballots" with an error rate no greater than 1 in 100,000
ballots processed. But we don't say that "ballots" are
paper ballots, or records submitted to a database from a
electronic poll station, or rocks with stripes painted on them.

We might also say that a vote-counting system must have
mechanism for testing that its results are accurate. At
first glance it seems to me that the only way to do this is
to have a second, independent process for recording a random
subset of the votes. Properly done, that randomly chosen
subset will predict the final result -- if the prediction
fails, it's time to start digging into why!

We might also require that the voting system authenticate
its operators/managers, and log every action the operators
take.

But until you have some consensus on these requirements,
it's impossible to tell whether any given implementation
"works".

There are also policy issues, too. No matter what technology
you use, there is always the possibility (however small) that
the difference in votes between two candidates ends up being
smaller than the measurement error of the counting system.
(For instance: your punch-card counter has an error rate of
1 in 10,000 cards and 2 million votes are cast. You can
predict that your counter will get ~200 ballot cards wrong ...
if the difference in votes is substantially greater than 200,
you're fine. If the difference is 50 ... well, you're
ambiguous.)

A fair number of states have an initiative process -- perhaps
these requirements could be written into law?

J.

Very popular on Unix systems in the early 80's when I was still in this game.

How you identify your vote would be by transaction number - but how you know your transaction number without paper to remind is beyond me. And why the patent is also beyond my pay level.

But if I am correct, you end up with a Lotus type set of files that check for being in sync with each other.

So you say what is to prevent the sync software from adjusting the totals to GOP wins ??? - can we say nothing ???

Talked about Diebold/Holt/Hagal and the John Hopkins study, they credited you for starting the snowball.

http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=0&f=S&l=50&TERM1=Neff&FIELD1=IN&co1=AND&TERM2=Andrew&FIELD2=IN&d=PG01

1 20030028423 Detecting compromised ballots
2 20020128978 Detecting compromised ballots
3 20020078358 Electronic voting system
4 20020007457 Verifiable, secret shuffles of encrypted data, such as elgamal encrypted data for secure multi-authority elections

http://www.votehere.net/whitepapers.htm#brief

http://www.votehere.net/papers/Election%20Verification%201202.pdf

http://www.votehere.net/papers/VoteHereTechnology.pdf

http://www.votehere.net/papers/fc2001.pdf

But how does encrypt protect from change? only audit of paper would seem to do the job. Seems easy enough to change data, encrypt, and produce same data at another location.

... that it is using paper to avoid paper ballots.

In theory, it sounds just fine. You get to check a list of encryption numbers vs. vote type, find your encryption number and there's a listing of your vote.

In fact, it's very solipsistic and circular, and it's devoted solely to convincing the voter that the system worked as intended, and depends upon a printed listing. Very reassuring, but I imagine it could be beaten as easily as any other paperless system with the multiple books system, if only for a similar reason--matching individual vote totals by machine score against county- or state-wide totals would be a nightmare.

Other questions not readily answerable are:

Where would these lists be published, and how? By precinct, in the local paper? Not a chance. The East Podunk Times-Peccadillo isn't going to print a post-election edition the size of the Sunday New York Times at its expense. At the precinct? How many people are going to go to the local election office the next day and check their results? Not many, I venture. And, there's nothing mentioned about what happens to a post-election result if ten or fifteen people from a precinct say, "nope, my votes weren't that way?" Is that proof of equipment fault, or faulty memory on the part of the individual?

Fine, this uses a generated encryption key which is fed into the machine. That sounds like a wonderful security device, but there's nothing to suggest that vote totals couldn't be manipulated further up the chain of vote tallying, counting on _x_ number of people never checking their vote against the encrypted code number for their vote. How many people would just throw away the receipt just as they do an ATM receipt? The very odd part of this system is that it leaves the verification process completely in the hands of many, many disparate people--the individual voters. There's seemingly no measures in the system for _election officials_ to check the vote, other than verifying that the encryption key is correct in the machine.

It's an added layer of complexity in an already complex system. That means, completely without any outside malicious intent, the opportunity for equipment failure becomes greater.

Cheers.

You said:

It's an added layer of complexity in an already complex system. That means, completely without any outside malicious intent, the opportunity for equipment failure becomes greater.

Cheers.

***

Dan Spillane
Spillane vs. VoteHere

And it's always been MY first and foremost reason for being against computerized voting with no voter verified paper trail.

If computers have done the counting, but post-election someone feels that things haven't gone right and requests a recount (and raises questions about whether the software was functioning properly or not), the only people who can look into it are computer programmers.

Whereas, if you have those voter verified COPIES of electronic ballots, anyone can participate in a recount.

Imagine a Florida November 2000 where the spectre of possible vote fraud or tampering of the electronic machines has been raised AND there's the same tight deadline for sorting it out. Ain't gonna happen.

Of course, I do realize that the various laws that these characters have convinced the states to pass (as well as their contract with the states) precludes inspection of the code, but the principle stands. And it's another argument for Open Code too.

BTW, Bev, I want to make another point that I don't want to escape your notice re Georgia. Perhaps I'm being redundant here, but you'll understand why, I think.

I don't have the citation, but the State Legislature passed a law that any paper version of any electronic ballot is NOT the "legal vote," the electronic vote is the ONLY legal vote. That means, of course, that that law has to be overturned, and unless it is, voter verified paper trailes mean nothing. They couldn't be used in recounts anyway.

The guy who told me this, an attorney himself, said that basically they had to decide which was the LEGAL vote if there were two versions, and the electronic vote won. I don't know enough about law in general to sort this reasoning out, but my instincts tell me that the rationale here is pure baloney -- no doubt Diebold baloney.

Eloriel

The right way to think about it.

THIS is the nexus of the whole debate:

(you said)
If computers have done the counting, but post-election someone feels that things haven't gone right and requests a recount (and raises questions about whether the software was functioning properly or not), the only people who can look into it are computer programmers.

Whereas, if you have those voter verified COPIES of electronic ballots, anyone can participate in a recount.


***

Dan Spillane
Spillane vs. VoteHere
blower@libertywhistle.us

... exercise to find that vote and then cross-ref campaign contributions from voting machine manufacturers and/or their lobbyists and compare votes to contributions.

Cheers.

McDonalds Knows how many french fries they sold between 11:00 - 1:00 on any given day.

Wal-Mart can tell the time of sale for every pair off panties they have solds this year.

Computer programming is not rocket science.

Truely, developing a secure system that includes a paper ballot and duplicate reciept for the voter is not a difficult task.

The only reason to make this a complex program is to hide something.

How do you know the vote recorded electronically matches the one printed on the paper ballot and the one on the reciept?

Three hyper-techie PhD's in a freewheeling roundabout regarding this issue specifically. Stay tuned; transcription in process.

I'm so glad you've gotten involved in the BBV disaster.

The interview ran over two hours long. I won't have this thing finished for a couple of days. It'll be up and out on Monday morning.

As a computer programmer I understand that it's easier to tamper with bits and bytes than with pieces of paper. That's why paperless systems can't ever be secure.

Why can't we just go back to paper systems? The states are broke and they're supposed to be shelling out millions of dollars on unsafe computer voting systems. We need a system that's low-tech enough for anyone to be able to verify that it works.

Couldn't we just have a paper ballot that you fill out, then you slap it on a xerox machine and spit out a copy, and drop one copy in box A and the other copy in box B. Independent auditors tally up the separate sets of boxes and announce their results. This would be cheap and simple and people could intuitively see that it was secure.

... like a paper ballot. Works pretty well in the countries which have good security for the ballots and the necessary auditing processes.

But, here's the rub. HAVA, I believe, requires systems which enable the disabled to vote in private without assistance. That requires some sort of electronic device, and the manufacturers saw this as a wedge to get their machines placed as a universal standard.

Now, add on top of that several billion dollars worth of federal aid available to the states to buy this new generation of machines, and you can see how hopeless it is to say, be simple, go back to paper.

What is going on now, here, unfortunately, is defensive--trying to demonstrate that the electronics are unreliable enough and insecure enough to prevent fraud, that such justifies a paper audit trail.

Most people don't understand the inner workings of computer equipment well enough to imagine all the ways in which the machines are insecure, or all the ways in which they can fail during an election, and part of bringing the need for a paper trail into the public consciousness is explaining those things to them.

Cheers.

highly suspicious without having to understand the "inner workings" of anything but politicians. I posted a while ago that I worked recently at a business that is about 80% minority (a dollar store chain, I worked one of their distribution centers) and the employees were offered direct deposit, but no one wanted it. On alternet they quote a statistic saying that at one recent election 79% of whites vs. 40% (forgive if not exact) of non-white voters had confidence their vote had been accurately recorded on the machines.

I read through my state's HAVA documents and one thing that really freaked me out was how the voter registration lists are/ will be linked electronically to the Department of Health and Human Services, the Social Security Administration, and the Department of Corrections, not to mention the DMV for the motor voter registrations, plus there was a requirement in there that all election officials be able to access the lists easily. Now that everything is going to be so linked up, one crooked person in a variety of places could pull a Florida Choicepoint thing.

I still don't understand, and someone already asked this, how even if we do get the paper ballot, and it can be used legally for a recount, how do we know that what the paper says is what was really recorded by the voting machine. It seems like once the systems are implemented it will take legions of programmers supervising and auditing the systems and lists all the time forever more to make sure no one is trying to pull any funny business, which I am sure they will. (It wouldn't surprise me if the Republicans form a think-tank specifically for finding ways to use computerized voting systems to steal elections. Which is giving them credit really, by saying they don't already have one.)

The point of such a system is that, when an electronic vote is ready for submittal, the voter says I like that--that's how I intended to vote, then presses a button on the screen and a paper ballot of his/her choices is printed. The voter looks it over and if it's correct according to what they punched in on the screen, _then_ submits the electronic vote for counting, leaves the booth and puts the paper ballot in a ballot box.

That way, no matter what may go wrong with the machine, there is a voter-verified ballot which can be counted in the event that someone challenges an election total, or if there's recognized failures of the electronic voting system. Because the voter looked at the physical ballot received before submitting the electronic vote, the voter is sure that an accurate copy of the vote is available for inspection, even if the electronic tally is later shown to be messed up.

The issue of a paper ballot is not to agree with what may have been erroneously counted by the voting machine. The issue is that the voter knows that what he _submitted_ to the machine is accurately represented on a paper ballot which is stored separately from the electronic votes.

The difficulty now is that some states (Nebraska, Georgia, maybe a few others) have passed laws stating that the only true count in the election is the electronic count, precluding using paper ballots as the primary evidence of a particular vote. Those laws would have to be changed to include that necessary audit trail created by the paper ballot.

Hope that helps.

Cheers.

particularly seniors, walking out with their paper ballot and never even voting electronically, thinking that the paper IS their vote and not going further. Or folks may do the first two steps correctly and then forget to put their vote in the ballot box. I am surprised by this, I really don't think it is a good idea for the paper to leave the machine, it should just be readable and then fall into a box attached to the machine that can't be tampered with.

I'm taking from your response that we're not dealing with the issue (on this thread) of whether the vote recorded electronically and on paper is the actual vote that the software records. Although it may be a separate issue it sure is just as, if not more important than the other. It will take a really close election to call for recounts and this is probably a lesson the pukes learned in 2000 and if they try to steal the next election they won't make the same mistake.

... are mostly matters of timing or mechanics (or perhaps just poll worker training). Not major, in any event. Diebold (or perhaps it's ES&S) is already proposing that a sealed ballot container attached to a printer is feasible. They just don't want to do it.

Legislation such as Rush Holt's addresses your latter comment about recounts, to an essential degree--it requires spot audit checks.

But, to make my earlier point clearer, and one which Bev has harped on almost from the beginning, a voter-verified paper ballot is the audit trail. Even if one discounts the possibility of electronic fraud (which, at this point, one certainly should not), the record thus far for electronic voting machines is iffy due to software and hardware faults, at both the voting machine and counting database levels. Any system which depends _entirely_ upon electronic counting at some point will screw up, and without that paper audit trail--available to election officials--that entire election is called into question.

The very odd thing in all this is that a lot of election officials who have been sold on DREs have begun talking much like the voting machine manufacturers--that there is an acceptable margin of error in counting--and I find that quite disturbing, if only because it denies someone, somewhere, their vote. That sort of talk also avoids other realities, such as vote inversions, of which most of the systems are capable.

Cheers.

Yet they could tally it up in the base. Everybody knows this is way too important to ever to let it have any margin of error. A real public discussion is taking place about all these things regardless if anybody likes it or not.

I am also very glad this taking place. I had felt cheated as them people in Florida when that whole thing went down in 2000 and all them people were disenfranchised from there vote were left out to dry. Now the worm has turned and everybody is involved and all of us have an interest in it, with one's denial not withstanding.

We all have come to join the people of Florida, because they were not allowed to join with us. Who says not letting that hand count go through didn't have consequences. When so many signed that petition to tell SCOTUS they were wrong and the hubris of their position did not deter them.

In my comment to them on the petition denouncing there ruling, I said they made the worst decision since Dread Scot and I am still sticking with it. My five senses can tell me one thing, but I will still listen to my heart when it says something else that makes me feel it was wrong.

... access is made to the machine by a credit card-like SmartCard. Sure, the machine could be programmed to take the vote, and allow another swipe of the card to check the vote, where it could simply repeat the touch screen previously entered, and never actually show how the vote was stored in the machine. The voter might be comforted by that, but falsely, if someone gamed the system.

But, once one leaves the voting booth, what opportunity does one have to go back and personally check the results after the close of the election? Election's over. Your candidate lost and you think the machine didn't count your vote properly? Where are you going to go?

However, if you have a piece of paper in your hand before you leave the voting booth which accurately reflects your vote, which you then place in a locked box before leaving the precinct, you know there's an auditable trail if the election goes sour.

Yes, you can go by your heart and your instincts, but your head tells you how to get to the point you want to reach. All this BBV stuff is just the head informing the heart.

Cheers.

to dismiss than I earlier thought. My gut is still telling me that it is more complex than necessary, but my guess at this point is that it can be shown mathematically to protect elections.

The process depends on the following assumptions:

1.) Voters can get "walk away" receipts as long as these receipts cannot be used to buy votes. This is done by giving each voter a unique BSN (Ballot Sequence Number) and encrypted codes for every choice in every race.

2.) A complete list of BSNs vs. encrypted codes is published and every voter can check that their codes match their receipts. In addition, auditors can insure that every encrypted code is a valid encryption without being able to decrypt the code (and thus compromise the secrecy of the ballot).

3.) Vote counting is done by "shuffling" real voters and real votes. Thus a list is produced that contains the names and addresses of real voters opposite a real vote, just not their own. Presumably this list also contains the encrypted codes described above so that the public list is lined up with the “counting list”. I don't believe this “counting list’ is made public - instead we will be given codes that should comfort the mathematicians among us that the counting process was on the up and up.

Obviously, I'm still fuzzy on several details - this stuff is doctorate level mathematics and I haven't played at that level for quite a while. As of now, my concerns are:

A.) The complexity of this process will not help to assure properly skeptical voters that the system is fair.

B.) The DREs will still need to print a receipt. All the objections by manufacturers re ink and printer jams will still apply.

C.) As a licensed process, it will cost more than the Voter Verified Ballot approach.

D.) There may be several points of weakness where a malicious implementation negates all the protections.

E.) If, as advertised, the security of the process depends on encryption methods, this will mean that the well financed RW will begin a concerted effort to compromise the system with sophisticated code cracking.

Voter verified ballots (together with appropriate spot checks) are easy to understand and easy to implement. This whole thing needlessly muddies the waters.

I think people should keep this thread and use it for reference if this VoteHere distraction takes off.

That's still my major concern, that this will take the focus away from the BBV issue.

While we need to deal with the source- legislators, laws, and certain government officials; the first goal is to secure the system. We have to do that to remedy everything else.

If this issue succeeds in splitting the focus six ways to Sunday, the no-audit-trail-group wins.

Face it, it's going to be more fun to disect the code in this program than the Diebold program.

Many of you have made outstanding contributions as to why the whole concept of total electronic voting is a bunch of vaporous garbage, at least in this time frame we're in.

I was told that the first step in even thinking about Internet voting would be redesigning the whole Internet system, which was not designed to be secure in the first place.

I think the first step in any voting system is to secure the evidence of the vote. In all this time with computers, Interet, etc., evidence is something that eludes it all because bits and bytes are not tangible.

But I like the point made in the article I posted earlier in this thread, about the increase in security threats. No matter what you have come up with now, for computer voting or Internet voting, it's an instantaneous sitting duck. The programmers have to continually access what the program's weaknesses are, where it might be hit first, and are pretty much stuck with the code that is, because in a voting application, that program can't go through continual mods in a timely fashion and still maintain any semblance of certification. (Providing certification ever means something)

Hackers, on the other hand, have immense freedom to attack at will, on many fronts.

In a practical sense, you just can't do this.

I had a computer scientist tell me, in theory, you could do this with a highly mathematical formula. Sounds like they might have attempted that. But theory, even if proven possibly viable, is not the same as application. And we're getting good feedback here as to why the application would be a nightmare.

One of the first areas that needs debunking, really fast, is anything and everything that The Election Center/NASED Certification Board has taught election officials. Every time we go up against this, we face the garbage those entities have indoctrinated state and local officials with. Bev's research has pretty much done that. It's getting the message out and deprogramming years of disinformation that's difficult.

A lot of people assume that government officials are slightly above reproach, like family doctors. It's only after someone dies and questions start being asked, that you might find out what a "quack" is, even if they have the degree and all the certification in the world. We've been taught to respect so-called authority and not our own opinions and gut instincts. Time to put those facades to rest.

OK, that got long! Point is, don't let them take the focus away. We need to control that, determine which story takes precedence. So, for everything you might see on VoteHere's little diversion, make sure you respond, in mass, about what the real concern is and that the first step is to secure honest voting NOW, not spend another four years playing with theory. You can't apply bandaid solutions when a tournicuet is necessary to save a life. Stabilize the patient first!

(Then get those hacker groups in Canada and Europe to go after this one)

I think people should keep this thread and use it for reference if this VoteHere distraction takes off.

That's still my major concern, that this will take the focus away from the BBV issue.

While we need to deal with the source- legislators, laws, and certain government officials; the first goal is to secure the system. We have to do that to remedy everything else.

If this issue succeeds in splitting the focus six ways to Sunday, the no-audit-trail-group wins.

Face it, it's going to be more fun to disect the code in this program than the Diebold program.

Many of you have made outstanding contributions as to why the whole concept of total electronic voting is a bunch of vaporous garbage, at least in this time frame we're in.

I was told that the first step in even thinking about Internet voting would be redesigning the whole Internet system, which was not designed to be secure in the first place.

I think the first step in any voting system is to secure the evidence of the vote. In all this time with computers, Interet, etc., evidence is something that eludes it all because bits and bytes are not tangible.

But I like the point made in the article I posted earlier in this thread, about the increase in security threats. No matter what you have come up with now, for computer voting or Internet voting, it's an instantaneous sitting duck. The programmers have to continually access what the program's weaknesses are, where it might be hit first, and are pretty much stuck with the code that is, because in a voting application, that program can't go through continual mods in a timely fashion and still maintain any semblance of certification. (Providing certification ever means something)

Hackers, on the other hand, have immense freedom to attack at will, on many fronts.

In a practical sense, you just can't do this.

I had a computer scientist tell me, in theory, you could do this with a highly mathematical formula. Sounds like they might have attempted that. But theory, even if proven possibly viable, is not the same as application. And we're getting good feedback here as to why the application would be a nightmare.

One of the first areas that needs debunking, really fast, is anything and everything that The Election Center/NASED Certification Board has taught election officials. Every time we go up against this, we face the garbage those entities have indoctrinated state and local officials with. Bev's research has pretty much done that. It's getting the message out and deprogramming years of disinformation that's difficult.

A lot of people assume that government officials are slightly above reproach, like family doctors. It's only after someone dies and questions start being asked, that you might find out what a "quack" is, even if they have the degree and all the certification in the world. We've been taught to respect so-called authority and not our own opinions and gut instincts. Time to put those facades to rest.

OK, that got long! Point is, don't let them take the focus away. We need to control that, determine which story takes precedence. So, for everything you might see on VoteHere's little diversion, make sure you respond, in mass, about what the real concern is and that the first step is to secure honest voting NOW, not spend another four years playing with theory. You can't apply bandaid solutions when a tournicuet is necessary to save a life. Stabilize the patient first!

(Then get those hacker groups in Canada and Europe to go after this one)

....lately, I'll often get a "Web site not responding", will refresh, get a retry or cancel option, do a retry, then discover it DID post the first one.

But hey, couldn't a computer program enter a few extra votes that way?

I am just now beginning to fully grasp the issue.

The bottom line is obviously paper.

I loved what you wrote, particularly the issue of FOCUS.

What do activists specifically need to be doing right now?

momma

good thread

:kick:

Thanks Shance,

I think people should be writing and talking to everyone they can.

Let your local officials, legislators, federal reps, know where you stand and what you want.

Write your local papers. Any time you see an article on electronic verification, write and explain why that is garbage. HAVA demands that paper record with audit capacity, by the way.

Emphasize continual cost. Let them know that any program written today will get hacked tomorrow. You can't keep a thing like this above water.

Continual upgrades are just a venue for more manipulation.

And like I was told a long time ago, design types can come up with a wonderful looking system- then gasp in dismay at what the techs have done to it to make it work. There is a disjoint in theory and practical application.

Like the SERVE voting project, something like this should be required to work in tandom with a voter verified paper ballot system, FOR YEARS
to ascertain it's real world abilities.

We simply have got to get the idea back across to people that our vote is not something you get to screw with, just because your company wants their share of the pie.


Now, anyone got any connections with Gary Trudeau? He's really doing a great job- imagine if he got a cartoon thread going on bbv.....

"the first goal is to secure the system. We have to do that to remedy everything else."

That's the immediate goal. Everything else is a distraction.

Look at the lengths to which these people will go to avoid a paper trail. WHY are they making it so hard for a VOTER to verify his ballot? There are printers in all the touch screens already, PUT PAPER IN THE MACHINE, for cripes sake. How hard is that?

This is like, "meet me under the bridge at midnight with your secret code and I'll hand over a brown paper bag which contains your proof of vote..."

I have a better idea: Just put paper in the printer. Let us see our vote at the polling place. Do a robust audit. Is that so hard?

Bev

It's done in plain sight!

...Kick!

environmentalists and hate the thought of killing innocent trees.

... they've already done that....

Cheers.

....just might set a gold standard here, perhaps unintentionally, that all voting systems should be up for public review. (Where have we heard that before?)

It's my understanding it won't be all the files, but I've been told it has to be enough for the scientists to determine its function and security. I'm not computer savy enough to know what that means. I lean toward a total review of everything myself.

Now, this is a marketing gamble by VoteHere, in my opinion. Adler has been advocating audit trails, but stops short of paper. So, voila, he has the system, seems to be the only one, that will do that. Election officials, desperate to avoid the paper the big voting machine companies have promised will go away for the last ten years or so, will probably do a lemming drive to this "solution."

It's unclear to me though, as I've heard this will have paper involved too.

This still has the potential to do two things:

1. Divert attention from the current crisis

2. Make officials go ahead with these systems, under the premise they can fix the audit problem later, meanwhile, 2004 elections continue without safeguards

I don't think Dill will be easy on them and I believe we'll get some top people to look at it. I just hope that these people are not taken away from the current investigation.

I would contact Dill via his website with the questions you think should be answered about the VoteHere system, like how to do mass audits and how to secure a stagnent program from the ever evolving hacking community- but study the system after we secure 2004!

Agreed about the good posts here. But just a reminder. Room one and room two. We use Diebold's optical scan system here but state law requires recounts to be done on the machines. Only the State Supeme Court can order a hand recount of the paper ballots. I believe in Indiana it is a felony for any election worker to even handle a paper ballot without court order. If we are going to use any kind of electronic vote counting system the only solution is a hand count in a randomly selected number of pecincts to establish a statistical baseline against which the machine counts can be compared; and the right for any candidate at their own or their campaign's expense to request a hand recount. So it is imperative you get familiar with state law in your area relating to vote counts, and that you remember the paper ballot requirement is only the first step.
Thanks so much for all you are doing. Things happening here in Pima County. A state representative has agreed to introduce legislation in the next session to implement the reforms recommended in the Report on Pima County Vote Counting Procedures and Safeguards http://www.pimademocrats.org/votingreport/votingintegrity.htm Hope to have more news soon.
Gordon25