[E-voting] Re: terrorism and electronic elections

Michael McMahon michael at hexmedia.com
Tue Jul 12 12:26:43 IST 2005

Catherine Ansbro wrote:

> It is very easy to "fiddle" a "random" sample.  If you can compromise 
> the means by which the samples are chosen--and it's not very hard for me 
> to imagine this--then you've got no protection at all.  It would then 
> mean that if you can control just the method for choosing the sample 
> you'd be able to control the election.

I think this problem is overstated. The scheme I have in mind involves
mixing up the votes in each ballot box and physically removing a sample from each.
It would be impossible (practically) to pre-determine which votes
come out. Or to put it another way, if the counting staff tried to
do it, it would be pretty obvious. Granted, the way I described
the system initially, the selection of which ballot boxes to look
at, would be done by computer. I know that some people might have
a problem with this, but given that one part of the selection is done
by mxing up the votes, in full public view, I would not see this as
a problem. However, it would be possible to do the whole
process manually. In this case, you would mix all the votes from
all ballot boxes and take out the required percentage for auditing
that way.

> Plus, you have to not only control the random sampling but you also need 
> to have impeccable custody chain of ballots. (This one is pretty good in 
> Ireland, though as I've mentioned there are breakdowns in the procedure 
> even here.)

Right, and that's no different from today.

> Events in the States have shown how very easy it is to get around these 
> rules.  (And, to break the rules and yet experience no consequences.  
> We're no difference here.  What about the voting machines that arrived 
> with their security seals broken, and all the election officers decided 
> to go ahead and use them anyways.  Same thing--break the procedures, but 
> it's "not serious and can be ignored.")

That's a fair point, but I would make the point again, that the law
should only specify the procedures which are really important, and IMO
that only concerns the details of the audit, and the handling
of the paper ballots. Would it really matter if the seals were broken,
so long as the paper ballots were handled correctly and the audit proved that the election
was fair and accurate? The whole point of VVAT is so that voters should not
have to care about details like the seals on the machines.

> Also, what do you do when there is only a "small difference" (e.g., each 
> polling place is off by just a few votes--nothing that seems important 
> and could just be human error)--but as has recently been shown, all you 
> need is a very tiny difference in many areas to swing an election.  Yet, 
> none of these differences in themselves would appear to be serious on 
> their own.   (This is something like what happened in Belgium--the 
> difference between the hand count & the electronic count wasn't enough 
> to change the results, so they assumed the electronic count was more 
> likely to be accurate (!) and then did away with all hand recounts for 
> the future.)

If you do a hand-count, then a discrepancy can be caused by human
counting error, and logically it is easy to dismiss the audit on
this basis. Although, if they were serious about it, they would
have repeated the check until the discrepancy was reconciled.
What I am talking about, is a bit different. It is
a comparison of the electronic copies of votes with their paper
counterparts. As soon as one single vote turns up, which looks different
to its electronic version, then a red flag goes up, and unless
there is a rational explanation, then the votes would have to be
counted manually.

> As one person at BBV pointed out, statistics are useful in catching 
> random, non-malicious errors.  But they are /not/ an effective tool for 
> catching malicious errors.

This is really not true. A random sample taken across an entire election
will catch a defined error size at a defined level of confidence,
regardless of whether the errors are malicious or not. The Math does
not assume that errors are distributed in any particular way.
I'm taking this from a paper written by Andrew Neff


* He talks about receipts in the paper, but the same
   would apply to a VVAT system where serial numbers are printed
   on the ballot papers.

More information about the E-voting mailing list