I propose a three part suggestion to support the Reliable and

Auditable goals of Correct, Usable, Reliable, Auditable and

Transparent Elections.

1. After voting, regardless of the machine used, I would take

home a serially numbered(1) receipt of my entire ballot.(2)

2. The next day I would like to see my ballot tabulated by serial

number in the newspaper and also accessible on the Internet, organized

by polling places. This would be a copy of the "official" results. I

could check to see if my ballot was recorded and counted exactly as I

voted it.(3) My ballot would still be secret because only I would know

the serial number of my receipt. I would expect the election judges of

each party would note on election night the total number of votes cast

at their polling place. A simple check of the reported number of

total votes would ensure that all votes were counted and also that

bogus extra votes were not added. Down loading all of the results,

perhaps a county or city at a time, to the Internet would make it easy

for interested individuals with spread sheets or calculators to verify

the totals when sums were aggregated. Downloading a single ballot at a

time might make it too easy to trace back to the voter.

3. After a reasonable time, a week to a month, a list of just the

serial numbers used in challenges (4) would be published. That way,

you could check that someone else was not using your serial number to

make a bogus claim. This part would only be important in the unlikely

case of a huge number of challenges or if the voting results were

extremely close.

I realize that not every voter would bother to save their receipt,

much less check the results, but a sufficient number would that would

be a great step forward. In fact, the number of hits on the website

would show voter follow up; and public opinion polls could estimate

the number checking via newspaper. As the Cater/Baker Commission just

reminded us, 30% of the public doubts that their vote is honestly

counted. My suggestions should help, I hope.

Is this is doable? Could it be hacked? Would a sufficient number of

counterfeit receipts could be manufactured to cause a problem in false

challenges?

-------------------------

(1) Only a simple serial number would be needed for

identification.Perhaps the first two letters would show the state and

a field to indicate the polling place. Authentication, check sums or

other needs could be added, as long as no extra effort is required of

the voter. Passwords should be avoided for simplicity. Experience

should dictate refinements. All software should be open source.

To enhance ballot anonymity, serial numbers should be randomly selected

in real time from a sufficiently large block of numbers. This would

minimize the association of the time of day that the ballot was cast

and the voter's identity. The published results should be listed in

numerically sorted order to facilitate lookup and also to separate

serial numbers from the order that they were used. This method should

be explained to readers of the results so they do not think that the

omission of a serial number means, indeed, a lost ballot, but rather

that a particular serial number was not used.

To enhance ballot anonymity, serial numbers should be randomly selected

in real time from a sufficiently large block of numbers. This would

minimize the association of the time of day that the ballot was cast

and the voter's identity. The published results should be listed in

numerically sorted order to facilitate lookup and also to separate

serial numbers from the order that they were used. This method should

be explained to readers of the results so they do not think that the

omission of a serial number means, indeed, a lost ballot, but rather

that a particular serial number was not used.

The ballot should be listed two ways on the receipt : a verbose

listing easy enough to read quickly while I was still in the voting

booth; and a condensed one line version of the same information, exactly

as it printed in the published tables.

(2) If supermarkets can give me an itemized receipt for seventeen items

totaling $ 44.28 and five coupons, three "cents off" specials and scan

my "club card" - all in real time and at completive cost - my scheme

should not be that hard or expensive to implement.

(3) With proper abbreviation and formating, I don't think that the

amount of data would be too large for newspapers. To save

newsprint, regional editions of metropolitan papers would print only

results of the local polling places. A safe guard that the "official"

results and the printed results are the same, would require that the

computer transfer was verified at the newspaper/government level. The

added cost to the newspaper would not require much, if any, human

effort.

(4)A confidential system is needed for challengers who wish to keep

their ballot secret.

Phil Karn, Sr

230 Division Ave

Lutherville, MD 21093

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11336/32585#32585