[CAVO] Online contracts and voting

Lawrence Rosen lrosen at rosenlaw.com
Sun Jun 5 18:16:54 UTC 2016 

David Webber wrote:

>>> OK Larry - you're a legal dude - this is highly problematic - and most jurisdictions not doing this. What I will offer instead is - when you register online - then you can log back into that system - and see a log of your voting activity.  This will show you that your vote was received back. It can also allow you to check a box for "record ballot" so you can see that - BUT this is going to be highly jurisdiction and ballot / voter dependent.  We should definitely allow people to opt out or opt in for this.

<<< 

 

1. I don't need a log of my voting activity. Party pollsters want that. Google wants that. They also want my Facebook and LinkedIn accounts. Don't give it to them. Instead, what I want to do is vote next Tuesday and verify (through independent audit) that my vote was received and counted.

 

2. Unfortunately, being born in the U.S. or naturalized, and over the age of 18, is not enough to register to vote. Automatically – until death. That's a different and surmountable obstacle to electronic voting that deserves its own email thread here at CAVO.

 

3. Of course I accept opt-in and opt-out.

 

>>> Please do not use Facebook and LinkedIn in the same sentence as security technology!!! These folks are part of the problem - NOT the solution. Their websites are terribly intrusive running scripts that are looking at your computer and activity routinely. They are poster children for how NOT to do this. Privacy to them is what they can do with your information.

 

Okay, I won't. Except for that part of their technology which captures my Internet address and user account and PIN (just like the USPTO and Library of Congress and the IRS and the California Secretary of State and Department of Agriculture and many other government agencies do) to accept my legally important but confidential transactions.  I'll risk that as long as it is open source security software.

 

      Audibility has to be a pluralistic approach - that is tuned to jurisdiction requirements - lots of tools in the technology toolbox to get this done right.

<<< 

 

Okay, I'll be pluralistic and suggest that this CAVO list engage in a technical (?) discussion of auditability. How much and by whom and how?

 

/Larry

 

 

From: David RR Webber (XML) [mailto:david at drrw.info] 
Sent: Sunday, June 5, 2016 10:21 AM
To: lrosen at rosenlaw.com; CAVO <cavo at opensource.org>
Subject: RE: [CAVO] Online contracts and voting

 

Larry,

 

Like most of your wish list - see my notes below please.

 

Thanks, David

-------- Original Message --------

David, thanks for continuing this thread. It is good that this CAVO list discusses actual solutions to real-world California voting problems rather than merely share our fears and newspaper press releases.

 

I want a very simple replacement for the error-prone and insecure paper ballot that I used this week to pick our president. I hear that the majority of California voters vote this way by mail. There is NOTHING about this system that prevents any of the evil frauds and corruption that you expect from businesses and politicians, so be scared about our current third world voting system. 

 

I want something simpler:

 

*      #1 -  I want to receive an electronic ballot at my email address on my computer or mobile device. That's how the county and the U.S. government currently deal with me for almost everything else of significance, including my taxes!

 

>>> Done! We implemented this for the State of Virginia in 2010 and 2012 elections - all open source - and for 5M registered voters. We also validated this with the wounded warriors program to show disabled voting on tablet device using the system.  Of course this does put onus on State to ensure only registered entitled voters receive and use ballots - but that's the same issue today with paper mail-in ballots.

<<< 

 

*       I want to vote at my leisure. 

 

>>> Sure - #1 enables that.  Post-marked up to day of ballot of course. <<<

 

*       I want to print out and/or save my completed ballot. I'll keep it secret if I want to or show my friends.

 

>>> Whatever floats your boat! <<<

 

*       I want to send my ballot electronically to the county. (Yesterday I placed my completed paper ballot in a metal box in front of the county offices – with no security or auditability whatsoever. I am now paranoid!)

 

>>> Electronic delivery combined with paper mailed confirmation works. See solution #1 above - we also created mailing labels and enveloping instructions. USPS special handles ballot materials. <<<

 

*       I want the county to email me a confirmation and a copy of my completed ballot.

 

>>> OK Larry - you're a legal dude - this is highly problematic - and most jurisdictions not doing this. What I will offer instead is - when you register online - then you can log back into that system - and see a log of your voting activity.  This will show you that your vote was received back. It can also allow you to check a box for "record ballot" so you can see that - BUT this is going to be highly jurisdiction and ballot / voter dependent.  We should definitely allow people to opt out or opt in for this.

<<< 

 

*       I want the county to process my ballot on election day.

 

>>> Obviously the digital mail-in allows for that. Paper mail-in will be processed with absentee ballots. <<<

 

*       I want this entire procedure to be auditable with email addresses, PINs, or whatever the kind of technology our Facebook and LinkedIn friends are willing to accept for security.

 

>>> Please do not use Facebook and LinkedIn in the same sentence as security technology!!! These folks are part of the problem - NOT the solution. Their websites are terribly intrusive running scripts that are looking at your computer and activity routinely. They are poster children for how NOT to do this. Privacy to them is what they can do with your information.

 

      So now we realize how we don't want it to work - your digital ballot can be received and logged because it has a tracking ID - and that can be tagged to the matching paper ballot mailed in. But notice I can send you a paper document with a QR code to scan to initiate voting - so I know a real person - at a real postal address - received that.  If you want to share an email - that's your choice naturally. You will need to log into the main site and download your ballot though - and validate your credentials - that is how #1 works now.  And you don't have to email back a ballot - you can print and mail.

 

      Audibility has to be a pluralistic approach - that is tuned to jurisdiction requirements - lots of tools in the technology toolbox to get this done right.

<<< 

 

If we can't do that without sending astronauts to Mars, then your technology solution is perhaps way too complex and paranoid. :-)

 

>>> Larry - every technology solution I engineer has the following characteristics

 

1) Simple and Obvious - not rocket science

2) Transparent - does not really on technology slights of hand that humans cannot verify

3) Open Source as foundation

4) Robust, Minimalistic and Sustainable design

5) Performance optimized

6) Open standards based

 

However making the solution simple and intuitive is NOT a simple process - it is paradoxically easier to engineer complexity than it is to make things elegant and minimalistic.

 

<<< 

 

/David

 

 

From: David RR Webber (XML) [mailto:david at drrw.info] 
Sent: Saturday, June 4, 2016 9:09 PM
To: CAVO <cavo at opensource.org <mailto:cavo at opensource.org> >
Subject: Re: [CAVO] Online contracts and voting

 

Larry,

 

You are right to compare the USA to a third world country - its getting there.

 

The Kenya system is called M-Pesa - "Mobile money".  It is using a secure system invented in England - and the password is a simple PIN code.

 

Notice you will NOT be able to do this is the USA because the banks and the IRS do not want you doing that - creating an alternative financial system with no central tracking system - that actually empowers small business and entrepreneurship.  Here we still use paper cash money for that purpose.

 

It is terribly inconvenient that people have to use old arcane paper ballots - but it is VERY necessary.  You only have to look at how corrupt politicians are - and how adept they are at deflecting responsibility to realize that opening the flood gates to digital fraud is not prudent.  Not to mention routine hacking of systems in 3 out of every 4 businesses in the USA.

 

Everything in the USA is being gamed. What is the real price of bread, milk, eggs, gas, cars, paper, sugar, corn... ? Again - the current primaries system tells you much. Want to make primaries voting all digital - so no one has any clue who actually voted, and for whom really?

 

May as well walk those envelopes over to your recycle bin and just toss them in there.

 

But I'm not paranoid - I just have a healthy distrust and cynicism built in.

 

Cheers, David

 

 

-------- Original Message --------
Subject: Re: [CAVO] Online contracts and voting
From: "Lawrence Rosen" <lrosen at rosenlaw.com <mailto:lrosen at rosenlaw.com> >
Date: Thu, June 02, 2016 5:54 pm
To: "'CAVO'" <cavo at opensource.org <mailto:cavo at opensource.org> >
Cc: Lawrence Rosen <lrosen at rosenlaw.com <mailto:lrosen at rosenlaw.com> >

David Webber wrote:

> Please send money and we can engineer this for you.

 

Such unreasonable paranoia about voting!  

 

I have on my desk right now two signed and sealed ballots for the California primary next week. I know that my partner voted for a different candidate than I did. I'm going to walk into the County office and drop these two ballots, probably unmodified :-), into a wooden box on their counter. Somehow our votes will be counted by some machine that reads ink in bubbles. Results next Tuesday. Perhaps some of our votes will count. 

 

And so our president will be chosen!

 

Please don't waste your design time engineering a solution for problems I don't have. Just give me a simple way to vote – securely and with a trusted record – more effectively and cheaply than those two silly envelopes on my desk.

 

BTW, in Kenya almost all financial transactions are made through ordinary cell phones with passwords. And even here, in the U.S., my bank will accept deposits sent through pictures of signed checks from my phone. But we're much more paranoid here, especially about voting. 

 

/Larry

 

 

From: David RR Webber (XML) [mailto:david at drrw.info] 
Sent: Thursday, June 2, 2016 2:39 PM
To: lrosen at rosenlaw.com <mailto:lrosen at rosenlaw.com> ; CAVO <cavo at opensource.org <mailto:cavo at opensource.org> >
Subject: RE: [CAVO] Online contracts and voting

 

Larry,

 

That's why the USPS now accepts digital copies of money orders, instead of having to send the paper one.

 

Not!  That could of course be digital too - but - you would need a way to track all that - matching digitally presented versions to repository.  That's called Paypal, Google, Square or ApplePay et al.

 

Similarly registering to vote - concur - that can be a digital process - but then its gets more tricky. Yes - I can issue you with a digital voting token - but then how do I know you really cast that ballot? Parties could cast proxy votes for party members - and maybe there's nothing wrong with that - but - we're not there yet. 

 

Unlike in the money order or check situation - where tracking who does what inbetween is not part of the process - with balloting it is.  Except there's a twist - in the banking transaction - everything can be logged to a specific user entity - whereas in voting it has to be anonymous.  And that is where things get problematic. It's a bit like Heisenberg's uncertainty principle - the more anonymous you make it - the less you know what happened - the more you know what happened - the less anonymous.

 

And then who do you trust? Personally I want to see 3 separate systems of record - and be able to cross check. So if 1 gets compromised its obvious. And then to compromise all 3 simultaneously - that's really hard to do.

 

And it all needs to be open source and accredited.

 

Please send money and we can engineer this for you.

 

David

 

-------- Original Message --------
Subject: [CAVO] Online contracts and voting
From: "Lawrence Rosen" < <mailto:lrosen at rosenlaw.com> lrosen at rosenlaw.com>
Date: Thu, June 02, 2016 1:54 pm
To: "'CAVO'" < <mailto:cavo at opensource.org> cavo at opensource.org>
Cc: Lawrence Rosen < <mailto:lrosen at rosenlaw.com> lrosen at rosenlaw.com>

I haven't executed a contract in recent years – even with the federal or state or county government – that wasn't immortalized by some form of electronic signature. Sometimes they also require a paper signature on paper forms that they file somewhere and then throw away. But I'm as legally bound by my scanned signature as I am by my hand-signed document.

 

One of my clients recently complained about the boxes of printed documents that they passed, from year to year, to their non-profit volunteer corporate secretary. But instead, I told them, PDF copies of most documents, stored in an online repository with security and backup, is all anyone needs nowadays.

 

Registering and voting should be no more difficult than what the government already accepts on almost everything nowadays.

 

/Larry

 

From: David RR Webber (XML) [mailto:david at drrw.info] 
Sent: Thursday, June 2, 2016 10:11 AM
To: CAVO <cavo at opensource.org <mailto:cavo at opensource.org> >
Subject: Re: [CAVO] Article

 

And these same people will be the first ones to cry "Foul" if someone gets on the ballot with dubious credentials that they can neither refute nor confirm - via some "Kickstarter" like campaign...

 

David

-------- Original Message --------
Subject: [CAVO] Article
From: Brent Turner <turnerbrentm at gmail.com <mailto:turnerbrentm at gmail.com> >
Date: Thu, June 02, 2016 1:01 pm
To: CAVO <CAVO at opensource.org <mailto:CAVO at opensource.org> >

http://www.mercurynews.com/michelle-quinn/ci_29959886/quinn-elections-should-ditch-paper-embrace-technology


  _____  


_______________________________________________
CAVO mailing list
CAVO at opensource.org <mailto:CAVO at opensource.org> 
https://lists.opensource.org/cgi-bin/mailman/listinfo/cavo


  _____  


_______________________________________________
CAVO mailing list
CAVO at opensource.org <mailto:CAVO at opensource.org> 
https://lists.opensource.org/cgi-bin/mailman/listinfo/cavo


  _____  


_______________________________________________
CAVO mailing list
CAVO at opensource.org <mailto:CAVO at opensource.org> 
https://lists.opensource.org/cgi-bin/mailman/listinfo/cavo


  _____  


_______________________________________________
CAVO mailing list
CAVO at opensource.org <mailto:CAVO at opensource.org> 
https://lists.opensource.org/cgi-bin/mailman/listinfo/cavo

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/cavo_lists.opensource.org/attachments/20160605/990b403b/attachment.html>

More information about the CAVO mailing list