[CAVO] Fwd: [VVSG-election] [VVSG-interoperability] By November, Russian hackers could target voting machines

[Gilbert,Juan E]

Hi Rebecca, it's been a while since I've seen you.

Yes, VVPATs are bad for all the reasons you have mentioned. I also agree that the cryptographic voting schemes are vulnerable to manipulation and human error as well. The work we have done provides a human countable ballot. It could be machine countable as well. I know the election officials prefer to use a machine to count the ballots due to the time it takes to manually count the ballots. In our work, either way is fine.


I hope you are doing well.


Thanks,


On 7/28/16 3:16 PM, DrM wrote:
The VVPAT on a continuous roll was NEVER what I and others had intended as an implementation of Voter Verified Paper Ballots (VVPB). The continuous roll leaves open the possibility of vote-selling and exposure of the ballot contents because the order of the voters as they enter the polling booth can be recorded and later synchronized to be revealed. There have also been problems with the paper rolls jamming and ripping, and there is also an electronic tally that can be used in lieu of the paper. This is the same with the paper sheets. Typically the paper is NEVER counted nor used for recounts.

My concept of the VVPB uses the paper as the ACTUAL ballot. Namely, the ballot that the voter sees and VERIFIES with an affirmative action, is the TRUE ballot to be used for vote tabulation and also for purposes of recounts. For example, hand-prepared ballots that are publicly hand-tabulated, such as in the UK, would qualify as VVPBs. Hand marked paper ballots that are optically scanned are typically never hand-tabulated, and in some regions (such as Florida) their hand-tabulation is PROHIBITED by law. Some states, though, do provide for a hand recount of paper ballots that the voters prepared or verified at the time of voting, and that would be OK in my opinion.

The positions of various academic proponents of different balloting systems has tended to change over the years. Some also allow for cryptographic voting, which they refer to as voter "verifiable" which I also find unacceptable, since the voter really cannot verify the mathematical implementations directly.

For additional information about electronic voting, its inherent problems, and my positions and writing, see the many papers and articles on my website at www.notablesoftware.com/evote.html<http://www.notablesoftware.com/evote.html>

Good luck trying to sort it all out,
Rebecca Mercuri, Ph.D.




On 7/28/2016 12:55 PM, Brent Turner wrote:
Right- O--

Conversations with Felton have shown he is aligned with the security community in recognizing VVPAT as a failed / botched concept..

Dr. Mercuri can chime in but my understanding is Dill stole her design and failed to execute it properly..

Perhaps it would be better with OS code..  Rebecca ?

On Thu, Jul 28, 2016 at 9:42 AM, Gilbert,Juan E <juan at ufl.edu<mailto:juan at ufl.edu>> wrote:
This isn't a VVPAT demo. He didn't discuss VVPATs in this demonstration. The tally results were printed on a thermal roll, but that's not a VVPAT.


Thanks,


On 7/28/16 11:18 AM, Brent Turner wrote:
https://www.youtube.com/watch?v=HBqGzgxcfAk

On Thu, Jul 28, 2016 at 7:29 AM, Gilbert,Juan E <juan at ufl.edu<mailto:juan at ufl.edu>> wrote:
Brent, you said,

Currently the " secret software  " systems coupled with VVPAT's are
condemned as insecure by government study, so we don't have to consider
the internet to sound those alarms. Ed Felton from OSTP confirms.


Can you point me to those articles? I agree VVPAT's have issues. Just to
be clear, VVPATs are ballots printed on a continuous thermal paper roll.
However, ES&S ExpressVote and the work we have done for years with Prime
III, prints a voter-verifiable paper ballot on a single sheet of paper
versus the VVPAT on a continuous roll behind a glass screen. To my
knowledge, no one has condemned this approach as insecure in any way.
Has anyone heard anything different?


Thanks,





On 7/28/16 10:11 AM, Brent Turner wrote:
> Currently the " secret software  " systems coupled with VVPAT's are
> condemned as insecure by government study, so we don't have to
> consider the internet to sound those alarms. Ed Felton from OSTP
> confirms.

--
Juan E. Gilbert, Ph.D.
Andrew Banks Family Preeminence Endowed Professor & Chair
Computer & Information Science & Engineering Department
Herbert Wertheim College of Engineering
University of Florida
P.O. Box 116120
Gainesville, FL 32611
352.562.0784<tel:352.562.0784> (V)
352.273.0738<tel:352.273.0738> (F)
juan at ufl.edu<mailto:juan at ufl.edu>
Twitter: @DrJuanGilbert
http://www.juangilbert.com/

_______________________________________________
CAVO mailing list
CAVO at opensource.org<mailto:CAVO at opensource.org>
https://lists.opensource.org/cgi-bin/mailman/listinfo/cavo



--
Juan E. Gilbert, Ph.D.
Andrew Banks Family Preeminence Endowed Professor & Chair
Computer & Information Science & Engineering Department
Herbert Wertheim College of Engineering
University of Florida
P.O. Box 116120
Gainesville, FL 32611
352.562.0784<tel:352.562.0784> (V)
352.273.0738<tel:352.273.0738> (F)
juan at ufl.edu<mailto:juan at ufl.edu>
Twitter: @DrJuanGilbert
http://www.juangilbert.com/

_______________________________________________
CAVO mailing list
CAVO at opensource.org<mailto:CAVO at opensource.org>
https://lists.opensource.org/cgi-bin/mailman/listinfo/cavo





--
Juan E. Gilbert, Ph.D.
Andrew Banks Family Preeminence Endowed Professor & Chair
Computer & Information Science & Engineering Department
Herbert Wertheim College of Engineering
University of Florida
P.O. Box 116120
Gainesville, FL 32611
352.562.0784 (V)
352.273.0738 (F)
juan at ufl.edu<mailto:juan at ufl.edu>
Twitter: @DrJuanGilbert
http://www.juangilbert.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/cavo_lists.opensource.org/attachments/20160728/f56ec7af/attachment.html>