[conspire] Stolen election narratives, CA edition

Josef Grosch jgrosch at gmail.com
Mon Sep 20 16:33:05 PDT 2021


On 9/20/21 3:43 PM, Rick Moen wrote:
> [ DELETED ]
>> If one is going to get wound up about rigged elections try focusing
>> on the electronic voting machines. The software that run those
>> machine is propriety and no one outside of those companies has ever
>> seen the source code let alone had a chance to analyze it. Only the
>> executive of these companies know what sort of fuckery is going on
>> in the code.
> Former CA Secretary of State Debra Bowen did a fantastic job cracking
> down on electronic voting machines, decertifying completely a bunch of
> models that some UC Berkeley professors determined to have security
> flaws and not be fully auditable and verifable.
>
> I nonetheless don't trust electronic voting machines, full stop.
> During in-person voting (in Before Times), the precinct volunteers
> got to know me as the guy who always handed back the e-voting widget and
> said "paper ballot, please".
>
> Which reminds me:  The Sept. 14 gubernatorial recall election didn't
> have ballot stubs.  Every previous paper ballot I've voted, going back
> to 1976, had a detachable stub with a unique ballot number on it.
>
> Now, frankly, there's an aspect of this that has always had a
> disconcerting about of "trust me" about it:  You detach the stub and
> take it home from the precinct, so that you can "verify" that your
> ballot has been counted.  But what does "verify" consist of?  It meant
> that I could go to the S.M.C. Elections Office Web site, enter the
> ballot number, and a Web CGI would say "Yay, congratulations, your
> ballot has been received and counted.  Here's your cookie."
>
> And why would a Web CGI ever lie, right?  The whole model's kind of
> bushwah.  That is _not_ verification.
>
> In theory, I could (in Before Times, at least) march into Elections
> Office and say I'd like to see the official record showing that this
> ballot (holds up stub) has been recorded.
>
> Let's actually rewind time to an exampele scenario.  It's June 1976,
> I've just voted in my first presidential primary election (and indeed my
> first election, the 26th Amendment having given me the franchise in
> 1972).  At my precinct, Mariner's Island #2 recreation centre, San
> Mateo, I voted in the Demcratic Party primary for Frank Church of Idaho.
> I took home my ballot stub, and did nothing with it.
>
> But let's say I was a skeptical young man, and wanted to make sure.  So,
> I bicycle up to S.M.C. Elections Dept.'s main office in the San Mateo
> highlands, hold up my ballot stub, and want to verify that my voted choices
> have been correctly recorded.  The staff humour the bookish 18-year-old,
> and show me the records where my ballot number is shown as having been
> counted.  Done and done -- but is _that_ verification?
>
> If I wanted to be That Guy, I would have said to the staff, "How do I
> know, from this written record, that my ballot was recorded correctly,
> then?  What evidence is there that my selection of Frank Church wasn't
> misrecorded by accident or malfeasance as one for George Wallace?"  And,
> my present understanding is that the staff would have given me the
> polite version of a "Sonny, the world is imperfect" speech,  The county
> election offices have internal auditing abilities in the event of
> substantive reason to check, but an _individual_ voter is left with a
> certain amount of "trust me" by a system whose transparency doesn't go
> down to that level of individual checking.
>
> The latest change -- and I'm not 100% sure how new -- was State of
> California outsourcing citizens' did-you-get-my-ballot inquiries to
> i3logix, Inc. d/b/a BallotTrax, operators of Web site "WheresMyBallot"
> at http://wheresmyballot.sos.ca.gov/ .  Presumably, the 58 county
> election offices (and USPS?) periodically squirt received-ballot
> information to that site's database.  A voter can query the site by
> entering Firstname (no middle initial allowed!), Lastname, DOB, and Zip
> Code -- and the magic CGI tells you (claimed) status.  No ballot stub
> number.
>
> Just to make sure I'm clear:  There is nothing especially wrong with any
> of this.  It's just that there are design limitations in the system.
>
> Which leads to:  Would be it be possible and feasible (including
> cost-effective) to fix that?  Let's spitball this, with necessarily
> a dollop of handwavium.
>
> I'm picturing a future ballot mechanism where the ballot has a unique
> number shown and readable.  But also, my entering choices on the ballot
> generates a crypto hash value derived from my choices, maybe with a
> salting value added, and I'm able to read off and store that value with
> my ballot number.  Imagine this going onto into an electronic record
> signed by the election office's key, and I get a copy when I vote.  This
> is thus the higher-tech version of a paper "stub", but adds in the hash
> representing my voted selections.
>
> In this scenario, the ballot numbers and accompanying salted hashes of
> all received votes would be public information, available for everyone
> to scrutinise.  I, as the voter, having my independently received and
> stored "stub", could verify not only that my ballot was recorded, but
> also that it was recorded _correctly_ -- that my vote for Frank Church
> wasn't corrupted into one for George Wallace, so to speak.
>
> The United States, like its UK progenitor, made a policy decision a long
> time ago that ballot secrecy should be protected, to allow voters to
> privately vote any way they want without backlash from anyone.  But,
> please note:  Ballot secrecy is _not_ necessary in order to have a
> healthy democracy.  For privacy, yes.  For democracy, no.  This policy
> imperative always makes election _security_ a bit more challenging,
> because it means a citizen's entitlement to vote, having not voted
> twice, etc.  must be verified _before_ counting votes, as the ballot
> must get separated from all identifying information permitting anyone
> to trace back a particular set of choices to a particular voter.
>
> To date (using me as an example), there's a public record of when I
> registered (May 1976, San Mateo), when I changed my registration
> (first to Moraga, then San Francisco, then San Mateo, then San Francisco
> again, then to two addresses in West Menlo Park), that my party
> preference has always been Democratic Party, and that I missed one
> election, the special election in 1978 to replace my congressman, Leo
> Ryan, murdered at Jonestown.  I was at college in New Jersey, and didn't
> find out about the election in time to request an absentee ballot.
>
> But the record doesn't include _whom/what_ I voted for, over any of
> those 45 years of voting -- because of our policy of ballot secrecy.
> You only know I voted for Frank Church in 1976 because I chose to say so
> -- and I could be lying, for all you know.  I could have gone covert
> segregationist, and voted for George Wallace.  ;->
>
> I _think_ the whiteboard-exercise ballot redesign that I just spitballed
> achieves ability to trace (and verify the correct recording of) one's
> full voting choices as an individual voter, and at the same time
> protects voter ballot secrecy.  That is, I'm pretty sure that a
> competently hashed, salted value put into the public record cannot be
> reversed to determine whether I voted for Frank Church vs. George
> Wallace vs. Mo Udall vs. Henry "Scoop" Jackson vs. Jerry Brown (back
> when he had hair) vs. Jimmy Carter vs. Sargent Shriver vs. Birch Bayh
> vs. Lloyd Bensen.
>
> I think.  But admittedly, this is a difficult problem, which is why it's
> only ever been spitballed and never implemented -- especially since
> election bureaus are expected to be perfect and instantaneous while
> costing nothing.
>
> Anyway, there are also other possible variations, e.g., the hash gets
> stored at S.M.C. Election Office and is _non-public_, but I can
> authenticate myself and verify it against my record.  That could be an
> improvement, possibly.
>
> _______________________________________________


Agree. That is a big hole in in our election process. Sure I marked a 
vote for Bugs Bunny instead of Elmer J. Fudd but did that vote get 
recorded correctly? Did Elmer J. Fudd, millionaire who owns a mansion 
and a yacht pay some programmer to insert code to flip every third vote 
for Bugs Bunny to Mr. Fudd. I could see the ballots of a given election 
stored in some sort blockchain ledger with each cell representing an 
individual ballot that is encrypted with a generated password based on 
available data like full name, address, etc. with the salt being 
selected by the voter. Something like a 6 digit number or  a simple 
phrase. I can also see using a voters cell phone since almost everyone 
seems to have one.

Of course working all this out and going through the entire development 
cycle is not going to be a simple process and would require a number of 
really smart people in a well funded project.

3 cups of coffee and my head is buzzing,


Josef

-- 
Josef Grosch            | Another day closer |
jgrosch at MooseRiver.com  | to Redwood Heaven  | Berkeley, Ca.





More information about the conspire mailing list