voting

[Perry E. Metzger]

"Trei, Peter" <ptrei at rsasecurity.com> writes:
> I think Perry has hit it on the head, with the one exception that
> the voter should never have the receipt in his hand - that opens
> the way for serial voting fraud.
>
> The receipt should be exposed to the voter behind glass, and
> when he/she presses the 'accept' button, it visibly drops into 
> the sealed, opaque ballot box.

Seems fine by me, except I'd make the ballot box only lightly frosted
-- enough that you can't read the contents, but light enough that poll
inspectors can visually assure themselves that the contents aren't
mysteriously altered during the course of the day.

By the way, I should mention that an important part of such a system
is the principle that representatives from the candidates on each side
get to oversee the entire process, assuring that the ballot boxes
start empty and stay untampered with all day, and that no one tampers
with the ballots as they're read. The inspectors also serve to assure
that the clerks are properly checking who can and can't vote, and can
do things like hand-recording the final counts from the readers,
providing a check against the totals reported centrally.

The adversarial method does wonders for assuring that tampering is
difficult at all stages of a voting system.

-- 
Perry E. Metzger		perry at piermont.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com