November 03, 2006
Mail Ballot Horror Show(XXVII): Secrecy can be compromised
Some voters in San Juan County have filed suit to prohibit a mail ballot tracking system that places unique bar codes on ballots, asserting it violates state law.
The vendor is VoteHere. As I understand their explanation, its shared key system could allow the canvassing board to match votes to voters, but only if everyone on the board colluded to do so (which it claims is "extremely unlikely"). No one can break the system, but someone who managed to obtain all of the shared keys could discover how individuals voted, I gather.
The Washington Constitution requires that:
The legislature shall provide for such method of voting as will secure to every elector absolute secrecy in preparing and depositing his ballot.
I think that's a higher standard than a software vendor's promise of "extremely unlikely".
Posted by Stefan Sharkansky at November 03, 2006
04:24 PM | Email This
1. I have heard the same thing happens with electronic voting machines which keep a "paper trail". The votes are all recorded in sequential order, which can easily be figured out -- based on the order in which people in the precinct voted.
In the meantime can a voter obscure or remove (with a piece of tape) the bar code? Would doing that cause them to refuse to count it?
On the Snohomish County ballot there are two bar codes on the envelope and two different bar codes on the ballot itself, one of which is on the stub that they instruct the voter to remove. On Monday I will ask the auditors office the effect of removing those.
Does anyone know if there have been any court cases regarding the legality of them in effect charging us to vote in counties that have eliminated polling places? For the primary I had to go about 1.5 miles to the nearest drop off point but they have eliminated that one for the General Election, the nearest one now is about 3 miles but it's in a direction I don't normally travel
I did ask the person who answered the phone at the Snohomish County elections dept. whether the courts had ever ruled on it and she stated that they were relying on an Attorney General's opinion that it was legal. She didn't know which Attorney General but since it was instituted here while Gregoire was still the AG that would be a good guess.
It appears that the actual votes marked on the ballot are never, ever recorded by this system of tracking the ballots through the entire process.
If that is so, how could the secrecy of the vote be compromised?
Are you assuming that someone would use the "shared" codes to produce a list of voters and their associated ballot bar code numbers, then go dig through the batches to find the ballot of a particular voter and look to see how it was voted?
It seems that such a thing could be done with this system. I wonder if there is anything that could be done to ensure that such a list couldn't be produced without leaving detectable evidence of the skullduggery.
Thanks for posting about this. I'd been curious about the San Juan County system.
Without knowing more, I'm pretty uncomfortable with the use of VoteHere's technology. Wouldn't allowing a voter to track their ballot undermine the secret ballot? And I share your concern with others determining how someone voted.
That said, I think enumerating ballots after they've been disassociated from the voter might be a good idea. Then you could track how many times a ballot had been counted. In talking with people who participated in the 2004 recount, I'd heard of incidents of ballots being run through the op-scans multiple times.
Hi Richard Pope-
Exactly right. I wrote No Privacy on KC's Touchscreens which details how you can use publicly available records (Inspector's List, Poll Book, AVU Encoding Slips, and VVPAT) to determine how everyone who used the Diebold AccuVote TSx touchscreens had voted.