Felten on Voting

Ed Felten, who’s done some fantastic work on DRM and steganography, is writing more and more about voting systems. It’s great to see the community growing, but it’s also important to keep the academic debate alive. In that spirit, here goes some (hopefully constructive) criticism of Felten’s posts.

In Paper Trail Standard Advances, Felten writes:

On Tuesday, the Technical Guidelines Development Committee (TGDC), the group drafting the next-generation Federal voting-machine standards, voted unanimously to have the standards require that new voting machines be software-independent,

Yes, indeed, fantastic news.

which in practice requires them to have some kind of paper trail.

That’s wrong. Open-Audit voting systems are software-independent, typically through the use of proofs backed by math. In other words, you don’t trust the software, you trust the math, and you can write your own software to verify the math independently. Paper trails are an orthogonal issue. The TGDC policy was written specifically by Ron Rivest to enable both paper trails and Open-Audit systems.

If you believe, as almost all computer scientists do, that paper trails are necessary today for security,

I guess that’s not wrong because it says “almost all.” Still, you have to consider that folks like Ron Rivest from MIT, Josh Benaloh from Microsoft Research (Yale PhD), David Chaum (the world-famous cryptographer), and Andy Neff from VoteHere (Princeton PhD, Ed Felten’s institution), don’t agree with that statement.

That doesn’t mean these fine folks think the paper trail is inherently bad. But maybe, just maybe, it’s more of a placebo than a real solution. At least Ed didn’t say it was necessary and sufficient. I’m not opposed to the paper trail, but I worry that it deflects attention from the real issue: even with a paper trail, there’s no way, in current, classic voting systems, for a citizen to truly audit an election’s chain of custody.

In his most recent post, Erosion of the Secret Ballot, Felten makes a number of very good points, almost all of which I agree with. It’s an important post to read. For folks who want to read more of the literature, Felten’s “strong secrecy” definition is typically called “receipt freeness.” It is indeed one of voting’s most interesting requirements: secrecy of the ballot is not the voter’s choice, it is enforced by the system. And indeed, vote-by-mail is a real problem.

Near the end of his post, Felten makes a slightly confusing statement:

Worse yet, even if a complex voting technology does protect secrecy, this may do little good if voters aren’t confident that the system really protects them. If everybody “knows” that the party boss can tell who votes the wrong way, the value of secrecy will be lost no matter what the technology does. For this reason, the trend toward complex black-box technologies may neutralize the benefits of secrecy.

So I agree with Felten that perception is indeed a huge problem. What confuses me is this: aren’t computer scientists able to affect perception? If people perceive things incorrectly, then isn’t it our job to do our very best to correct this perception? I feel that a number of computer scientists (I’m not including Felten here because I can’t tell exactly what his statement above means) have given up on this task, letting folks believe what “feels right,” rather than trying their best to reinforce what is scientifically right. Our job, as computer scientists, is not to prescribe the answer, it is to come up with a number of potential solutions and to do our best to explain them to the public, so that the public can decide.

Perception is important. We should strive to make perception match the scientific reality.