I was speaking with a colleague yesterday about Loopt, the location-based social network, the rise of location-based services and the incredible privacy challenges they present. I heard the Loopt folks give a talk a few months ago, and I was generally impressed with the measures they’re taking to protect their users’ data. I particularly enjoyed the problem Loopt faced with respect to abusive spouses: if your spouse is spying on you, it’s not enough to turn off your location services, because then your abusive spouse will know that you’re hiding something. You have to actually be able to lie about … Continue reading For deniability, faking data even the owner can’t prove is fake
Well, it’s been a few weeks of craziness at home and catching up on other work, but I’ve finally wrapped up the Takoma Park 2009 audit. The final step: letting you, dear reader, run the audit all on your own. You’ll find the complete instructions here on the auditing site. I haven’t tested this on Windows, just Mac OS X, and it should work on Linux/Unix, too. You need Python 2.5 or above, PyCrypto, git, and subversion. You need about 30 minutes of download time, and 1 hour of processing. And then you can check the results you’ve computed against … Continue reading Takoma Park 2009: the conclusion
So the votes have been cast, the uncertified tally has been released, and the confirmation codes have been published for all voters to check. Now, it’s time to make sure that the coded votes, which were shuffled via the Shuffle Tables into the decoded votes in the Results table, were indeed shuffled and decoded correctly. Having trouble remembering which table is which? Here’s a reminder: Now of course we don’t actually see these tables in cleartext, rather what we have right now is: Next, the Scantegrity team used random stock data to seed a random number generator and decide which … Continue reading Takoma Park: verifying the shuffle and the unopened ballots
Rick Carback from the Scantegrity team just pointed out to me that my totals are not quite the same as theirs, and he surmises that I may have read the Instant Runoff rules incorrectly. Specifically, my code considers that ballots that skip a rank, i.e. that go directly to choice #2 and never indicate a choice #1, are “exhausted”, meaning they don’t count anymore. In fact, the rules for Takoma Park state that, in that case, the next candidate choice counts, but if two choices are skipped, then it’s exhausted. He’s absolutely right, and I’ve updated my tally code appropriately, … Continue reading Takoma Park: auditing the auditor
[This post is part of my Auditing the Takoma Park Municipal Election series.] So the votes have been cast, and voters went home. Some of them wrote down their confirmation codes. They probably checked those codes against the official Scantegrity web site. But why would they trust that web site to do all of the math right in the backend? That’s where the audit work comes in. I’ve now run the Meeting 3 verification, and it looks good: the confirmation codes were properly opened, and I’ve posted my own re-computed version of the confirmation codes. If you’re a Takoma Park … Continue reading Takoma Park: so can I see my confirmation code already?
[This post is part of my Auditing the Takoma Park Municipal Election series.] OK, so a couple of days ago we verified the initial P table and D tables for all 6 wards in tomorrow‘s Takoma Park election. Now comes Meeting 2, which was held a couple of weeks ago to open up a random half of those ballot commitments to ensure that the P and D tables were generated correctly. The short version of the story is that it all checks out, and the ballots look well-formed. Check out the detailed audit data. That said, there was one issue … Continue reading Takoma Park: Meeting 2
[This post is part of my Auditing the Takoma Park Municipal Election series.] If you’ve been following, we know what the voter experience is going to be like on Tuesday, and we know what the auditing process is going to be like. So, can we audit this thing already? Yes, we can. Here are the steps: Meeting 1: the election officials get together, agree on election parameters, and generate the commitments to the Ballot Table of 5000 ballots (called the P Table for historical reasons) and the 40 Shuffle Tables (called the D Tables). Why 40 shuffle tables? It’s a … Continue reading Takoma Park Election: the 7 steps of auditing
Let’s say someone’s trying to sell you a house. It’s a beautiful house. You visit it. You have it inspected and re-inspected, and it’s perfect. You get a loan approved, and you’re about to sign the papers when you’re told: wait, actually, that house is no longer available, but why don’t you just sign here on the dotted line for the exact same house just down the street. Really, really it’s the exact same house, promised. Would you sign on the dotted line assuming your inspections of the first house have any bearing on this new house you’ve never seen? … Continue reading Source Code and Voting: what’s really on that machine?
[This post is part of my Auditing the Takoma Park Municipal Election series.] We’ll now consider the auditing portion of the Takoma Park election. This is a little bit involved, so we’ll take our time. Importantly, the typical voter does not need to burden themselves with this complexity. All that Valerie, our voter, needs to do, is follow the voter experience description, which is quite straight-forward. The complexity of the auditing process is reserved for those who wish to audit the election. Anyone can be an auditor if they so choose, but no one is required to do so if … Continue reading Takoma Park 2009: Verifying the Tally from the Confirmation Codes
For background on this post, check out the Auditing Takoma Park 2009 Election.
I’m gathering all documentation on a Google Site. This blog will continue to serve as the narrative, while the datasets and documentation will live on the Google Site, and I’ll refer to them as needed from this blog.
Let’s begin with an explanation of the voting process that Takoma Park citizens will experience on November 3rd, 2009.
(If you’re a Takoma Park resident: make sure to register by October 5th if you want to participate in this historic election!)
Say hello to Valerie, our token voter. At a high level, Valerie’s voting experience is identical to her past experience with a typical optical-scan election. She fills in the bubbles for the candidates of her choice, casts her ballot, and walks away. With one twist: if Valerie wants to, she can write down some confirmation codes that will let her audit her ballot later on.
Continue reading Takoma Park 2009: the voter experience