Karl-Friedrich Lenz, in reply to my previous e-voting posting, sings the praises of old-fashioned paper ballots, citing a Glenn Reynolds column.

I agree with Lenz and Reynolds about the virtues of simple paper ballots that ask the voter to draw an X in the box next to their candidate’s name. Paper ballots are easy for the voter to understand, hard to forge in quantity, and easy to re-count if there are doubts about the result. Their security relies on procedures that any poll worker can understand. In short, they are more secure than many of the voting systems we use here in the U.S.

I disagree with Lenz and Reynolds, though, when they say that low-tech paper ballots are our best option. My favorite approach is a hybrid one in which voters use computerized displays to make their selections, and the machine then prints out a paper ballot that the voter verifies and drops into a traditional ballot box.

Such a system has several potential advantages over a paper-only system. First, a computerized system can greatly reduce the number of improperly cast ballots; for example, it can prevent the voter from mistakenly marking two candidates for the same office. Second, the computer can write cryptographically generated bar codes onto each ballot when it is printed, thereby making it much harder to stuff the ballot box with forged ballots later. Third, if desired the computers can provide a quick but unofficial estimate of the vote immediately when the polls close.

Lots of good security engineering is needed to make these advantages real. Used wisely and in moderation, technology can help to make voting processes more accurate and more secure.

Many computer scientists (including me) have endorsed a statement opposing the use of electronic voting machines that don’t provide a voter-verifiable audit trail.

What this means is that the voter should get some concrete indication, other than just a message on a computer screen, that his or her vote has been recorded correctly. There are many ways to do this. For example, a computerized voting system might offer a convenient user interface for selecting candidates, and then print out a paper ballot that the voter can inspect and drop into a ballot box. The paper ballots then provide an auditable record of the votes that were cast.

The alternative strategy, of building a voting machine as a sealed electronic “black box,” is risky. Without an independent check on the workings of the technology, there is no practical way to ensure that the technology is functioning correctly. Misrecording of votes, whether due to malice or to a technological snafu, is too difficult to detect without an auditable record.

Unfortunately, many localities are moving ahead with purchases of the risky voting machines. Computer scientists have mobilized to try to stop this in several places, most recently in the heart of silicon valley, Santa Clara County, California.

It is tempting, in light of the imprecision and rancor we saw in Florida’s 2000 election, to look to technology to make voting processes error-free. If we knew how to make highly trustworthy technology, a closed, high-tech system might be the answer. But we don’t know how to do that – we’re not even close. Some e-voting vendors won’t even let the public know how their technology works, claiming that their design is proprietary and public scrutiny isn’t needed.

All the black box voting systems can provide today is the illusion of certainty, and that’s not enough. Every voting technology will make errors. I would much prefer a system whose errors and drawbacks are out in the open for all to see.

===

If you’re a computer scientist, you can endorse the statement here. Thanks to Stanford professor David Dill for orchestrating this effort.

A new anti-terrorism bill criminalizes some uses of encryption:

Sec. 2801. Unlawful use of encryption
(a) Any person who, during the commission of a felony under Federal law, knowingly and willfully encrypts any incriminating communication or information relating to that felony –
(1) in the case of a first offense under this section, shall be imprisoned not more than 5 years, fined under this title, or both; and (2) in the case of a second or subsequent offense under this section, shall be imprisoned not more than 10 years, fined under this title, or both.
(b) The terms ‘encrypt’ and ‘encryption’ refer to the scrambling (and descrambling) of wire communications, electronic communications, or electronically stored information, using mathematical formulas or algorithms in order to preserve the confidentiality, integrity, or authenticity of, and prevent unauthorized recipients from accessing or altering, such communications or information.

Declan McCullagh at news.com is alarmed, but Orin Kerr at The Volokh Conspiracy says this provision is “all bark and no bite.”

As far as I know, nobody has remarked on a strange aspect of the proposal: it criminalizes all forms of encryption, even those that do not conceal information. Encryption is used to conceal information, but it is also used to ensure the integrity or authenticity of information by providing a way to detect tampering with information. So if I send you an email message, I can use crypto to keep the message secret from eavesdroppers, or to give you a way to verify that the message really came from me, or both. The proposal would criminalize all of these possibilities – note the definition of “encryption” as including data scrambling “”to preserve the confidentiality, integrity, or authenticity of, and prevent unauthorized recipients from accessing or altering … information.”

I can understand the public policy argument for criminalizing the use of crypto to conceal evidence of a crime. (There are also strong public policy arguments against doing this, but that’s another topic.) But where is the public policy argument for criminalizing other uses of crypto? If a criminal puts his digital signature on an incriminating message, or if he uses crypto to ensure the integrity of his incriminating records, where’s the harm?

The Computer and Communications Industry Association, a trade group, has filed a lengthy antitrust complaint against Microsoft with European authorities. The complaint centers on allegedly anticompetitive aspects of Windows XP. Here is an AP story; here is CCIA’s summary of the complaint.

According to CCIA, they are accusing Microsoft of:

Bundling multiple Microsoft products with the Windows [XP] operating system;
Biasing the user interface and operation of Windows XP and the products bundled with Windows to advantage Microsoft’s own software and services;
Imposing Microsoft proprietary technologies, protocols, and formats;
Employing abusive licensing and other exclusionary practices vis-a-vis PC OEMs to foreclose the PC OEM distribution channel to competing products; and
Refusing to disclose the document formats for the programs in Microsoft’s Office suite of personal productivity applications.

Brian McWilliams, who perpetrated the terrorist website hoax I wrote about yesterday, has now posted his response, including a quasi-apology.

[Link credit: Politech]