Page 1 of 3 123 LastLast
Results 1 to 15 of 36

Thread: Crier column by David Watkins

  1. #1
    Join Date
    Mar 2014
    Posts
    7

    Default Crier column by David Watkins

    I agree, Texting Wayland to 33733 is a great way for people to both know what is going on and, when pressed for time, getting there for the article you want to vote in. But remember you will have parking and check-in to deal with and this takes time. If a vote is currently taking place and you are still in line checking in, then as has always been at town meeting (electronic or not), you will not be able to vote until after that vote has taken place. So getting there at the last minute for a specific vote should be front-ended with an appropriate amount of buffer time to make sure you can actually vote in the one you care about.

    A comment in the David Watkins texting description was as follows:

    “there is no reason in this day and age why people who cannot be present physically at the Wayland High School gymnasium for the whole meeting are excluded from participating in our most democratic process”

    I believe that this comment refers to the desire to have internet voting either by computer or mobile while being remote from the physical arena.

    Certainly, if there was a technically secure and non proxy assured way to do this then this would be ideal. Some people may want to show up in the arena (and perhaps those would be the ones who could speak at the microphone) while others who can’t be at the meeting - could vote from home. Sort of like electronic voting on ‘steroids’ !

    So here are the three challenges which make this difficult to do:

    (Per Dave Bernstein)
    1. It would be a violation of Massachusetts State Law, which requires physical presence in order to vote at a Town Meeting

    2. Without biometric sensors, there’d be no way to prevent voters from giving their proxy to other voters

    3. Any scheme that involves the internet for communications would be susceptible to hacking


    The first reason is the least difficult. Its non-technical and would require a political solution.

    The second reason is very difficult in as much as it would require seemingly expensive biometric equipment, associated software and some training. [Fingerprint or Retinal recognition techniques]

    This is the proxy voting issue where (as an example): there are 3 registered voters at one address and two of them are not available anywhere to vote. One of the 3 registered voters casts votes for him/her self and the other two through the night (assuming only using a passworded system). One person then gets 3 votes. Even if the other two voters gave their permission and that one proxy voter ‘knows’ how the others would vote - we should want and demand that anybody who votes actually and physically votes for themselves.

    A similar concern has existed with electronic voting in the arena. We discourage proxy voting by having the ability to issue one keypad per person present and discouraging proxy voting through rule and observation. It seems to work well in Wayland and has gotten better during the last 2 years of electronic voting usage.

    The third reason is not trivial. Once the voting occurs over the internet - its highly suseptible to attack and security is, again, expensive and may not be full-proof.

    But all of this said - if there are any known solutions or ideas along these lines then please let us know !

  2. #2
    Join Date
    Nov 2005
    Location
    Wayland MA
    Posts
    1,431

    Default

    FYI, here's the link to the David Watkins piece in the Town Crier.

    1. As you note, MA state law can be changed.

    2. My notebook computer has a fingerprint sensor. I wonder if this could be employed to give assurance that the vote case was my own. Of course, nothing would prevent one person from swiping their fingerprint while another actually presses the key to make the vote. If the time between swipe and vote is sufficiently short (1 minute), would that be satisfactory?

    3. Given how much money flows around the world (securely, one presumes), is the Internet security side of the equation all that hard to solve? What would be easier to compromise--the current electronic voting system that could well have the same flaws as the Diebold voting machines, or the Internet?

    All of these strike me as being solvable. Arguably, 1 would be the hardest, not 2 or 3.

  3. #3
    Join Date
    Nov 2005
    Posts
    726

    Default

    Quote Originally Posted by AJReiss View Post
    2. Without biometric sensors, there’d be no way to prevent voters from giving their proxy to other voters

    The second reason is very difficult in as much as it would require seemingly expensive biometric equipment, associated software and some training. [Fingerprint or Retinal recognition techniques]

    This is the proxy voting issue where (as an example): there are 3 registered voters at one address and two of them are not available anywhere to vote. One of the 3 registered voters casts votes for him/her self and the other two through the night (assuming only using a passworded system). One person then gets 3 votes. Even if the other two voters gave their permission and that one proxy voter ‘knows’ how the others would vote - we should want and demand that anybody who votes actually and physically votes for themselves.

    A similar concern has existed with electronic voting in the arena. We discourage proxy voting by having the ability to issue one keypad per person present and discouraging proxy voting through rule and observation. It seems to work well in Wayland and has gotten better during the last 2 years of electronic voting usage.
    Don't we have precisely the same issue with absentee balloting? We have had absentee balloting (based on my quick Google search) for the past 150 years. We allow absentee balloting because we know the importance of the right to vote, and we don't want people to disenfranchised because they are unable to be physically present. There was a letter in the Crier this past week from someone who was unable to attend because of physical disabilities. While he and I didn't agree on the issues he discussed generally, we do agree that it would be preferable if he could vote.

    I'm sure there could be ways devised around your problem. Perhaps tying the voting rights to a specific voting device (such as a phone) that one might not want to leave with others. Or having a short enough window, during which a code needed to be entered for each voter prior to each vote, making it impractical for a voter to vote for multiple people.

    I'm sure there are technical solutions to this problem.

    Quote Originally Posted by AJReiss View Post

    3. Any scheme that involves the internet for communications would be susceptible to hacking

    The third reason is not trivial. Once the voting occurs over the internet - its highly suseptible to attack and security is, again, expensive and may not be full-proof.
    Internet voting is clearly coming; it's already taking place. This upcoming election in Canada will be voted on strictly over the internet.

    This article notes that in 2010 (2010!!), 44 of 444 Ontario municipalities offered internet or telephone voting or both for their elections.


    Quote Originally Posted by AJReiss View Post
    1. It would be a violation of Massachusetts State Law, which requires physical presence in order to vote at a Town Meeting

    The first reason is the least difficult. Its non-technical and would require a political solution.
    The issue of it simply being outside of our current laws is the first one to tackle, because there's no point in investing resources to tackle the other two if you can't do it anyway. I disagree that this is the least difficult - I think you are overestimating the technical challenges (which have already largely been met) and underestimating the political ones (which are notorious for taking more time and energy than one expects).

    In any event, I agree generally on your three challenges, and hope that we will meet them, and be able to offer this alternative in the near future.

  4. #4
    Join Date
    Nov 2005
    Location
    Wayland MA
    Posts
    1,431

    Default

    Kim, great point about absentee ballots. A fingerprint swipe or facial recognition via web cam within a short period of time prior to the vote would raise fewer concerns.

  5. #5
    Join Date
    Nov 2005
    Location
    Wayland MA
    Posts
    1,431

    Default

    As it happens, I just received an email from the Boston TechBreakfast group that included mention of Authentik Time, which has biometric authentication.

  6. #6
    Join Date
    Mar 2014
    Posts
    7

    Default

    For the record - I'm very much in favor of expanding the universe of possible voters at Wayland TM by using sound, proven and appropriate technology. My own ideal would be a set of people who physically show up at the arena and who act in all capacities like a participating town meeting; plus a set of people who are technologically enabled to vote remotely but are not allowed to call-in and become part of the active debate. (This are my personal preferences).

    Its also notable that the current scheme of electronic voting is LAN based only. That is; no WAN internet connection. But NOT connecting the voting computers or check-in stations to the WAN internet - we eliminate outside intrusions. The keypads are on a proprietary communication scheme and have a range of about 300 feet.

    E-Voting as implemented in Wayland right now is as much of a 'closed' system as we could have it.

    The finger printing laptop (or even iPhone) idea:
    It can be reprogrammed so its not specific to one person. Not everybody has a laptop or an finger print iPhone etc...
    So those who are missing that hardware would need to get (buy) a substitute and the finger print data would have to be stored in some secure and possible remote way.

    Using absentee ballots:
    Although this idea works great with the polls... since the polls are FIXED with FIXED main motions.
    The idea crumbles against the dynamic and every changing procedural legislature of town meeting.
    Main motions can be tabled, or modified etc... there are also many submotions not accounted for. Advance ballots just won't work in this environment.

    Again, I'm for trying to solve this but we should understand that the actual solutions are daunting and I can imagine (very expensive)...
    But no reason to stop trying.

  7. #7
    Join Date
    Nov 2005
    Location
    Wayland MA
    Posts
    1,431

    Default

    I don't think that Kim's point was to use absentee ballots for Town Meeting. Rather, she was saying that an absentee ballot can be filled out by someone other than the authorized "owner" of that ballot. If we live with that "slack" in the system, we could live with a system that works off of web cam or fingerprints.

  8. #8
    Join Date
    Mar 2014
    Posts
    7

    Default

    The ELVIS (Electronic Voting and Implementation Subcommittee) has been meeting occasionally for a number of years.
    We rarely, if ever, have a pubic who wants to speak at public comment. But when we do, we always invite those members of the public to actively join into the meeting.

    Evidently, there is now (somewhat) of a grassroots desire to use technology to expand the scope of who may vote at Wayland's Town Meeting.

    I would respectfully suggest that one or more people contact Dave Bernstein to find out when and where the next ELVIS will occur and to either come to public comment to get onto the agenda. Lets take this discussion to the committee who did write the book on implementing electronic voting in Wayland and - as it turns out - elsewhere.

    www.electronicvoting.info

  9. #9
    Join Date
    Mar 2011
    Posts
    215

    Default

    I would love to find a way to increase participation in Town Meeting, and so have been following technologies and initiatives involving "home voting".

    With respect to Canada's use of internet voting, I discussed this late last year with Dean Smith of Intellivote, which is supporting several Canadian elections.

    1. Canada has made proxy voting illegal, with stiff fines for violations.
    2. Intellivote can detect evidence of proxy voting, e.g. multiple votes coming from the same IP address.
    3. Intellivote's view is that internet voting significantly increases the validity of elections (by increasing participation) far more than proxy voting threatens it.
    4. Dean doesn't think it's worth expending the effort required to implement biometric authentication to prevent proxy voting. He pointed out that many voters would consider biometric authentication an invasion of privacy.


    The possibility of proxy voting on the Wayland Town Meeting floor was a concern expressed during the initial evaluation of electronic voting. At the outset of each session of Town Meeting, the Moderator reminds attendees that voting with another person's handset is not permitted.

    I have discussed "home voting" with Mark Fite, CEO of OTI, the company that now provides electronic voting services to Wayland. OTI does not have a solution that prevents proxy voting from in-home devices.

    In my opinion, reliable detection of proxy voting is not currently feasible because
    • Multiple votes from the same IP address could innocently be generated from a shared facility, like a library or company cafeteria.
    • It is easy to disguise the source of a message by fabricating an IP address.
    • Acquiring, deploying, and maintaining biometric sensors in every Wayland citizen's home would be financially challenging and logistically impractical; permitting "home voting" by citizens who acquire, deploy, and maintain such sensors on their own would be considered unfair by those who could not afford to do so, and would not eliminate the logistical impediment.


    With respect to security, the analogy with financial institutions does not hold. Such institutions can afford sophisticated, expensive network infrastructures that are difficult to penetrate and that can survive denial-of-service attacks; they can also afford to write-off fraudulent transactions made with stolen credit card numbers. Wayland cannot afford the acquisition or maintenance of such an infrastructure, nor will its citizens be willing to write-off their votes in the event of an attack. This is why the wireless electronic voting we use today does not in any way involve the internet.

    I will continue to follow developments in authentication, networking, security, and voting that might overcome the challenges described above. If you encounter a technology or concept that you believe might be an enabler, please let me know.

    Dave Bernstein

  10. #10
    Join Date
    Mar 2011
    Posts
    215

    Default

    Quote Originally Posted by Kim Reichelt View Post
    Don't we have precisely the same issue with absentee balloting?
    Yes.

  11. #11
    Join Date
    Nov 2005
    Posts
    726

    Default

    Dave, to limit proxy voting, what do you think of something akin to Google Authenticator or Facebook's Code Generator -- people could be required to enter a unique code prior to voting that would make it difficult to vote multiple times within a given (relatively short) voting window?

  12. #12
    Join Date
    Mar 2011
    Posts
    215

    Default

    Quote Originally Posted by Kim Reichelt View Post
    Dave, to limit proxy voting, what do you think of something akin to Google Authenticator or Facebook's Code Generator -- people could be required to enter a unique code prior to voting that would make it difficult to vote multiple times within a given (relatively short) voting window?
    If the code is machine-readable, then a client application could forward it to an aggregating application that implements proxy voting. If the code is not machine-readable (e.g. via a Captcha), a significant fraction of valid votes would be rejected, particularly under time pressure.

    Dave
    Last edited by DHBernstein; 04-07-2014 at 02:37 PM.

  13. #13
    Join Date
    Nov 2005
    Location
    Wayland MA
    Posts
    1,431

    Default

    Quote Originally Posted by DHBernstein View Post
    • Multiple votes from the same IP address could innocently be generated from a shared facility, like a library or company cafeteria.
    Unless I'm misunderstanding, there's nothing wrong with multiple votes coming from the same IP address. Might this not happen, for instance, if multiple people living under one roof are legitimately registered voters?

    Along the same lines, I'm concerned that people checking in for Town Meeting aren't asked to provide picture ID (or has that changed?). There could easily be imposters in our midst. And, even if photo IDs were checked, what does that really prove? There's research showing that people aren't particularly good at matching people to photographs. Finally, let's say that matching performance is pretty good. What about disguises? Maybe we should check for makeup, false mustaches, and even facial prosthetics. Have we forgotten the lessons of Mission Impossible already?

  14. #14
    Join Date
    Mar 2011
    Posts
    215

    Default

    Quote Originally Posted by Jeff Dieffenbach View Post
    Unless I'm misunderstanding, there's nothing wrong with multiple votes coming from the same IP address. Might this not happen, for instance, if multiple people living under one roof are legitimately registered voters?

    Along the same lines, I'm concerned that people checking in for Town Meeting aren't asked to provide picture ID (or has that changed?). There could easily be imposters in our midst. And, even if photo IDs were checked, what does that really prove? There's research showing that people aren't particularly good at matching people to photographs. Finally, let's say that matching performance is pretty good. What about disguises? Maybe we should check for makeup, false mustaches, and even facial prosthetics. Have we forgotten the lessons of Mission Impossible already?
    There'd be a lot more effort, expense, visibility, and risk involved in recruiting 500 "proxy voters" to check in at Town Meeting claiming to be Wayland citizens than there'd be in running an application that submits 500 fabricated responses to each internet vote.

  15. #15
    Join Date
    Mar 2011
    Posts
    215

    Default

    This month's IEEE Computer contains an article entitled Internet Voting: An Empirical Evaluation, which describes "The results of testing an Internet voting system, introduced as a pilot program in the Canton of Zurich in 2004, provide hard evidence of attitudes toward electronic voting and underline the need to rely on more advanced technology and centralized infrastructure."

    A side-bar in the article entitled Topics of Debate states

    "The literature has no shortage of opinions on the feasibility of making Internet voting both trustworthy and an attractive voter option. Some authors advocate the use of cryptographic protocols that allow full verifiability; others focus on strengthening trust in the systems themselves. Still others argue that maximum security compromises user friendliness, pointing out that a formally sound system could work against maximum voter participation. Indeed, security and reliability issues in Internet voting are often the result of interactions among people, processes, physical phenomena, and poorly understood human–computer interfaces. Some naysayers believe that Internet voting can never be secure. Scott Wolchok and his colleagues reported that it took them only two days to gain nearly complete control of the election server in the Washington, DC, Internet voting system. They then successfully managed to change every vote and to reveal nearly every secret ballot—an election commissioner’s worst nightmare. Barbara Simons and Douglas W. Jones conclude that Internet voting is fundamentally insecure and, more important, that most people do not realize the consequences; for example, they fail to grasp that Internet voting could result in computer viruses and worms. The authors point out that vendors, election officials, and others with the best intentions are pushing Internet voting without understanding the risks."

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •