Yeah, only if you're hunkered down behind a desk, hoping the gunman won't notice you used Old Spice when you showered this morning.

Oh, and don't forget to turn your ringer off...

This will fail on false alarms, just as would the slightly more intelligent "provide a mobile-friendly webpage" idea. Also no way to tag the GPS location on it.

[ reads piece ]

Oh: "Andy Seybold Guesses".

Got it.

Hey, Andy? LTE *isn't* 4G; ITU says so.

Andy underrates RF technology; if Vzn can deploy LTE robustly, things will get very interesting.

I dunno; with the 2 clauses Google got the FCC to wire into the license terms, I had high hopes for LTE... Any app, any device; you can go far with that...

"Hey, you might be late to work and get fired next Monday cause you have poor taste in cellphone manufacturers" is a ridiculous story?

Now, of course, Sprint's WiMAX network is *not* 4G; the ITU said so, last month, in an announcement covered here.

But whatever it is, it's good to know people like it better than AT&T's... cause I'm getting an EVO in a couple weeks.

Anyone using Sprint "4G" in Tampa yet?

> There's a certain group of people who likes to see a conspiracy between Republicans and Diebold, which may or may not exist, I dunno.

"Deliver the state of Ohio for the Republican Party"?

Yeah, that sounds like a conspiracy to me.

But as for "cannot trust a computer", as I've noted elsewhere: if the ballots are both machineable and human-readable simultaneously (IE: no barcodes or anything; just make the computer read the text, which is pretty frickin easy these days), then everyone who's interested can bring their own counting machine along, and count each batch of ballots.

It all comes down to transparency.

As long as the *process* is explicitly transparent at each stage -- *anyone who wants to* can watch, or audit, any part of the process -- then enough people *will* do that to keep things honest.

Therac-25.

Now that we're over that... Open-Source is, indeed, not-sufficient.

That doesn't mean that it's not *necessary*.

The entire process design has to be such that a person of reasonable intelligence (ie: not Ron Rivest or Rebecca Mercuri) can follow along with the entire process, and see at each step what the possible subversions are and how the system prevents them from having a negative impact.

Open source isn't enough... but it's a start.

As I note elsewhere, though, the counting machinery is the most important part, and there's no reason why -- if your ballots are OCRable -- each interested party could not run parallel counts on the same ballots, and compare their answers, which would make it possible not to care whether a given program is subverted: if 3 or 4 different ones give the same answer, you're done.

+5; this covers nearly *everything* necessary to understand the problem, and the solution.

"A Ballot is a Physical Object".

Are you happy now?

Everybody else involved seemed to know what I meant.

How you prevent the Thompson hack is simple:

Change of Domain.

If your electronic terminals do no counting, but only ballot display, vote collecting, and printing, then they are off of *most* of the critical path -- if people are bringing in a marked Sample Ballot, they will likely notice if their preferred candidate is *missing*, and that's the only fraud you can commit there: add or delete a possible vote-choice.

Once you have a locked box full of serially numbered votes, and a companion locked box full of serially numbered spoils (that is; the pair of boxes, together, should comprise a complete serially numbered set of votes from TERMINALNUMBER-1 through TERMINALNUMBER-TOTALVOTES, which can be checked, and TERMINALNUMBER and TOTALVOTES are written by hand on multiple separate poll-worker and poll-watcher count sheets, and you have those votes for all machines in a precinct, you can then run them all through the counting machines.

That's a PC, with an ADF scanner, running any damned software you like...

because the election officials count them one way, and the party watchers each count them with something different, and the counts had *better* all match.

If they don't match, you can pretty easily find out why, by putting all the bodies in a room, and passing them all along past people with tally sheets.

My point is, and remains, that it is demonstrably possible -- for elections held solely in precincts -- to satisfy *every* constraint about a plebescite that doesn't have to do with Arrow's theorem, or getting actual bodies to the building (registration issues and the like), WITH CURRENTLY AVAILABLE TECHNOLOGY, NONE OF WHICH EVER HAS TO BE ON THE VOTE-COUNT-CRITICAL PATH.

You just gotta *wanna*.

But, as Carlin observed: "Wanna is a sin all by itself. Thou shalt not *wanna*."

You won't get an answer to this one, cause you've finally popped his balloon. :-)

Thanks for the help.

You're correct, and I don't like mailin/internet voting for precisely this reason.

And the "well, only the people who want to" counter-argument isn't pertinent here, since it's the *system* that's being protected.

But at least, a voter can avoid "might be invalidated" by getting off their fucking ass and voting on election day.

The question is: "how do you design the entire system so that subverting it requires the largest number of individual people, preferably partisan observers of different parties, *all* to cooperate?"

And the answer is, "that's not all that hard".

*Every single objection raised* in your posting, and every other posting I've see on this thread, *has been answered*, in one part or another of the conversations about vote-counting-system design I've followed in the last 12 years.

All of them.

Sometimes you have to read the PDF white papers to find them, but they're all in there.

And yes, statistical analysis of voting patterns is a useful tool for spotting *possible* fraud.

Note, that I didn't say "for spotting fraud". But when 3407 rich people in Palm Beach County vote for Pat, there is *something* going. See the Volusia Anomaly, also, linked somewhere else here.

Well, when 3407 Jews in Palm Beach County vote for Pat Buchanan, yeah, in fact, there's a pretty good bet there's something wrong (I have *read* the statute. The "butterfly ballot" *violated the letter of the statute, on its face):

http://en.wikipedia.org/wiki/Pat_Buchanan#2000_presidential_campaign

Even Buchanan didn't believe it.

How do they protect that system against vote-selling?