Marilyn Marks Response to Zimet and Election Commission on Transparency and IRV

From: Marilyn R Marks Sent: Tuesday, May 04, 2010 2:54 PM

To: 'RDLNKP; 'Ward Hauenstein'; 'Kathryn Koch'

Cc: 'Jim True'; 'John Worcester'; 'Harvie Branscomb'; 'elizabeth.milias'Millard Zimet'; 'Mike LaBonte'; 'Al Kolwicz'; 'Don Davidson'
Subject: FW: May 2009 Election--balancing privacy and transparency
Commissioners,

The philosophical debate shaping up for tomorrow is fascinating. A full public discussion will no doubt be informative.
In fact, despite how deeply involved I am in the subject, the debate between Harvie’s and Millard’s positions has caused me to go do more research and come to different conclusions of my own. Not that that is important, but it is the intelligent debate by knowledgeable people of differing viewpoints which I found so personally valuable. So, I hope that some of that debate can be heard tomorrow.
See my comments below directly commenting on Millard’s.

From: Millard Zimet Date: May 4, 2010 9:54:07 AM MDT
To: rdlnkp
Cc: ward.hauenstein Kathryn.Koch Jim.True John.worcester

Subject: Re: May 2009 Election

Bob et al:


Sorry to bother you again, but there's another point I need to make sure you understand in advance of tomorrow's Election Commission meeting, namely: Marilyn Marks does not speak for me.


MRM>>I hope I did not say anything to imply that I was attempting to speak for him in my support his complaint. In fact, as you know, I submitted my own complaint on this point that is intended to stand alone.


The reason why I got involved in this election matter back in August was because I became worried that my vote was not secure. That is still my primary focus. I hope I have been able to show you that the votes of many voters are not secure.

Marilyn Marks and Harvie Branscomb are interested in election transparency. They are now concerned that my secret ballot issue will negatively impact their election transparency agenda. I told them (and the City) of this inevitable conflict back in August, but nobody seemed to care at that time.

MRM>>I disagree. As a practical matter, I believe we have to strive for an optimal balance between privacy and transparency. I believe we cannot as a practical matter have 100% transparency, nor 100% guarantee of privacy. This has long been the case in elections. [Example—If I am the only registered Libertarian in my precinct, when the precinct tallies are disclosed, and there is only one vote for the Libertarian, there is a high degree of probability that it is my vote. That is a risk we have taken for a long time, in the interest of transparency.] But the IRV election with so many choices and so many unique ballots exacerbates the problem in an extreme way in a small voter base like Aspen’s.

I trust you understand that secret ballot elections are provided for under the Colorado Constitution. Secret ballot elections are mandatory, but election transparency is not. To the extent the City chooses to accommodate election transparency issues it must make sure that voter privacy comes first.
MM>>I would like to recommend that in tomorrow’s and future discussions, we try to clarify the misnomer “secret ballot elections.” Using that term very much confuses the debate for the public. Physical ballots are NOT “secret,” by the constitution or any other law. We vote in privacy, (in secret), and on anonymous ballots---but the markings on that ballot are NOT secret. Accepting the notion that they are is a dangerous step in this debate. Otherwise, that assumes “secrets” on how we vote to be put in the hands of the “elite few” with access to that information. That cannot be in a modern democracy. I believe that Millard intends his phrase, “secret ballot” to mean “ anonymous ballot,” and I will make that assumption in my comments. Harvie and Al have created a helpful matrix on this point on Harvie’s website:


http://aspenelectionreview.blogspot.com/2010/04/understanding-what-secret-ballot-means.html

Any time in the future that the City of Aspen chooses to release any data showing how any voters voted it had better make sure that there is no possible way of tracing that information back to any given voter. We are living in the computer age, and once data is released it is impossible to put that genie back in the bottle. And as I hope I demonstrated in my memo breaking down the data re bullet voting, data can be manipulated and mined to reveal a great deal of information that at first glance one might not think was there.
MRM>>My personal experience with the IRV data suggests that there is indeed reason for Millard’s concern. Initially, I was not too concerned that personal voting data could be meaningfully gleaned from the data, but after doing a good bit of “data mining” independently, I feel that there is too much risk of compromising the anonymity of the voter with the CURRENT method of using IRV and RECORDING the voter rankings. I want to make a distinction that the issue is recording the data, long before we discuss the issue of disclosing that which is recorded. I will submit a separate note on some of the statistics that lead me to my conclusions on how so many unique ballots create that problem in a small community.


You might get upset if your bank were to publicly release your account information or social security number. Likewise I'm upset that the City publicly released my voting information. There is so much information readily available about each of us in the public domain (just google yourself and see what comes up), and in the computer age we've got to have heightened awareness that our private data can easily and inadvertently become public.



MRM>>To reinforce my point and where I differ with Millard, I will use an absurd example. Yes, we would be appalled if the bank released our account information or SS#. But what if the bank released information about our religion or health or sexual history?? Information that they are not allowed to even legitimately possess. That is the analogy here. The government is not allowed to collect this information which Millard argues that they should not release. I submit that they cannot legitimately collect it or keep it.



I really don't want to see this security breach happen again. Hence my belief that IRV must go, because IRV means strings that are publicly released and because IRV means computer scanning that puts raw voting data on someone's hard drive. With IRV there will always exist a higher probability of a security breach as compared to a traditional runoff election.


MRM>> This is where I do agree with Millard. While it seems like a leap for those who have not spent time with the data, I urge you to take a poll book and the ballot strings ( cast vote records) and sort and cross tab the data experimenting with it, and the problem will be more obvious. Roughly 95% of the ballots were unique. Therein is the problem. Billions of possible combinations of rankings on the ballot combined with only 2544 voters. If IRV is to be maintained, a multi-page separable ballot, counted only by race or issue could be a solution. The solution is NOT to pull the shades on transparency of single ballot audit-ability, -- (publishing cast vote records),-- only to leave this information in the hands of a few. Personally, I feel that the benefits of IRV are not worth the risks and hassles and confusion, including this unique ballot data publication risk. If IRV is repealed, the cast vote records of all elections should continue to be published for transparency purposes, which can be done with minimal risk of loss of voter privacy, as the number of unique ballots is dramatically decreased without ranked choice voting (IRV).


I am against any public release of any voting data that might compromise voter security, and the Colorado Constitution agrees with me.

MRM>>I differ in that I am against the collection of such data to begin with, and to quote Millard, “the Constitution agrees with ME.”


I urge the Aspen Election Commission and the City of Aspen to follow the Colorado Constitution and protect our community's voting data.


MRM>>Certainly I agree that the EC should “protect” legitimately collected confidential voter data, (SS# and signature). But the emphasis should be on collecting only legitimately recorded election data and then releasing all such data for transparency. THAT is the best protection of election integrity.


MRM>>Thanks for everyone’s willingness to tease apart these thorny issues and consider the risks and rewards and needs to balance them.



MRM>>I might make one additional observation from a current election issue I’ve heard discussed around town in the last week---the hospital Mill levy ballot. Because there has not been much voter information on what the processing of the mail in ballots will be and under what control conditions, some people are voting insincerely, fearing the lack of anonymity, and some are not voting. As you know, the ballots require signatures and are traceable back to the individual. I’m sure that the Hospital has set up appropriate safeguards similar to the bi-partisan teams with separation of duties as required in Title 1. But since this is not a Title 1 election, people don’t know how controlled the information is, and fear that their votes are being reviewed by the ballot counters at the hospital. I know of several people who said they would have voted against the issue if they had felt that they had been confident in having anonymous vote. I bring up this point to say that despite the chorus of “nobody cares” from many critics, people DO care.