[EL] more news 5/23/11

[Joseph Lorenzo Hall]

On Mon, May 23, 2011 at 5:53 PM, Rick Hasen <rhasen at law.uci.edu> wrote:
>
> "States Toughen ID Rules for Voters"
>
> The Wall Street Journal offers this report.

I wanted to point to two brief comments we (my NSF grant, ACCURATE)
made recently in a public comment filing relevant to the ID issue.
(I've got a mostly-finished blog post I can put up later in the week
that discusses these points in more detail.)

http://accurate-voting.org/docs/comments/accurate-nist-7682-7711-comment.pdf

First, we note how checking IDs for authenticity is difficult and most
likely beyond what we'd train and pay poll workers to learn how to do:

"Procedures for verifying identification documents, for example those
employed by the Transportation Security Administration, require
substantial training and involve the use of ultraviolet light ("black
lights") to detect laminate holograms and magnifying loops to examine
ID documents for lack of microprinting features and the presence of
inkjet dots (both of which can indicate a forged ID).[9] It seems
important here to recognize the limitations of physical, interactive
ID checking and the limited extent to which robust ID checking can be
practically employed in election environments."

and, we also note how equating signature verification (or other
check-based authentication) to authenticating a voter is seriously
naive compared to how financial risk management works:

"This section first claims that bank checks have worked well for over
a hundred years because wet-ink signature forgery is hard and then—in
the table at the bottom of the page—says that signature verification
is used in in-person voting so it must be strong enough for remote
transactions. First, banks have slowly moved away from checking every
check’s signature to complex fraud detection mechanisms where the
ultimate step is "check review", consisting of an examination of all
the physical security properties a financial instrument.[11]  It is
important to note that financial institutions have very sophisticated
methods of managing fraud risks and detecting anomalies that are
impractical for elections. Further, modern signature verification
techniques use complex machine learning algorithms[12] and such
signature verification tools don’t seem widely deployed in the
elections context, where humans often employ manual signature
comparison.[13]"

I could also extend these kinds of clarifications to the other cases
in Kobach's op-ed... to boarding a plane (where substantially better
authentication exists, but you don't *need* ID to board a plane,
technically) buying sudafed (they merely glance at your license and
make sure that the address matches what you give them in a log).

best, Joe

[9]: Transportation Security Administration. Aviation Security
Screening Management: Standard Operating Procedures (Revision 3).
2008. URL: http://www.papersplease.org/wp/wp-content/uploads/2009/12/tsa_screening_mgmt_sop.pdf,
Appendix 2, at 80.
[11]: E. J Potter. "Customer Authentication: The Evolution of
Signature Verification in Financial Institutions". Journal of Economic
Crime Management 1:1 (2002). URL:
https://utica.edu/academic/institutes/ecii/publications/
articles/A026B1A2-B067-59DE-920C01AD24768FE3.pdf.
[12]: D. Bertolini, L. S. Oliveira, E. Justino, and R. Sabourin.
"Reducing forgeries in writer-independent off-line signature
verification through ensemble of classifiers". Pattern Recognition
43:1, 387--396 (2010). URL: http://www.inf.ufpr.br/
lesoliveira/download/PR2010.pdf.
[13]: From our own work with election officials in California, we have
heard of a few anecdotal reports of automated signa- ture verification
being used for vote-by-mail (VBM) signature checking. Many election
officials seem to err on the side of enfranchisement, and allow
signature comparisons to "pass" signature verification that would
otherwise fail in the financial application, where any significant
deviation could be cause for further investigation (in elections, if a
signature is deemed non-matching, that person’s ballot is not
counted). Election officials we have talked to, anecdotally again,
find the high rate of false positives and negatives (\approx 2 -- 5%)
for the election-oriented signature checking tools to be high.

-- 
Joseph Lorenzo Hall
ACCURATE Postdoctoral Research Associate
UC Berkeley School of Information
Princeton Center for Information Technology Policy
http://josephhall.org/