[LINK] Electronic Voting

Craig Sanders cas at taz.net.au
Fri Nov 17 14:40:52 AEDT 2006 

On Fri, Nov 17, 2006 at 01:41:36PM +1100, Howard Lowndes wrote:
> Craig Sanders wrote:
> >On Fri, Nov 17, 2006 at 11:24:14AM +1100, Howard Lowndes wrote:
> >>Since we are attempting to come up with solutions, lets see if this one 
> >>flies:
> >>
> >>Pre-requisites:
> >>Open source software throughout
> >
> >open source would be a requirement in any e-voting software, but is
> >not enough to ensure the security and accuracy of the vote. there
> >are problems inherent to e-voting that open source software can
> >not solve, because nothing can solve them (i.e. the fact that it
> >transforms an open process into a black-box).
>
> You're going to extremes.  How do we know that, under the present
> system, once the ballot papers have got into the electoral office they
> have not also entered some virtual black box; don't forget that the
> results from the tally room are not the official results, they are
> only there for the convenience of the media.  There has to be some
> degree of trust in any system.

given that the ballot boxes are monitored at all times by numerous people
(rather than just one program, or programmer, or hacker) that's not an
unreasonable trust requirement.
 
i.e. the entire process is open source, subject to scrutiny by many
eyes.


> >1. you have to take it on trust that the token number is NOT somehow
> >linked to the voter's identity.
> 
> As I have already said, there has to some degree of trust, even in our 
> current system, but open scrutiny of open source is a good means of 
> establishing trust.

different situations require different levels of trust.  would i trust you
with knowing my email address?  yes.  would i trust you with knowing my home
address?  probably.  would i trust you with knowing my bank account details
including login and password?  absolutely not.

(not even my partner knows my banking PIN. it's not a matter of
trust, it's a matter of need-to-know. an ex-girlfriend years ago just
refused to see that point and took it personally when i kept my PIN to
myself...she said "but i'd tell you mine" and didn't understand that i
didn't *want* to know hers either).



in this case, it's adding a requirement for trust for no actual
benefit...but that's the entire problem with e-voting: massive extra
risk, with minimal (if any) benefit.



> >2. because it provides a way to prove how you actually voted, this
> >allows for vote-buying and vote-coercion.
> 
> Vote buying is a pre-emptive act; I think what you mean is vote 
> rewarding, so it would only apply to those who want to be coerced or 
> rewarded.  If the voter shreds the token before leaving the station then 
> coercion and rewarding are not possible.

optional shredding is not good enough.

anyone coercing a vote will presumably be capable of saying "show me
your token or you'll be sacked/kicked out/beaten up/etc". it's no
different to just giving the voter a receipt showing their actual vote.

ANY system that allows the voter to see their own individual vote at a
later date has this exact same failing. if they can see it, then anyone
who bought/coerced their vote can also demand see it.


craig

-- 
craig sanders <cas at taz.net.au>           (part time cyborg)

More information about the Link mailing list