[LINK] E-voting fears run high as election day looms

Karl Auer kauer at biplane.com.au
Wed Oct 29 17:21:21 EST 2008

On Wed, 2008-10-29 at 16:35 +1100, Richard Chirgwin wrote:
> e-voting needs too many
> different components to be "right".
> 1) All of the normal electoral mechanisms still need to exist -

> 2) The machine itself must be secure and open to scrutiny. How you
> resolve those two is a nice trick ...

Have the interface separate from the machine, with the interface being
very, very dumb and the machine itself physically protected from access
by unauthorised people except via the interface. Think ATM.

One attack that I don't *think* has yet been proposed is that someone
substitutes a mockup of a voting machine for a real one - entirely
possible with the little portable thingies from Diebold. Can't fake
votes with it, but you could put them into your opponents' strongholds
to reduce their vote count. The mockery that is the Diebold "self-test"
would aid and abet any such plan.

> 4) The network must not be the Internet, which to my mind rather
> undermines cost arguments.

Why on earth not use the Internet? With appropriate crypto it is no
problem at all.

> 5) And then there's the interface. It has to be (a) comprehensible to
> any user; (b) failsafe; (c) users must be able to "navigate backwards"

Not failsafe - it needs to be failfast, failcomprehensible and
failobviously (i.e., it must not fail in ways that are not apparent).
And there needs to be a (probably paper) mechanism that allows a valid
vote to be cast when the machine has failed.

Regards, K.

Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: DD23 0DF3 2260 3060 7FEC 5CA8 1AF6 D9E3 CFEE 6B28

More information about the Link mailing list