From Margaret.McGaley at redbrick.dcu.ie Tue Jun 3 14:01:14 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:26 2004 Subject: [E-voting] FoI request Message-ID: <20030603130114.GA22632@prodigy.Redbrick.DCU.IE> I've just received an e-mail stating that the documents I received under the Freedom of Information Act are in the public domain. Everything I received in machine readable form is currently available at http://minds.cs.may.ie/~lovelace/E-Voting/FoI_request/ The PMI source code reviews are an eye-opener. PMI Software Ltd. [1] don't advertise source code reviews as one of their services. There are two files there that I haven't been able to figure out the type of. Desktop_DB and Desktop_DF. Margaret [1] http://www.pmisoftware.com/ From P at draigBrady.com Tue Jun 3 14:12:39 2003 From: P at draigBrady.com (P@draigBrady.com) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] FoI request In-Reply-To: <20030603130114.GA22632@prodigy.Redbrick.DCU.IE> References: <20030603130114.GA22632@prodigy.Redbrick.DCU.IE> Message-ID: <3EDC9EC7.4060202@draigBrady.com> Margaret McGaley wrote: > I've just received an e-mail stating that the documents I received under the > Freedom of Information Act are in the public domain. Everything I received in > machine readable form is currently available at > > http://minds.cs.may.ie/~lovelace/E-Voting/FoI_request/ > > The PMI source code reviews are an eye-opener. PMI Software Ltd. [1] don't > advertise source code reviews as one of their services. > > There are two files there that I haven't been able to figure out the type of. > Desktop_DB and Desktop_DF. These 2 files are Mac specific I think. I guess they're binary format files representing the desktop? Not sure if there is any useful data in them or how to open them. P?draig. From colm at stdlib.net Tue Jun 3 16:57:10 2003 From: colm at stdlib.net (Colm =?iso-8859-15?Q?MacC=E1rthaigh?=) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] FoI request In-Reply-To: <20030603130114.GA22632@prodigy.Redbrick.DCU.IE> References: <20030603130114.GA22632@prodigy.Redbrick.DCU.IE> Message-ID: <20030603155710.GA65841@kilmainham.stdlib.net> On Tue, Jun 03, 2003 at 02:01:14PM +0100, Margaret McGaley wrote: > I've just received an e-mail stating that the documents I received under the > Freedom of Information Act are in the public domain. Everything I received in > machine readable form is currently available at > > http://minds.cs.may.ie/~lovelace/E-Voting/FoI_request/ Great! > The PMI source code reviews are an eye-opener. PMI Software Ltd. [1] don't > advertise source code reviews as one of their services. I havnt had much of a chance to read everything in detail yet, but from what I've seen so far I'm horrified. One thing strikes me as odd though, what on earth is a source-code review doign advising on the consitutionality of deposits? > There are two files there that I haven't been able to figure out the type of. > Desktop_DB and Desktop_DF. Seem to be some kind of archive format, with lots of tiffs, I'll have a good crack at them later. -- Colm MacC?rthaigh Public Key: colm+pgp@stdlib.net colm@stdlib.net http://www.stdlib.net/ From michael.conry at ucd.ie Tue Jun 3 18:09:29 2003 From: michael.conry at ucd.ie (Michael Conry) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] FoI request In-Reply-To: <3EDC9EC7.4060202@draigBrady.com> References: <20030603130114.GA22632@prodigy.Redbrick.DCU.IE> <3EDC9EC7.4060202@draigBrady.com> Message-ID: <20030603170929.GA16370@serendipity.mc> On 0020 +0100 %{!Tue, Jun 03, 2003 at 2:12:39PM +0100}, P@draigBrady.com wrote: > Margaret McGaley wrote: > >There are two files there that I haven't been able to figure out the type > >of. > >Desktop_DB and Desktop_DF. > > These 2 files are Mac specific I think. > I guess they're binary format files > representing the desktop? This link: http://www.doctormac.net/tips/osx_folder_structure.html indicates that they may contain Document/Application bindings in an OS 9 Mac system. Probably not so important for readers in that case. m From colm at stdlib.net Tue Jun 3 20:07:07 2003 From: colm at stdlib.net (Colm =?iso-8859-15?Q?MacC=E1rthaigh?=) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] FoI request In-Reply-To: <3EDC9EC7.4060202@draigBrady.com> References: <20030603130114.GA22632@prodigy.Redbrick.DCU.IE> <3EDC9EC7.4060202@draigBrady.com> Message-ID: <20030603190707.GA79875@kilmainham.stdlib.net> On Tue, Jun 03, 2003 at 02:12:39PM +0100, P@draigBrady.com wrote: > These 2 files are Mac specific I think. > I guess they're binary format files > representing the desktop? Not sure if they represent the desktop, but they are Mac Specific, apparently they are an artifact of using DAVE, http://www.versiontracker.com/dyn/moreinfo/mac/16005 A utility for helping MACs interoperate with Windows Networks. Well I'm basing that on what I see here: http://www.versiontracker.com/dyn/moreinfo/mac/16005 I'm not sure whether that means the files contain anything useful or not, or are just the result of someone grabbing the files from the SMB server rather than the client. >From looking at "strings" and hexdump output, aswell as a few simples tests the files seem to contain a lot of information, and a lot of valid magic numbers and format headers. So it suggests some kind of archive format, time to get a MAC head ;) -- Colm MacC?rthaigh Public Key: colm+pgp@stdlib.net colm@stdlib.net http://www.stdlib.net/ From timod at esatclear.ie Wed Jun 4 01:33:48 2003 From: timod at esatclear.ie (Tim) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] FoI request In-Reply-To: <20030603190707.GA79875@kilmainham.stdlib.net> Message-ID: Ar an 03/06/2003 20:07, scr?obh Colm MacC?rthaigh : > On Tue, Jun 03, 2003 at 02:12:39PM +0100, P@draigBrady.com wrote: >> These 2 files are Mac specific I think. Every Mac disk has a "Desktop Database" (do a search for "Desktop DB" or "Desktop DF", the space seemed to be converted to an underscore) Nothing to do with Dave or SMB - it just makes them visible. Each file on a Mac has a creator and a type, (on Windows, just a type) - hence why it doesn't need a three letter extension. E.G. You could have some of your jpgs set to open by default with quicktime, and some to open by default with Photoshop. All this kind of info is stored in the desktop database. No idea why they're so large in this case though, an 8Gb disk on this machine has filesize 52kb, and 333kb for the two files. Just to make this relevant, we should all be using Macs for e-voting... Sl?n, Tim From Margaret.McGaley at redbrick.dcu.ie Wed Jun 4 16:51:11 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] Re: FC: Electronic voting in Ireland encounters criticism In-Reply-To: <3ED6B0BD.7E3307A4@ix.netcom.com> References: <5.2.1.1.0.20030529023047.04344aa8@mail.well.com> <3ED6B0BD.7E3307A4@ix.netcom.com> Message-ID: <20030604155110.GA21603@prodigy.Redbrick.DCU.IE> Hi Jeff, I make a very clear distinction in my report between kiosk e-voting (systems like Nedap/Powervote) and remote electronic voting (which includes internet voting). I make it clear that I believe that the technology does not currently exist to produce a reliable remote electronic voting system. Margaret On Thu, May 29, 2003 at 06:15:41PM -0700, Jeff Williams wrote: > Declan, Margaret and all, > > I noticed that in Margaret's paper she referenced below and Adam's > article that there was no distinction between E-Voting and Internet > based electronic voting. The two are quite different in many respects. > Hence I would be very interested in Margret's and Adam's thoughts, > positions and attitudes in this very important distinction. I already > know Dave Farbers! >:) > > Declan McCullagh wrote: > > > --- > > > > From: "adam beecher" > > To: "Dave Farber" , "Declan McCullagh" > > Subject: Electronic voting in Ireland > > Date: Wed, 28 May 2003 21:45:25 +0100 > > > > Hi Declan, Dave, > > > > Both of you have posted commentary on electronic voting on your lists > > recently and in the past, I thought the message below might be of interest > > to your subscribers. > > > > I don't strictly agree with Margaret's goals, in that I don't object to > > Nedap/Powervote specifically, but more the lack of oversight and > > transparency; nor do I object to products developed outside of Ireland being > > used here if the attributes mentioned above are present. But I do believe > > very strongly that all electronic voting in Ireland should be suspended > > until we know a hell of a lot more. Full source disclosure should be a > > prerequisite. > > > > Elections have already taken place using this equipment in some > > constituencies in Ireland, and our Government has made it clear that they > > intend implenting it across the board at our next major election, which > > takes place next year. Just like most other countries, public services in > > Ireland tend to plod along, and changes can take years, even decades, to > > take hold. Needless to say, the speed with which this has been implemented > > is raising eyebrows. > > > > The Irish Government passed a data retention directive last year*, in a > > Cabinet meeting with no oversight from even the members of their own > > parties. This happened before European legislation was fully drafted, and > > has raised objections and even threats of legal proceedings from our own > > Data Protection Commissioner. In light of this, you don't need to be a > > conspiracy theorist to start drawing ugly conclusions. > > > > adam > > > > * http://radio.weblogs.com/0103966/2003/05/26.html#a2327 > > > > -----Original Message----- > > From: iiu-admin@taint.org [mailto:iiu-admin@taint.org]On Behalf Of > > Margaret McGaley > > Sent: 28 May 2003 19:35 > > To: ilug@linux.ie; e-voting@lists.stdlib.net; iiu@taint.org; > > SAGE-Announce@SAGE.ORG; sares@redbrick.dcu.ie; gliceas@redbrick.dcu.ie > > Subject: [IIU] [E-voting] Electronic voting > > > > To whom it may concern, > > > > E-voting poses a threat to our democracy. This is my conclusion after 5 > > months > > of research into the topic for my undergraduate thesis. My results are > > available online at > > > > http://minds.cs.may.ie/~lovelace/E-Voting/index.shtml > > > > I hope to mount a campaign over the next few months with the following > > goals: > > - to prevent the use of the Nedap/Powervote system in Irish elections, > > - to prevent the purchase of any more equipment or software from > > Nedap/Powervote by the Irish government, and > > - to convince the government that any electronic voting system used in this > > country should be developed here, using formal methods[1] and the Mercuri > > method[2], and should be open source. > > > > If you would be interested in getting involved in such a campaign, or have > > any > > advice/comments, please contact me at > > > > Margaret.McGaley@Redbrick.DCU.IE > > > > or join (or mail) the mailing list > > > > e-voting@lists.stdlib.net > > > > by going to > > > > http://lists.stdlib.net/mailman/listinfo/e-voting > > > > Please forward this mail to anyone you think may be interested. > > > > Thanks, > > Margaret McGaley > > > > [1],[2] these terms are further explained on the website cited above > > > > _______________________________________________ > > E-voting mailing list > > E-voting@lists.stdlib.net > > http://lists.stdlib.net/mailman/listinfo/e-voting > > > > _______________________________________________ > > IIU mailing list > > IIU@iiu.taint.org > > http://iiu.taint.org/mailman/listinfo/iiu > > > > ------------------------------------------------------------------------- > > POLITECH -- Declan McCullagh's politics and technology mailing list > > You may redistribute this message freely if you include this notice. > > ------------------------------------------------------------------------- > > To subscribe to Politech: http://www.politechbot.com/info/subscribe.html > > This message is archived at http://www.politechbot.com/ > > Declan McCullagh's photographs are at http://www.mccullagh.org/ > > Like Politech? Make a donation here: http://www.politechbot.com/donate/ > > ------------------------------------------------------------------------- > > Regards, > > -- > Jeffrey A. Williams > Spokesman for INEGroup LLA. - (Over 131k members/stakeholders strong!) > "Be precise in the use of words and expect precision from others" - > Pierre Abelard > ================================================================ > CEO/DIR. Internet Network Eng. SR. Eng. Network data security > Information Network Eng. Group. INEG. INC. > E-Mail jwkckid1@ix.netcom.com > Contact Number: 214-244-4827 or 214-244-3801 > From Margaret.McGaley at redbrick.dcu.ie Wed Jun 4 17:11:10 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] Name Message-ID: <20030604161109.GA22271@prodigy.Redbrick.DCU.IE> This campaign needs a name. Any suggestions? (Good acronyms preferred :) ) Margaret From lists at spamfilter.cc Wed Jun 4 17:54:46 2003 From: lists at spamfilter.cc (adam beecher) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] Re: FC: Electronic voting in Ireland encounters criticism In-Reply-To: <20030604155110.GA21603@prodigy.Redbrick.DCU.IE> Message-ID: [I didn't get this one directly, so I don't who it was originally distributed to. Sorry if you weren't copied on it Declan.] Hi Jeff, I disagree with Margaret on this too, although it still doesn't alter my agreement with her general principles. I think ve haff ze technology for remote electronic voting, and I'm pretty sure another listserv luminary, Bruce Schneier, would be pretty miffed at any suggestion that we don't. I think security mindset is the issue here, or more accurately the lack of one. The average j(o|an)e doesn't know what crypto is, they don't understand that a string of gobbledygook can be a key, they don't understand that they need to lock up their computers just like they lock up their houses. That mindset is decades away, it won't happen in this generation and it won't happen in the next; if we're lucky, it'll happen in the one after that. Until that mindset arrives, though, until computer security becomes a default in people's heads, we have no place voting over the Internet. Let's get it secure at 127.0.0.1 first, eh? ;) adam .............................................................. Those are my principles. If you don't like them I have others. -- Groucho Marx. > -----Original Message----- > From: e-voting-bounces@lists.stdlib.net > [mailto:e-voting-bounces@lists.stdlib.net]On Behalf Of Margaret McGaley > Sent: 04 June 2003 16:51 > To: Jeff Williams; e-voting@lists.stdlib.net > Subject: [E-voting] Re: FC: Electronic voting in Ireland encounters > criticism > > > > Hi Jeff, > > I make a very clear distinction in my report between kiosk > e-voting (systems > like Nedap/Powervote) and remote electronic voting (which > includes internet > voting). I make it clear that I believe that the technology does > not currently > exist to produce a reliable remote electronic voting system. > > Margaret > > > On Thu, May 29, 2003 at 06:15:41PM -0700, Jeff Williams wrote: > > Declan, Margaret and all, > > > > I noticed that in Margaret's paper she referenced below and Adam's > > article that there was no distinction between E-Voting and Internet > > based electronic voting. The two are quite different in many respects. > > Hence I would be very interested in Margret's and Adam's thoughts, > > positions and attitudes in this very important distinction. I already > > know Dave Farbers! >:) > > > > Declan McCullagh wrote: > > > > > --- > > > > > > From: "adam beecher" > > > To: "Dave Farber" , "Declan McCullagh" > > > > Subject: Electronic voting in Ireland > > > Date: Wed, 28 May 2003 21:45:25 +0100 > > > > > > Hi Declan, Dave, > > > > > > Both of you have posted commentary on electronic voting on your lists > > > recently and in the past, I thought the message below might > be of interest > > > to your subscribers. > > > > > > I don't strictly agree with Margaret's goals, in that I don't > object to > > > Nedap/Powervote specifically, but more the lack of oversight and > > > transparency; nor do I object to products developed outside > of Ireland being > > > used here if the attributes mentioned above are present. But > I do believe > > > very strongly that all electronic voting in Ireland should be > suspended > > > until we know a hell of a lot more. Full source disclosure should be a > > > prerequisite. > > > > > > Elections have already taken place using this equipment in some > > > constituencies in Ireland, and our Government has made it > clear that they > > > intend implenting it across the board at our next major > election, which > > > takes place next year. Just like most other countries, public > services in > > > Ireland tend to plod along, and changes can take years, even > decades, to > > > take hold. Needless to say, the speed with which this has > been implemented > > > is raising eyebrows. > > > > > > The Irish Government passed a data retention directive last > year*, in a > > > Cabinet meeting with no oversight from even the members of their own > > > parties. This happened before European legislation was fully > drafted, and > > > has raised objections and even threats of legal proceedings > from our own > > > Data Protection Commissioner. In light of this, you don't need to be a > > > conspiracy theorist to start drawing ugly conclusions. > > > > > > adam > > > > > > * http://radio.weblogs.com/0103966/2003/05/26.html#a2327 > > > > > > -----Original Message----- > > > From: iiu-admin@taint.org [mailto:iiu-admin@taint.org]On Behalf Of > > > Margaret McGaley > > > Sent: 28 May 2003 19:35 > > > To: ilug@linux.ie; e-voting@lists.stdlib.net; iiu@taint.org; > > > SAGE-Announce@SAGE.ORG; sares@redbrick.dcu.ie; gliceas@redbrick.dcu.ie > > > Subject: [IIU] [E-voting] Electronic voting > > > > > > To whom it may concern, > > > > > > E-voting poses a threat to our democracy. This is my > conclusion after 5 > > > months > > > of research into the topic for my undergraduate thesis. My results are > > > available online at > > > > > > http://minds.cs.may.ie/~lovelace/E-Voting/index.shtml > > > > > > I hope to mount a campaign over the next few months with the following > > > goals: > > > - to prevent the use of the Nedap/Powervote system in Irish elections, > > > - to prevent the purchase of any more equipment or software from > > > Nedap/Powervote by the Irish government, and > > > - to convince the government that any electronic voting > system used in this > > > country should be developed here, using formal methods[1] > and the Mercuri > > > method[2], and should be open source. > > > > > > If you would be interested in getting involved in such a > campaign, or have > > > any > > > advice/comments, please contact me at > > > > > > Margaret.McGaley@Redbrick.DCU.IE > > > > > > or join (or mail) the mailing list > > > > > > e-voting@lists.stdlib.net > > > > > > by going to > > > > > > http://lists.stdlib.net/mailman/listinfo/e-voting > > > > > > Please forward this mail to anyone you think may be interested. > > > > > > Thanks, > > > Margaret McGaley > > > > > > [1],[2] these terms are further explained on the website cited above > > > > > > _______________________________________________ > > > E-voting mailing list > > > E-voting@lists.stdlib.net > > > http://lists.stdlib.net/mailman/listinfo/e-voting > > > > > > _______________________________________________ > > > IIU mailing list > > > IIU@iiu.taint.org > > > http://iiu.taint.org/mailman/listinfo/iiu > > > > > > > ------------------------------------------------------------------------- > > > POLITECH -- Declan McCullagh's politics and technology mailing list > > > You may redistribute this message freely if you include this notice. > > > > ------------------------------------------------------------------------- > > > To subscribe to Politech: > http://www.politechbot.com/info/subscribe.html > > > This message is archived at http://www.politechbot.com/ > > > Declan McCullagh's photographs are at http://www.mccullagh.org/ > > > Like Politech? Make a donation here: http://www.politechbot.com/donate/ > > ------------------------------------------------------------------------- > > Regards, > > -- > Jeffrey A. Williams > Spokesman for INEGroup LLA. - (Over 131k members/stakeholders strong!) > "Be precise in the use of words and expect precision from others" - > Pierre Abelard > ================================================================ > CEO/DIR. Internet Network Eng. SR. Eng. Network data security > Information Network Eng. Group. INEG. INC. > E-Mail jwkckid1@ix.netcom.com > Contact Number: 214-244-4827 or 214-244-3801 > _______________________________________________ E-voting mailing list E-voting@lists.stdlib.net http://lists.stdlib.net/mailman/listinfo/e-voting From patrick at kobly.com Wed Jun 4 03:28:49 2003 From: patrick at kobly.com (Patrick J. Kobly) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] Re: FC: Electronic voting in Ireland encounters criticism In-Reply-To: References: <20030604155110.GA21603@prodigy.Redbrick.DCU.IE> Message-ID: <20030604022849.GA11358@www.kobly.com> On Wed, Jun 04, 2003 at 05:54:46PM +0100, adam beecher wrote: > [I didn't get this one directly, so I don't who it was originally > distributed to. Sorry if you weren't copied on it Declan.] > > Hi Jeff, > > I disagree with Margaret on this too, although it still doesn't alter my > agreement with her general principles. I think ve haff ze technology for > remote electronic voting, and I'm pretty sure another listserv luminary, > Bruce Schneier, would be pretty miffed at any suggestion that we don't. Have you read Schneier's more recent writing? I haven't heard him weigh in on this, but from the more pessimistic (realistic [?]) approach that he took in Secrets and Lies, I would bet that he would have just as much of a problem with the suggestion that we have the technology to do remote voting right. Besides, one of the things Schneier points out himself is that regardless of the "luminary" status of someone, if he is wrong, he's still just as wrong. > I > think security mindset is the issue here, or more accurately the lack of > one. The average j(o|an)e doesn't know what crypto is, they don't understand > that a string of gobbledygook can be a key, they don't understand that they > need to lock up their computers just like they lock up their houses. > > That mindset is decades away, it won't happen in this generation and it > won't happen in the next; if we're lucky, it'll happen in the one after > that. Until that mindset arrives, though, until computer security becomes a > default in people's heads, we have no place voting over the Internet. I concur that mindset is a problem. I do not however, concur that it is the only problem, or that once it is solved, all other problems become trivial. The fact remains, that in remote e-voting, there is a trust path that extends: A) From user to Operating System B) From Operating System to voting client software C) From voting client software to operating system D) From OS to the wire E) Across the wire F) To central voting server NIC, OS, aggregating database G) From database to tabulating software H) From tabulating software to human readable reports I) To publication Now, C through I can be dealt with reasonably through a combination of encryption technologies and open code for transparency and accountability. A and B are a different story, however. Most of the discussion about encryption technology takes as a given that the machine of user A acts as a faithful agent of user A. Where this is not the case, most of these technologies break down. Regardless of this, remote voting technologies (whether computerized or not) will pose serious problems for secrecy of the ballot. This is why a number of jurisdictions limit the use of absentee balloting. A secret balloting system where a voter _can_ voluntarily waive secrecy and prove his vote to another individual introduces and exacerbates real problems, including coercion and vote-selling. Second channel verifications - ie. confirmation of your vote by mail, telephone, IVR systems, etc. all provide another opportunity for waiving secrecy through proof of vote. PK > Let's get it secure at 127.0.0.1 first, eh? ;) > > adam > > .............................................................. > Those are my principles. If you don't like them I have others. > -- Groucho Marx. > > > > -----Original Message----- > > From: e-voting-bounces@lists.stdlib.net > > [mailto:e-voting-bounces@lists.stdlib.net]On Behalf Of Margaret McGaley > > Sent: 04 June 2003 16:51 > > To: Jeff Williams; e-voting@lists.stdlib.net > > Subject: [E-voting] Re: FC: Electronic voting in Ireland encounters > > criticism > > > > > > > > Hi Jeff, > > > > I make a very clear distinction in my report between kiosk > > e-voting (systems > > like Nedap/Powervote) and remote electronic voting (which > > includes internet > > voting). I make it clear that I believe that the technology does > > not currently > > exist to produce a reliable remote electronic voting system. > > > > Margaret > > > > > > On Thu, May 29, 2003 at 06:15:41PM -0700, Jeff Williams wrote: > > > Declan, Margaret and all, > > > > > > I noticed that in Margaret's paper she referenced below and Adam's > > > article that there was no distinction between E-Voting and Internet > > > based electronic voting. The two are quite different in many respects. > > > Hence I would be very interested in Margret's and Adam's thoughts, > > > positions and attitudes in this very important distinction. I already > > > know Dave Farbers! >:) > > > > > > Declan McCullagh wrote: > > > > > > > --- > > > > > > > > From: "adam beecher" > > > > To: "Dave Farber" , "Declan McCullagh" > > > > > > Subject: Electronic voting in Ireland > > > > Date: Wed, 28 May 2003 21:45:25 +0100 > > > > > > > > Hi Declan, Dave, > > > > > > > > Both of you have posted commentary on electronic voting on your lists > > > > recently and in the past, I thought the message below might > > be of interest > > > > to your subscribers. > > > > > > > > I don't strictly agree with Margaret's goals, in that I don't > > object to > > > > Nedap/Powervote specifically, but more the lack of oversight and > > > > transparency; nor do I object to products developed outside > > of Ireland being > > > > used here if the attributes mentioned above are present. But > > I do believe > > > > very strongly that all electronic voting in Ireland should be > > suspended > > > > until we know a hell of a lot more. Full source disclosure should be a > > > > prerequisite. > > > > > > > > Elections have already taken place using this equipment in some > > > > constituencies in Ireland, and our Government has made it > > clear that they > > > > intend implenting it across the board at our next major > > election, which > > > > takes place next year. Just like most other countries, public > > services in > > > > Ireland tend to plod along, and changes can take years, even > > decades, to > > > > take hold. Needless to say, the speed with which this has > > been implemented > > > > is raising eyebrows. > > > > > > > > The Irish Government passed a data retention directive last > > year*, in a > > > > Cabinet meeting with no oversight from even the members of their own > > > > parties. This happened before European legislation was fully > > drafted, and > > > > has raised objections and even threats of legal proceedings > > from our own > > > > Data Protection Commissioner. In light of this, you don't need to be a > > > > conspiracy theorist to start drawing ugly conclusions. > > > > > > > > adam > > > > > > > > * http://radio.weblogs.com/0103966/2003/05/26.html#a2327 > > > > > > > > -----Original Message----- > > > > From: iiu-admin@taint.org [mailto:iiu-admin@taint.org]On Behalf Of > > > > Margaret McGaley > > > > Sent: 28 May 2003 19:35 > > > > To: ilug@linux.ie; e-voting@lists.stdlib.net; iiu@taint.org; > > > > SAGE-Announce@SAGE.ORG; sares@redbrick.dcu.ie; gliceas@redbrick.dcu.ie > > > > Subject: [IIU] [E-voting] Electronic voting > > > > > > > > To whom it may concern, > > > > > > > > E-voting poses a threat to our democracy. This is my > > conclusion after 5 > > > > months > > > > of research into the topic for my undergraduate thesis. My results are > > > > available online at > > > > > > > > http://minds.cs.may.ie/~lovelace/E-Voting/index.shtml > > > > > > > > I hope to mount a campaign over the next few months with the following > > > > goals: > > > > - to prevent the use of the Nedap/Powervote system in Irish elections, > > > > - to prevent the purchase of any more equipment or software from > > > > Nedap/Powervote by the Irish government, and > > > > - to convince the government that any electronic voting > > system used in this > > > > country should be developed here, using formal methods[1] > > and the Mercuri > > > > method[2], and should be open source. > > > > > > > > If you would be interested in getting involved in such a > > campaign, or have > > > > any > > > > advice/comments, please contact me at > > > > > > > > Margaret.McGaley@Redbrick.DCU.IE > > > > > > > > or join (or mail) the mailing list > > > > > > > > e-voting@lists.stdlib.net > > > > > > > > by going to > > > > > > > > http://lists.stdlib.net/mailman/listinfo/e-voting > > > > > > > > Please forward this mail to anyone you think may be interested. > > > > > > > > Thanks, > > > > Margaret McGaley > > > > > > > > [1],[2] these terms are further explained on the website cited above > > > > > > > > _______________________________________________ > > > > E-voting mailing list > > > > E-voting@lists.stdlib.net > > > > http://lists.stdlib.net/mailman/listinfo/e-voting > > > > > > > > _______________________________________________ > > > > IIU mailing list > > > > IIU@iiu.taint.org > > > > http://iiu.taint.org/mailman/listinfo/iiu > > > > > > > > > > ------------------------------------------------------------------------- > > > > POLITECH -- Declan McCullagh's politics and technology mailing list > > > > You may redistribute this message freely if you include this notice. > > > > > > ------------------------------------------------------------------------- > > > > To subscribe to Politech: > > http://www.politechbot.com/info/subscribe.html > > > > This message is archived at http://www.politechbot.com/ > > > > Declan McCullagh's photographs are at http://www.mccullagh.org/ > > > > Like Politech? Make a donation here: > http://www.politechbot.com/donate/ > > > > ------------------------------------------------------------------------- > > > > Regards, > > > > -- > > Jeffrey A. Williams > > Spokesman for INEGroup LLA. - (Over 131k members/stakeholders strong!) > > "Be precise in the use of words and expect precision from others" - > > Pierre Abelard > > ================================================================ > > CEO/DIR. Internet Network Eng. SR. Eng. Network data security > > Information Network Eng. Group. INEG. INC. > > E-Mail jwkckid1@ix.netcom.com > > Contact Number: 214-244-4827 or 214-244-3801 > > > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting > > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting -- Bow down before the one you serve You're going to get what you deserve -NIN -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.stdlib.net/pipermail/e-voting/attachments/20030603/6c2881a5/attachment.bin From lists at spamfilter.cc Wed Jun 4 21:10:38 2003 From: lists at spamfilter.cc (adam beecher) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] Re: FC: Electronic voting in Ireland encounterscriticism In-Reply-To: <20030604022849.GA11358@www.kobly.com> Message-ID: [I'm sure Dave & Declan have heard all this before, so I won't copy them after this post. I reckon they'll be able to find the archives if they want to follow the debate. :)] > Have you read Schneier's more recent writing? > Nope. Cryptogram and Simon Singh is about the limit of my committment to crypto. Secrets and Lies is on my wish list, but it's not particularly high on the list. ;) > I haven't heard him weigh in on this, but from the more pessimistic > (realistic [?]) approach that he took in Secrets and Lies, I would > bet that he would have just as much of a problem with the suggestion > that we have the technology to do remote voting right. > I shouldn't have put words in Bruce's mouth. There's an easy way to find out though, I'll ask him, and report back if he replies. > Besides, one of the things Schneier points out himself is that > regardless of the "luminary" status of someone, if he is wrong, > he's still just as wrong. > Of course, although obviously he's more qualified than me to proffer an opinion. I respect Bruce, but I don't think he's omniscient. I'm a little saddended I needed to say that. > I concur that mindset is a problem. I do not however, concur that it > is the only problem, or that once it is solved, all other problems > become trivial. The fact remains, that in remote e-voting, there is a > trust path that extends: > > A) From user to Operating System > B) From Operating System to voting client software > C) From voting client software to operating system > D) From OS to the wire > E) Across the wire > F) To central voting server NIC, OS, aggregating database > G) From database to tabulating software > H) From tabulating software to human readable reports > I) To publication > > Now, C through I can be dealt with reasonably through a combination of > encryption technologies and open code for transparency and accountability. > Absolutely, although some of these steps may be replaced with meatspace equivalents. This is immaterial though, since the meatspace equivalents already exist and have proven security models. > A and B are a different story, however. Most of the discussion about > encryption technology takes as a given that the machine of user A acts > as a faithful agent of user A. Where this is not the case, most of > these technologies break down. > I agree, but with every security model we have to balance risk and effort. With crypto, your key size is dependant on the importance of the document you're encrypting, and how long you need it to remain secure; in meatspace, the strength of your front door is defined by where you live and what you've got. In this particular case, the risk involved in compromising enough machines to have a tangible affect on the outcome of the vote is simply too high, the effort too much. So A and B are covered by risk and effort, and C through I are covered by strong crypto and/or proven meatspace models. > Regardless of this, remote voting technologies (whether computerized > or not) will pose serious problems for secrecy of the ballot. This is > why a number of jurisdictions limit the use of absentee balloting. A > secret balloting system where a voter _can_ voluntarily waive secrecy > and prove his vote to another individual introduces and exacerbates > real problems, including coercion and vote-selling. > Again, I agree with you, but this is a general voting issue that's always existed. There are technological ways around this, for example by automatically closing - maybe evening uninstalling - the voting application as soon as someone has voted. Sure, you can stop this with CTRL+ALT+DEL, or someone can sit beside you and watch as you cast your vote, but again we come back to risk and effort: vote riggers will need a hell of a lot of enforcers if they want to have a significant affect on the election. > Second channel verifications - ie. confirmation of your vote by mail, > telephone, IVR systems, etc. all provide another opportunity for > waiving secrecy through proof of vote. > This one is the most troublesome for me, although I think that a properly implemented system with trusted oversight shouldn't need second channel verification. adam From patrick at kobly.com Wed Jun 4 08:23:37 2003 From: patrick at kobly.com (Patrick J. Kobly) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] Re: FC: Electronic voting in Ireland encounterscriticism In-Reply-To: References: <20030604022849.GA11358@www.kobly.com> Message-ID: <20030604072337.GA15751@www.kobly.com> On Wed, Jun 04, 2003 at 09:10:38PM +0100, adam beecher wrote: > [I'm sure Dave & Declan have heard all this before, so I won't copy them > after this post. I reckon they'll be able to find the archives if they want > to follow the debate. :)] > > > become trivial. The fact remains, that in remote e-voting, there is a > > trust path that extends: > > > > A) From user to Operating System > > B) From Operating System to voting client software > > C) From voting client software to operating system > > D) From OS to the wire > > E) Across the wire > > F) To central voting server NIC, OS, aggregating database > > G) From database to tabulating software > > H) From tabulating software to human readable reports > > I) To publication > > > > Now, C through I can be dealt with reasonably through a combination of > > encryption technologies and open code for transparency and accountability. > > > Absolutely, although some of these steps may be replaced with meatspace > equivalents. This is immaterial though, since the meatspace equivalents > already exist and have proven security models. > > > A and B are a different story, however. Most of the discussion about > > encryption technology takes as a given that the machine of user A acts > > as a faithful agent of user A. Where this is not the case, most of > > these technologies break down. > > > I agree, but with every security model we have to balance risk and effort. > With crypto, your key size is dependant on the importance of the document > you're encrypting, and how long you need it to remain secure; in meatspace, > the strength of your front door is defined by where you live and what you've > got. In this particular case, the risk involved in compromising enough > machines to have a tangible affect on the outcome of the vote is simply too > high, the effort too much. How many desktop computers were infected by ILY - a trojan developed by individuals with no funding? How many eggs are in one basket wrt OS software and application software? How easy is it to get arbitrary code running on a large number of desktop systems? How easy is it to hide that code so it doesn't do anything stupid 'til the appropriate time? How easy is it to mask the origin of that code? > So A and B are covered by risk and effort, I strongly disagree. > and C > through I are covered by strong crypto and/or proven meatspace models. I agree with this. > > Regardless of this, remote voting technologies (whether computerized > > or not) will pose serious problems for secrecy of the ballot. This is > > why a number of jurisdictions limit the use of absentee balloting. A > > secret balloting system where a voter _can_ voluntarily waive secrecy > > and prove his vote to another individual introduces and exacerbates > > real problems, including coercion and vote-selling. > > > Again, I agree with you, but this is a general voting issue that's always > existed. But there are meatspace measures to avoid it: 1) Almost all voting occurs in a controlled environment (polling place), where only the voter is permitted behind a voting screen, curtain, whatever, in order to make coercion obvious to poll workers. 2) Absentee voting is limited and discouraged so that there is only a small proportion of votes that could be subject to this problem. > There are technological ways around this, for example by > automatically closing - maybe evening uninstalling - the voting application > as soon as someone has voted. And this does what? > Sure, you can stop this with CTRL+ALT+DEL, or > someone can sit beside you and watch as you cast your vote, but again we > come back to risk and effort: vote riggers will need a hell of a lot of > enforcers if they want to have a significant affect on the election. Or they set up an unofficial polling station in some CyberCafes, or they set up a mechanism to transfer voting credentials so that they can act as proxy voters. Not all of the attacks here assume a hostile target. We are not just talking about vote rigging, but also vote selling. > > Second channel verifications - ie. confirmation of your vote by mail, > > telephone, IVR systems, etc. all provide another opportunity for > > waiving secrecy through proof of vote. > > > This one is the most troublesome for me, although I think that a properly > implemented system with trusted oversight shouldn't need second channel > verification. Do you know what all of the software on your computer does? I don't. PK -- Bow down before the one you serve You're going to get what you deserve -NIN -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.stdlib.net/pipermail/e-voting/attachments/20030604/70b168ba/attachment.bin From Margaret.McGaley at redbrick.dcu.ie Thu Jun 5 14:55:14 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:27 2004 Subject: [IIU] [E-voting] Electronic voting In-Reply-To: <200306042133.28496.tim@birdsnest.maths.tcd.ie> References: <1054218497.63058.135.camel@pancake.netability.ie> <5.1.1.6.0.20030604151248.01a77448@dogma.slashnull.org> <200306042133.28496.tim@birdsnest.maths.tcd.ie> Message-ID: <20030605135513.GD8773@prodigy.Redbrick.DCU.IE> On Wed, Jun 04, 2003 at 09:33:27PM +0100, Timothy Murphy wrote: > On Wednesday 04 June 2003 15:14, Antoin O Lachtnain wrote: > > > so what would you propose as a solution? > > > > 1. home voting > > 2. option of voting at whatever polling station you preferred > > I like both, particularly the first. > > If people can buy houses over the web, > surely they should be able to vote on the web. > Or by phone. > As Bruce Schneier points out in http://www.counterpane.com/crypto-gram-0102.html#10 there's a big difference between internet based financial transactions and internet voting. He makes clear his general opinions on electronic voting here: http://www.counterpane.com/crypto-gram-0012.html#1 And as I discuss in my report, there are issues which technology will never solve. If a person is voting anywhere other than an official polling station, we have no way of ensuring that they aren't being coerced and that they aren't selling their vote in a buyer-verifiable way. > My point on electronic voting > was that by raising absurd (in my view) worries about this, > the whole issue of making it as easy as possible to vote > would be put on the long finger. > Making it easy to vote is not the way to increase voter turnout. Making citizens care about democracy, and believe that their vote makes a difference is the only way to combat the increasing apathy. All the proposed technological "advances" are only going to increase the trivialisation of democracy. > If people actually object to a change as minor as using voting machines > what hope is there of real change to raise voting levels? > Using voting machines is not a minor change. It makes fundamental changes to the whole system. In my opinion keeping the count process, and bringing school children to see it so that they learn about democracy first hand, would be a much more effective way of raising voting levels. Margaret From Margaret.McGaley at redbrick.dcu.ie Thu Jun 5 15:04:21 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] Re: FC: Electronic voting in Ireland encounterscriticism In-Reply-To: References: <20030604022849.GA11358@www.kobly.com> Message-ID: <20030605140419.GE8773@prodigy.Redbrick.DCU.IE> On Wed, Jun 04, 2003 at 09:10:38PM +0100, adam beecher wrote: > > > I haven't heard him weigh in on this, but from the more pessimistic > > (realistic [?]) approach that he took in Secrets and Lies, I would > > bet that he would have just as much of a problem with the suggestion > > that we have the technology to do remote voting right. > > > I shouldn't have put words in Bruce's mouth. There's an easy way to find out > though, I'll ask him, and report back if he replies. > He's made in clear in (at least) two editions of crypto-gram that he is against e-voting and would only endorse voting technology which produces a voter-verified audit trail. > In this particular case, the risk involved in compromising enough > machines to have a tangible affect on the outcome of the vote is simply too > high, the effort too much. > How so? Most of the electorate would be voting from virus-prone machines. Margaret From Margaret.McGaley at redbrick.dcu.ie Thu Jun 5 15:16:40 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] articles Message-ID: <20030605141639.GF8773@prodigy.Redbrick.DCU.IE> If anyone knows of any articles or blog entries that would be worth linking to from the campaign site, please let me know. Margaret From Margaret.McGaley at redbrick.dcu.ie Thu Jun 5 15:31:04 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:27 2004 Subject: [IIU] [E-voting] Electronic voting In-Reply-To: <200306051522.01614.tim@birdsnest.maths.tcd.ie> References: <1054218497.63058.135.camel@pancake.netability.ie> <200306042133.28496.tim@birdsnest.maths.tcd.ie> <20030605135513.GD8773@prodigy.Redbrick.DCU.IE> <200306051522.01614.tim@birdsnest.maths.tcd.ie> Message-ID: <20030605143102.GG8773@prodigy.Redbrick.DCU.IE> On Thu, Jun 05, 2003 at 03:22:01PM +0100, Timothy Murphy wrote: > > Democracy is dying because people regard going out in the rain > to write 1 2 3 4 5 6 7 on a sheet of paper in a grotty church hall > as a ridiculous way of expressing their opinion of the government. > Voting from your home computer is not any less ridiculous. The problem lies in the general lack of understanding of the importance of democracy, not in people's dislike of rain. Margaret From tim at birdsnest.maths.tcd.ie Thu Jun 5 15:22:01 2003 From: tim at birdsnest.maths.tcd.ie (Timothy Murphy) Date: Fri Apr 23 16:54:27 2004 Subject: [IIU] [E-voting] Electronic voting In-Reply-To: <20030605135513.GD8773@prodigy.Redbrick.DCU.IE> References: <1054218497.63058.135.camel@pancake.netability.ie> <200306042133.28496.tim@birdsnest.maths.tcd.ie> <20030605135513.GD8773@prodigy.Redbrick.DCU.IE> Message-ID: <200306051522.01614.tim@birdsnest.maths.tcd.ie> On Thursday 05 June 2003 14:55, Margaret McGaley wrote: > Making it easy to vote is not the way to increase voter turnout. Making > citizens care about democracy, and believe that their vote makes a > difference is the only way to combat the increasing apathy. All the > proposed > technological "advances" are only going to increase the trivialisation of > democracy. ... > In my opinion keeping the count process, and bringing school children to > see it so that they learn about democracy first hand, would be a much more > effective way of raising voting levels. Your faith in education is touching. Democracy is dying because people regard going out in the rain to write 1 2 3 4 5 6 7 on a sheet of paper in a grotty church hall as a ridiculous way of expressing their opinion of the government. -- Timothy Murphy e-mail: tim@birdsnest.maths.tcd.ie tel: +353-86-233 6090 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland From P at draigBrady.com Thu Jun 5 15:51:09 2003 From: P at draigBrady.com (P@draigBrady.com) Date: Fri Apr 23 16:54:27 2004 Subject: [IIU] [E-voting] Electronic voting In-Reply-To: <20030605135513.GD8773@prodigy.Redbrick.DCU.IE> References: <1054218497.63058.135.camel@pancake.netability.ie> <5.1.1.6.0.20030604151248.01a77448@dogma.slashnull.org> <200306042133.28496.tim@birdsnest.maths.tcd.ie> <20030605135513.GD8773@prodigy.Redbrick.DCU.IE> Message-ID: <3EDF58DD.9060607@draigBrady.com> Margaret McGaley wrote: > On Wed, Jun 04, 2003 at 09:33:27PM +0100, Timothy Murphy wrote: > >>On Wednesday 04 June 2003 15:14, Antoin O Lachtnain wrote: >> >> >>>so what would you propose as a solution? >>> >>>1. home voting >>>2. option of voting at whatever polling station you preferred >> >>I like both, particularly the first. >> >>If people can buy houses over the web, >>surely they should be able to vote on the web. >>Or by phone. >> > > As Bruce Schneier points out in > http://www.counterpane.com/crypto-gram-0102.html#10 > there's a big difference between internet based financial transactions and > internet voting. > > He makes clear his general opinions on electronic voting here: > http://www.counterpane.com/crypto-gram-0012.html#1 > > And as I discuss in my report, there are issues which technology will never > solve. If a person is voting anywhere other than an official polling station, > we have no way of ensuring that they aren't being coerced and that they aren't > selling their vote in a buyer-verifiable way. But statistically you can. I.E. there won't be mass breakins and voting at gun point IMHO. If people care that much then their time would be better served by campaigning using legitimate methods. For the record, I'm not against electronic voting. With the right implementation/safe guards in place it could be a large win for voting accuracy/turnout/results_speed P?draig. From Margaret.McGaley at redbrick.dcu.ie Thu Jun 5 16:02:37 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:27 2004 Subject: [IIU] [E-voting] Electronic voting In-Reply-To: <5.1.0.14.0.20030528215556.00b878e8@mail.deisedesign.com> References: <5.1.0.14.0.20030528210541.0282fad0@mail.deisedesign.com> <5.1.0.14.0.20030528215556.00b878e8@mail.deisedesign.com> Message-ID: <20030605150234.GA5951@prodigy.Redbrick.DCU.IE> There's a difference in the kinds of trust required. I can trust that my ballot paper reaches the count centre, because if I wanted to, I could watch the ballot box all day and follow it there. I can't trust that the code being run on the machine I'm using is the code I've been shown. See: http://www.acm.org/classics/sep95/ So the only way that I can trust an electronic voting system is if it produces a voter-verified paper ballot to fall back on. Margaret On Wed, May 28, 2003 at 10:00:53PM +0100, Martin Whelan wrote: > I disagree. I believe in commercial interests even when it comes to > election code. As for proving that the code we see is the code being run? > Simple, the same way we believe that the box we put our vote into is the > same one being sent to the count. Trust. Don't get me wrong, I'm all for > accountability, but there are practical limits. > > >I dont quite follow you're mail but i'll just add that I firmly believe > >all security related code in all products (including MS ones) should be > >publically viewable. > > > >That applies tripely to election code! > >How do we prove that the code on display is the code being executed though? > > From nick at netability.ie Thu Jun 5 16:05:43 2003 From: nick at netability.ie (Nick Hilliard) Date: Fri Apr 23 16:54:27 2004 Subject: [IIU] [E-voting] Electronic voting In-Reply-To: <200306051522.01614.tim@birdsnest.maths.tcd.ie> References: <1054218497.63058.135.camel@pancake.netability.ie> <200306042133.28496.tim@birdsnest.maths.tcd.ie> <20030605135513.GD8773@prodigy.Redbrick.DCU.IE> <200306051522.01614.tim@birdsnest.maths.tcd.ie> Message-ID: <1054825542.18291.289.camel@pancake.netability.ie> > Your faith in education is touching. > > Democracy is dying because people regard going out in the rain > to write 1 2 3 4 5 6 7 on a sheet of paper in a grotty church hall > as a ridiculous way of expressing their opinion of the government. On the grounds of irrelevancy to the mailing list, can we end this threadlet, please, and agree to disagree about: 1. whether e-voting is going to bring people back to the polling station 2. whether educating kids will make them vote in later life 3. whether democracy is dying 4. whether there is any point in voting in the first place We have a constitutionally-defined voting mechanism and the government intends to reform it by introducing e-voting. This mailing list is to discuss the apparent flaws in their proposals and, depending on your point of view, campaign against either these current proposals, or else campaign against all e-voting in Ireland. Nick From lists at spamfilter.cc Thu Jun 5 16:16:31 2003 From: lists at spamfilter.cc (adam beecher) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] Re: FC: Electronic voting in Irelandencounterscriticism In-Reply-To: <20030604072337.GA15751@www.kobly.com> Message-ID: > How many desktop computers were infected by ILY - a trojan developed > by individuals with no funding? How many eggs are in one basket wrt > OS software and application software? How easy is it to get arbitrary > code running on a large number of desktop systems? How easy is it to > hide that code so it doesn't do anything stupid 'til the appropriate > time? How easy is it to mask the origin of that code? > Aren't these questions proving my point? Haven't we come full circle, back to mindset? I mean, sure, you can look at this from a purely technological point of view, you can blame the software and Microsoft's OS monopoly, but how do you propose to fix that? You /can/ fix it, of course. You can lock down development processes, clean-room code, audit it line-by-line, try to underrun and overrun the buffers, etc. You won't catch absolutely everything, but you should be able to get five nines. But what happens when your software leaves the clean-room? What will the OEM do to it? What about the user? Ok, so we have to DRM our code to make sure it can't be hax0red. Lock it down. And lock down the operating system too, so the hax0rs can't install reverse-engineering tools and the like. Load the OS into ROM, so it can't be modified. DRM it. Lock down the hardware, put it in a sealed titanium box. No USB ports, we can't trust the user. No DVD or CD ROM's. Hardwire the monitor. Forget the snazzy soundcard, you'll take onboard sound and like it. Forget about Linux, and FreeBSD, and all the other wonderful OS's that have been thrown at us for free. Forget about the tools at the very core of our network: Apache, sendmail, and bind. PHP and Perl and Python are all gone. Qmail and Exim, procmail and SpamAssassin, emacs and vi, MySQL and Postgres, all dead. You can't have them. I'm not exaggerating here, that's what you have to do if you want a secure system, and /even then/ there's an element of risk, because you didn't throw one particular string at the code in the clean-room; and oops, you've got an underrun, j00r 0wn3d. Unlikely, but possible. Do we really want that flavour of security, everyone with the same box, the same software? And it won't be open source or free software mind, it'll be proprietry, because as soon as you lock those systems down, you lock open source and free software developers out of their trade. Bill will own you. And of course that introduces further risk, because you've got one entity holding all the keys. Again though, that's not a technological issue, that's a societal issue. It's not technology owning you, it's the guy that owns the technology. Again, I'm not saying we /should/ do remote electronic voting now, I'm saying we can. Technologically, it's possible. It's our current society that prevents it. We need to change the way society perceives electronic security. We need to get "journalists" to stop using the work "hacker" when they mean "cracker". We need people to understand that security is about perception, about paranoia, about assuming the worst. We need them to understand that when their computer is broken into, 90% of the blame lies with them, not the people that wrote the software. THEY opened the email attachment, not Microsoft. > > There are technological ways around this, for example by > > automatically closing - maybe evening uninstalling - the voting > > application as soon as someone has voted. > > And this does what? > I would have thought it was obvious: It prevents people proving who they voted for. > Or they set up an unofficial polling station in some CyberCafes, or > You have the same difficulties, as this would be fraud on a grand scale. You don't get a couple of hundred people gathering in one spot to be threatened or cajoled out of their vote without someone talking about it. > they set up a mechanism to transfer voting credentials so that they > can act as proxy voters. Not all of the attacks here assume a hostile > target. We are not just talking about vote rigging, but also > vote selling. > Voting credentials here are keys though, and again, this is a societal thing. You don't give your front door key to every Tom, Dick and Harry that asks for them or threatens you for them. We need to give people keys and teach them how to use them, teach them that they're the electronic equivalent of house keys, which need to be kept safe and secure. And sure, houses do get robbed occasionally, but to have a significant affect on an election, you need access to thousands, tens of thousands of votes. Again, we're talk and risk and effort, and society and mindsets. > > This one is the most troublesome for me, although I think that > > a properly implemented system with trusted oversight shouldn't > > need second channel > > verification. > > Do you know what all of the software on your computer does? I don't. > Depends on your definition of "does" in this case. If you mean, do I know exactly what the bits and bytes on my rig do when I open an app or change something, then no, of course not; I'd imagine there are only a few hundred people in the world that run systems they can understand from the On button up. If your meaning is more basic though, then yes, of course I do. Everybody should. I can see where you're going with this, but to be perfectly frank I'm not going to answer an unasked question. adam From Margaret.McGaley at redbrick.dcu.ie Thu Jun 5 16:30:45 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] FoI request In-Reply-To: <20030603130114.GA22632@prodigy.Redbrick.DCU.IE> References: <20030603130114.GA22632@prodigy.Redbrick.DCU.IE> Message-ID: <20030605153044.GA27197@prodigy.Redbrick.DCU.IE> Is there anyone on the list who does source code reviews for a living? I'd really like to have a review of the review, if that's possible. Margaret On Tue, Jun 03, 2003 at 02:01:14PM +0100, Margaret McGaley wrote: > > I've just received an e-mail stating that the documents I received under the > Freedom of Information Act are in the public domain. Everything I received in > machine readable form is currently available at > > http://minds.cs.may.ie/~lovelace/E-Voting/FoI_request/ > > The PMI source code reviews are an eye-opener. PMI Software Ltd. [1] don't > advertise source code reviews as one of their services. > > There are two files there that I haven't been able to figure out the type of. > Desktop_DB and Desktop_DF. > > Margaret > > [1] http://www.pmisoftware.com/ > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting From Margaret.McGaley at redbrick.dcu.ie Thu Jun 5 17:12:04 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] Name In-Reply-To: <20030604161109.GA22271@prodigy.Redbrick.DCU.IE> References: <20030604161109.GA22271@prodigy.Redbrick.DCU.IE> Message-ID: <20030605161200.GA25192@prodigy.Redbrick.DCU.IE> How about e-voting.org or evoting-ireland.org (the second is probably better for radio and so on) Any other URL suggestions ? Margaret On Wed, Jun 04, 2003 at 05:11:10PM +0100, Margaret McGaley wrote: > > This campaign needs a name. Any suggestions? (Good acronyms > preferred :) ) > > > Margaret > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting From lists at spamfilter.cc Thu Jun 5 17:21:07 2003 From: lists at spamfilter.cc (adam beecher) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] Name In-Reply-To: <20030605161200.GA25192@prodigy.Redbrick.DCU.IE> Message-ID: > How about > e-voting.org > or > evoting-ireland.org > ie-voting.org seems appropriate. adam From P at draigBrady.com Thu Jun 5 17:17:00 2003 From: P at draigBrady.com (P@draigBrady.com) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] Name In-Reply-To: <20030605161200.GA25192@prodigy.Redbrick.DCU.IE> References: <20030604161109.GA22271@prodigy.Redbrick.DCU.IE> <20030605161200.GA25192@prodigy.Redbrick.DCU.IE> Message-ID: <3EDF6CFC.6080204@draigBrady.com> Margaret McGaley wrote: > How about > e-voting.org > or > evoting-ireland.org > > (the second is probably better for radio and so on) > > Any other URL suggestions ? ievoting.org ? P?draig. From patrick at kobly.com Thu Jun 5 17:28:01 2003 From: patrick at kobly.com (Patrick J. Kobly) Date: Fri Apr 23 16:54:27 2004 Subject: [IIU] [E-voting] Electronic voting In-Reply-To: <3EDF58DD.9060607@draigBrady.com> References: <1054218497.63058.135.camel@pancake.netability.ie> <5.1.1.6.0.20030604151248.01a77448@dogma.slashnull.org> <200306042133.28496.tim@birdsnest.maths.tcd.ie> <20030605135513.GD8773@prodigy.Redbrick.DCU.IE> <3EDF58DD.9060607@draigBrady.com> Message-ID: <20030605162801.GB11348@www.kobly.com> On Thu, Jun 05, 2003 at 03:51:09PM +0100, P@draigBrady.com wrote: > Margaret McGaley wrote: > >And as I discuss in my report, there are issues which technology will never > >solve. If a person is voting anywhere other than an official polling > >station, > >we have no way of ensuring that they aren't being coerced and that they > >aren't > >selling their vote in a buyer-verifiable way. > > But statistically you can. I.E. there won't be > mass breakins and voting at gun point IMHO. Vote-buying and vote-selling are just as damaging to the electoral system as the gunpoint thing. It is not worth your time to engage in vote-buying unless the buyer can verify the vote. That's why we don't see heavy amounts of vote-selling now. However, in the U.S., there was a fairly large initiative to sell absentee ballots online to the highest bidder, as absentee ballot restrictions were decreased. The interesting problem here was that the buyers weren't the candidates. It's fairly easy to regulate the actions of the candidates. It's far more difficult to regulate third-party involvement. > If people care that much then their time would > be better served by campaigning using legitimate > methods. Or not. Extremist groups, who will usually not lend credence to a candidate by speaking out for him, will provide that candidate more votes by buying them. > For the record, I'm not against electronic voting. > With the right implementation/safe guards in place Are you a Computing Scientist? Have you read Thompson's "Reflections on Trusting Trust"? "The moral is obvious. You can't trust code that you did not totally create yourself." > it could be a large win for voting accuracy/turnout/results_speed And the evidence shows the opposite effect. Automated counting systems show lower accuracy than hand counts, have a negligable effect on turnout, and are significantly slower when an election is close. In the last Canadian election, we knew who the Prime Minister would be before the polls closed in Alberta. We knew who was elected as an MP in every riding about four hours after the last polls closed in British Columbia. The Americans had to wait two months to find out who their President would be. PK -- Bow down before the one you serve You're going to get what you deserve -NIN -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.stdlib.net/pipermail/e-voting/attachments/20030605/83e8cd1d/attachment.bin From colm at stdlib.net Thu Jun 5 17:31:35 2003 From: colm at stdlib.net (Colm =?iso-8859-15?Q?MacC=E1rthaigh?=) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] Name In-Reply-To: <20030604161109.GA22271@prodigy.Redbrick.DCU.IE> References: <20030604161109.GA22271@prodigy.Redbrick.DCU.IE> Message-ID: <20030605163135.GA62035@kilmainham.stdlib.net> On Wed, Jun 04, 2003 at 05:11:10PM +0100, Margaret McGaley wrote: > This campaign needs a name. Any suggestions? (Good acronyms > preferred :) ) REVIEW $something electronic voting $something $something $something $something review.it is still available ;) Wouldnt e-voting@review.it be a great list address ? Someone can expand the acronym later ;) -- Colm MacC?rthaigh Public Key: colm+pgp@stdlib.net colm@stdlib.net http://www.stdlib.net/ From colm at stdlib.net Thu Jun 5 17:32:57 2003 From: colm at stdlib.net (Colm =?iso-8859-15?Q?MacC=E1rthaigh?=) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] Name In-Reply-To: <20030605163135.GA62035@kilmainham.stdlib.net> References: <20030604161109.GA22271@prodigy.Redbrick.DCU.IE> <20030605163135.GA62035@kilmainham.stdlib.net> Message-ID: <20030605163257.GA63658@kilmainham.stdlib.net> On Thu, Jun 05, 2003 at 05:31:35PM +0100, Colm MacC?rthaigh wrote: > Wouldnt e-voting@review.it be a great list address ? Someone can > expand the acronym later ;) Damn stupid stale whois, it's actually taken -- Colm MacC?rthaigh Public Key: colm+pgp@stdlib.net colm@stdlib.net http://www.stdlib.net/ From P at draigBrady.com Thu Jun 5 17:40:37 2003 From: P at draigBrady.com (P@draigBrady.com) Date: Fri Apr 23 16:54:27 2004 Subject: [IIU] [E-voting] Electronic voting In-Reply-To: <20030605162801.GB11348@www.kobly.com> References: <1054218497.63058.135.camel@pancake.netability.ie> <5.1.1.6.0.20030604151248.01a77448@dogma.slashnull.org> <200306042133.28496.tim@birdsnest.maths.tcd.ie> <20030605135513.GD8773@prodigy.Redbrick.DCU.IE> <3EDF58DD.9060607@draigBrady.com> <20030605162801.GB11348@www.kobly.com> Message-ID: <3EDF7285.4080208@draigBrady.com> Patrick J. Kobly wrote: > On Thu, Jun 05, 2003 at 03:51:09PM +0100, P@draigBrady.com wrote: > > Are you a Computing Scientist? Have you read Thompson's "Reflections > on Trusting Trust"? > > "The moral is obvious. You can't trust code that you did not totally > create yourself." Including the compiler. I know the arguments. >>it could be a large win for voting accuracy/turnout/results_speed > > And the evidence shows the opposite effect. Automated counting > systems show lower accuracy than hand counts, have a negligable effect > on turnout, and are significantly slower when an election is close. Even if it's all digitized? > In the last Canadian election, we knew who the Prime Minister would be > before the polls closed in Alberta. We knew who was elected as an MP > in every riding about four hours after the last polls closed in > British Columbia. The Americans had to wait two months to find out > who their President would be. That's because of overseas ballots isn't it (which would benefit from remote evoting). P?draig. From patrick at kobly.com Thu Jun 5 17:47:55 2003 From: patrick at kobly.com (Patrick J. Kobly) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] Re: FC: Electronic voting in Irelandencounterscriticism In-Reply-To: References: <20030604072337.GA15751@www.kobly.com> Message-ID: <20030605164755.GA12532@www.kobly.com> On Thu, Jun 05, 2003 at 04:16:31PM +0100, adam beecher wrote: > > > There are technological ways around this, for example by > > > automatically closing - maybe evening uninstalling - the voting > > > application as soon as someone has voted. > > > > And this does what? > > > I would have thought it was obvious: It prevents people proving who they > voted for. No it doesn't. > > Or they set up an unofficial polling station in some CyberCafes, or > > > You have the same difficulties, as this would be fraud on a grand scale. You > don't get a couple of hundred people gathering in one spot to be threatened > or cajoled out of their vote without someone talking about it. Vote-selling is just as pernicious as the use of force and coercion. > > they set up a mechanism to transfer voting credentials so that they > > can act as proxy voters. Not all of the attacks here assume a hostile > > target. We are not just talking about vote rigging, but also > > vote selling. > > > Voting credentials here are keys though, and again, this is a societal > thing. You don't give your front door key to every Tom, Dick and Harry that > asks for them or threatens you for them. We need to give people keys and > teach them how to use them, teach them that they're the electronic > equivalent of house keys, which need to be kept safe and secure. And sure, > houses do get robbed occasionally, but to have a significant affect on an > election, you need access to thousands, tens of thousands of votes. Again, > we're talk and risk and effort, and society and mindsets. The difference is that the public in general has an interest in the item protected by the key. If you give your house keys to someone else, that doesn't affect me. If you sell your vote to someone else, that does. > > Do you know what all of the software on your computer does? I don't. > Depends on your definition of "does" in this case. If you mean, do I know > exactly what the bits and bytes on my rig do when I open an app or change > something, then no, of course not; I'd imagine there are only a few hundred > people in the world that run systems they can understand from the On button > up. If your meaning is more basic though, then yes, of course I do. > Everybody should. > I can see where you're going with this, but to be perfectly frank I'm not > going to answer an unasked question. Do you trust your computer to act as your faithful agent? Do you trust the computers of all other electors to act as their faithful agents? Do you know that your computer is not compromised as in http://www.acm.org/classics/sep95/ ? PK -- Bow down before the one you serve You're going to get what you deserve -NIN -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.stdlib.net/pipermail/e-voting/attachments/20030605/841157ca/attachment.bin From bobb+e-voting at redbrick.dcu.ie Thu Jun 5 18:01:37 2003 From: bobb+e-voting at redbrick.dcu.ie (Robert bobb Crosbie) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] Name In-Reply-To: <20030605163135.GA62035@kilmainham.stdlib.net> References: <20030604161109.GA22271@prodigy.Redbrick.DCU.IE> <20030605163135.GA62035@kilmainham.stdlib.net> Message-ID: <20030605170137.GA11296@tchpc10.tcd.ie> Colm MacC?rthaigh hath declared on Thursday the 05 day of June 2003 :-: > On Wed, Jun 04, 2003 at 05:11:10PM +0100, Margaret McGaley wrote: > > This campaign needs a name. Any suggestions? (Good acronyms > > preferred :) ) > > REVIEW > > $something electronic voting $something $something $something $something M.A.V.E. M{something} Against Voting Electronically. eh... Margaret Against Voting Electronically. Mothers Against Voting Electronically. Morally Against Voting Electronically. Mankind Against Voting Electronically. *shrug* - bobb From cansbro at eircom.net Thu Jun 5 18:34:08 2003 From: cansbro at eircom.net (Catherine Ansbro) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] name Message-ID: <5.1.1.6.0.20030605182717.00a2a610@mail1.eircom.net> An HTML attachment was scrubbed... URL: http://lists.stdlib.net/pipermail/e-voting/attachments/20030605/766da050/attachment.html From lists at spamfilter.cc Thu Jun 5 19:38:15 2003 From: lists at spamfilter.cc (adam beecher) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] Re: FC: Electronic voting inIrelandencounterscriticism In-Reply-To: <20030605164755.GA12532@www.kobly.com> Message-ID: > > I would have thought it was obvious: It prevents people proving who they > > voted for. > > No it doesn't. > This is your argument? Say we implement all the technological measures I outlined in my previous message. The box is standardised and sealed, the OS is standardised and loaded into ROM, the apps are standardised and signed with a central key held by the OS developer. The election application is distributed via an encrypted channel to, for example, the Referendum Commission servers, and can't be loaded until a specific time. At election time, the application loads and you place your vote or lose it. The vote is sent to the central system via a secure channel, the application closes and uninstalls. The system isn't unbreakable. You could take a cutting torch to the box and replace the hard drive. Palladium - or whatever stupid name Microsoft is calling it these days - will act up, but we might be able to hack that too. We might be able to change a config file for the election app (if someone was stupid enough not to configure it in the binary), or load our own election app. We could try and crash the system so we can prove who we voted for. You or I might be able to do that, but Joe or Jane Average can't. You can teach them to do it, but how long will it take to go around to each of their houses to do so? We could run a course and bring them to us, but someone will report it. You could put the instructions on the Internet, but your site will be taken down. Anything's possible, but we're back to risk and effort. It's not worth the effort and risk. So yes, it does. > Vote-selling is just as pernicious as the use of force and coercion. > I don't disagree with you; "cajoled" was meant to imply vote-buying. > The difference is that the public in general has an interest in the > item protected by the key. If you give your house keys to someone > else, that doesn't affect me. If you sell your vote to someone else, > that does. > How do you propose to buy the requisite number of votes to steal the election though? Seriously, I'm asking. I've outlined several times how difficult I think it would be to steal or buy enough votes to win an election - in a system where people appreciate security of course - because I believe that the risk and effort involved preclude it. You obviously believe different, and I'd like to know how you'd go about it. We have an election coming up next year, and I very nearly stood for a place on Cork City Council. Tell me how I could have stolen the seat. Hell, maybe I'll stand yet. > Do you trust your computer to act as your faithful agent? > I've been compromised twice in the seven or so years since I rediscovered computing; my first remote dedicated machine was rooted about five years ago, and I picked up a worm on localhost about a year after that. The first happened because I hadn't firewalled and patched my box; the second because I was rushing through my email. It wasn't Red Hat's fault and it wasn't Microsoft's fault, it was my fault. I've learned my lesson: now I pay someone to secure my remote machines, and I don't rush through my email. Yes, I trust my computer. Whether I can trust myself is another matter entirely. > Do you trust the computers of all other electors to act as their > faithful agents? > No, because most of them haven't patched and secured their machines. You can define that as mostly a technological problem if you want, I define it as mostly a social problem; I believe that if you educate people about computer security, and they start to think of it the same way they think about, for example, house security, people /will/ patch and firewall. You'll still have security problems - /technological/ security problems - but they will be minimal compared to what we deal with today. All of this is why I currently object to remote electronic voting. Like I said. > Do you know that your computer is not compromised as in > http://www.acm.org/classics/sep95/ ? > I can't say absolutely that it isn't, but I can say that, on balance, I think it highly unlikely that it is. If we're going to talk about absolutes, we can't hold elections at all, because they're not secure. Oops, there goes democracy. adam /waves at democracy __________________________________ When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From tim at birdsnest.maths.tcd.ie Thu Jun 5 19:55:50 2003 From: tim at birdsnest.maths.tcd.ie (Timothy Murphy) Date: Fri Apr 23 16:54:27 2004 Subject: [IIU] [E-voting] Electronic voting In-Reply-To: <20030605162801.GB11348@www.kobly.com> References: <1054218497.63058.135.camel@pancake.netability.ie> <3EDF58DD.9060607@draigBrady.com> <20030605162801.GB11348@www.kobly.com> Message-ID: <200306051955.50778.tim@birdsnest.maths.tcd.ie> On Thursday 05 June 2003 17:28, Patrick J. Kobly wrote: > And the evidence shows the opposite effect. Automated counting > systems show lower accuracy than hand counts, have a negligable effect > on turnout, and are significantly slower when an election is close. That's certainly not true for proportional representation. -- Timothy Murphy e-mail: tim@birdsnest.maths.tcd.ie tel: +353-86-233 6090 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland From tim at birdsnest.maths.tcd.ie Thu Jun 5 20:02:31 2003 From: tim at birdsnest.maths.tcd.ie (Timothy Murphy) Date: Fri Apr 23 16:54:27 2004 Subject: [E-voting] Re: FC: Electronic voting in Irelandencounterscriticism In-Reply-To: <20030605164755.GA12532@www.kobly.com> References: <20030604072337.GA15751@www.kobly.com> <20030605164755.GA12532@www.kobly.com> Message-ID: <200306052002.31196.tim@birdsnest.maths.tcd.ie> On Thursday 05 June 2003 17:47, Patrick J. Kobly wrote: > Vote-selling is just as pernicious as the use of force and coercion. I don't know. England survived with rotten boroughs for many years. It's more important that people are involved in politics than that the system is mathematically "fair", IMHO. -- Timothy Murphy e-mail: tim@birdsnest.maths.tcd.ie tel: +353-86-233 6090 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland From colm at stdlib.net Thu Jun 5 20:16:52 2003 From: colm at stdlib.net (Colm =?iso-8859-15?Q?MacC=E1rthaigh?=) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] Re: FC: Electronic voting inIrelandencounterscriticism In-Reply-To: References: <20030605164755.GA12532@www.kobly.com> Message-ID: <20030605191652.GA75765@kilmainham.stdlib.net> On Thu, Jun 05, 2003 at 07:38:15PM +0100, adam beecher wrote: > > No it doesn't. > > > This is your argument? This is getting nowhere. And it's neither here not there. It's offtopic, and it's completely redundant, two words: Postal vote. -- Colm MacC?rthaigh Public Key: colm+pgp@stdlib.net colm@stdlib.net http://www.stdlib.net/ From lists at spamfilter.cc Thu Jun 5 20:58:46 2003 From: lists at spamfilter.cc (adam beecher) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] name In-Reply-To: <5.1.1.6.0.20030605182717.00a2a610@mail1.eircom.net> Message-ID: Catherine said: "from the discourse so far I gather that we're not opposed to electronic voting, we're opposed to the specific system that is currently on offer. I'm not against e-voting and don't want a name that says that. It'd make us sound like real luddites." True. Also at issue if we become an "official" campaign are goals. Margaret's goals are: - to prevent the use of the Nedap/Powervote system in Irish Elections, - to prevent the purchase of any more equipment or software from Nedap/Powervote by the Irish Government, and - to convince the Government that any voting system used in Ireland should be developed here, using formal methods and the Mercuri method, and should be open source. I'd agree with 1) and 2), although I think they should just refer to any voting system that doesn't match with requirements generally decided on. I agree with the open source part of 3), but not the "developed in Ireland" bit. I'm not qualified to comment on the "formal" and "mercuri" parts. Colm: It's not off-topic, it's just a circular argument that's going nowhere. I'm done anyway, I've said more than enough. :) adam From aecolley at spamcop.net Thu Jun 5 20:58:23 2003 From: aecolley at spamcop.net (Adrian Colley) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] Name In-Reply-To: <20030604161109.GA22271@prodigy.Redbrick.DCU.IE> References: <20030604161109.GA22271@prodigy.Redbrick.DCU.IE> Message-ID: <20030605195823.GB484@cornerstone.colley.ie> On Wed, Jun 04, 2003 at 05:11:10PM +0100, Margaret McGaley wrote: > This campaign needs a name. Any suggestions? (Good acronyms > preferred :) ) Secure Voting Campaign. --Adrian. From election at polarbears.com Thu Jun 5 21:33:56 2003 From: election at polarbears.com (Ciaran Quinn) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] Name References: <20030604161109.GA22271@prodigy.Redbrick.DCU.IE> Message-ID: <3F0888CD.D3D5596C@polarbears.com> How about something like IVVER - Irish Voters for Verifiable Election Results (sounds like uimhir, the Irish for number) or PRSTV - People for the Retention of Safe Transparent Voting Ciaran Quinn Margaret McGaley wrote: > > This campaign needs a name. Any suggestions? (Good acronyms > preferred :) ) > > Margaret > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting From sares at Redbrick.DCU.IE Thu Jun 5 22:15:44 2003 From: sares at Redbrick.DCU.IE (Dave Madden) Date: Fri Apr 23 16:54:28 2004 Subject: [IIU] [E-voting] Electronic voting In-Reply-To: <3EDF58DD.9060607@draigBrady.com> References: <1054218497.63058.135.camel@pancake.netability.ie> <5.1.1.6.0.20030604151248.01a77448@dogma.slashnull.org> <200306042133.28496.tim@birdsnest.maths.tcd.ie> <20030605135513.GD8773@prodigy.Redbrick.DCU.IE> <3EDF58DD.9060607@draigBrady.com> Message-ID: <20030605211544.GA18243@prodigy.Redbrick.DCU.IE> On Thu, Jun 05, 2003 at 03:51:09PM +0100, P@draigBrady.com wrote: > But statistically you can. I.E. there won't be > mass breakins and voting at gun point IMHO. There's no point thinking about risks to democracy in terms of how things are when everything is going well - it's how the system will cope under stress that counts. In countries where democracy doesn't work so well people are sometimes told that they'll be punished for voting the wrong way. Couple that with a lack of secrecy and coersion becomes much easier. I can think of at least one party that I reckon might go door to door in "their" areas to "help" people use their new voting software. But maybe I'm wrong. > If people care that much then their time would > be better served by campaigning using legitimate > methods. In the US, there was a guy running for Congress, who decided to go door to door in a Latino area where the people (including citizens) didn't speak English well. He got them to fill in forms to "register to vote" - which turned out to be actual postal vote forms, as the people had in fact been automatically registered. Politicians in this country showed in the 80s that some of them were willing to debase democracy for thei own benefit. The idea that people will be willing to use corrupt means is, as far as I'm concerned, both reasonable, and a necessary assumption when considering if a system should be regarded as secure. Dave From email at davidcochrane.com Thu Jun 5 22:28:41 2003 From: email at davidcochrane.com (David Cochrane) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] Name In-Reply-To: <20030604161109.GA22271@prodigy.Redbrick.DCU.IE> Message-ID: Hi All, I think a name is as important as what the campaign is about. Its a brand and a name/title that makes the campaign/organisation instantly recognisable. It needs to be as memorable and user(non-technical) friendly. If someone is on the radio the website should be mentioned, the URL and name of the organistion need to be the same, so that people will logon to the website for more information but won't try to remember two different pieces of key information. Acronyms tend not to work, people forget small words and long names. It needs to be short snappy and do what it says on the tin. I've done some stuff with IrelandOffline in the past, their whole campaign idea was about campaigning for affordable and flat-rate internet access, their name was a play on words (to the IOL name) and was also relevant to what they were about. Remember, this campaign would/will need to appeal to a larger audience and will be mainly non-technical, so the name needs to stick in their mind, be memorable, and instantly recognisable in terms of the campaign. Campaign for electronic democracy - e-democracy/edemocray? I don't know. Its needs some thought anyways. Regards David Cochrane -----Original Message----- From: e-voting-bounces@lists.stdlib.net [mailto:e-voting-bounces@lists.stdlib.net]On Behalf Of Margaret McGaley Sent: 04 June 2003 17:11 To: e-voting@lists.stdlib.net Subject: [E-voting] Name This campaign needs a name. Any suggestions? (Good acronyms preferred :) ) Margaret _______________________________________________ E-voting mailing list E-voting@lists.stdlib.net http://lists.stdlib.net/mailman/listinfo/e-voting From lists at spamfilter.cc Thu Jun 5 22:47:04 2003 From: lists at spamfilter.cc (adam beecher) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] Name In-Reply-To: Message-ID: No doubt you also remember how divisive the naming of IO was David. ;) http://tardis.linux.ie/1259/groups.google.ie adam -------------------------------------------- God, Ted. D'you remember that fella who was so good at fashion they had to shoot him? -- Dougal Maguire, Father Ted > -----Original Message----- > From: e-voting-bounces@lists.stdlib.net > [mailto:e-voting-bounces@lists.stdlib.net]On Behalf Of David Cochrane > Sent: 05 June 2003 22:29 > To: Campaign against Electronic Voting in Ireland > Subject: RE: [E-voting] Name > > > Hi All, > > I think a name is as important as what the campaign is about. Its a brand > and a name/title that makes the campaign/organisation instantly > recognisable. It needs to be as memorable and user(non-technical) > friendly. > > If someone is on the radio the website should be mentioned, the > URL and name > of the organistion need to be the same, so that people will logon to the > website for more information but won't try to remember two > different pieces > of key information. > > Acronyms tend not to work, people forget small words and long names. It > needs to be short snappy and do what it says on the tin. > > I've done some stuff with IrelandOffline in the past, their whole campaign > idea was about campaigning for affordable and flat-rate internet access, > their name was a play on words (to the IOL name) and was also relevant to > what they were about. > > Remember, this campaign would/will need to appeal to a larger audience and > will be mainly non-technical, so the name needs to stick in their mind, be > memorable, and instantly recognisable in terms of the campaign. > > Campaign for electronic democracy - e-democracy/edemocray? I > don't know. Its > needs some thought anyways. > > Regards > David Cochrane > > -----Original Message----- > From: e-voting-bounces@lists.stdlib.net > [mailto:e-voting-bounces@lists.stdlib.net]On Behalf Of Margaret McGaley > Sent: 04 June 2003 17:11 > To: e-voting@lists.stdlib.net > Subject: [E-voting] Name > > > > This campaign needs a name. Any suggestions? (Good acronyms > preferred :) ) > > > Margaret > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting > > > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting > From email at davidcochrane.com Thu Jun 5 23:07:42 2003 From: email at davidcochrane.com (David Cochrane) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] Name In-Reply-To: Message-ID: Yeah, there was that. Lets no go there ok? :) Something thats good for PR and easily remembered by non techies! Thats what we need! IMHO -----Original Message----- From: e-voting-bounces@lists.stdlib.net [mailto:e-voting-bounces@lists.stdlib.net]On Behalf Of adam beecher Sent: 05 June 2003 22:47 To: Campaign against Electronic Voting in Ireland Subject: RE: [E-voting] Name No doubt you also remember how divisive the naming of IO was David. ;) http://tardis.linux.ie/1259/groups.google.ie adam -------------------------------------------- God, Ted. D'you remember that fella who was so good at fashion they had to shoot him? -- Dougal Maguire, Father Ted > -----Original Message----- > From: e-voting-bounces@lists.stdlib.net > [mailto:e-voting-bounces@lists.stdlib.net]On Behalf Of David Cochrane > Sent: 05 June 2003 22:29 > To: Campaign against Electronic Voting in Ireland > Subject: RE: [E-voting] Name > > > Hi All, > > I think a name is as important as what the campaign is about. Its a brand > and a name/title that makes the campaign/organisation instantly > recognisable. It needs to be as memorable and user(non-technical) > friendly. > > If someone is on the radio the website should be mentioned, the > URL and name > of the organistion need to be the same, so that people will logon to the > website for more information but won't try to remember two > different pieces > of key information. > > Acronyms tend not to work, people forget small words and long names. It > needs to be short snappy and do what it says on the tin. > > I've done some stuff with IrelandOffline in the past, their whole campaign > idea was about campaigning for affordable and flat-rate internet access, > their name was a play on words (to the IOL name) and was also relevant to > what they were about. > > Remember, this campaign would/will need to appeal to a larger audience and > will be mainly non-technical, so the name needs to stick in their mind, be > memorable, and instantly recognisable in terms of the campaign. > > Campaign for electronic democracy - e-democracy/edemocray? I > don't know. Its > needs some thought anyways. > > Regards > David Cochrane > > -----Original Message----- > From: e-voting-bounces@lists.stdlib.net > [mailto:e-voting-bounces@lists.stdlib.net]On Behalf Of Margaret McGaley > Sent: 04 June 2003 17:11 > To: e-voting@lists.stdlib.net > Subject: [E-voting] Name > > > > This campaign needs a name. Any suggestions? (Good acronyms > preferred :) ) > > > Margaret > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting > > > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting > _______________________________________________ E-voting mailing list E-voting@lists.stdlib.net http://lists.stdlib.net/mailman/listinfo/e-voting From colm at stdlib.net Thu Jun 5 23:38:39 2003 From: colm at stdlib.net (Colm =?iso-8859-15?Q?MacC=E1rthaigh?=) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] Name In-Reply-To: References: Message-ID: <20030605223839.GA16822@kilmainham.stdlib.net> On Thu, Jun 05, 2003 at 11:07:42PM +0100, David Cochrane wrote: > Something thats good for PR and easily remembered by non techies! Thats what > we need! IMHO How about the "Stay Counted" Organisation/Campaign ? staycounted.(org|net|com|info) are all still available. -- Colm MacC?rthaigh Public Key: colm+pgp@stdlib.net colm@stdlib.net http://www.stdlib.net/ From lists at spamfilter.cc Thu Jun 5 23:51:52 2003 From: lists at spamfilter.cc (adam beecher) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] Name In-Reply-To: <20030605223839.GA16822@kilmainham.stdlib.net> Message-ID: > How about the "Stay Counted" Organisation/Campaign ? > > staycounted.(org|net|com|info) are all still available. > I like that. BTW, I'd be happy to register the domain / host the site. I'm sure others will offer too. adam From cansbro at eircom.net Thu Jun 5 23:58:41 2003 From: cansbro at eircom.net (Catherine Ansbro) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] candidate's viewpoint Message-ID: <5.1.1.6.0.20030605234238.00a01bd0@mail1.eircom.net> I stood as a candidate in the last general election. Two issues from that experience seem particularly relevant to this discussion. 1) Importance of privacy of vote. In rural areas, I encountered numerous elderly voters who were clearly frightened about potentially changing their vote, because they knew that the vote-counters keep careful track of who votes in what order in the polling stations, and when the boxes are turned over--the vote tallymen have incredibly amazing skills at deciphering who voted how. They articulated this concern--it wasn't my guessing. The fear was palpable. This may seem absurd to those who vote in an urban polling centre, but in rural areas serving a relatively small number of people, it would be incredibly easy. In small rural communities where voting patterns would be well-known, a change in pattern could be easily spotted. If you haven't seen experienced tallymen working in a count centre you might not believe this but it is true. This is one reason I hope we can come up with a good, secure kiosk-type of e-voting, with a voter-verified paper trail as described (but one that cannot be traced back to any particular voter--using a smaller piece of paper that would be less inclined to stay in a certain order inside the ballot box). 2) Several folks have said that one would have to buy or tamper with hundreds or thousands of votes to affect an election result. I disagree. I've seen many results decided by just a few votes. With canny strategy, being able to tamper with even a few votes could have big consequences when the race is a tight one. This is a good incentive to develop something that is as secure as possible. Catherine From colm at stdlib.net Fri Jun 6 00:09:13 2003 From: colm at stdlib.net (Colm =?iso-8859-15?Q?MacC=E1rthaigh?=) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] Name In-Reply-To: References: <20030605223839.GA16822@kilmainham.stdlib.net> Message-ID: <20030605230913.GA31571@kilmainham.stdlib.net> On Thu, Jun 05, 2003 at 11:51:52PM +0100, adam beecher wrote: > > How about the "Stay Counted" Organisation/Campaign ? > > > > staycounted.(org|net|com|info) are all still available. > > > I like that. > > BTW, I'd be happy to register the domain / host the site. I'm sure others > will offer too. Same here (at the very least I'll split registration costs), but wherever ends up doing it, kilmainham (the server this list is on) is available for DNS (slave or primary), random site hosting, MX backup and obviously mailing lists ;) -- Colm MacC?rthaigh Public Key: colm+pgp@stdlib.net colm@stdlib.net http://www.stdlib.net/ From cansbro at eircom.net Fri Jun 6 00:14:06 2003 From: cansbro at eircom.net (Catherine Ansbro) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] More names Message-ID: <5.1.1.6.0.20030606000515.00a59760@mail1.eircom.net> Make It Count .org? (but "count" could mean anything; needs "vote/voting" in there somehow I think) I like what Adrian suggested earlier (something like Secure Voting Campaign) SecureVote.org SafeVote.org E-Vote Review.org or E-Vote Reform.org Open Source Voting.org (if there is consensus that we prefer open source and want to make that the focus) TheRightVotingMachine.org Catherine From tim at birdsnest.maths.tcd.ie Fri Jun 6 00:26:19 2003 From: tim at birdsnest.maths.tcd.ie (Timothy Murphy) Date: Fri Apr 23 16:54:28 2004 Subject: [IIU] [E-voting] Electronic voting In-Reply-To: <20030605211544.GA18243@prodigy.Redbrick.DCU.IE> References: <1054218497.63058.135.camel@pancake.netability.ie> <3EDF58DD.9060607@draigBrady.com> <20030605211544.GA18243@prodigy.Redbrick.DCU.IE> Message-ID: <200306060026.20276.tim@birdsnest.maths.tcd.ie> On Thursday 05 June 2003 22:15, Dave Madden wrote: > I can think of at least one party that I reckon might go door to door in > "their" areas to "help" people use their new voting software. But maybe > I'm wrong. I have the impression that the people on this list have very little contact with actual politics. It would be interesting to know how many are in political parties. For example, parties can and do drive old people to the polls to vote. Of course it is quite possible that someone driven to the voting station in an FF car will vote FG, but I doubt if that happens very often. Incidentally, there are lots of ways in which the vote could be manipulated improperly at present, eg people could be prevented from voting. It doesn't happen because it is a very serious offence, and few people feel strongly enough about the outcome to risk years in prison for a couple of votes. For exactly the same reason no-one is going to fiddle with electronic voting machines -- any worthwhile change would be immediately noticeable, as election agents have a pretty good idea of the likely vote in different wards. -- Timothy Murphy e-mail: tim@birdsnest.maths.tcd.ie tel: +353-86-233 6090 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland From patrick at kobly.com Fri Jun 6 00:48:31 2003 From: patrick at kobly.com (Patrick J. Kobly) Date: Fri Apr 23 16:54:28 2004 Subject: [IIU] [E-voting] Electronic voting In-Reply-To: <200306060026.20276.tim@birdsnest.maths.tcd.ie> References: <1054218497.63058.135.camel@pancake.netability.ie> <3EDF58DD.9060607@draigBrady.com> <20030605211544.GA18243@prodigy.Redbrick.DCU.IE> <200306060026.20276.tim@birdsnest.maths.tcd.ie> Message-ID: <20030605234831.GA18641@www.kobly.com> On Fri, Jun 06, 2003 at 12:26:19AM +0100, Timothy Murphy wrote: > I have the impression that the people on this list > have very little contact with actual politics. > It would be interesting to know how many are in political parties. \me puts hand up. > Incidentally, there are lots of ways in which the vote could be > manipulated improperly at present, > eg people could be prevented from voting. > It doesn't happen because it is a very serious offence, > and few people feel strongly enough about the outcome > to risk years in prison for a couple of votes. > > For exactly the same reason no-one is going to fiddle > with electronic voting machines -- Where fiddling with remote machines would be fairly easy, and less detectable. > any worthwhile change would be immediately noticeable, > as election agents have a pretty good idea > of the likely vote in different wards. So why don't we dispense with this whole nonsense of voting and allow the election agents to select the winner? Either way, this vote-rigging nonsense is far more likely to occur in tight races, where small changes can affect the outcome... PK -- Bow down before the one you serve You're going to get what you deserve -NIN -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.stdlib.net/pipermail/e-voting/attachments/20030605/e6fdf0b9/attachment.bin From jwkckid1 at ix.netcom.com Fri Jun 6 03:51:16 2003 From: jwkckid1 at ix.netcom.com (Jeff Williams) Date: Fri Apr 23 16:54:28 2004 Subject: [IIU] [E-voting] Electronic voting References: <1054218497.63058.135.camel@pancake.netability.ie> <200306042133.28496.tim@birdsnest.maths.tcd.ie> <200306051522.01614.tim@birdsnest.maths.tcd.ie> Message-ID: <3EE001A4.4694BAED@ix.netcom.com> Timothy and all, I agree with your view here. I also sympathize with Martha's as well. The problem I have with Martha's is that E-Voting or what I call EI-Voting ( meaning Electronic Internet Voting) is that today in most western countries other traditional forms of voting are as much or more mundane as EI-Voting is to Margaret. Kids love the internet, but find little interest in dark dank voting places of traditional types. We all must also understand that we have been in an era of great technological advances and technology is a important part of our culture, and this culture is spreading around the globe. Trying to turn back the clock, never works, and it wont now either. Yet I too feel many times as Margaret does. Timothy Murphy wrote: > On Thursday 05 June 2003 14:55, Margaret McGaley wrote: > > > Making it easy to vote is not the way to increase voter turnout. Making > > citizens care about democracy, and believe that their vote makes a > > difference is the only way to combat the increasing apathy. All the > > proposed > > technological "advances" are only going to increase the trivialisation of > > democracy. > ... > > In my opinion keeping the count process, and bringing school children to > > see it so that they learn about democracy first hand, would be a much more > > effective way of raising voting levels. > > Your faith in education is touching. > > Democracy is dying because people regard going out in the rain > to write 1 2 3 4 5 6 7 on a sheet of paper in a grotty church hall > as a ridiculous way of expressing their opinion of the government. > > -- > Timothy Murphy > e-mail: tim@birdsnest.maths.tcd.ie > tel: +353-86-233 6090 > s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting Regards, -- Jeffrey A. Williams Spokesman for INEGroup LLA. - (Over 131k members/stakeholders strong!) "Be precise in the use of words and expect precision from others" - Pierre Abelard ================================================================ CEO/DIR. Internet Network Eng. SR. Eng. Network data security Information Network Eng. Group. INEG. INC. E-Mail jwkckid1@ix.netcom.com Contact Number: 214-244-4827 or 214-244-3801 From jwkckid1 at ix.netcom.com Fri Jun 6 03:57:52 2003 From: jwkckid1 at ix.netcom.com (Jeff Williams) Date: Fri Apr 23 16:54:28 2004 Subject: [IIU] [E-voting] Electronic voting References: <1054218497.63058.135.camel@pancake.netability.ie> <200306042133.28496.tim@birdsnest.maths.tcd.ie> <20030605135513.GD8773@prodigy.Redbrick.DCU.IE> <20030605143102.GG8773@prodigy.Redbrick.DCU.IE> Message-ID: <3EE0032F.39721E87@ix.netcom.com> Margaret and all, Margaret McGaley wrote: > On Thu, Jun 05, 2003 at 03:22:01PM +0100, Timothy Murphy wrote: > > > > Democracy is dying because people regard going out in the rain > > to write 1 2 3 4 5 6 7 on a sheet of paper in a grotty church hall > > as a ridiculous way of expressing their opinion of the government. > > > > Voting from your home computer is not any less ridiculous. The problem lies in > the general lack of understanding of the importance of democracy, not in > people's dislike of rain. And what a better way of celebrating that importance than using the technology that Democracy has greatly helped produce such as EI-Voting. I can't think of a better way of celebrating or expressing the Joy and future promise of Democracy. > > > Margaret > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting Regards, -- Jeffrey A. Williams Spokesman for INEGroup LLA. - (Over 131k members/stakeholders strong!) "Be precise in the use of words and expect precision from others" - Pierre Abelard ================================================================ CEO/DIR. Internet Network Eng. SR. Eng. Network data security Information Network Eng. Group. INEG. INC. E-Mail jwkckid1@ix.netcom.com Contact Number: 214-244-4827 or 214-244-3801 From jwkckid1 at ix.netcom.com Fri Jun 6 05:22:08 2003 From: jwkckid1 at ix.netcom.com (Jeff Williams) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] Name References: Message-ID: <3EE016EF.2CC92AD3@ix.netcom.com> Adam and all, adam beecher wrote: > > How about > > e-voting.org > > or > > evoting-ireland.org > > > ie-voting.org seems appropriate. Yes it does! >:) You also might all look at phttp://www.surevote.com/ > > > > adam > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting Regards, -- Jeffrey A. Williams Spokesman for INEGroup LLA. - (Over 131k members/stakeholders strong!) "Be precise in the use of words and expect precision from others" - Pierre Abelard ================================================================ CEO/DIR. Internet Network Eng. SR. Eng. Network data security Information Network Eng. Group. INEG. INC. E-Mail jwkckid1@ix.netcom.com Contact Number: 214-244-4827 or 214-244-3801 From jwkckid1 at ix.netcom.com Fri Jun 6 06:14:21 2003 From: jwkckid1 at ix.netcom.com (Jeff Williams) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] Re: FC: Electronic voting in Irelandencounterscriticism References: Message-ID: <3EE0232C.8B99B6D9@ix.netcom.com> Adam and all, Greatpp comments and remarks here Adam. I have some remarks to add to yours below. adam beecher wrote: > > How many desktop computers were infected by ILY - a trojan developed > > by individuals with no funding? How many eggs are in one basket wrt > > OS software and application software? How easy is it to get arbitrary > > code running on a large number of desktop systems? How easy is it to > > hide that code so it doesn't do anything stupid 'til the appropriate > > time? How easy is it to mask the origin of that code? > > > Aren't these questions proving my point? Indeed we have come full circle. But hiding or masking code is sometimes done it is not the norm. It can be found, and masking is not usually difficult to unmask. What is needed is good independent code review. As a long time develoer/code writer myself for various security systems I know this to work and work well and also to be true. > Haven't we come full circle, back > to mindset? I mean, sure, you can look at this from a purely technological > point of view, you can blame the software and Microsoft's OS monopoly, but > how do you propose to fix that? You /can/ fix it, of course. You can lock > down development processes, clean-room code, audit it line-by-line, try to > underrun and overrun the buffers, etc. You won't catch absolutely > everything, but you should be able to get five nines. > > But what happens when your software leaves the clean-room? What will the OEM > do to it? What about the user? Ok, so we have to DRM our code to make sure > it can't be hax0red. Lock it down. And lock down the operating system too, > so the hax0rs can't install reverse-engineering tools and the like. Load the > OS into ROM, so it can't be modified. DRM it. Lock down the hardware, put it > in a sealed titanium box. No USB ports, we can't trust the user. No DVD or > CD ROM's. Hardwire the monitor. Forget the snazzy soundcard, you'll take > onboard sound and like it. > > Forget about Linux, and FreeBSD, and all the other wonderful OS's that have > been thrown at us for free. Forget about the tools at the very core of our > network: Apache, sendmail, and bind. PHP and Perl and Python are all gone. > Qmail and Exim, procmail and SpamAssassin, emacs and vi, MySQL and Postgres, > all dead. You can't have them. I'm not exaggerating here, that's what you > have to do if you want a secure system, and /even then/ there's an element > of risk, because you didn't throw one particular string at the code in the > clean-room; and oops, you've got an underrun, j00r 0wn3d. Unlikely, but > possible. > > Do we really want that flavour of security, everyone with the same box, the > same software? And it won't be open source or free software mind, it'll be > proprietry, because as soon as you lock those systems down, you lock open > source and free software developers out of their trade. Bill will own you. > And of course that introduces further risk, because you've got one entity > holding all the keys. Again though, that's not a technological issue, that's > a societal issue. It's not technology owning you, it's the guy that owns the > technology. > > Again, I'm not saying we /should/ do remote electronic voting now, I'm > saying we can. Technologically, it's possible. It's our current society that > prevents it. We need to change the way society perceives electronic > security. We need to get "journalists" to stop using the work "hacker" when > they mean "cracker". We need people to understand that security is about > perception, about paranoia, about assuming the worst. We need them to > understand that when their computer is broken into, 90% of the blame lies > with them, not the people that wrote the software. THEY opened the email > attachment, not Microsoft. > > > > There are technological ways around this, for example by > > > automatically closing - maybe evening uninstalling - the voting > > > application as soon as someone has voted. > > > > And this does what? > > > I would have thought it was obvious: It prevents people proving who they > voted for. > > > Or they set up an unofficial polling station in some CyberCafes, or > > > You have the same difficulties, as this would be fraud on a grand scale. You > don't get a couple of hundred people gathering in one spot to be threatened > or cajoled out of their vote without someone talking about it. > > > they set up a mechanism to transfer voting credentials so that they > > can act as proxy voters. Not all of the attacks here assume a hostile > > target. We are not just talking about vote rigging, but also > > vote selling. > > > Voting credentials here are keys though, and again, this is a societal > thing. You don't give your front door key to every Tom, Dick and Harry that > asks for them or threatens you for them. We need to give people keys and > teach them how to use them, teach them that they're the electronic > equivalent of house keys, which need to be kept safe and secure. And sure, > houses do get robbed occasionally, but to have a significant affect on an > election, you need access to thousands, tens of thousands of votes. Again, > we're talk and risk and effort, and society and mindsets. > > > > This one is the most troublesome for me, although I think that > > > a properly implemented system with trusted oversight shouldn't > > > need second channel > > > verification. > > > > Do you know what all of the software on your computer does? I don't. > > > Depends on your definition of "does" in this case. If you mean, do I know > exactly what the bits and bytes on my rig do when I open an app or change > something, then no, of course not; I'd imagine there are only a few hundred > people in the world that run systems they can understand from the On button > up. If your meaning is more basic though, then yes, of course I do. > Everybody should. > > I can see where you're going with this, but to be perfectly frank I'm not > going to answer an unasked question. > > adam > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting Regards, -- Jeffrey A. Williams Spokesman for INEGroup LLA. - (Over 131k members/stakeholders strong!) "Be precise in the use of words and expect precision from others" - Pierre Abelard ================================================================ CEO/DIR. Internet Network Eng. SR. Eng. Network data security Information Network Eng. Group. INEG. INC. E-Mail jwkckid1@ix.netcom.com Contact Number: 214-244-4827 or 214-244-3801 From jwkckid1 at ix.netcom.com Fri Jun 6 06:39:40 2003 From: jwkckid1 at ix.netcom.com (Jeff Williams) Date: Fri Apr 23 16:54:28 2004 Subject: [IIU] [E-voting] Electronic voting References: <1054218497.63058.135.camel@pancake.netability.ie> <3EDF58DD.9060607@draigBrady.com> <200306060026.20276.tim@birdsnest.maths.tcd.ie> Message-ID: <3EE0291C.17052E37@ix.netcom.com> Tim and all, Timothy Murphy wrote: > On Thursday 05 June 2003 22:15, Dave Madden wrote: > > > I can think of at least one party that I reckon might go door to door in > > "their" areas to "help" people use their new voting software. But maybe > > I'm wrong. > > I have the impression that the people on this list > have very little contact with actual politics. > It would be interesting to know how many are in political parties. > > For example, parties can and do drive old people to the polls to vote. Your right here. I did this myself just recently, and for the 2000 election, several buss loads of elderly and infirmed I drove to the polls. Many of them that obviously had had visits from their grandchildren grumbled that they wished the could vote on their "puters" instead of having to go to some "Dam damp and cold basement or polling place to vote!" > > Of course it is quite possible that someone driven to the voting station > in an FF car will vote FG, but I doubt if that happens very often. > > Incidentally, there are lots of ways in which the vote could be > manipulated improperly at present, > eg people could be prevented from voting. > It doesn't happen because it is a very serious offence, > and few people feel strongly enough about the outcome > to risk years in prison for a couple of votes. > > For exactly the same reason no-one is going to fiddle > with electronic voting machines -- > any worthwhile change would be immediately noticeable, > as election agents have a pretty good idea > of the likely vote in different wards. > > -- > Timothy Murphy > e-mail: tim@birdsnest.maths.tcd.ie > tel: +353-86-233 6090 > s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting Regards, -- Jeffrey A. Williams Spokesman for INEGroup LLA. - (Over 131k members/stakeholders strong!) "Be precise in the use of words and expect precision from others" - Pierre Abelard ================================================================ CEO/DIR. Internet Network Eng. SR. Eng. Network data security Information Network Eng. Group. INEG. INC. E-Mail jwkckid1@ix.netcom.com Contact Number: 214-244-4827 or 214-244-3801 From P at draigBrady.com Fri Jun 6 09:38:54 2003 From: P at draigBrady.com (P@draigBrady.com) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] name In-Reply-To: References: Message-ID: <3EE0531E.9070908@draigBrady.com> adam beecher wrote: > Catherine said: > > "from the discourse so far I gather that we're not opposed to electronic > voting, we're opposed to the specific system that is currently on offer. > I'm not against e-voting and don't want a name that says that. It'd make us > sound like real luddites." > > True. Also at issue if we become an "official" campaign are goals. > Margaret's goals are: > > - to prevent the use of the Nedap/Powervote system in Irish Elections, > - to prevent the purchase of any more equipment or software from > Nedap/Powervote by the Irish Government, and > - to convince the Government that any voting system used in Ireland should > be developed here, using formal methods and the Mercuri method, and should > be open source. > > I'd agree with 1) and 2), although I think they should just refer to any > voting system that doesn't match with requirements generally decided on. I > agree with the open source part of 3), but not the "developed in Ireland" > bit. I'm not qualified to comment on the "formal" and "mercuri" parts. Well developed in Ireland should be a "strong recommendation". Why send money outside the country to do this? It would have to be quite specific to this country and couldn't be sold elsewhere spreading the cost. IMHO having as much Irish goverment software developed in Ireland as possible is a no brainer. P?draig. From email at davidcochrane.com Fri Jun 6 09:57:48 2003 From: email at davidcochrane.com (David Cochrane) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] name In-Reply-To: <3EE0531E.9070908@draigBrady.com> Message-ID: Any suggestion that this is where the money is spent, in this country or anywhere else will destroy any credibility such a campaign like this will easily get. Any government in Europe needs to tender accross the continent, and allow any company accross the EU to tender, under no circumstances can the basis for selection be national. So please, end that argument, its not valid. Its very Tory (bloody foreigners etc.). Dave C. ______________________________________ Depression - anger without enthusiasm. -----Original Message----- From: e-voting-bounces@lists.stdlib.net [mailto:e-voting-bounces@lists.stdlib.net]On Behalf Of P@draigBrady.com Sent: 06 June 2003 09:39 To: Campaign against Electronic Voting in Ireland Subject: Re: [E-voting] name adam beecher wrote: > Catherine said: > > "from the discourse so far I gather that we're not opposed to electronic > voting, we're opposed to the specific system that is currently on offer. > I'm not against e-voting and don't want a name that says that. It'd make us > sound like real luddites." > > True. Also at issue if we become an "official" campaign are goals. > Margaret's goals are: > > - to prevent the use of the Nedap/Powervote system in Irish Elections, > - to prevent the purchase of any more equipment or software from > Nedap/Powervote by the Irish Government, and > - to convince the Government that any voting system used in Ireland should > be developed here, using formal methods and the Mercuri method, and should > be open source. > > I'd agree with 1) and 2), although I think they should just refer to any > voting system that doesn't match with requirements generally decided on. I > agree with the open source part of 3), but not the "developed in Ireland" > bit. I'm not qualified to comment on the "formal" and "mercuri" parts. Well developed in Ireland should be a "strong recommendation". Why send money outside the country to do this? It would have to be quite specific to this country and couldn't be sold elsewhere spreading the cost. IMHO having as much Irish goverment software developed in Ireland as possible is a no brainer. P?draig. _______________________________________________ E-voting mailing list E-voting@lists.stdlib.net http://lists.stdlib.net/mailman/listinfo/e-voting From P at draigBrady.com Fri Jun 6 10:01:13 2003 From: P at draigBrady.com (P@draigBrady.com) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] name In-Reply-To: References: Message-ID: <3EE05859.90601@draigBrady.com> David Cochrane wrote: > Any suggestion that this is where the money is spent, in this country or > anywhere else will destroy any credibility such a campaign like this will > easily get. > > Any government in Europe needs to tender accross the continent, and allow > any company accross the EU to tender, under no circumstances can the basis > for selection be national. > > So please, end that argument, its not valid. Fair enough. But I thought there would be enough national idiosyncrasies in the voting systems for this to be impractical. A pan european effort would obviously be better if possible. > Its very Tory (bloody foreigners etc.). Not what I meant at all. I was talking about the *needless* leaking of wealth from the economy. P?draig. From email at davidcochrane.com Fri Jun 6 10:10:29 2003 From: email at davidcochrane.com (David Cochrane) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] name In-Reply-To: <3EE05859.90601@draigBrady.com> Message-ID: Yes, and we have lots of European Laws and Treaties that overcome that, unfortunate as it is in the minds of some. Its not who makes it, its whats inside, and is that not our problem? -----Original Message----- From: e-voting-bounces@lists.stdlib.net [mailto:e-voting-bounces@lists.stdlib.net]On Behalf Of P@draigBrady.com Sent: 06 June 2003 10:01 To: Campaign against Electronic Voting in Ireland Subject: Re: [E-voting] name David Cochrane wrote: > Any suggestion that this is where the money is spent, in this country or > anywhere else will destroy any credibility such a campaign like this will > easily get. > > Any government in Europe needs to tender accross the continent, and allow > any company accross the EU to tender, under no circumstances can the basis > for selection be national. > > So please, end that argument, its not valid. Fair enough. But I thought there would be enough national idiosyncrasies in the voting systems for this to be impractical. A pan european effort would obviously be better if possible. > Its very Tory (bloody foreigners etc.). Not what I meant at all. I was talking about the *needless* leaking of wealth from the economy. P?draig. _______________________________________________ E-voting mailing list E-voting@lists.stdlib.net http://lists.stdlib.net/mailman/listinfo/e-voting From cansbro at eircom.net Fri Jun 6 10:09:34 2003 From: cansbro at eircom.net (Catherine Ansbro) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] name In-Reply-To: <3EE05859.90601@draigBrady.com> References: Message-ID: <5.1.1.6.0.20030606100726.00a189b0@mail1.eircom.net> >Not what I meant at all. I was talking >about the *needless* leaking of wealth >from the economy. That's how I heard it--like the "buy Irish" campaign We should consider the advantages of vocally supporting our own, even if it's not the first item of importance in this campaign. (Security & reliability & accuracy being foremost) For example, we can highlight the extra costs of sending the profits outside the country, needlessly. Catherine From email at davidcochrane.com Fri Jun 6 10:23:16 2003 From: email at davidcochrane.com (David Cochrane) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] name In-Reply-To: <5.1.1.6.0.20030606100726.00a189b0@mail1.eircom.net> Message-ID: Its illegal. We can't. I've explained this. It comes accross as a messy way of opposing e-voting by means other than the valid ones. Its its an extreme right-ring view to take (again with the Tories). Seriously guys, we can't let this have anything (AT ALL) to do with the location of the company. So now we want to campaign for buying irish? EGAD! -----Original Message----- From: e-voting-bounces@lists.stdlib.net [mailto:e-voting-bounces@lists.stdlib.net]On Behalf Of Catherine Ansbro Sent: 06 June 2003 10:10 To: Campaign against Electronic Voting in Ireland Subject: Re: [E-voting] name >Not what I meant at all. I was talking >about the *needless* leaking of wealth >from the economy. That's how I heard it--like the "buy Irish" campaign We should consider the advantages of vocally supporting our own, even if it's not the first item of importance in this campaign. (Security & reliability & accuracy being foremost) For example, we can highlight the extra costs of sending the profits outside the country, needlessly. Catherine _______________________________________________ E-voting mailing list E-voting@lists.stdlib.net http://lists.stdlib.net/mailman/listinfo/e-voting From sares at Redbrick.DCU.IE Fri Jun 6 10:49:14 2003 From: sares at Redbrick.DCU.IE (Dave Madden) Date: Fri Apr 23 16:54:28 2004 Subject: [IIU] [E-voting] Electronic voting In-Reply-To: <200306060026.20276.tim@birdsnest.maths.tcd.ie> References: <1054218497.63058.135.camel@pancake.netability.ie> <3EDF58DD.9060607@draigBrady.com> <20030605211544.GA18243@prodigy.Redbrick.DCU.IE> <200306060026.20276.tim@birdsnest.maths.tcd.ie> Message-ID: <20030606094914.GA21439@prodigy.Redbrick.DCU.IE> On Fri, Jun 06, 2003 at 12:26:19AM +0100, Timothy Murphy wrote: > > I can think of at least one party that I reckon might go door to door in > > "their" areas to "help" people use their new voting software. But maybe > > I'm wrong. > > I have the impression that the people on this list > have very little contact with actual politics. Why, because I'm more inclined to believe there are people who are willing to corrupt democracy for their own ends? I certainly do not have "very little contact" with "actual politics". I'm an active member of the PDs. I canvassed for Fiona O'Malley TD at the last election, and I'm a member of the PD General Council. BTW, being at the count for Dun Laoghaire was great - there was a real excitement, and it was wonderful to be able to watch the votes being counted. I do not regard manual voting as a chore that society must endure, any more than a meal in a nice restaurant could be regarded as nothing more than a tedious way of getting calories into your system in order to live. > It would be interesting to know how many are in political parties. Are you? > eg people could be prevented from voting. Yeah, in Kashmir there were threats to kill anyone who voted. That's fairly blatant though. > For exactly the same reason no-one is going to fiddle > with electronic voting machines -- > any worthwhile change would be immediately noticeable, That's not at all true. With first past the post, it might be, but transfers are (afaik) pretty much impossible to predict accurately. It would take a very large simulated ballot sample to make an accurate prediction Given that seats can and do go down to a handful of votes, I don't think that "any worthwhile change" must be noticeable. I'm not saying this would be easy, but I also think it's incorrect to claim that we'd always notice a change. Presumably anyone attacking the system in a serious way would be smart enough not to be obvious. > as election agents have a pretty good idea > of the likely vote in different wards. I saw an endless list of pundits and polls tell me that Fiona O'Malley didn't have a hope of being elected. No-one outside of herself and her team (and the Party) really though she's do it, but she did. There's only one poll that counts, and one poll that's reliable, and that's the election. Dave From sares at Redbrick.DCU.IE Fri Jun 6 10:53:33 2003 From: sares at Redbrick.DCU.IE (Dave Madden) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] Name In-Reply-To: <20030605223839.GA16822@kilmainham.stdlib.net> References: <20030605223839.GA16822@kilmainham.stdlib.net> Message-ID: <20030606095333.GB21439@prodigy.Redbrick.DCU.IE> On Thu, Jun 05, 2003 at 11:38:39PM +0100, Colm MacC?rthaigh wrote: > How about the "Stay Counted" Organisation/Campaign ? > > staycounted.(org|net|com|info) are all still available. Doesn't immediately explain itself to people, but it is distinct and clear to anyone who's aware of what staycounted.whatever is about. So I think it's a reasonable idea, the best so far. Dave From sares at Redbrick.DCU.IE Fri Jun 6 10:56:28 2003 From: sares at Redbrick.DCU.IE (Dave Madden) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] name In-Reply-To: References: <5.1.1.6.0.20030606100726.00a189b0@mail1.eircom.net> Message-ID: <20030606095628.GC21439@prodigy.Redbrick.DCU.IE> On Fri, Jun 06, 2003 at 10:23:16AM +0100, David Cochrane wrote: > Its its an extreme right-ring view to take (again with the Tories). > > Seriously guys, we can't let this have anything (AT ALL) to do with the > location of the company. > > So now we want to campaign for buying irish? EGAD! I'm in total argreement. We might possibly argue that there's a security issue involved, in the same way that only US cizitens can work on some US military projects, but let's not touch the buy-Irish arguement. Dave From tim at birdsnest.maths.tcd.ie Fri Jun 6 12:15:52 2003 From: tim at birdsnest.maths.tcd.ie (Timothy Murphy) Date: Fri Apr 23 16:54:28 2004 Subject: [IIU] [E-voting] Electronic voting In-Reply-To: <20030606094914.GA21439@prodigy.Redbrick.DCU.IE> References: <1054218497.63058.135.camel@pancake.netability.ie> <200306060026.20276.tim@birdsnest.maths.tcd.ie> <20030606094914.GA21439@prodigy.Redbrick.DCU.IE> Message-ID: <200306061215.53002.tim@birdsnest.maths.tcd.ie> On Friday 06 June 2003 10:49, Dave Madden wrote: > I saw an endless list of pundits and polls tell me that > Fiona O'Malley didn't have a hope of being elected. > No-one outside of herself and her team (and the Party) > really though she's do it, but she did. That's not true. Our election agent, Chris O'Malley (no relation), predicted that she would get in at every stage of the proceedings. In fact it is difficult to see who else could have got the last seat, in view of FG's suicidal campaign in Dun Laoghaire. (If their aim had been to minimize the FG vote, it is difficult to see how they could have gone about it better.) She won't get in at the next election, though. -- Timothy Murphy e-mail: tim@birdsnest.maths.tcd.ie tel: +353-86-233 6090 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland From email at davidcochrane.com Fri Jun 6 12:26:22 2003 From: email at davidcochrane.com (David Cochrane) Date: Fri Apr 23 16:54:28 2004 Subject: [IIU] [E-voting] Electronic voting In-Reply-To: <200306061215.53002.tim@birdsnest.maths.tcd.ie> Message-ID: We're going off-topic.....but..... :) FG ran three candidates. It was an attempt to deal with Cosgrave, which has now been addressed. It was political suicide. They got a quota, I think they would have gotten 1 TD elected if they had kept to the two candidates. I explained this to some people in FG and also elsewhere before the election, the numbers didn't make sense in running three. -----Original Message----- From: e-voting-bounces@lists.stdlib.net [mailto:e-voting-bounces@lists.stdlib.net]On Behalf Of Timothy Murphy Sent: 06 June 2003 12:16 To: Campaign against Electronic Voting in Ireland; Dave Madden Subject: Re: [IIU] [E-voting] Electronic voting On Friday 06 June 2003 10:49, Dave Madden wrote: > I saw an endless list of pundits and polls tell me that > Fiona O'Malley didn't have a hope of being elected. > No-one outside of herself and her team (and the Party) > really though she's do it, but she did. That's not true. Our election agent, Chris O'Malley (no relation), predicted that she would get in at every stage of the proceedings. In fact it is difficult to see who else could have got the last seat, in view of FG's suicidal campaign in Dun Laoghaire. (If their aim had been to minimize the FG vote, it is difficult to see how they could have gone about it better.) She won't get in at the next election, though. -- Timothy Murphy e-mail: tim@birdsnest.maths.tcd.ie tel: +353-86-233 6090 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland _______________________________________________ E-voting mailing list E-voting@lists.stdlib.net http://lists.stdlib.net/mailman/listinfo/e-voting From election at polarbears.com Fri Jun 6 20:46:15 2003 From: election at polarbears.com (Ciaran Quinn) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] Re: FC: Electronic voting inIrelandencounterscriticism References: Message-ID: <3F09CF1F.155DC33D@polarbears.com> adam beecher wrote: > > > > I would have thought it was obvious: It prevents people proving who they > > > voted for. > > > > No it doesn't. > > > This is your argument? > > Say we implement all the technological measures I outlined in my previous > message. The box is standardised and sealed, the OS is standardised and > loaded into ROM, the apps are standardised and signed with a central key > held by the OS developer. The election application is distributed via an > encrypted channel to, for example, the Referendum Commission servers, and > can't be loaded until a specific time. At election time, the application > loads and you place your vote or lose it. The vote is sent to the central > system via a secure channel, the application closes and uninstalls. > > The system isn't unbreakable. You could take a cutting torch to the box and > replace the hard drive. Palladium - or whatever stupid name Microsoft is > calling it these days - will act up, but we might be able to hack that too. > We might be able to change a config file for the election app (if someone > was stupid enough not to configure it in the binary), or load our own > election app. We could try and crash the system so we can prove who we voted > for. > > You or I might be able to do that, but Joe or Jane Average can't. You can > teach them to do it, but how long will it take to go around to each of their > houses to do so? We could run a course and bring them to us, but someone > will report it. You could put the instructions on the Internet, but your > site will be taken down. Anything's possible, but we're back to risk and > effort. It's not worth the effort and risk. A voting system in which some people have expertise to manipulate the system and "Joe and Jane Average" doesn't is elitist and undemocratic. Using a paper ballot system, "Joe and Jane Average" are every bit as capable of ensuring the security of the system as anyone else Ciaran Quinn .. From aecolley at spamcop.net Fri Jun 6 21:22:28 2003 From: aecolley at spamcop.net (Adrian Colley) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] Summary: why you shouldn't want electronic voting Message-ID: <20030606202228.GA507@cornerstone.colley.ie> I've noticed a widespread belief (even on this list) that electronic voting is safe and desirable if competently designed and implemented. Some have even suggested that to oppose e-voting is to appear Luddite, whereas to embrace it despite its flaws is to appear forward-looking. It is perhaps already time to come up with a brief explanation of the reason for this campaign's existence. Following the principle that you shouldn't demand of others what you wouldn't do yourself, I make my attempt now. It isn't very brief. I want to add further recommendations (e.g. mandatory manual recounts in a random set of constituencies), but I don't want to split the group. If anyone can help edit this 165-line monstrosity down to something that non-zealots are likely actually to read, I'd be very grateful. --Adrian. Introduction ------------ In the administration of justice, it is not enough that the machinery of justice be impartial: it must be seen to be impartial. Similarly, the machinery of elections must be seen to be fair and unbiased. The methods of voting in use today were adopted long ago in an attempt to stamp out widespread abuse. They have been very successful. Why paper is secure ------------------- When a voter marks a ballot paper, he or she understands how the paper "works" -- no-one can later interfere with the marked paper without physically handling it or leaving suspicious chemicals all over it, and the voter can verify that the vote is correctly recorded simply by looking at the paper -- no-one can cause the voter to misread his or her own ballot paper. The ballot paper is dropped into the ballot box, which is in full public view until it is emptied during the count. The people who handle the votes are closely observed by interested parties in public, so that they cannot hope to alter or replace any ballot paper without great risk of being caught. The voter can be confident that his or her vote is secure. No-one needs to be trusted; tampering with any ballot paper is very risky; and tampering with many ballot papers is much more risky than tampering with one. The elements of this procedure are well-known; their benefits are often taken for granted. In electronic voting, they do not apply. Let's examine each element in the context of e-voting in turn: Paper holds no secrets ---------------------- When a voter enters his or her vote on a voting machine, he or she does not know how the machine "works". The voter is not given the opportunity to examine the logic of the actual machine. Even if the machine could be inspected by the voter, the use of integrated circuits effectively frustrates a full inspection of the logic. Even if the logic could be inspected by the voter, most voters do not have the knowledge and training to understand the logic. Those few of us who do have that knowledge would be unable to cope with the great complexity of the logic. A similar machine may be made available for public inspection, but this is not sufficient: the machine that the voter is asked to use is not necessarily identical to the one available for inspection. Paper can't be secretly changed ------------------------------- Anyone who can covertly modify the software or hardware of a voting machine, or who can change its state to cause a covert change in behaviour, or who can covertly replace a voting machine with a convincing counterfeit, can modify votes as they are recorded. Paper-reading can't be interfered with -------------------------------------- The voter cannot verify that his or her vote is correctly recorded. Because the vote is primarily stored in non-human-readable media, the voter cannot independently examine the recorded vote -- he or she must trust that the machine is honest when it displays information about the recorded vote. The ballot box is seen to be inviolate -------------------------------------- The media on which the vote is recorded cannot be inspected by anyone. The constitutional requirement of a secret ballot prohibits both monitoring and the production of an audit trail. (This is the principal reason why the success of IT in financial transactions does not transfer well to election administration.) The counting personnel can't easily alter paper ----------------------------------------------- The people who handle the media must use more electronic devices to read the votes from them. No matter how much public scrutiny is applied, the reading devices (and the computers attached to them) provide a further opportunity for tampering. Voter can be confident of vote's integrity ------------------------------------------ In order to subvert the process, a potential attacker must tamper with or replace one or more of the components involved. Software-only tampering is relatively easily detected[1], but a substitute BIOS or I/O chip would be difficult to detect without destroying part of the machine. The attacker must have access to the machines, but this access does not need to be during an election. Even if the machines are heavily guarded all year round, and the software is formally proven and published, and each machine is publicly disassembled and minutely examined for unauthorized hardware modifications after each election, the voter still cannot be confident that the voting machine he or she is using has not been switched for the real one. In order for electronic voting to be accepted, everyone must be trusted. The hardware designers, constructors, shippers, and guards; the software designers, installers; the system administrators; the suppliers of replacement parts and maintenance services. Any one of these, acting alone and suitably equipped, can modify the voting machines in a way that cannot be easily detected. Tampering with paper is high-risk --------------------------------- Most programmers know that it's possible to introduce a deliberate security flaw in a piece of software in such a way that it looks like a mistake; after all, almost all security flaws are the result of programming mistakes. Most people who have game consoles -- or who have children who have game consoles -- know that cheat codes can suddenly alter the behaviour of a game or any other software designed to receive them. And everyone understands that a program can easily delete itself from memory. It should be well known, then, that it's relatively easy to modify a program to accept a cheat code changing its behaviour until the close of polling. (Somewhat challenging, but certainly not beyond the power of the average IOCCC winner.) The only difficulty is sneaking the software change past the security procedures: this involves either replacing part of the hardware or introducing the change by an official channel. Risk rises with number of ballots corrupted ------------------------------------------- Once anyone goes to the trouble of compromising the security of one vote like this, the extra effort or risk involved in compromising any more votes is negligible. All of the eggs are in one basket, so to speak. When the election is stolen, it can be completely stolen. Nedap/Powervote --------------- And all that assumes that the voting system is perfectly designed to begin with. There is ample evidence in the McGaley Report that the proposed system fails to clear this hurdle. The reader is directed to that report (via ) for details; I will say only that the Government department concerned has dismissed the concerns of all independent security researchers, including those whom it engaged directly. Recommendation: do not roll out this system ------------------------------------------- The security requirements of the Nedap/Powervote electronic voting system are arduous. Electronic voting requires the same security guarantees as paper-based voting, but the simplicity of paper gives us those guarantees so cheaply that we often take them for granted. It appears that the Government intends to avoid the costs of increased security by denying the need for it. Electronic voting is far more expensive than paper-based voting, even if it's free. Recommendation: establish standards for computer-assisted voting ---------------------------------------------------------------- The benefits sought in electronic voting can be obtained by use of other systems. The Oireachtas should discover and enact requirements for such systems. These requirements should include: - The voting machines must produce a physical ballot which the voter can inspect for accuracy before causing it to be cast (the `Mercuri method') - The software used throughout the system must be developed and proven using formal methods, so that elections will not be unnecessarily disrupted through faulty processing (as in Florida) - The software must be promulgated to the public (as laws are) so that every interested citizen can independently verify the safety of the software. [1] However, it can be done. Detecting tampering with software is usually done by comparing it with known-valid master copies. If the master copies are also tampered with, the tampering will be undetected. An employee of the original software team could do it (see Ken Thompson's Reflections on Trusting Trust). A trojan-horsed `software update' could do it (see the `patch' entry in the New Hacker's Dictionary/Jargon File). From lists at spamfilter.cc Fri Jun 6 21:39:13 2003 From: lists at spamfilter.cc (adam beecher) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] Re: FC: Electronic voting inIrelandencounterscriticism In-Reply-To: <3F09CF1F.155DC33D@polarbears.com> Message-ID: > A voting system in which some people have expertise to manipulate the > system and "Joe and Jane Average" doesn't is elitist and undemocratic. > > Using a paper ballot system, "Joe and Jane Average" are every bit as > capable of ensuring the security of the system as anyone else > Nah, they're not. It's not that hard to sell your vote or steal someone else's with a paper ballot. Right now, you'd use a digital camera for the former, and a scanner and printer for the latter. In the old days, you'd stand at the polling booth by the window for the former, and steal or forge a ballot paper for the latter. Or use a dead person's vote: Vote early, vote often! All it takes is a little ingenuity, that's what expertise is built upon. Hackers and crackers are just clever people, and there's nothing elitist about being clever, you get clever people at all levels of society. Hell, some of the people drawing social welfare in this country would run rings around us if they put their minds to it. They manipulate the system with ingenuity that would put Einstein to shame. There are no absolutes in security*. It's all about balance. adam *Except maybe quantum, and who knows what the next ten years will bring? From patrick at kobly.com Fri Jun 6 22:04:29 2003 From: patrick at kobly.com (Patrick J. Kobly) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] Re: FC: Electronic voting inIrelandencounterscriticism In-Reply-To: References: <3F09CF1F.155DC33D@polarbears.com> Message-ID: <20030606210429.GA27657@www.kobly.com> On Fri, Jun 06, 2003 at 09:39:13PM +0100, adam beecher wrote: > > A voting system in which some people have expertise to manipulate the > > system and "Joe and Jane Average" doesn't is elitist and undemocratic. > > > > Using a paper ballot system, "Joe and Jane Average" are every bit as > > capable of ensuring the security of the system as anyone else > Nah, they're not. It's not that hard to sell your vote or steal someone > else's with a paper ballot. Right now, you'd use a digital camera for the > former, Which still doesn't give proof of vote. Here, you could just spoil the ballot after taking the picture, and obtain another ballot. > and a scanner and printer for the latter. Our ballots have counterfoils with unique numbers, watermarks and other mechanisms to make forgery difficult. A poll clerk initials the counterfoil on each ballot that goes out, and checks the initials as it comes back in. Poll clerks/DRO's are authorized to refuse to accept any ballot that they don't believe that they provided. Also, the number of ballots out is reconciled with the number of ballots in. > In the old days, you'd > stand at the polling booth by the window for the former, Which is why we use polling stations without windows, or situate the booths so that they cannot be seen from the windows. Loiterers are removed from the premises and observers / scrutineers are limited as to where in the polling station they can be. > and steal or forge > a ballot paper for the latter. The ballot papers are kept by the DRO / poll clerk, in their sight at all times, making it rather difficult to steal a ballot. They are individually marked on the counterfoil with a unique number (the counterfoil is removed prior to depositing the ballot in the box.) > Or use a dead person's vote: Vote early, vote > often! You're a lot more likely to get caught on this if you have to physically enter a polling station. An individual approaching a polling station, claiming to be someone who has been struck from the register of electors is highly likely to be caught and severely punished. The point that was being made is that physical security measures undertaken for a physical process are significantly easier to understand for the average person than virtual security measures undertaken for a virtual process by a black box. > All it takes is a little ingenuity, that's what expertise is built upon. > Hackers and crackers are just clever people, and there's nothing elitist > about being clever, you get clever people at all levels of society. Hell, > some of the people drawing social welfare in this country would run rings > around us if they put their minds to it. They manipulate the system with > ingenuity that would put Einstein to shame. > > There are no absolutes in security*. It's all about balance. > > adam > > *Except maybe quantum, and who knows what the next ten years will bring? > > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting -- Bow down before the one you serve You're going to get what you deserve -NIN -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.stdlib.net/pipermail/e-voting/attachments/20030606/8722819d/attachment.bin From lists at spamfilter.cc Sat Jun 7 00:23:10 2003 From: lists at spamfilter.cc (adam beecher) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] Re: FC: Electronic voting inIrelandencounterscriticism In-Reply-To: <20030606210429.GA27657@www.kobly.com> Message-ID: > Which still doesn't give proof of vote. Here, you could just spoil > the ballot after taking the picture, and obtain another ballot. > Sure I could, or I could digitially alter the picture when I get home. Or the enforcer could alter it before he gave to his boss and get my legs broken. The possibilities for cheating the vote and cheating the cheaters are endless, such is the beauty of binary. Funnily enough, that's why I'm a bit worried about this electronic voting thing we've been talking about. > Our ballots have counterfoils with unique numbers, watermarks and > other mechanisms to make forgery difficult. A poll clerk initials the > counterfoil on each ballot that goes out, and checks the initials as > it comes back in. Poll clerks/DRO's are authorized to refuse to > accept any ballot that they don't believe that they provided. Also, > the number of ballots out is reconciled with the number of ballots in. > My apologies, I was talking about the registration cards that are delivered to our door. I can't remember them exactly, but I'm pretty sure they're just plain white card with black print on them. I don't know the exact process, but as I remember it, I hand that over to the poll clerk, he looks at it and draws a line through my name and perhaps a number on a sheet of paper, and hands me my ballot card. The ballot cards I remember were pretty plain, I don't remember seeing watermarks and stuff on them, but I'll take your word for it. Anyway, I've never been asked for ID in my polling station, not once, and I don't know any of the poll clerks. Perhaps they know my face by now, but there sure are a lot of people going through the station. > Which is why we use polling stations without windows, or situate the > booths so that they cannot be seen from the windows. Loiterers are > removed from the premises and observers / scrutineers are limited as > to where in the polling station they can be. > My polling station is in the gym/hall in Beaumont National School in Cork. It's a large rectangular room with pretty big windows all along one of the longer sides of the room. I think there's between five and eight polling booths, all facing inward towards the clerk's desks and the ballot boxes. One or two at each side can't be overlooked because there's a wall directly behind the voter, but the other three or four are overlooked by the windows. I could easily place my vote and hold it up for someone outside the window to see. And I could easily wander around the outside of the school unchallenged. Perhaps my polling station is an anomaly, but most of the other polling stations in that school will be too, because it's a building with lots of windows. But perhaps the school is an anomaly too. I can only judge from my own experiences. > The ballot papers are kept by the DRO / poll clerk, in their sight at > all times, making it rather difficult to steal a ballot. They are > individually marked on the counterfoil with a unique number (the > counterfoil is removed prior to depositing the ballot in the box.) > Again, this is my own fault, I was referring to the registration cards, as I mentioned earlier. My apologies again. That said, I don't remember ever removing a counterfoil before voting. I fold my ballot paper up and stick it in the box. No-one's ever asked me for a counterfoil, and I've never seen anyone else removing one. Actually, now I come to think of it, I've never seen initials on my ballot card either, and I'd be pretty worried if the clerk checked my ballot before I placed it in the ballot box. I think we're talking about two different cards here. > You're a lot more likely to get caught on this if you have to > physically enter a polling station. An individual approaching a > polling station, claiming to be someone who has been struck from the > register of electors is highly likely to be caught and severely > punished. > Absolutely true. I was making a little joke, referring to the vote stealing tactics those scallywags in the north are famous for. Obviously if I was going to steal someone's vote I would never use the name of a person who had been struck from the register, that would just be silly. I'd go and check if the person was still on there, get them back on if they aren't. If I need ID, that's not a problem, it's easy if you know how. But obviously I'm not going to do any of that, because although the risk is pretty minimal, the effort isn't worth it. > The point that was being made is that physical security measures > undertaken for a physical process are significantly easier to > understand for the average person than virtual security measures > undertaken for a virtual process by a black box. > I understand that, and I don't think I objected to that anywhere in my post. adam From sares at Redbrick.DCU.IE Sat Jun 7 20:37:19 2003 From: sares at Redbrick.DCU.IE (Dave Madden) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] Re: FC: Electronic voting inIrelandencounterscriticism In-Reply-To: References: <20030606210429.GA27657@www.kobly.com> Message-ID: <20030607193719.GB15591@prodigy.Redbrick.DCU.IE> On Sat, Jun 07, 2003 at 12:23:10AM +0100, adam beecher wrote: > hands me my ballot card. The ballot cards I remember were pretty plain, I > don't remember seeing watermarks and stuff on them, but I'll take your word > for it. Anyway, I've never been asked for ID in my polling station, not > once, and I don't know any of the poll clerks. Perhaps they know my face by > now, but there sure are a lot of people going through the station. I think we can all agree that since (a) the registration card isn't meant to constitute ID (and indeed this is clearly stated on the card) and (b) proof of identity is the same for both the old and proposed systems, therefore (i) it's bad that people aren't asked for real ID and (ii) it is an important issue but it's got nothing to do with whether or not a paper or electronic ballot box is preferable. > Perhaps my polling station is an anomaly, but most of the other polling > stations in that school will be too, because it's a building with lots of > windows. But perhaps the school is an anomaly too. I can only judge from my > own experiences. The schools I've voted in haven't had that problem, but you may be correct. Dave From adelaney at cs.may.ie Mon Jun 9 11:07:54 2003 From: adelaney at cs.may.ie (Aidan Delaney) Date: Fri Apr 23 16:54:28 2004 Subject: [E-voting] name In-Reply-To: <20030606095628.GC21439@prodigy.Redbrick.DCU.IE> References: <5.1.1.6.0.20030606100726.00a189b0@mail1.eircom.net> <20030606095628.GC21439@prodigy.Redbrick.DCU.IE> Message-ID: <200306091107.54341.adelaney@cs.may.ie> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > So now we want to campaign for buying irish? EGAD! > > I'm in total argreement. We might possibly argue that > there's a security issue involved, in the same way that > only US cizitens can work on some US military projects, > but let's not touch the buy-Irish arguement. I believe the reason for the "buy Irish" recommendation is because one of the reasons the Government are using to push e-voting is that it shows Irish technolological prowess. The counter arguement is that buying a flawed Dutch product dosn't show Irish technological prowess, it shows Dutch techno and Irish stupidity. I've no problem with any company bidding to develop for the Irish national e-voting product iff it's open-source. - -- Thanks, Aidan Delaney - -- If anyone has both the right and the need to study the code and be assured of its correct functioning, it is users. -- Whitfield Diffie Checksums of bad data tell you only: "yup, that's exactly the same bad data the other guy has" -- Tom Lord gpg key: http://minds.cs.may.ie/~balor/public_key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE+5Fx6R5d8aoUiMO0RAt9FAKCazg+/4raPrqrsP2bTnDD7LG3EiQCgorDy 3bEifRSDWsRSpal/cokIzgU= =Vi7q -----END PGP SIGNATURE----- From adelaney at cs.may.ie Mon Jun 9 11:19:46 2003 From: adelaney at cs.may.ie (Aidan Delaney) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Summary: why you shouldn't want electronic voting In-Reply-To: <20030606202228.GA507@cornerstone.colley.ie> References: <20030606202228.GA507@cornerstone.colley.ie> Message-ID: <200306091119.46538.adelaney@cs.may.ie> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For the record, I support an electronic booth voting system (not internet voting [i-voting?]) based on three critera a) the mercuri method b) formally developed c) open source and modifiable But *not* the currently proposed system :) > Why paper is secure > ------------------- > When a voter marks a ballot paper, he or she understands how the > paper "works" I had this same arguement with Margret (in person) and she convinced me that I was wrong. If I may extrapolate the statement that the voter understands how the paper works: The voter understands how the paper works, but not the system. Our PR system contains may legislative count-corner-cutting techniques and other count-corner-cutting techniques are used in practice. The system is inherently non-deterministic from an algorithmic point of view. This means that the current counting system, whilst acceptable, is inherently unfair. A secure e-voting (electronic booth voting) system _will_ allow the legislation to become more clear and the algorithm for the count to become more deterministic (there are points which a coin _has_ to be flipped). Thus if there are no count-corner-cutting methods I think the voter (me) will understand the system more easily. So I believe your premise on e-voting to be incorrect. I apologise if I have incorrectly extrapolated your statement and would value a rebuttal of my argument. - -- Thanks, Aidan Delaney - -- If anyone has both the right and the need to study the code and be assured of its correct functioning, it is users. -- Whitfield Diffie Checksums of bad data tell you only: "yup, that's exactly the same bad data the other guy has" -- Tom Lord gpg key: http://minds.cs.may.ie/~balor/public_key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE+5F9CR5d8aoUiMO0RAheRAJ0a30DmX0kN7nEBlbnL4TRgV9dh9wCg8K30 bvvCQi1vdC7yjw7ezWNPKTA= =Ed6I -----END PGP SIGNATURE----- From ciaran17 at eircom.net Mon Jun 9 13:16:34 2003 From: ciaran17 at eircom.net (Ciaran Mac Lochlainn) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Re: FC: Electronic voting inIrelandencounterscriticism In-Reply-To: References: Message-ID: <1055160999.1921.78.camel@mars> As I understand it, under the present system, you only get one ballot - if you spoil it, that's your problem. They aren't supposed to give you another. I think they check how many ballots have been handed out against the number of people who voted. With the Nedap system, they likewise give you one chance to vote. If you deliberately leave without casting a proper vote, that's that. I can't find fault with this - I don't agree that there's a right to spoil your vote. The polling clerk stamps each ballot with a device that perforates it as it is handed out. If the ballot is not stamped, it will not be counted later on - it will be removed and checked as a "disputed vote", along with any which have been spoiled. I acted on behalf of Niall O Brolchain at the last general election in Galway West, checking (with other candidates or their nominees) each of these disputed ballots to decide whether they were spoiled, not properly stamped, or a valid vote for one or other candidate. This is standard practice with paper ballots, and happens before the first count. If you trust the Nedap system to work as documented, then all the above becomes irrelevant - a vote is either cast or it isn't. Of course, if you don't trust the system (and there's no empirical reason to do so) then it's all highly relevant. Safeguards which were in existence are replaced with blind faith. Every vote goes to who the system says it should, without any verification. Fine, if the system itself can be verified, by each candidate or a nominee who is familiar with the intricacies, not (as many political activists are) of a paper count, but of software security and auditing. How many candidates are experienced at verifying an election count? How many candidates are experienced at code reviews? It only takes an election or two for a candidate, or a member of the public with any more than casual interest, to become familiar with how paper election counts operate and to be able to spot irregularities. It takes years of study to gain the skills to do the same with a computer system. Ciaran Mac Lochlainn From sares at Redbrick.DCU.IE Mon Jun 9 13:57:09 2003 From: sares at Redbrick.DCU.IE (Dave Madden) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] name In-Reply-To: <200306091107.54341.adelaney@cs.may.ie> References: <5.1.1.6.0.20030606100726.00a189b0@mail1.eircom.net> <20030606095628.GC21439@prodigy.Redbrick.DCU.IE> <200306091107.54341.adelaney@cs.may.ie> Message-ID: <20030609125709.GA11675@prodigy.Redbrick.DCU.IE> On Mon, Jun 09, 2003 at 11:07:54AM +0100, Aidan Delaney wrote: > I believe the reason for the "buy Irish" recommendation is because one of the > reasons the Government are using to push e-voting is that it shows Irish > technolological prowess. The counter arguement is that buying a flawed Dutch > product dosn't show Irish technological prowess, it shows Dutch techno and > Irish stupidity. I've no problem with any company bidding to develop for the > Irish national e-voting product iff it's open-source. That's fair enough, although it sounds like a counter-arguement to the Government arguement, rather than a reason to "buy Irish". Dave From colm at stdlib.net Mon Jun 9 14:12:03 2003 From: colm at stdlib.net (Colm =?iso-8859-15?Q?MacC=E1rthaigh?=) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Re: FC: Electronic voting inIrelandencounterscriticism In-Reply-To: <1055160999.1921.78.camel@mars> References: <1055160999.1921.78.camel@mars> Message-ID: <20030609131203.GA39695@kilmainham.stdlib.net> On Mon, Jun 09, 2003 at 12:16:34PM +0000, Ciaran Mac Lochlainn wrote: > As I understand it, under the present system, you only get one ballot - > if you spoil it, that's your problem. They aren't supposed to give you > another. That is not the current system. The current system is that if you spoil a ballot, or mark it incorrectly, the officer will tear up and mark the ballot, insert it into the ballot box, and issue you a new ballot. This way the number of ballots in still matches out, and inadvertently spoiled ballots can be discarded. -- Colm MacC?rthaigh Public Key: colm+pgp@stdlib.net colm@stdlib.net http://www.stdlib.net/ From Margaret.McGaley at redbrick.dcu.ie Mon Jun 9 14:45:03 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Campaign goals Message-ID: <20030609134459.GB11717@prodigy.Redbrick.DCU.IE> I believe the first two goals should specifically mention the Nedap system, since our first priority must be to prevent the use of the Nedap machines. How about the following re-wording of the third goal? - to ensure that any electronic voting system introduced in Ireland meets the following criteria - a booth is used, analagous to the traditional polling booth, - all development uses formal methods, - votes are printed on a paper ballot to be verified by the voter, - all source code is publicly available. The question of copyright on the source code is a prickly one. The Australian system is GPLed http://www.elections.act.gov.au/EVaCS.html#code Margaret From nick at netability.ie Mon Jun 9 14:55:59 2003 From: nick at netability.ie (Nick Hilliard) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Campaign goals In-Reply-To: <20030609134459.GB11717@prodigy.Redbrick.DCU.IE> References: <20030609134459.GB11717@prodigy.Redbrick.DCU.IE> Message-ID: <1055166958.46645.7.camel@pancake.netability.ie> On Mon, 2003-06-09 at 14:45, Margaret McGaley wrote: > I believe the first two goals should specifically mention the Nedap system, > since our first priority must be to prevent the use of the Nedap machines. If I could make a suggestion, the only thing which is going to stop use of the Nedap machines at this stage is a Supreme Court ruling against their introduction. The Minister and his department are almost certain to ignore anything less than this, now that > euro30 million has been allocated for buying the systems. >From the campaign's point of view, the issue will then become the issue of how to collate sufficient evidence to create a solid case and then how to bring such a case to court. The latter can be done by collaboration between techies and legal types, so it is important at this stage to see if there are any legal people who might be interested in taking such a case against the minister in the high court (there would almost certainly be a subsequent appeal to the supreme court, regardless of which way the ruling went). I have heard that there are grumblings at the bar about e-voting, but cannot substantiate these as anything more than rumours. Nick From adelaney at cs.may.ie Mon Jun 9 14:46:29 2003 From: adelaney at cs.may.ie (Aidan Delaney) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Campaign goals In-Reply-To: <20030609134459.GB11717@prodigy.Redbrick.DCU.IE> References: <20030609134459.GB11717@prodigy.Redbrick.DCU.IE> Message-ID: <200306091446.29791.adelaney@cs.may.ie> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon 09 Jun 2003 14:45, Margaret McGaley wrote: > I believe the first two goals should specifically mention the Nedap system, > since our first priority must be to prevent the use of the Nedap machines. I agree. > How about the following re-wording of the third goal? > > - to ensure that any electronic voting system introduced in Ireland meets > the following criteria > - a booth is used, analagous to the traditional polling booth, > - all development uses formal methods, > - votes are printed on a paper ballot to be verified by the > voter, - all source code is publicly available. Yup, sounds good to me. > The question of copyright on the source code is a prickly one. The > Australian system is GPLed [disclaimer] GPL bigot talking [/disclaimer] I think that it's imperitive that the source is both open and modifiable in line with most open source licences (BSD, Apache, GPL etc...). I personally would like to see the state hold copyright, but if the source is modifiable and re-destributable I don't really care too much, though it would be a good idea for the state to GPL it to protect it's investment. I don't want to start a licence flame-war here, so here are two questions I think are pertinant a) Should the system be open source? yes - IMHO b) Should the source be modifiable? yes - a "look but don't touch" (shared source) effort is not acceptable. Anyone should be allowed to run, debug and fix the source. - -- Thanks, Aidan Delaney - -- If anyone has both the right and the need to study the code and be assured of its correct functioning, it is users. -- Whitfield Diffie Checksums of bad data tell you only: "yup, that's exactly the same bad data the other guy has" -- Tom Lord gpg key: http://minds.cs.may.ie/~balor/public_key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE+5I+1R5d8aoUiMO0RAlWBAJsFDX24WVkSVoXMbR2atS5K9QEWpgCg2oZY 3KXBkiwSFdjbqZnjZGRy/7o= =aGkc -----END PGP SIGNATURE----- From colm at stdlib.net Mon Jun 9 15:02:32 2003 From: colm at stdlib.net (Colm =?iso-8859-15?Q?MacC=E1rthaigh?=) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Campaign goals In-Reply-To: <1055166958.46645.7.camel@pancake.netability.ie> References: <20030609134459.GB11717@prodigy.Redbrick.DCU.IE> <1055166958.46645.7.camel@pancake.netability.ie> Message-ID: <20030609140232.GA74153@kilmainham.stdlib.net> On Mon, Jun 09, 2003 at 02:55:59PM +0100, Nick Hilliard wrote: > From the campaign's point of view, the issue will then become the issue > of how to collate sufficient evidence to create a solid case and then > how to bring such a case to court. What grounds are there for bringing the case to court? There's certainly nothing unconsitutional about the system, and a Judicial Review of a Ministerial Decision endorsed at the committee and legislative stages by our elected representatives is a non-starter. What angle do you get it in to court? -- Colm MacC?rthaigh Public Key: colm+pgp@stdlib.net colm@stdlib.net http://www.stdlib.net/ From Margaret.McGaley at redbrick.dcu.ie Mon Jun 9 15:13:57 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Name In-Reply-To: References: <20030604161109.GA22271@prodigy.Redbrick.DCU.IE> Message-ID: <20030609141356.GA23128@prodigy.Redbrick.DCU.IE> Is there any chance of getting .ie URL ? evoting.ie would be perfect for radio. Margaret From lists at spamfilter.cc Mon Jun 9 15:21:12 2003 From: lists at spamfilter.cc (adam beecher) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Name In-Reply-To: <20030609141356.GA23128@prodigy.Redbrick.DCU.IE> Message-ID: > Is there any chance of getting .ie URL ? > > evoting.ie would be perfect for radio. > There has to be a couple of solicitors or accountants on the list: Set the organisation up as an unincorporated association, and ask one of the aforementioned to provide a letter saying that the association is operating under the name "evoting.ie"; then you can apply using these details. Personally, I think it's a waste of money, and I've found that "ie" doesn't trip off the tongue too well. I used to trade as "iewebs", something I regretted for a long time. Try saying "ie" out loud. See how it makes you sound like a ninja? AIIII-EEEE-YAH! ;) adam From nick at netability.ie Mon Jun 9 15:32:17 2003 From: nick at netability.ie (Nick Hilliard) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Campaign goals In-Reply-To: <20030609140232.GA74153@kilmainham.stdlib.net> References: <20030609134459.GB11717@prodigy.Redbrick.DCU.IE> <1055166958.46645.7.camel@pancake.netability.ie> <20030609140232.GA74153@kilmainham.stdlib.net> Message-ID: <3EE49A71.40002@netability.ie> > What grounds are there for bringing the case to court? There's certainly > nothing unconsitutional about the system, and a Judicial Review of a > Ministerial Decision endorsed at the committee and legislative stages > by our elected representatives is a non-starter. > > What angle do you get it in to court? I honestly have no idea. That's why I suggest that the campaign enlist the services of a like-minded legal eagle who might have some suggestions on this. Nick From lists at spamfilter.cc Mon Jun 9 15:52:49 2003 From: lists at spamfilter.cc (adam beecher) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Campaign goals In-Reply-To: <20030609134459.GB11717@prodigy.Redbrick.DCU.IE> Message-ID: Before I go any further, can someone tell me if the voting system went out to tender? I CTRL+F'd in Margaret's report, but didn't see anything obvious. I guess there isn't much hope of it being that easy, but the Government has made silly mistakes like this before... > I believe the first two goals should specifically mention the > Nedap system, since our first priority must be to prevent the > use of the Nedap machines. > I've already explained why I think we should be objecting generally rather than specifically, so I won't cover that ground again. There is also a strategic consideration, in that naming and shaming creates a specific enemy, whereas objecting in general gives us moral high ground, at least to a degree. I don't want to get into a protracted disagreement about this, however, niggles tend to bury campaigns before they begin. > How about the following re-wording of the third goal? > > - to ensure that any electronic voting system introduced in > Ireland meets the following criteria > - a booth is used, analagous to the traditional polling booth, > - all development uses formal methods, > Can you explain what this means Margaret? I have an idea, but I'm not sure, and I'm guessing there will be people on the list less sure than me. > - votes are printed on a paper ballot to be verified by > the voter, > And are placed in a traditional ballot box for later reference, I presume? > - all source code is publicly available. > Absolutely. > The question of copyright on the source code is a prickly one. > The Australian system is GPLed > Perhaps we should require that the licence be recognised by the Free Software Foundation... http://www.gnu.org/licenses/license-list.html ...and/or the Open Source Initiative... http://opensource.org/licenses/ adam From sares at Redbrick.DCU.IE Mon Jun 9 16:04:25 2003 From: sares at Redbrick.DCU.IE (Dave Madden) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Campaign goals In-Reply-To: <20030609140232.GA74153@kilmainham.stdlib.net> References: <20030609134459.GB11717@prodigy.Redbrick.DCU.IE> <1055166958.46645.7.camel@pancake.netability.ie> <20030609140232.GA74153@kilmainham.stdlib.net> Message-ID: <20030609150425.GB13559@prodigy.Redbrick.DCU.IE> On Mon, Jun 09, 2003 at 03:02:32PM +0100, Colm MacC?rthaigh wrote: > What grounds are there for bringing the case to court? There's certainly > nothing unconsitutional about the system, and a Judicial Review of a I don't think anyone can be sure of how the Courts might rule, but I wouldn't entirely rule out a decision against the system. The constitution is sufficiently broad in its wording that it can't and doesn't specify every little detail of what constitutes an acceptable electoral system, which is of course why the Gov can mess around with the law in this area. The McKenna Judgement is a clear example of the Courts ruling against something on general principles of democracy rather than on a narrow technical reason. That the constitution doesn't say "No E-Voting shall be permitted" doesn't mean the Courts mightn't decide that e-voting (or Nedap in particular) is contrary to democracy. I do think getting some legal people on board would be very useful. sares From lists at spamfilter.cc Mon Jun 9 16:21:46 2003 From: lists at spamfilter.cc (adam beecher) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Campaign goals In-Reply-To: <20030609150425.GB13559@prodigy.Redbrick.DCU.IE> Message-ID: Was Margaret's orginal post sent to the IRISHLAW mailing list I wonder? adam > -----Original Message----- > From: e-voting-bounces@lists.stdlib.net > [mailto:e-voting-bounces@lists.stdlib.net]On Behalf Of Dave Madden > Sent: 09 June 2003 16:04 > To: Campaign against Electronic Voting in Ireland > Subject: Re: [E-voting] Campaign goals > > > On Mon, Jun 09, 2003 at 03:02:32PM +0100, Colm MacC?rthaigh wrote: > > What grounds are there for bringing the case to court? There's certainly > > nothing unconsitutional about the system, and a Judicial Review of a > > I don't think anyone can be sure of how the Courts might > rule, but I wouldn't entirely rule out a decision against > the system. The constitution is sufficiently broad in its > wording that it can't and doesn't specify every little > detail of what constitutes an acceptable electoral > system, which is of course why the Gov can mess around > with the law in this area. > > The McKenna Judgement is a clear example of the Courts > ruling against something on general principles of > democracy rather than on a narrow technical reason. > > That the constitution doesn't say "No E-Voting shall be > permitted" doesn't mean the Courts mightn't decide that > e-voting (or Nedap in particular) is contrary to > democracy. > > I do think getting some legal people on board would be > very useful. > > sares > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting > From Margaret.McGaley at redbrick.dcu.ie Mon Jun 9 16:30:55 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Campaign goals In-Reply-To: References: <20030609134459.GB11717@prodigy.Redbrick.DCU.IE> Message-ID: <20030609153054.GC20030@prodigy.Redbrick.DCU.IE> On Mon, Jun 09, 2003 at 03:52:49PM +0100, adam beecher wrote: > Before I go any further, can someone tell me if the voting system went out > to tender? I CTRL+F'd in Margaret's report, but didn't see anything obvious. > I guess there isn't much hope of it being that easy, but the Government has > made silly mistakes like this before... > Yes, it did go out to tender. Documents available in http://minds.cs.may.ie/~lovelace/E-Voting/FoI_request/ give all the details I've been given access to. > > How about the following re-wording of the third goal? > > > > - to ensure that any electronic voting system introduced in > > Ireland meets the following criteria > > - a booth is used, analagous to the traditional polling booth, > > - all development uses formal methods, > > > Can you explain what this means Margaret? I have an idea, but I'm not sure, > and I'm guessing there will be people on the list less sure than me. > There's a page (just added) on the campaign site about formal methods. http://minds.cs.may.ie/~lovelace/E-Voting/formal_methods.shtml A good summary might be the following: Unlike other engineering disciplines, software engineering places very little emphasis on the design of it's products. No scrupulous mechanical engineer would try to sell a car that wasn't based on a rigorous, formal, specification and design. Formal methods is a set of techniques for the formal specification and design of software. The project is specified in a formal, mathematical language which can be automatically manipulated, but which doesn't concern itself with the implementation details of the system. So we all agree *what* the system does before we try to figure out *how* to make it do it. Because the specification language is based on mathematics, we can prove certain properties like completeness and consistency of the specification, and we can set pre- and post-conditions, and so on. The use of formal methods massively increases development time, but it comparably decreases testing time [1]. > > - votes are printed on a paper ballot to be verified by > > the voter, > > > And are placed in a traditional ballot box for later reference, I presume? > Yes, and those ballot boxes would be treated in the same way as ballot boxes currently are - always under public scrutiny. Margaret [1] http://shemesh.larc.nasa.gov/fm/fm-why.html From Margaret.McGaley at redbrick.dcu.ie Mon Jun 9 16:33:03 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Campaign goals In-Reply-To: References: <20030609150425.GB13559@prodigy.Redbrick.DCU.IE> Message-ID: <20030609153301.GD20030@prodigy.Redbrick.DCU.IE> I'll mail them now. Margaret On Mon, Jun 09, 2003 at 04:21:46PM +0100, adam beecher wrote: > Was Margaret's orginal post sent to the IRISHLAW mailing list I wonder? > > adam > > > > -----Original Message----- > > From: e-voting-bounces@lists.stdlib.net > > [mailto:e-voting-bounces@lists.stdlib.net]On Behalf Of Dave Madden > > Sent: 09 June 2003 16:04 > > To: Campaign against Electronic Voting in Ireland > > Subject: Re: [E-voting] Campaign goals > > > > > > On Mon, Jun 09, 2003 at 03:02:32PM +0100, Colm MacC?rthaigh wrote: > > > What grounds are there for bringing the case to court? There's certainly > > > nothing unconsitutional about the system, and a Judicial Review of a > > > > I don't think anyone can be sure of how the Courts might > > rule, but I wouldn't entirely rule out a decision against > > the system. The constitution is sufficiently broad in its > > wording that it can't and doesn't specify every little > > detail of what constitutes an acceptable electoral > > system, which is of course why the Gov can mess around > > with the law in this area. > > > > The McKenna Judgement is a clear example of the Courts > > ruling against something on general principles of > > democracy rather than on a narrow technical reason. > > > > That the constitution doesn't say "No E-Voting shall be > > permitted" doesn't mean the Courts mightn't decide that > > e-voting (or Nedap in particular) is contrary to > > democracy. > > > > I do think getting some legal people on board would be > > very useful. > > > > sares > > > > _______________________________________________ > > E-voting mailing list > > E-voting@lists.stdlib.net > > http://lists.stdlib.net/mailman/listinfo/e-voting > > > > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting From electionNOT at polarbears.com Thu Jun 5 19:49:46 2003 From: electionNOT at polarbears.com (Ciaran Quinn) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Name References: <20030604161109.GA22271@prodigy.Redbrick.DCU.IE> Message-ID: <3F087066.BB2A7AC0@polarbears.com> How about something like IVVER - Irish Voters for Verifiable Election Results (sounds like uimhir, the Irish for number) or PRSTV - People for the Retention of Safe Transparent Voting Ciaran Quinn Margaret McGaley wrote: > > This campaign needs a name. Any suggestions? (Good acronyms > preferred :) ) > > Margaret > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting -- Irish Election Database http://election.polarbears.com From Margaret.McGaley at redbrick.dcu.ie Mon Jun 9 18:07:12 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:29 2004 Subject: Buy Irish was Re: [E-voting] name In-Reply-To: <20030606095628.GC21439@prodigy.Redbrick.DCU.IE> References: <5.1.1.6.0.20030606100726.00a189b0@mail1.eircom.net> <20030606095628.GC21439@prodigy.Redbrick.DCU.IE> Message-ID: <20030609170710.GA12182@prodigy.Redbrick.DCU.IE> On Fri, Jun 06, 2003 at 10:56:28AM +0100, Dave Madden wrote: > > We might possibly argue that > there's a security issue involved, in the same way that > only US cizitens can work on some US military projects, > This was the argument that prompted me to put "developed here" in the original list of requirements. But it was never of top priority for me, and I've realised that it has to much potential for misunderstandings, so I've taken it out. Margaret From email at davidcochrane.com Mon Jun 9 20:37:22 2003 From: email at davidcochrane.com (David Cochrane) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Name In-Reply-To: <20030609141356.GA23128@prodigy.Redbrick.DCU.IE> Message-ID: For those who know the horror regarding .ie registration (it took me months to get Politics.ie) the process if enought to shy people away from the idea. .org cost less than ?10 .ie cost AT LEAST ?85 and you need an RBN (an officially recogised Registered Business Name costing ?30 from Companies House). I'd put a few quid toward this .ie registration if required (tenner each?). evoting.ie seems ok - the iedr rules are getting more relaxed, so I can't see a problem with this, as long as we follow procedure. So have we got a name name then? Regards Dave -----Original Message----- From: e-voting-bounces@lists.stdlib.net [mailto:e-voting-bounces@lists.stdlib.net]On Behalf Of Margaret McGaley Sent: 09 June 2003 15:14 To: Campaign against Electronic Voting in Ireland Subject: Re: [E-voting] Name Is there any chance of getting .ie URL ? evoting.ie would be perfect for radio. Margaret _______________________________________________ E-voting mailing list E-voting@lists.stdlib.net http://lists.stdlib.net/mailman/listinfo/e-voting From aecolley at spamcop.net Mon Jun 9 20:40:41 2003 From: aecolley at spamcop.net (Adrian Colley) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Campaign goals In-Reply-To: <20030609134459.GB11717@prodigy.Redbrick.DCU.IE> References: <20030609134459.GB11717@prodigy.Redbrick.DCU.IE> Message-ID: <20030609194041.GB420@cornerstone.colley.ie> On Mon, Jun 09, 2003 at 02:45:03PM +0100, Margaret McGaley wrote: > - to ensure that any electronic voting system introduced in Ireland meets the > following criteria > - a booth is used, analagous to the traditional polling booth, > - all development uses formal methods, > - votes are printed on a paper ballot to be verified by the voter, And the paper ballot must be the primary record of the vote in the event of a discrepancy. (Actually, there should be a mighty hoo-haa in the event of a discrepancy, but I digress.) > - all source code is publicly available. And installed binaries. (Reflections on trusting trust.) > The question of copyright on the source code is a prickly one. Does this really matter? I brought my asbestos swimming togs, but I still don't see why we should drag the software licensing wars into this. If every citizen can read and run the code without restriction, isn't that enough? --Adrian. From aecolley at spamcop.net Mon Jun 9 20:33:51 2003 From: aecolley at spamcop.net (Adrian Colley) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Summary: why you shouldn't want electronic voting In-Reply-To: <200306091119.46538.adelaney@cs.may.ie> References: <20030606202228.GA507@cornerstone.colley.ie> <200306091119.46538.adelaney@cs.may.ie> Message-ID: <20030609193351.GA420@cornerstone.colley.ie> On Mon, Jun 09, 2003 at 11:19:46AM +0100, Aidan Delaney wrote: > For the record, I support an electronic booth voting system (not internet > voting [i-voting?]) based on three critera > a) the mercuri method > b) formally developed > c) open source and modifiable > But *not* the currently proposed system :) I detect a terminology conflict. I've been assuming that "electronic voting" means that the primary record of each vote is stored electronically (what the industry calls direct recording electronic (DRE) voting). The Mercuri method is not within this definition, because the printed ballot is the primary record. I'm not nearly daft enough to fight over terms, but I think it's important we all understand what we mean by our terms. Can anyone set me right here? >> When a voter marks a ballot paper, he or she understands how the >> paper "works" > If I may extrapolate the statement that the voter understands how the paper > works: The voter understands how the paper works, but not the system. That's quite true. I didn't address the question of how the votes are counted, because I don't see it as a problem. I'm concerned only with the question of how the votes are recorded, because that's the part of the system which is under threat. As far as I can see, the two questions are completely orthogonal -- ballot integrity does not depend on the method of counting, and vice versa. > Our > PR system contains may legislative count-corner-cutting techniques and other > count-corner-cutting techniques are used in practice. The system is > inherently non-deterministic from an algorithmic point of view. This means > that the current counting system, whilst acceptable, is inherently unfair. I have heard (fuzzy memory from the 2002 election coverage) that in the event of a recount, the corner-cutting is discarded and proper STV is applied. If so, then the current system isn't really unfair (as far as counting methods are concerned). I'd appreciate being corrected on this (mis-)belief, of course. > A secure e-voting (electronic booth voting) system _will_ allow the > legislation to become more clear and the algorithm for the count to become > more deterministic (there are points which a coin _has_ to be flipped). Thus > if there are no count-corner-cutting methods I think the voter (me) will > understand the system more easily. > So I believe your premise on e-voting to be incorrect. I apologise if I have > incorrectly extrapolated your statement and would value a rebuttal of my > argument. I'm entirely in favour of eliminating the count-corner-cutting methods, and I completely agree that a Mercuri system would help, and that voters would more easily understand how their votes are counted. But I don't see what this has to do with my statement, which (unless I f'ed it up) argued that voters must be convinced _that_ their votes are recorded and counted. --Adrian. From aecolley at spamcop.net Mon Jun 9 21:37:38 2003 From: aecolley at spamcop.net (Adrian Colley) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Campaign goals In-Reply-To: <20030609140232.GA74153@kilmainham.stdlib.net> References: <20030609134459.GB11717@prodigy.Redbrick.DCU.IE> <1055166958.46645.7.camel@pancake.netability.ie> <20030609140232.GA74153@kilmainham.stdlib.net> Message-ID: <20030609203738.GC420@cornerstone.colley.ie> On Mon, Jun 09, 2003 at 03:02:32PM +0100, Colm MacC?rthaigh wrote: > What grounds are there for bringing the case to court? There's certainly > nothing unconsitutional about the system, and a Judicial Review of a > Ministerial Decision endorsed at the committee and legislative stages > by our elected representatives is a non-starter. > > What angle do you get it in to court? I'm not a legal avian of any kind, but I imagine/hope something like this would be the basis: If the Oireachtas were to reform voting in such a way that each voter (instead of marking a ballot paper) would tell his/her voting choices to a committee of trustworthy officials, and that the committee members would be required to faithfully record all the votes and produce a report giving the result of the election, then any reasonable person could clearly see that this reform was so reckless with the privacy and integrity of the ballot that it violated the Constitutional obligation on the State (article 40.3) to defend as far as practicable the rights of the citizen, in particular the right to vote and the right to secrecy in the ballot cast. Therefore it is possible for the voting system to be so insecure that its selection is reckless and unconstitutional. The present e-voting system is similar to the one described above, substituting `computer system designed and maintained by trustworthy officials' for `committee of trustworthy officials'. The two systems are recklessly insecure for very similar reasons. Therefore the present Nedap/Powervote system is unconstitutional. (The argument's a bit fuzzy around the edges, but then I'm a software engineer, not a barrister.) Incidentally, the only one of our legislators who raised substantial objections to the security of this system while its legislative framework was being debated is Sen. Feargal Quinn, who made an excellent lunchtime speech on the bill at second stage . I agree with his comments in every respect but one: "I am not so worried about fraud as I am a trusting person and am sure nobody here would attempt this." Unfortunately, his well-expressed concerns were dismissed by Noel Dempsey with a mention of the useless "audit trail" function and a reference to testing "by reputable technical institutes in Holland and Germany". These replies appear to have been accepted uncritically. --Adrian. From election at polarbears.com Tue Jun 10 01:09:31 2003 From: election at polarbears.com (Ciaran Quinn) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Campaign goals References: <20030609134459.GB11717@prodigy.Redbrick.DCU.IE> <20030609140232.GA74153@kilmainham.stdlib.net> Message-ID: <3EE521BB.2312AFAC@polarbears.com> .. > > What grounds are there for bringing the case to court? There's certainly > nothing unconsitutional about the system, and a Judicial Review of a > Ministerial Decision endorsed at the committee and legislative stages > by our elected representatives is a non-starter. > > What angle do you get it in to court? > You could argue (I think) that an essential feature of a democratic election is that those contesting the election are able to verify that the result is correct, and that this is not possible using the Nedap system, thereby contravening Article 5. Article 5: Ireland is a sovereign, independent, democratic state. Ciaran Quinn (not a lawyer) > -- > Colm MacC?rthaigh Public Key: colm+pgp@stdlib.net > colm@stdlib.net http://www.stdlib.net/ > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting From adelaney at cs.may.ie Tue Jun 10 10:57:49 2003 From: adelaney at cs.may.ie (Aidan Delaney) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Campaign goals In-Reply-To: <20030609194041.GB420@cornerstone.colley.ie> References: <20030609134459.GB11717@prodigy.Redbrick.DCU.IE> <20030609194041.GB420@cornerstone.colley.ie> Message-ID: <200306101057.56233.adelaney@cs.may.ie> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > If every citizen can read and run the code without > restriction, isn't that enough? I don't want to get into specific licencing issues either, but I think that every citizen needs the right to read, run and _modify_ the code. I'd like to run the code through a debugger and put some print statements in it. - -- Thanks, Aidan Delaney - -- If anyone has both the right and the need to study the code and be assured of its correct functioning, it is users. -- Whitfield Diffie Checksums of bad data tell you only: "yup, that's exactly the same bad data the other guy has" -- Tom Lord gpg key: http://minds.cs.may.ie/~balor/public_key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE+5aukR5d8aoUiMO0RAvd1AJ4kL5fqPaLncYFlaVA/EcSMHNUSLQCfR1rj p0XF5E7V52XPV1/VyogB6Nw= =IDOC -----END PGP SIGNATURE----- From sares at Redbrick.DCU.IE Tue Jun 10 11:31:35 2003 From: sares at Redbrick.DCU.IE (Dave Madden) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Summary: why you shouldn't want electronic voting In-Reply-To: <20030609193351.GA420@cornerstone.colley.ie> References: <20030606202228.GA507@cornerstone.colley.ie> <200306091119.46538.adelaney@cs.may.ie> <20030609193351.GA420@cornerstone.colley.ie> Message-ID: <20030610103135.GA7009@prodigy.Redbrick.DCU.IE> On Mon, Jun 09, 2003 at 08:33:51PM +0100, Adrian Colley wrote: > On Mon, Jun 09, 2003 at 11:19:46AM +0100, Aidan Delaney wrote: > > For the record, I support an electronic booth voting system (not internet > > I detect a terminology conflict. I've been assuming that "electronic > voting" means that the primary record of each vote is stored > electronically (what the industry calls direct recording electronic > (DRE) voting). The Mercuri method is not within this definition, Well he did say "electronic booth voting", which is I suppose a little different to DRE, in that it includes DRE but could also include other systems. As for DRE + Mercuri, I think "hybrid" is probably the best way to describe it - it's neither purely electronic nor purely paper based. Having said that, hybrid could mean anything, so DRE + Mercuri is probably clearer. We all know what we mean :) And on a similar note, I-Voting is a better phrase than EI-Voting, since (excluding the RFC on Pidgeon-based transport protocols) the Internet does tend to use "electronic" tech, making the 'E' in "EI-Voting" redundant. Wow, this mail has maganed to be both half-on-topic and get so... what's the right phrase? :) > understand what we mean by our terms. Can anyone set me right here? Either that or just confuse the issue further. > the part of the system which is under threat. As far as I can see, > the two questions are completely orthogonal -- ballot integrity > does not depend on the method of counting, and vice versa. Interesting. > I have heard (fuzzy memory from the 2002 election coverage) that On a similar "I've heard...", a friend of mine from Malahide says that when she voted with the Nedap system that there was some sort of printer. She wasn't clear if it actually printed anything, and she might just be completely wrong, but I was wondering: who here has used the new system, and does it have some sort of provision for Mercuri? I hadn't heard this before, so I'm sceptical of her claim, but it would be important, were it true. > I'm entirely in favour of eliminating the count-corner-cutting > methods, and I completely agree that a Mercuri system would help, > and that voters would more easily understand how their votes are Mercuri would be great if it could/can be done, but can it? I've yet to hear anyone explain to my satisfaction how it would work in practice. What's the procedure when some the electronic vote doesn't match the paper one? i.e. What happens if the wrong choice is printer onto the paper? Dave Madden From sares at Redbrick.DCU.IE Tue Jun 10 11:41:27 2003 From: sares at Redbrick.DCU.IE (Dave Madden) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Campaign goals In-Reply-To: <200306101057.56233.adelaney@cs.may.ie> References: <20030609134459.GB11717@prodigy.Redbrick.DCU.IE> <20030609194041.GB420@cornerstone.colley.ie> <200306101057.56233.adelaney@cs.may.ie> Message-ID: <20030610104127.GB7009@prodigy.Redbrick.DCU.IE> On Tue, Jun 10, 2003 at 10:57:49AM +0100, Aidan Delaney wrote: > > If every citizen can read and run the code without > > restriction, isn't that enough? > I don't want to get into specific licencing issues either, but I think that > every citizen needs the right to read, run and _modify_ the code. I'd like > to run the code through a debugger and put some print statements in it. Firstly, to what degree might there be h/w issues - I presume that some of the tech used by Nedap is entirely non-standard for a regular PC. Secondly, the old thorny issue: how do we know the FreeVote (or whatever silly name the software might have) is what's really on the booths, unmodified? BTW, in an earlier post I refered to a printer on the booths, and another posters post jogged my memory, it is of course for the blasted "audit trail". What a joke. Another point: looking at the design of Nedap, I don't think the real weak point is the booth. Sure, it's a potential target, but the better one by far is the PC running the software that amalgamates the votes. It runs on a standard PC (afaik), uses standard s/w (MS Access, I think - can someone confirm) and most of all, has access to all of the constituency data. What's more, it's possible that since it can read from the "ballots", for obvious reasons it might well have been fitted with h/w that also has write capabilities, raising the possibility that the booths could be aok, but the data could be modified by the count PC, not only changing the displayed result, but also the evidence. I wonder - does the "audit trail" data get stored seperately from the ballot, so that a paper trail would at least show up this kind of attack? Dave Madden From P at draigBrady.com Tue Jun 10 11:51:29 2003 From: P at draigBrady.com (P@draigBrady.com) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] jfreevote Message-ID: <3EE5B831.3040708@draigBrady.com> Dave Madden wrote: > Secondly, the old thorny issue: how do we know the FreeVote (or > whatever silly name the software might have) is what's really on > the booths, unmodified? That reminds me. Mentioned in: http://www.linux-magazine.com/issue/32/WorldNews.pdf is: http://votobit.unileon.es/ http://www.eurielec.etsit.upm.es/~jamc/work/jfreevote-1.0/ You may find http://www.freetranslation.com/web.htm useful P?draig. From patrick at kobly.com Tue Jun 10 17:33:32 2003 From: patrick at kobly.com (Patrick J. Kobly) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Re: FC: Electronic voting inIrelandencounterscriticism In-Reply-To: References: <20030606210429.GA27657@www.kobly.com> Message-ID: <20030610163332.GA369@www.kobly.com> On Sat, Jun 07, 2003 at 12:23:10AM +0100, adam beecher wrote: > > The ballot papers are kept by the DRO / poll clerk, in their sight at > > all times, making it rather difficult to steal a ballot. They are > > individually marked on the counterfoil with a unique number (the > > counterfoil is removed prior to depositing the ballot in the box.) > > > Again, this is my own fault, I was referring to the registration cards, as I > mentioned earlier. My apologies again. That said, I don't remember ever > removing a counterfoil before voting. I fold my ballot paper up and stick it > in the box. No-one's ever asked me for a counterfoil, and I've never seen > anyone else removing one. Actually, now I come to think of it, I've never > seen initials on my ballot card either, and I'd be pretty worried if the > clerk checked my ballot before I placed it in the ballot box. I think we're > talking about two different cards here. We are talking about two different things here. I didn't make it clear that I'm in Canada, and was describing the physical security measures in place here for our paper voting system. > > The point that was being made is that physical security measures > > undertaken for a physical process are significantly easier to > > understand for the average person than virtual security measures > > undertaken for a virtual process by a black box. > > > I understand that, and I don't think I objected to that anywhere in my post. PK -- Bow down before the one you serve You're going to get what you deserve -NIN -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.stdlib.net/pipermail/e-voting/attachments/20030610/45676aed/attachment.bin From Margaret.McGaley at redbrick.dcu.ie Wed Jun 11 14:48:00 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Summary: why you shouldn't want electronic voting In-Reply-To: <20030609193351.GA420@cornerstone.colley.ie> References: <20030606202228.GA507@cornerstone.colley.ie> <200306091119.46538.adelaney@cs.may.ie> <20030609193351.GA420@cornerstone.colley.ie> Message-ID: <20030611134759.GB26971@prodigy.Redbrick.DCU.IE> On Mon, Jun 09, 2003 at 08:33:51PM +0100, Adrian Colley wrote: > > I detect a terminology conflict. I've been assuming that "electronic > voting" means that the primary record of each vote is stored > electronically (what the industry calls direct recording electronic > (DRE) voting). The Mercuri method is not within this definition, > because the printed ballot is the primary record. I'm not nearly > daft enough to fight over terms, but I think it's important we all > understand what we mean by our terms. Can anyone set me right here? > I think it's safe to use the phrase "electronic voting" for any vote-collection system which involves electronic devices, whether it implements the Mercuri method or not. Margaret From Margaret.McGaley at redbrick.dcu.ie Wed Jun 11 14:49:32 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Name In-Reply-To: References: <20030609141356.GA23128@prodigy.Redbrick.DCU.IE> Message-ID: <20030611134931.GC26971@prodigy.Redbrick.DCU.IE> On Mon, Jun 09, 2003 at 08:37:22PM +0100, David Cochrane wrote: > I'd put a few quid toward this .ie registration if required (tenner each?). > I'll contribute :) > evoting.ie seems ok - the iedr rules are getting more relaxed, so I can't > see a problem with this, as long as we follow procedure. > I think evoting.ie would be ideal. Would it take long to organise? > So have we got a name name then? > It has my vote. ;) Margaret From Margaret.McGaley at redbrick.dcu.ie Wed Jun 11 14:51:37 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Campaign goals In-Reply-To: <20030609194041.GB420@cornerstone.colley.ie> References: <20030609134459.GB11717@prodigy.Redbrick.DCU.IE> <20030609194041.GB420@cornerstone.colley.ie> Message-ID: <20030611135136.GD26971@prodigy.Redbrick.DCU.IE> On Mon, Jun 09, 2003 at 08:40:41PM +0100, Adrian Colley wrote: > > > The question of copyright on the source code is a prickly one. > > Does this really matter? I brought my asbestos swimming togs, but > I still don't see why we should drag the software licensing wars > into this. If every citizen can read and run the code without > restriction, isn't that enough? > To be honest, the only potential problem I can see with that is someone pointing out a flaw, and the vendor refusing to fix it. But I'm sure that could be handled with contracts. Margaret From Margaret.McGaley at redbrick.dcu.ie Wed Jun 11 15:17:30 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Campaign goals In-Reply-To: <20030610104127.GB7009@prodigy.Redbrick.DCU.IE> References: <20030609134459.GB11717@prodigy.Redbrick.DCU.IE> <20030609194041.GB420@cornerstone.colley.ie> <200306101057.56233.adelaney@cs.may.ie> <20030610104127.GB7009@prodigy.Redbrick.DCU.IE> Message-ID: <20030611141729.GE26971@prodigy.Redbrick.DCU.IE> On Tue, Jun 10, 2003 at 11:41:27AM +0100, Dave Madden wrote: > > Another point: looking at the design of Nedap, I don't think the real > weak point is the booth. Sure, it's a potential target, but the better > one by far is the PC running the software that amalgamates the votes. It > runs on a standard PC (afaik), uses standard s/w (MS Access, I think - > can someone confirm) and most of all, has access to all of the > constituency data. > from http://minds.cs.may.ie/~lovelace/E-Voting/FoI_request/Elect_Voting_Info_Paper.pdf (sorry about the dreadful URL, roll on evoting.ie) (IES = Integrated Election System -- the count software, and the system which initialiases the "modules") "The IES runs on a standard computer running Microsoft Windows 95 or later versions. It consists of approximately 200,000 lines of code in 150/180 source code units. When in use the system records data in a Microsoft Access database. Typically the software is reinstalled before each election as a security feature and to ensure that all updates to election legislation are reflected in the software used for the election." > What's more, it's possible that since it can read from the "ballots", > for obvious reasons it might well have been fitted with h/w that also > has write capabilities, raising the possibility that the booths could be > aok, but the data could be modified by the count PC, not only changing > the displayed result, but also the evidence. > It definitely has write capabilities, since it initialiases the modules. The file cited above doesn't say whether it can write to the vote part of the module, but since the voting machines have the functionality to wipe the backup module ... > I wonder - does the "audit trail" data get stored seperately from the > ballot, so that a paper trail would at least show up this kind of > attack? > I'm quite sure the "audit trail" is just calculated from the votes on the module. Margaret From email at davidcochrane.com Wed Jun 11 17:16:44 2003 From: email at davidcochrane.com (David Cochrane) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Name Message-ID: Should we have an online poll or something to see if people think evoting.ie is a good idea? :) > On Mon, Jun 09, 2003 at 08:37:22PM +0100, David Cochrane wrote: > > I'd put a few quid toward this .ie registration if required (tenner each?). > > > > I'll contribute :) > > > evoting.ie seems ok - the iedr rules are getting more relaxed, so I can't > > see a problem with this, as long as we follow procedure. > > > > I think evoting.ie would be ideal. Would it take long to organise? > > > So have we got a name name then? > > > > It has my vote. ;) > > Margaret > > _______________________________________________ > E-voting mailing list > E-voting@lists.stdlib.net > http://lists.stdlib.net/mailman/listinfo/e-voting > > Regards Dave Cochrane e: email@davidcochrane.com p: (085) 721 3132 Now watch what you say Or they?ll be calling you a radical A liberal, oh fanatical, criminal Oh won?t you sign up your name We?d like to feel you?re acceptable, Respectable, oh presentable, a vegetable! From Margaret.McGaley at redbrick.dcu.ie Mon Jun 16 18:21:40 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Press pack Message-ID: <20030616172140.GA14645@prodigy.Redbrick.DCU.IE> Hi all, Over the next week I hope to put together a press pack for this campaign. If you have any ideas for contents please let me know. Margaret From phowe at tribune.ie Tue Jun 17 16:32:17 2003 From: phowe at tribune.ie (Paul Howe) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Press pack In-Reply-To: <20030616172140.GA14645@prodigy.Redbrick.DCU.IE> References: <20030616172140.GA14645@prodigy.Redbrick.DCU.IE> Message-ID: Hi Margaret, Would officials/experts in the UN (or EU) have any concerns or comments to make on electronic voting, and specifically our proposed form? Regards Paul Private, Confidential and Privileged This e-mail and any files and attachments transmitted with it are confidential and/or privileged. They are intended solely for the use of the intended recipient. Any views and opinions expressed are those of the individual author/sender and are not necessarily shared or endorsed by Tribune Newspapers PLC or any associated or related company. The content of this e-mail and any file or attachment transmitted with it may have been changed or altered without the consent of the author. If you are not the intended recipient, please note that any review, dissemination, disclosure, alteration, printing, circulation or transmission of this e-mail and/or any file or attachment transmitted with it, is prohibited and may be unlawful. If you have received this e-mail or any file or attachment transmitted with it in error please notify Tribune Newspapers PLC, by return e-mail or 15 Lower Baggot Street, Dublin 2, Ireland. Tel: 00 353 1 6314300 Fax 6314390 From Margaret.McGaley at redbrick.dcu.ie Tue Jun 24 17:06:19 2003 From: Margaret.McGaley at redbrick.dcu.ie (Margaret McGaley) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Dail Questions Message-ID: <20030624160618.GA22124@prodigy.Redbrick.DCU.IE> On Tuesday of last week, Eamon Gilmore (Labour Party Spokesperson on the Environment and Local Government) asked a question in the Dail. The question and response (from Pat The Cope Gallagher, minister of state at the dept. of Environment and Local Government) are available at: http://www.redbrick.dcu.ie/~afrodite/E-Voting/dail_question.shtml I'll be adding it to the site properly as soon as I can, and I'll be including my response. Margaret -- Margaret McGaley Margaret.McGaley@redbrick.dcu.ie http://www.redbrick.dcu.ie/~afrodite/E-Voting/ From colm at stdlib.net Tue Jun 24 18:24:56 2003 From: colm at stdlib.net (Colm MacCarthaigh) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Dail Questions In-Reply-To: <20030624160618.GA22124@prodigy.Redbrick.DCU.IE> References: <20030624160618.GA22124@prodigy.Redbrick.DCU.IE> Message-ID: <20030624172456.GA11046@castlerea.stdlib.net.> On Tue, Jun 24, 2003 at 05:06:19PM +0100, Margaret McGaley wrote: > http://www.redbrick.dcu.ie/~afrodite/E-Voting/dail_question.shtml I think the final 2 points made by the minister are the most worth countering. The extent to which they reveal an incomprehensible level of ignorance would be funny save for the seriousness of the situation. > Fifth, the report lays emphasis on a procedure promoted by an American > writer on the need for a system to produce a paper ballot which would be > retained in the voting machine and which could be used in a manual count > later. This idea, while it may be suitable in other countries, would not > be suitable here as it could endanger the secrecy of the ballot and > moreover it would not be useful for a recheck on the electronic count > result, due to the requirement to mix the votes before the count > commences. However, our system will print a ballot paper for each vote > if required by a Court order in an election petition hearing. The > printed ballot paper in such a case would have the details of the > movement of the vote at different counts. This entire point is simply wholly inaccurate, it's simply laughable. > Sixth, the report refers to the non-availability of the source code > for the system especially the count source code. The making available of > the source code raises important commercial and security issues and it > is a matter under consideration in my Department. Don't ... even ... know ... where ... to ... begin. -- Colm MacC?rthaigh Public Key: colm+pgp@stdlib.net colm@stdlib.net http://www.stdlib.net/ From sares at Redbrick.DCU.IE Tue Jun 24 22:16:46 2003 From: sares at Redbrick.DCU.IE (Dave Madden) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Dail Questions In-Reply-To: <20030624172456.GA11046@castlerea.stdlib.net.> References: <20030624160618.GA22124@prodigy.Redbrick.DCU.IE> <20030624172456.GA11046@castlerea.stdlib.net.> Message-ID: <20030624211646.GA12524@prodigy.Redbrick.DCU.IE> On Tue, Jun 24, 2003 at 06:24:56PM +0100, Colm MacCarthaigh wrote: > On Tue, Jun 24, 2003 at 05:06:19PM +0100, Margaret McGaley wrote: > > http://www.redbrick.dcu.ie/~afrodite/E-Voting/dail_question.shtml > > I think the final 2 points made by the minister are the most worth > countering. The extent to which they reveal an incomprehensible > level of ignorance would be funny save for the seriousness of the > situation. Yeah, it's pretty shocking alright. BTW, there was an article in the Irish Times today by David Begg of ICTU, who's going to chair a new independent body called the Democracy Commission. As far as I can see it's a non-governmental lobby group that plans to "audit" Irish democracy. Now on one level I think it's an idea that's flawed by the fact that Begg seems convinced that the solution to problems with our democracy is left-wing economics, which seems to me to be (at the least) jumping the gun a little given that this "audit" hasn't even begun. OTOH, even if it's more deeply flawed than I imagine, it's hard to see any organisation that wants to stand up for democracy enthusiastically embracing the planned e-voting system, so maybe they'd take on board the ideas of this campaign. (Does is have a definite name yet? E-voting.ie is it?) www.tascnet.ie seems to have some info. Dave PS Any left-wingers who want to criticise the above, please mail me off list! From colmmacc at stdlib.net Tue Jun 24 18:24:56 2003 From: colmmacc at stdlib.net (Colm MacCarthaigh,,,) Date: Fri Apr 23 16:54:29 2004 Subject: [E-voting] Dail Questions In-Reply-To: <20030624160618.GA22124@prodigy.Redbrick.DCU.IE> References: <20030624160618.GA22124@prodigy.Redbrick.DCU.IE> Message-ID: <20030624172456.GA11046@castlerea.stdlib.net.> On Tue, Jun 24, 2003 at 05:06:19PM +0100, Margaret McGaley wrote: > http://www.redbrick.dcu.ie/~afrodite/E-Voting/dail_question.shtml I think the final 2 points made by the minister are the most worth countering. The extent to which they reveal an incomprehensible level of ignorance would be funny save for the seriousness of the situation. > Fifth, the report lays emphasis on a procedure promoted by an American > writer on the need for a system to produce a paper ballot which would be > retained in the voting machine and which could be used in a manual count > later. This idea, while it may be suitable in other countries, would not > be suitable here as it could endanger the secrecy of the ballot and > moreover it would not be useful for a recheck on the electronic count > result, due to the requirement to mix the votes before the count > commences. However, our system will print a ballot paper for each vote > if required by a Court order in an election petition hearing. The > printed ballot paper in such a case would have the details of the > movement of the vote at different counts. This entire point is simply wholly inaccurate, it's simply laughable. > Sixth, the report refers to the non-availability of the source code > for the system especially the count source code. The making available of > the source code raises important commercial and security issues and it > is a matter under consideration in my Department. Don't ... even ... know ... where ... to ... begin. -- Colm MacC?rthaigh Public Key: colm+pgp@stdlib.net colm@stdlib.net http://www.stdlib.net/