[E-voting] Irish Computer Mag April 2004

Michael McMahon michael at hexmedia.com
Sat Apr 17 11:21:39 IST 2004


Patrick OBeirne wrote:

> http://www.irishcomputer.com/soapbox.htm
>  Soapbox, p.24 "e-voting: an issue of trust", Tony Mulqueen
> Security POV: analyses the points of attack.
> Asks for source code to be made public.
> Describes system as client/server with PCs at voting stations and 
> later refers to voting machine floppy drive so may be thinking of US 
> system
> Asks for digital signature on disk akin to ballot box seal. (again, 
> does not speak of ballot modules)
> "No getting away from paper trail, trust will not exist without one" 
> but asks for "receipt issued to the customer" which people on this 
> list would point out allows for coercion or vote buying.
>
He is a bit vague in the article, but he could be referring to encrypted 
receipts
because nobody is seriously suggesting issuing receipts that show who 
you voted for.

These (take-away) receipts are encrypted but verifiable in two stages. 
Before you leave the
booth, the receipt (together with other information you only have in the 
booth)
shows who you voted for. After you leave the polling station, the 
receipt can only
be used to verify your vote was included (unaltered) in the count. It 
does not show
who you voted for.

The only threat to secrecy here, is that the encryption scheme might be 
compromised.
We have argued this point before, but these systems
use the same techniques as digital signatures, and since the "Electronic 
Commerce Act (2000)"
digital signatures are recognised in law. It would be absurd to argue that
they can be used for legally binding contracts, but not for voting.

Michael.





More information about the E-voting mailing list