[E-voting] The VVAT Debate - Technical or Not ?
mail2 at sysmod.com
Tue Mar 9 14:59:52 GMT 2004
At 14:07 09/03/2004, Michael McMahon wrote:
>These models can certainly be applied to parts of the problem, eg. hardware
>errors. But for detecting software errors, and particularly malicious
>kinds of errors, I'm not so sure. I'm sure research has been done, and I'd
>to look at it, but the topic is bound to be controversial and I'm not
When looking at malicious tampering, we also have to consider that the
perpetrators will game the system; if they know what the sampling scheme
is, they can try to inject tampering in ways that stand a better chance of
not being sampled.
>There is also the issue of effective sample sizes. You can't take a sample
>from an individual (constituency) election. At this level, auditing has to
>be all or nothing.
I think that depends on what you are trying to detect by sampling. If you
require a 100% guarantee that you will not miss ANY error, you must have
100% checking. A 99.997% assurance might be obtained by a 10% sample
(SWAG, don't take that as serious), depending on all the other things. The
choice of 99.997% or 99% or 95% or whatever is a political decision I
suppose .. unless some voting experts know how much uncertainty is accepted
in the present system,
>That's interesting. I'm not an accountant so it's news to me.
An accountant will process every transaction. An auditor is a higher level
check on the accountant and so takes samples.
>I'm not an academic, and I think you know more about statistics
>than I do, so I'm happy to read your views on the subject.
Unfortunately I can't offer more than half-remembered techniques.
Then again, this group cannot be expected to produce a sampling design for
an election system. There are professionals paid for this kind of thing.
But then yet again, we said that about the design for the evoting hw & sw
in the election system. When I expressed regret before that IT
professionals took a while to wake up, it was pointed out that we were not
in charge and had proceeded on trust given the lack of evidence that
apparently needed loads of FOI expenditure to extract. We just had to
assume, as the ICS 25 statement says, "Selection by the Department of the
Environment and contractual commitment by the supplier will therefore have
taken these requirements clearly and specifically into account." The lack
of VVAT only became apparent as an obvious flaw to me, anyway, after I
began to think of this system from the POV of verifiability.
More information about the E-voting