[E-voting] The VVAT Debate - Technical or Not ?

Patrick O'Beirne mail2 at sysmod.com
Tue Mar 9 14:59:52 GMT 2004

At 14:07 09/03/2004, Michael McMahon wrote:

>These models can certainly be applied to parts of the problem, eg. hardware
>errors. But for detecting software errors, and particularly malicious 
>kinds of errors, I'm not so sure. I'm sure research has been done, and I'd 
>to look at it, but the topic is bound to be controversial and I'm not 
>convinced (yet).

When looking at malicious tampering, we also have to consider that the 
perpetrators will game the system; if they know what the sampling scheme 
is, they can try to inject tampering in ways that stand a better chance of 
not being sampled.

>There is also the issue of effective sample sizes. You can't take a sample
>from an individual (constituency) election. At this level, auditing has to 
>be all or nothing.

I think that depends on what you are trying to detect by sampling. If you 
require a 100% guarantee that you will not miss ANY error, you must have 
100% checking.  A 99.997% assurance might be obtained by a 10% sample 
(SWAG, don't take that as serious), depending on all the other things. The 
choice of 99.997% or 99% or 95% or whatever is a political decision I 
suppose .. unless some voting experts know how much uncertainty is accepted 
in the present system,

>That's interesting. I'm not an accountant so it's news to me.

An accountant will process every transaction. An auditor is a higher level 
check on the accountant and so takes samples.

>I'm not an academic, and I think you know more about statistics
>than I do, so I'm happy to read your views on the subject.

Unfortunately I can't offer more than half-remembered techniques.

Then again, this group cannot be expected to produce a sampling design for 
an election system. There are professionals paid for this kind of thing. 
But then yet again, we said that about the design for the evoting hw & sw 
in the election system. When I expressed regret before that IT 
professionals took a while to wake up, it was pointed out that we were not 
in charge and had proceeded on trust given the lack of evidence that 
apparently needed loads of FOI expenditure to extract. We just had to 
assume, as the ICS 25 statement says,  "Selection by the Department of the 
Environment and contractual commitment by the supplier will therefore have 
taken these requirements clearly and specifically into account."  The lack 
of VVAT only became apparent as an obvious flaw to me, anyway, after I 
began to think of this system from the POV of  verifiability.



More information about the E-voting mailing list