[E-voting] Commission on Electronic Voting

Colm MacCarthaigh colm at stdlib.net
Thu Mar 11 12:07:31 GMT 2004


On Thu, Mar 11, 2004 at 11:48:46AM +0000, Cian wrote:
> On Thu, Mar 11, 2004 at 10:40:20AM +0000, Margaret McGaley wrote:
> > http://www.cev.ie/
> > 
> > They have an ad in the Indo today, calling for submissions (probably in the
> > other papers too).
> > 
> Truly, the Civil Service is a remarkable and magical entity. They set up
> *fast*. Okay, so what do we need to do to get our submission in? Margaret,
> shall we put together an initial draft this evening?

I started trying to gather some stuff together, and keeping a working
copy at:

	http://www.stdlib.net/~colmmacc/submission.txt

as a convienent thing I can copy and paste ideas from later. 

> I figure we should get a nice, professional submission in as soon as possible.
> We have a tonne of information to put in it, though - what do people think we
> should prioritise?

I think it makes sense to split into accuracy and secrecy sections,
with the latter being much much shorter. And maybe points along the
lines of:

	1. Introduction
	
		who we are, what our concerns are roughly, why
		we think they're serious

	2. Accuracy

	i) The big concerns, things that are immutable:

		Accuracy is unverifiable by anyone (including the
		commision) without VVAT

		Electronic systems are not open to human verification
	
		Reflections on trusting trust

		Point out that voting is an unusual system in which
		we can't observe the input - it has to be secret -
		so it's not like any other software system where
		we can detec procedural problems more trivially

		It's impossible to verify the accuracy of anything
		without somethign to compare it with

	ii) Pragmatic concerns concerning the Irish system	

		Explanation of KISS and why it's important

		Explanation of how Powervote don't seem to follow
		the principals of KISS

		Lack of extensive testing

		Lack of good security criteria

		Lack of good consultation

	3. Secrecy

		Possible lack of secrecy in the ballot module due to
		bad seeding - we just don't know, but not a serious
		concern

		Complete lack of secrecy for persons wishing to
		abtain

	4. Outline of practical threats and considerations

		Errors due to software quality

		Physical security of ballot modules

		Authorised persons modifying the counting software

		Trivial man-in-the-middle attacks

		Threats posed by the well-resourced

	5. Footnotes, about the authors, definitions and so on 
	

All of the above should be in laymans terms as much as possible, with 
pictures (say of ballot modules, illustrating the meaningless of their
physical tangibility) and so on :) Also suggest burning a CD and
placing the software implementation in, and maybe printing out
reflections on trusting trust.

All suggestions :) Please pick apart!

-- 
Colm MacCárthaigh                        Public Key: colm+pgp at stdlib.net




More information about the E-voting mailing list