[E-voting] Commission on Electronic Voting

Catherine Ansbro cansbro at eircom.net
Thu Mar 11 12:19:00 GMT 2004

Great list, Colm.

Possible additions:

1.Also include (at the beginning or the end) an explicit statement that we 
would support an e-voting system that addresses these concerns.

and under the Accuracy section:
2. Also include a list of URLs to document past history of actual problems 
that are relevant to the proposed Irish system (e.g., bit-flipping)
3. Suggest the need for a full-scale end-to-end risk assessment along the 
lines of that recently undertaken by U. of Maryland.  (This could show 
where there are potential accuracy problems.)
4. Perhaps also suggest the need for publicly identifying (in an 
unambiguous way) who will be financially accountable for any problems that 
result in increased costs to the government due to malfunction, lawsuits, 
etc. (e.g., will Irish taxpayers have to pay the price if elections are 
messed up and results are invalid, or if there are legal challenges 
following suspected inaccuracies?  This could fit in the accuracy 
remit--i.e., implications of actual or suspected inaccuracies.)


>         i) The big concerns, things that are immutable:
>                 Accuracy is unverifiable by anyone (including the
>                 commision) without VVAT
>                 Electronic systems are not open to human verification
>                 Reflections on trusting trust
>                 Point out that voting is an unusual system in which
>                 we can't observe the input - it has to be secret -
>                 so it's not like any other software system where
>                 we can detec procedural problems more trivially
>                 It's impossible to verify the accuracy of anything
>                 without somethign to compare it with
>         ii) Pragmatic concerns concerning the Irish system
>                 Explanation of KISS and why it's important
>                 Explanation of how Powervote don't seem to follow
>                 the principals of KISS
>                 Lack of extensive testing
>                 Lack of good security criteria
>                 Lack of good consultation
>         3. Secrecy
>                 Possible lack of secrecy in the ballot module due to
>                 bad seeding - we just don't know, but not a serious
>                 concern
>                 Complete lack of secrecy for persons wishing to
>                 abtain
>         4. Outline of practical threats and considerations
>                 Errors due to software quality
>                 Physical security of ballot modules
>                 Authorised persons modifying the counting software
>                 Trivial man-in-the-middle attacks
>                 Threats posed by the well-resourced
>         5. Footnotes, about the authors, definitions and so on
>All of the above should be in laymans terms as much as possible, with
>pictures (say of ballot modules, illustrating the meaningless of their
>physical tangibility) and so on :) Also suggest burning a CD and
>placing the software implementation in, and maybe printing out
>reflections on trusting trust.
>All suggestions :) Please pick apart!
>Colm MacCárthaigh                        Public Key: colm+pgp at stdlib.net
>E-voting mailing list
>E-voting at lists.stdlib.net

More information about the E-voting mailing list