[E-voting] CEV submission -- draft
cansbro at eircom.net
Mon Mar 15 15:04:47 GMT 2004
Colm et al,
Great proposed submission. I have a few minor suggestions.
p.3 paragraph 3, a word appears to be missing: "their," (their what?)
p.4 last sentence, remove "except with a great deal of optimism." (or,
"except as an assertion of belief rather than as a verifiable assertion of
fact.") State that a mere belief of accuracy --in the absence of
verifiably factual accuracy-- is inadequate in a system on which we rely
for our democracy.
p. 1 & 2, section 2.1 "Discussion" should also include mention of hardware
malfunction. In particular, bit-flipping should be explained and mention
made of a known example of this occurring in an actual election. Other
examples of specific, known kinds of hardware failures should also be
given. We should not base our argument solely on the risk of
hackers. This should be restated in the final paragraph of section 2.1.
Sect. 2.2 (accuracy) should also include mention of random hardware errors
that can affect accuracy.
Sect. 2.4 (consultants' reports) in first sentence include the word
"accuracy" (perhaps instead of "computational operation.")
p. 5 (bottom) Explain simply the difference between machine code and
software code. (Footnote perhaps.) Mention that the implications of not
having examined the machine code follow in section 3.5) (The later
footnote 11 mentions the difference between source code and machine code,
but the difference between machine code and software code is not mentioned.)
p. 6 (end of section 2.4) summarize the implications of the holes in these
security assessments undertaken. State the obvious. (E.g., the security
assessments undertaken were seriously incomplete and inadequate, leading to
inability to rely on the accuracy of the system in its actual
implementation.) Consider also putting a similar sentence at the very
beginning of this section.
Footnote 11 (machine code versus source code) this explanation is not
sufficiently clear yet. Consider placing the footnote at the end of the
sentence, rather than after source code.
Sect. 3.6 consider replacing "applied by hackers instead of by 'authorized
persons' " with "applied by hackers and/or by compromised 'authorized
persons.'" (The point has been well-made that authorized persons can be
part of the problem.)
There should be a Conclusion that summarizes the inappropriateness of the
proposed system on the grounds of risks to both secrecy and accuracy. The
addition of VVAT could be mentioned as one possible solution. Other
possible solutions could also be mentioned if desired. In the absence of
acceptable solutions to address the numerous risks to accuracy and/or
secrecy, the introduction of electronic voting must be postponed until
these concerns are addressed.
The abstract should be strengthened to reflect the material in the
At 13:54 15/03/2004 +0000, Fergal Daly wrote:
>It's very good, especially the bit at the end about article 26. My only
>criticism is that I think someone who is not already familiar with the issues
>and with computers might find it a bit difficult,
>On Monday 15 March 2004 02:02, Adrian Colley wrote:
> > Here's my draft of the submission. As agreed at the meeting on Saturday,
> > I'm handing it over to Colm (though I'm late because Sunday ended almost
> > two hours ago). Comments, contributions and edits are of course welcome
> > (the earlier, the better), but you should direct them to Colm rather than
> > to me. He has the conch.
> > I have no emotional attachment to any part of this draft. It's in LaTeX
> > format just because; Colm can change it if he feels like it. A PDF
> > version is available at
> > http://www.iol.ie/~aecolley/icte-cev.pdf
> > There are comments in the LaTeX source marking facts which need checking
> > and so on. I'll check my own facts and send any changes to Colm. But
> > first I'll get some sleep.
> > I'm sure I've left a lot of stuff out.
> > A new thing is that I looked at the PTB's evaluation of the random
> > placement of ballot records within the ballot module. It _isn't_
> > random enough. If you know the preferences of voters #1 and #3, and
> > they're unique, then you can deduce voter #2's preferences with 100%
> > accuracy just from examining the order of ballot records on the
> > ballot module. It doesn't matter how many ballots are stored on the
> > ballot module. Apparently 80% of all ballots are unique. I think
> > this is a real honest-to-God showstopper for the ESI2. The storage
> > strategy is really cheesey if you take a look at it.
> > --Adrian.
> > --
> > GPG 0x43D3AD19 17D2 CA6E A18E 1177 A361 C14C 29DB BA4B 43D3 AD19
> > http://user-aecolley.jini.org/
>E-voting mailing list
>E-voting at lists.stdlib.net
More information about the E-voting