[E-voting] CEV submission -- draft

Catherine Ansbro cansbro at eircom.net
Mon Mar 15 15:04:47 GMT 2004

Colm et al,

Great proposed submission.  I have a few minor suggestions.

p.3 paragraph 3, a word appears to be missing: "their,"  (their what?)

p.4 last sentence, remove "except with a great deal of optimism."  (or, 
"except as an assertion of belief rather than as a verifiable assertion of 
fact.")  State that a mere belief of accuracy --in the absence of 
verifiably factual accuracy-- is inadequate in a system on which we rely 
for our democracy.

p. 1 & 2, section 2.1 "Discussion" should also include mention of hardware 
malfunction.  In particular, bit-flipping should be explained and mention 
made of a known example of this occurring in an actual election.  Other 
examples of specific, known kinds of hardware failures should also be 
given.  We should not base our argument solely on the risk of 
hackers.  This should be restated in the final paragraph of section 2.1.

Sect. 2.2 (accuracy) should also include mention of random hardware errors 
that can affect accuracy.

Sect. 2.4 (consultants' reports) in first sentence include the word 
"accuracy" (perhaps instead of "computational operation.")

p. 5 (bottom) Explain simply the difference between machine code and 
software code.  (Footnote perhaps.)  Mention that the implications of not 
having examined the machine code follow in section 3.5)  (The later 
footnote 11 mentions the difference between source code and machine code, 
but the difference between machine code and software code is not mentioned.)

p. 6 (end of section 2.4) summarize the implications of the holes in these 
security assessments undertaken.  State the obvious.  (E.g., the security 
assessments undertaken were seriously incomplete and inadequate, leading to 
inability to rely on the accuracy of the system in its actual 
implementation.)  Consider also putting a similar sentence at the very 
beginning of this section.

Footnote 11 (machine code versus source code)  this explanation is not 
sufficiently clear yet.  Consider placing the footnote at the end of the 
sentence, rather than after source code.

Sect. 3.6 consider replacing "applied by hackers instead of by 'authorized 
persons' " with "applied by hackers and/or by compromised 'authorized 
persons.'"  (The point has been well-made that authorized persons can be 
part of the problem.)

There should be a Conclusion that summarizes the inappropriateness of the 
proposed system on the grounds of risks to both secrecy and accuracy.  The 
addition of VVAT could be mentioned as one possible solution.  Other 
possible solutions could also be mentioned if desired.  In the absence of 
acceptable solutions to address the numerous risks to accuracy and/or 
secrecy, the introduction of electronic voting must be postponed until 
these concerns are addressed.

The abstract should be strengthened to reflect the material in the 


At 13:54 15/03/2004 +0000, Fergal Daly wrote:
>It's very good, especially the bit at the end about article 26. My only
>criticism is that I think someone who is not already familiar with the issues
>and with computers might find it a bit difficult,
>On Monday 15 March 2004 02:02, Adrian Colley wrote:
> > Here's my draft of the submission.  As agreed at the meeting on Saturday,
> > I'm handing it over to Colm (though I'm late because Sunday ended almost
> > two hours ago).  Comments, contributions and edits are of course welcome
> > (the earlier, the better), but you should direct them to Colm rather than
> > to me.  He has the conch.
> >
> > I have no emotional attachment to any part of this draft.  It's in LaTeX
> > format just because; Colm can change it if he feels like it.  A PDF
> > version is available at
> > http://www.iol.ie/~aecolley/icte-cev.pdf
> >
> > There are comments in the LaTeX source marking facts which need checking
> > and so on.  I'll check my own facts and send any changes to Colm.  But
> > first I'll get some sleep.
> >
> > I'm sure I've left a lot of stuff out.
> >
> > A new thing is that I looked at the PTB's evaluation of the random
> > placement of ballot records within the ballot module.  It _isn't_
> > random enough.  If you know the preferences of voters #1 and #3, and
> > they're unique, then you can deduce voter #2's preferences with 100%
> > accuracy just from examining the order of ballot records on the
> > ballot module.  It doesn't matter how many ballots are stored on the
> > ballot module.  Apparently 80% of all ballots are unique.  I think
> > this is a real honest-to-God showstopper for the ESI2.  The storage
> > strategy is really cheesey if you take a look at it.
> >
> >  --Adrian.
> >
> > --
> > GPG 0x43D3AD19 17D2 CA6E A18E 1177 A361  C14C 29DB BA4B 43D3 AD19
> > http://user-aecolley.jini.org/
> >
>E-voting mailing list
>E-voting at lists.stdlib.net

More information about the E-voting mailing list