[E-voting] Source Code
aengusl at eircom.net
Fri Mar 19 18:53:57 GMT 2004
Colm MacCarthaigh <colm at stdlib.net> wrote:
> On Fri, Mar 19, 2004 at 06:10:13PM +0000, Fergal Daly wrote:
>> Of course this assumes the black hats can't get a copy of the closed
>> source and harware to run it. However this will be true for almost
>> all black hats.
> What about the counting software? It would be relatively trivial to
> obtain a copy of that.
Ah, but it's on a "security hardened PC", so that's not a problem :-)
Seriously though, what could a hacker actually achieve, either by
hacking one or more (of 6,000) balloting machines, one or more (of 40 or
so) counting PCs?
On a balloting machine, VVAT better make the system essentially "hacker
proof" or we should be arguing for the retention of pencil and paper.
The software on the Count Center machine is responsible for 4 things -
reading the ballot modules, randomizing the whole constituency,
publishing the ballots and actually calculating the oucome of the
VVAT should remove the usefulness to a hacker of 1, 3 and 4. VVAT will
require some entirely different system for reading the paper ballots, so
there's no point in attacking the ballot reading module (1), or the bit
publishes the list of ballots (3). Once the list is published, it's easy
for anyone who wants to to verify the outcome of the election (4).
Step 2 is only relevant because the counting software implements the
current random aspects of random ballot selection for transfers. This
"risk" could be eliminated by changing the law to allow for fractional
transfers, which would mean that the list wouldn't have to be
randomized. Though this makes the actual calculation of the outcome more
complicated, which might negate some of the protection in step 4. But
you could also argue that the list should just be sorted, and not
randomized. This might give a very slight advantage to candidates at the
top of the list, but the system already finds this acceptable, by
permitting alphabetical ordering of the ballot paper, so it might be a
moot issue (you'd need to do some statistical exercises to come to a
decision on that, though. Or you could draw lots to decide the sort
(A Hacker might get some value from having the original, unrandomized
list of votes available, but I think that's a low risk area).
More information about the E-voting