[E-voting] UK govt circular mentions open-source e-voting

cansbro at eircom.net cansbro at eircom.net
Thu Jul 21 13:51:50 IST 2005


Craig,

Thanks for correcting my terminology.  "Hardened" it is.  Or isn't, as the
case may be.  :-)

As to whether any automated system will be hardened enough, I no longer
believe that it is possible to achieve with any current systems. 
("Systems" includes the hardware, software, people, certification,
procurement, election procedures, laws, and enforcement or lack thereof). 
The one possibly acceptable automation I'd consider for Ireland would be a
ballot printer, which could genuinely be helpful in eliminating
unintentional errors in ranking candidates, and eliminate some questions as
to voter intent due to how they form their numbers.  I do not see any
suitable role for automated counting at the present time.

I disagree with your statement that "the biggest risk to democracy is
apathy, not election security."  (At least, in the USA I would disagree. 
With Ireland's current paper system the biggest risk is apathy combined
with other kinds of systemic problems that impede democracy--see the
Democracy Commission's recent draft document.)

You may well be right in your observation about the need for foreign
observers in the USA.  At the Nov. 2004 election foreign observers were not
allowed to go into most areas.  If I remember correctly they were forbidden
from entering any of the tighly contested states.  The restrictions placed
on foreign observers would never have passed the standards expected of
elections in other countries.

You are mistaken about BBV not looking at the tabulating computers earlier.
In fact, those were the first hacks that were publicly demonstrated and
filmed.  The limiting factors in carrying out more work has been the lack
of cooperation by election officials and vendors, in particular the lack of
physical access to machines used in elections so as to be able to
demonstrate the vulnerabilities.

As to voters having the right to take things on faith, I might agree if we
were talking about informed consent.  But getting information and sharing
it has been a major problem, both in Ireland and in the USA.  Election
officials, government officials and vendors have been obstructive and in
many cases have blatantly lied to the public.  Laws are routinely ignored. 
Media, vendors and government officials routinely give information that is
untrue.  

These things happened in Ireland, not just in the USA.  Voters who have
been misinformed--often deliberately so, by the very government that is
supposed to protect the public good--are not in a position to give their
informed consent to something which takes away their most fundamental (and
in Ireland, Constitutional) rights.

Catherine

Original Message:
-----------------
From: Craig Burton caburt at alphalink.com.au
Date: Thu, 21 Jul 2005 21:53:50 +1000
To: e-voting at lists.stdlib.net
Subject: Re: [E-voting] UK govt circular mentions open-source e-voting


Catherine, I add more replies below,

[...]

>While the
>vendor has no control over some of these things, neither can a system be
>considered to be secure if they have not been addressed.  (Nor should it be
>promoted as being supposedly secure.)
>  
>
The term "secure" meant something in the 1950s.
A better term is "hardened".  A system is designed to be hardened for 
the estimated risks and known attacks.
New attacks will be proposed or executed, the system should repel them 
or fail in a manner that exposes the attack.
It doesn't matter if its a human-paper system, a human-machine system or 
all-machine.

In your mind, will any form of automation be applied to voting which 
will be
"hardened" enough?  That is, is there any alternative to paper for both 
poll sites and remote voters?

>In the United States the national and state certification systems have been
>shown to be unenforced and possibly even fraudulent.  
>
Any federally mandated standards for something like democracy are going 
to be met with resistance by the various States.  It's always been like 
that.  We were at the meeting where the various secretaries of state 
voted to discontinue funding for the EAC after 2006.  It was very heated.
Still, the biggest risk to democracy is apathy, not election security.  
The more the debate widens the more people will get involved, the better 
the final outcome.

>[....] technical experts none of them pointed out the glaring holes and
backdoors
>in the code. [...] Only when a Finnish expert was brought over were the
problems
>brought to light--even though they are technically obvious.
>  
>
The implication being that the US inspectors were incompetent or not 
impartial.  Perhaps this is a job for foreign observers? 

>Tampering with the central counting computer is one of the easiest ways to
>manipulate an election.
>  
>
Yes, because this is where all the votes end up.  Machines with more 
votes in them are more attractive targets.
It is a surprise that BBV didn't look at tally systems until more recently.

>[...]  What's the point of going to elaborate trouble to
>develop open source election equipment, when one then has to trust election
>officials or vendor technicians?  No election system should require
>citizens to take things on faith.
>  
>
Votes should have the choice to take the system on faith, or look as far 
into it as they need to to be satisfied that it works.  In fact, the 
largest body of citizens who don't take things on faith are the 
volunteers and staff and it is they whom we most rely on to alert us to 
the presence of foul play.

For evoting, this might be maintained if "mutually distrusting parties" 
were able to observe and have control of all systems as they do over the 
paper system.  Is this incompatible with automation?

I've attended e-vote counts in the UK executed by Nedap, no less.  
Evoting and tallying machines are just PCs running windows overseen by 
provider geeks.  This represents the very least that could be done with 
technology for democratic purposes.

Best,
Craig.

>  
>
>  
>

_______________________________________________
E-voting mailing list
E-voting at lists.stdlib.net
http://lists.stdlib.net/mailman/listinfo/e-voting
http://evoting.cs.may.ie/


--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .





More information about the E-voting mailing list