[E-voting] UK govt circular mentions open-source e-voting

Craig Burton caburt at alphalink.com.au
Fri Jul 22 05:06:17 IST 2005


As Michael McMahon points out in another post, "hardened" isn't great 
either.
At least it is not an absolute as "secure" seems to imply as the 
business of establishing high security systems is necessarily incomplete 
as they are only hardened against known attacks.  Not against what Colin 
Powell calls "unknown unknowns" :-)
Some one needs to come up with another metric for the integrity of any 
voting process (paper, electronic).  As Ron Rivest said, its not 
trustworthy evoting systems but "confidence-worthy" e-electoral outcomes?

I actually think VoteHere's solution which provides proof-of-inclusion 
over-automates the process.  I still believe that there could be some 
adequate mix of human scrutiny and automation.  I agree no one can 
oversee a black box.  A simple-enough system is not necessarily a black 
box: lever voting was not a black box : you could open up the back of 
any machine.  Does any form of automation too small to see disqualify it 
from any form of scrutiny?  It was possible to file the gears on lever 
machines and have partisan influence.  This can't be done to some kinds 
of "burned-in" smart card chips, for example.

I concede that systemic problems of partisan interest, lying, bribery 
and so on have to be considered as they have always been there and 
always will be - electronic, paper, pebbles-in-urns etc.  Removing these 
players from the game isn't the answer.  Instead they need to be 
compelled to play fair.

Probably we won't agree on whether security or apathy is a bigger risk.  
If no one cares, no one will care about security, but if everyone cares 
and somehow the security is rubbish, the elections will get thrown.

With regard to BBV, I refer to their publicity of the Diebold FTP site 
early on which exposed the DRE code.  The publicised hack on the tally 
database seemed more recent.  It's all good, really.  I'm glad I'm not them.

If you got this far, here is an proposal:   All DREs /should be 
networked/.  By this I mean for remote observation by privileged 
onlookers, their use of fully encrypted, electronic transport of votes 
and their /entire programmable functionality being/ /downloaded on 
boot/.  Like lying and cheating, I think DREs are a fact of life now but 
isolated, programmable, self-checking machines have to go.  My proposal 
is to /let in the observers/, centrally control the software, collect, 
receipt and confirm vote submissions from (a) authorised central 
point(s).  As Ted Selker said : there will only be voter-verified 
inclusion when the voter can confirm their vote is in the central count 
/while they are still in the polling booth/.   The scheme would require 
adequate authentication of poll staff and machines to the central 
service and vice versa but I won't try my luck any further for now.

Cheers,
Craig.




cansbro at eircom.net wrote:

>Craig,
>
>Thanks for correcting my terminology.  "Hardened" it is.  Or isn't, as the
>case may be.  :-)
>
>As to whether any automated system will be hardened enough, I no longer
>believe that it is possible to achieve with any current systems. 
>("Systems" includes the hardware, software, people, certification,
>procurement, election procedures, laws, and enforcement or lack thereof). 
>The one possibly acceptable automation I'd consider for Ireland would be a
>ballot printer, which could genuinely be helpful in eliminating
>unintentional errors in ranking candidates, and eliminate some questions as
>to voter intent due to how they form their numbers.  I do not see any
>suitable role for automated counting at the present time.
>
>I disagree with your statement that "the biggest risk to democracy is
>apathy, not election security."  (At least, in the USA I would disagree. 
>With Ireland's current paper system the biggest risk is apathy combined
>with other kinds of systemic problems that impede democracy--see the
>Democracy Commission's recent draft document.)
>
>You may well be right in your observation about the need for foreign
>observers in the USA.  At the Nov. 2004 election foreign observers were not
>allowed to go into most areas.  If I remember correctly they were forbidden
>from entering any of the tighly contested states.  The restrictions placed
>on foreign observers would never have passed the standards expected of
>elections in other countries.
>
>You are mistaken about BBV not looking at the tabulating computers earlier.
>In fact, those were the first hacks that were publicly demonstrated and
>filmed.  The limiting factors in carrying out more work has been the lack
>of cooperation by election officials and vendors, in particular the lack of
>physical access to machines used in elections so as to be able to
>demonstrate the vulnerabilities.
>
>As to voters having the right to take things on faith, I might agree if we
>were talking about informed consent.  But getting information and sharing
>it has been a major problem, both in Ireland and in the USA.  Election
>officials, government officials and vendors have been obstructive and in
>many cases have blatantly lied to the public.  Laws are routinely ignored. 
>Media, vendors and government officials routinely give information that is
>untrue.  
>
>These things happened in Ireland, not just in the USA.  Voters who have
>been misinformed--often deliberately so, by the very government that is
>supposed to protect the public good--are not in a position to give their
>informed consent to something which takes away their most fundamental (and
>in Ireland, Constitutional) rights.
>
>Catherine
>
>Original Message:
>-----------------
>From: Craig Burton caburt at alphalink.com.au
>Date: Thu, 21 Jul 2005 21:53:50 +1000
>To: e-voting at lists.stdlib.net
>Subject: Re: [E-voting] UK govt circular mentions open-source e-voting
>
>
>Catherine, I add more replies below,
>
>[...]
>
>  
>
>>While the
>>vendor has no control over some of these things, neither can a system be
>>considered to be secure if they have not been addressed.  (Nor should it be
>>promoted as being supposedly secure.)
>> 
>>
>>    
>>
>The term "secure" meant something in the 1950s.
>A better term is "hardened".  A system is designed to be hardened for 
>the estimated risks and known attacks.
>New attacks will be proposed or executed, the system should repel them 
>or fail in a manner that exposes the attack.
>It doesn't matter if its a human-paper system, a human-machine system or 
>all-machine.
>
>In your mind, will any form of automation be applied to voting which 
>will be
>"hardened" enough?  That is, is there any alternative to paper for both 
>poll sites and remote voters?
>
>  
>
>>In the United States the national and state certification systems have been
>>shown to be unenforced and possibly even fraudulent.  
>>
>>    
>>
>Any federally mandated standards for something like democracy are going 
>to be met with resistance by the various States.  It's always been like 
>that.  We were at the meeting where the various secretaries of state 
>voted to discontinue funding for the EAC after 2006.  It was very heated.
>Still, the biggest risk to democracy is apathy, not election security.  
>The more the debate widens the more people will get involved, the better 
>the final outcome.
>
>  
>
>>[....] technical experts none of them pointed out the glaring holes and
>>    
>>
>backdoors
>  
>
>>in the code. [...] Only when a Finnish expert was brought over were the
>>    
>>
>problems
>  
>
>>brought to light--even though they are technically obvious.
>> 
>>
>>    
>>
>The implication being that the US inspectors were incompetent or not 
>impartial.  Perhaps this is a job for foreign observers? 
>
>  
>
>>Tampering with the central counting computer is one of the easiest ways to
>>manipulate an election.
>> 
>>
>>    
>>
>Yes, because this is where all the votes end up.  Machines with more 
>votes in them are more attractive targets.
>It is a surprise that BBV didn't look at tally systems until more recently.
>
>  
>
>>[...]  What's the point of going to elaborate trouble to
>>develop open source election equipment, when one then has to trust election
>>officials or vendor technicians?  No election system should require
>>citizens to take things on faith.
>> 
>>
>>    
>>
>Votes should have the choice to take the system on faith, or look as far 
>into it as they need to to be satisfied that it works.  In fact, the 
>largest body of citizens who don't take things on faith are the 
>volunteers and staff and it is they whom we most rely on to alert us to 
>the presence of foul play.
>
>For evoting, this might be maintained if "mutually distrusting parties" 
>were able to observe and have control of all systems as they do over the 
>paper system.  Is this incompatible with automation?
>
>I've attended e-vote counts in the UK executed by Nedap, no less.  
>Evoting and tallying machines are just PCs running windows overseen by 
>provider geeks.  This represents the very least that could be done with 
>technology for democratic purposes.
>
>Best,
>Craig.
>
>  
>
>> 
>>
>> 
>>
>>    
>>
>
>_______________________________________________
>E-voting mailing list
>E-voting at lists.stdlib.net
>http://lists.stdlib.net/mailman/listinfo/e-voting
>http://evoting.cs.may.ie/
>
>
>--------------------------------------------------------------------
>mail2web - Check your email from the web at
>http://mail2web.com/ .
>
>
>
>_______________________________________________
>E-voting mailing list
>E-voting at lists.stdlib.net
>http://lists.stdlib.net/mailman/listinfo/e-voting
>http://evoting.cs.may.ie/
>
>
>
>  
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.stdlib.net/pipermail/e-voting/attachments/20050722/60474fee/attachment.htm


More information about the E-voting mailing list