[E-voting] UK govt circular mentions open-source e-voting

Marian Beddill beddill at nas.com
Fri Jul 22 07:08:48 IST 2005

And, dear Craig, I strongly believe that: "....No DREs should ever be 
networked....." if the goal of elections is to have them trustworthy, and 
to convince the electorate that they are trustworthy.

Hacking is a fact of life of networks. And the best firewall is no live 
connection of any type.  Any connection is a gateway, and the slightest 
twist of even one member of the trusted crews would open the gate to 
shenanigans.  Even the steps needed to load the election, and to extract 
the electronic results via any electronic media, are themselves channels 
for potential fraudulent interference. True both for poll-site machines 
(DRE's etc) and central tabulators, and any stages in-between.

So there needs to be, imho, a parallel "data channel" directly from the 
voter to the tally for auditing and verification purposes, and that data 
must be "human readable without an interface".  For all practical purposes, 
that means a paper ballot, at the voting site, that the voter sees (or is 
in a position to see - he might not bother).  Auditing will mean a twin 
count - one of the digital record (of the whole election, naturally) - the 
other of the paper ballots (at least a notable random sample of them), with 
a published report of the double-check. Nothing less can serve.

The previously proposed "VoteHere" system does not meet that criteria, 
because even if there are two tracks, both are electronic, and need a 
machine interface to read them, thus there is opportunity for error or 
fiddling in both tracks.  Anyway, I hear that VoteHere may have parked or 
downplayed their encryption online voting verification system. At least, 
they are now pushing a system that track ballots, not votes.

Marian Beddill

At 7/21/2005  09:06 PM, you wrote:

>I actually think VoteHere's solution which provides proof-of-inclusion 
>over-automates the process.  I still believe that there could be some 
>adequate mix of human scrutiny and automation.  I agree no one can oversee 
>a black box.

>I concede that systemic problems of partisan interest, lying, bribery and 
>so on have to be considered as they have always been there and always will 
>be - electronic, paper, pebbles-in-urns etc.  Removing these players from 
>the game isn't the answer.  Instead they need to be compelled to play fair.
>Probably we won't agree on whether security or apathy is a bigger 
>risk.  If no one cares, no one will care about security, but if everyone 
>cares and somehow the security is rubbish, the elections will get thrown.
>With regard to BBV, I refer to their publicity of the Diebold FTP site 
>early on which exposed the DRE code.  The publicised hack on the tally 
>database seemed more recent.  It's all good, really.  I'm glad I'm not them.
>If you got this far, here is an proposal:   All DREs should be 
>networked.  By this I mean for remote observation by privileged onlookers, 
>their use of fully encrypted, electronic transport of votes and their 
>entire programmable functionality being downloaded on boot.  Like lying 
>and cheating, I think DREs are a fact of life now but isolated, 
>programmable, self-checking machines have to go.  My proposal is to let in 
>the observers, centrally control the software, collect, receipt and 
>confirm vote submissions from (a) authorised central point(s).  As Ted 
>Selker said : there will only be voter-verified inclusion when the voter 
>can confirm their vote is in the central count while they are still in the 
>polling booth.   The scheme would require adequate authentication of poll 
>staff and machines to the central service and vice versa but I won't try 
>my luck any further for now.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.stdlib.net/pipermail/e-voting/attachments/20050721/46871bd3/attachment.html

More information about the E-voting mailing list