[E-voting] Response to the tender

Colm MacCarthaigh colm at stdlib.net
Thu Jun 2 10:20:44 IST 2005


I'm thinking something like this:




		Irish Citizens for Trustworthy Evoting (ICTE)

				 response to 

		Invitation to Tender for the Appointment of 
		Consultants to Undertake a Security and Risk 
		Assessment of the Electronic Voting and 
		Counting System and to Develop a Programme
		of Additional Testing.


Introduction:

Irish Citizens for Trustworthy Evoting (ICTE) is a group of ordinary
citizens who serve to highlight that no electronic voting system can be
trustworthy unless it includes a voter-verified audit trail.

ICTE has a website available at

	http://evoting.cs.may.ie/

ICTE's main goals are:

    * to ensure that any electronic voting system introduced in Ireland
      meets the following criteria

        o it includes a Voter Verified Audit Trail (VVAT),

        o a booth is used, analogous to the traditional polling booth,

        o all development uses formal methods,

        o all source code is open to public scrutiny and audit.

    * to prevent the use of the Nedap/Powervote system in Irish
      Elections until it meets said criteria

    * to prevent the purchase of any more equipment or software from
      Nedap/Powervote by the Irish Government unless the system being
      purchased meets said criteria.

The above may be considered a disclosure of conflict of interest, as
required under section 4.2 of the invitation to tender. ICTE does not
however consider the above a conflict of interest.

Proposal:

As section 2.2 of the invitation outlines, the first main area of
assessment is "assessment of security measures and in-built protections
of the voting equipment hardware". At present, the proposed Electronic
Voting system lacks a Voter-Verified Audit Trail, the first and most
basic in-built security protection.

In the absense of a Voter-Verified Audit-Trail, it is provably the case
that the mis-recording of votes (by error or malice) is undetectable.
As such, ICTE consider it a waste of both time and money to examine the
system in any further detail.

In that context, ICTE propose that at zero-cost we will re-supply our
reports and material to the department highlighting the fundamental
requirement for a Voter-Verified Audit-Trail and hope that the
Department will see fit to avoid needless public expenditure on further
examination of a system which can so easily be demonstrated to be
severely lacking in basic security. 

-- 
Colm MacCárthaigh                        Public Key: colm+pgp at stdlib.net



More information about the E-voting mailing list