[E-voting] E-voting experts call for revised security guidelines

Marian Beddill beddill at nas.com
Thu Oct 6 18:36:35 IST 2005


Again, with all due respect, Michael's discussion clearly expanded beyond 
"student bodies" etc., to major elections.

Michael cited: "...Internet voting on a large scale would be similar to 
postal voting (on a large scale). The main issue, ..."

That in itself is false.  With postal voting, there IS a paper record, thus 
for the concerns over auditing, postal voting has a VVPB while internet 
voting does not.

And Michael alluded to fullscale use with: "...Internet voting has to solve 
the authentication problem. .....Avi Rubin has thought about and solved 
that issue....".  Mr. Rubin is a public figure in discussions about major 
voting systems.

So it is not just schools.

Marian Beddill


At 10/6/2005  10:20 AM, ....someone.... wrote offline:

>I think maybe you have misread Michael's mail. You say "No internet
>voting for any major public offices." He was talking about elections
>in student bodies/sports clubs/private association. None of which are
>major public offices,
>
>
>On 10/6/05, Marian Beddill <beddill at nas.com> wrote:
> > Mr. McMahon;
> > With all due respect, you are absolutely WRONG on "the main issue".
> >
> > The main issue for internet voting is NOT "the loss of secrecy" - it IS the
> > loss of ability to verify (to "audit", to "double-check") the report of the
> > tally of votes - and the associated loss of ability to rectify the count,
> > should a problem be identified or even claimed.
> >
> > If the tally cannot be independently verified, then fraudulent insider
> > intervention can cause the report of the winner to be whatever the
> > fraudster wishes it to be.
> >
> > And the purported schemes to let individual voters login to some dataset to
> > see something about their votes to "prove the validity of the tally" is as
> > solid as the breath from a hot fox watching the hens.
> >
> > A computer system can easily be constructed to maintain either doubled
> > datasets (one for tally and one for reporting) or even just different
> > procedures for extracting and reporting data (likewise).  With the intense
> > secrecy imposed on system source-code review, combined with the ease of
> > changing programs at the last minute, I cannot imagine any method of
> > assuring the truthfulness of the entire system, if there is no reliable,
> > parallel, original record of the actual votes cast by the voters.
> >
> > Hence, a V.V.P.A.T. -  a voter-verifiable paper audit trail - comprised of
> > a V.V.P.B. (ballot) and an obligatory process of at least spot-checking the
> > final computerized tally with a hand-count of the paper ballots (which were
> > verifiable by the voter before casting their vote), papers which would have
> > a characteristic equivalent to a standing as "admissible first-hand
> > evidence" if that were a court of law.
> >
> > The loss of secrecy is also a great concern, I do agree.  But it is trumped
> > by the loss of confidence and truth.
> >
> > No internet voting for any major public offices.  Period. The risk of the
> > loss of democracy of the people, by the people, is too great.
> >
> > Marian Beddill
> > http://NoLeakyBuckets.org/
> >
> >
> > At 10/6/2005  02:07 AM, Michael McMahon wrote:
> >
> > >I think Internet voting for student elections is quite reasonable.
> > >
> > >Internet voting on a large scale would be similar to postal
> > >voting (on a large scale). The main issue, which is the loss of
> > >secrecy, is the same.
> > >
> > >In the context of student elections, sacrificing the secret ballot
> > >is not really a major threat. IMO the threat of coercion and
> > >vote buying is not significant, largely becauses the stakes
> > >are a lot lower than for major public elections.
> > >
> > >Come to think of it, a lot of elections at that level (like sports clubs,
> > >associations etc.)
> > >would by show of hands, which is even less secret than postal/internet 
> voting.
> > >
> > >Of course, Internet voting has to solve the authentication problem.
> > >But I would guess that Avi Rubin has thought about and solved that issue..
> > >
> > >- Michael.
> > >
> > >Craig Burton wrote:
> > >
> > >>It's surprising Avi also seems to like Internet voting.  A 
> renaissance man.
> > >>
> > >>http://www.jhunewsletter.com/vnews/display.v/ART/2005/09/30/433c19833a818
> > >>
> > >> From Johns Hopkins University School Paper:
> > >>
> > >>*/Agarwal attributed the success of the (Freshman Class) election to
> > >>aggressive advertising on campus, as well as to the implementation of a
> > >>simpler system of online voting that allows students to access the voting
> > >>Web site by entering their JHED IDs and passwords. /*
> > >>
> > >>*/Under the guidance of Hopkins professor and electronic-voting expert
> > >>Avi Rubin, Agarwal contracted a software development and consulting
> > >>company called SmartLogic Solutions to design the new voting system,
> > >>accessible online at /**/http://vote.jhu.edu./**/ /*
> > >>
> > >>*/The company was newly formed this summer by two Hopkins graduate
> > >>students, Yair Flicker and John Trupiano. Flicker, who graduated with the
> > >>Class of 2005, said that his own experiences with previous voting systems
> > >>designed by the BoE guided SmartLogic's choice of design. /*
> > >>
> > >>*/"I personally have voted in some of BoE's previous voting systems where
> > >>I had to enter long numbers from my J-Card," Flicker said. "When we
> > >>designed the website, we wanted it to be as simple as possible for
> > >>students to use." /*
> > >>
> > >>*/Flicker also said that the new voting system would avoid the pitfalls
> > >>of requiring students to enter information like birthdays, which lead to
> > >>the cancellation of last year's executive board and Young Trustees
> > >>elections due to possible fraud.  /*
> > >>
> > >>*/Several freshman voters praised the new system's simplicity. "The
> > >>online system was very easy," said Rahul Agarwal, who added that the
> > >>class-wide e-mail directing freshman to the voting site was the most
> > >>effective form of advertisement./*
> > >>
> > >>Aengus Lawlor wrote:
> > >>
> > >>>A federally funded group of voting system experts called on the United
> > >>>States' Election Assistance Commission, which oversees the nation's
> > >>>state-run elections, to revamp its recommended process for 
> evaluating the
> > >>>security of electronic voting devices.
> > >>>
> > >>>In comments published last week, the ten researchers that 
> collectively make
> > >>>up A Center for Correct, Usable, Reliable, Auditable and Transparent
> > >>>Elections (ACCURATE) stated that current voting systems are not designed
> > >>>with security in mind and current testing procedures mistakenly focus on
> > >>>voting functionality, not system security. The center, funded by the
> > >>>National Science Foundation in August, released the comments on the 
> last day
> > >>>of a public comment period held by the US Election Assistance 
> Commission on
> > >>>its Voluntary Voting System Guidelines.
> > >>>
> > >>>Read the rest of the article here:
> > >>>http://www.theregister.co.uk/2005/10/05/usa_call_for_new_e-voting_gui 
> delines/
> > >>>
> > >>>Aengus
> > >>>
> > >>>
> > >>>_______________________________________________
> > >>>E-voting mailing list
> > >>>E-voting at lists.stdlib.net
> > >>>http://lists.stdlib.net/mailman/listinfo/e-voting
> > >>>http://evoting.cs.may.ie/
> >
> >
> > _______________________________________________
> > E-voting mailing list
> > E-voting at lists.stdlib.net
> > http://lists.stdlib.net/mailman/listinfo/e-voting
> > http://evoting.cs.may.ie/
> >
>
>
>
>--
>No virus found in this incoming message.
>Checked by AVG Anti-Virus.
>Version: 7.0.344 / Virus Database: 267.11.10/120 - Release Date: 10/5/2005
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.stdlib.net/pipermail/e-voting/attachments/20051006/d87d7448/attachment.html


More information about the E-voting mailing list