[E-voting] E-voting experts call for revised security guidelines

Fergal Daly fergal at esatclear.ie
Thu Oct 6 18:51:42 IST 2005


With suitable protocols and abandonning some secrecy, internet voting
is perfectly workable.

When I vote I authenticate and then the server gives me a digitally
signed receipt for my vote. The voting record is then published, I can
check if my vote was counted and if it wasn't I can prove it because I
got a signed "receipt".

I'm not advocating this system because receipts allow coercion/vote
buying and publishing the entire voting record allows it in different
ways, also the onus on me to check the record which would probably
involve revealing my vote.

However such a system might well be perfectly acceptable for non-critical votes.

A paper record is only necessary when you want real secrecy.

Also, Avi Rubin could well have solved the authentication issue.

F

On 10/6/05, Marian Beddill <beddill at nas.com> wrote:
>  Again, with all due respect, Michael's discussion clearly expanded beyond
> "student bodies" etc., to major elections.
>
>  Michael cited: "...Internet voting on a large scale would be similar to
> postal voting (on a large scale). The main issue, ..."
>
>  That in itself is false.  With postal voting, there IS a paper record, thus
> for the concerns over auditing, postal voting has a VVPB while internet
> voting does not.
>
>  And Michael alluded to fullscale use with: "...Internet voting has to solve
> the authentication problem. .....Avi Rubin has thought about and solved that
> issue....".  Mr. Rubin is a public figure in discussions about major voting
> systems.
>
>  So it is not just schools.
>
>  Marian Beddill
>
>
>  At 10/6/2005  10:20 AM, ....someone.... wrote offline:
>
>
> I think maybe you have misread Michael's mail. You say "No internet
>  voting for any major public offices." He was talking about elections
>  in student bodies/sports clubs/private association. None of which are
>  major public offices,
>
>
>  On 10/6/05, Marian Beddill <beddill at nas.com> wrote:
>  > Mr. McMahon;
>  > With all due respect, you are absolutely WRONG on "the main issue".
>  >
>  > The main issue for internet voting is NOT "the loss of secrecy" - it IS
> the
>  > loss of ability to verify (to "audit", to "double-check") the report of
> the
>  > tally of votes - and the associated loss of ability to rectify the count,
>  > should a problem be identified or even claimed.
>  >
>  > If the tally cannot be independently verified, then fraudulent insider
>  > intervention can cause the report of the winner to be whatever the
>  > fraudster wishes it to be.
>  >
>  > And the purported schemes to let individual voters login to some dataset
> to
>  > see something about their votes to "prove the validity of the tally" is
> as
>  > solid as the breath from a hot fox watching the hens.
>  >
>  > A computer system can easily be constructed to maintain either doubled
>  > datasets (one for tally and one for reporting) or even just different
>  > procedures for extracting and reporting data (likewise).  With the
> intense
>  > secrecy imposed on system source-code review, combined with the ease of
>  > changing programs at the last minute, I cannot imagine any method of
>  > assuring the truthfulness of the entire system, if there is no reliable,
>  > parallel, original record of the actual votes cast by the voters.
>  >
>  > Hence, a V.V.P.A.T. -  a voter-verifiable paper audit trail - comprised
> of
>  > a V.V.P.B. (ballot) and an obligatory process of at least spot-checking
> the
>  > final computerized tally with a hand-count of the paper ballots (which
> were
>  > verifiable by the voter before casting their vote), papers which would
> have
>  > a characteristic equivalent to a standing as "admissible first-hand
>  > evidence" if that were a court of law.
>  >
>  > The loss of secrecy is also a great concern, I do agree.  But it is
> trumped
>  > by the loss of confidence and truth.
>  >
>  > No internet voting for any major public offices.  Period. The risk of the
>  > loss of democracy of the people, by the people, is too great.
>  >
>  > Marian Beddill
>  > http://NoLeakyBuckets.org/
>  >
>  >
>  > At 10/6/2005  02:07 AM, Michael McMahon wrote:
>  >
>  > >I think Internet voting for student elections is quite reasonable.
>  > >
>  > >Internet voting on a large scale would be similar to postal
>  > >voting (on a large scale). The main issue, which is the loss of
>  > >secrecy, is the same.
>  > >
>  > >In the context of student elections, sacrificing the secret ballot
>  > >is not really a major threat. IMO the threat of coercion and
>  > >vote buying is not significant, largely becauses the stakes
>  > >are a lot lower than for major public elections.
>  > >
>  > >Come to think of it, a lot of elections at that level (like sports
> clubs,
>  > >associations etc.)
>  > >would by show of hands, which is even less secret than postal/internet
> voting.
>  > >
>  > >Of course, Internet voting has to solve the authentication problem.
>  > >But I would guess that Avi Rubin has thought about and solved that
> issue..
>  > >
>  > >- Michael.
>  > >
>  > >Craig Burton wrote:
>  > >
>  > >>It's surprising Avi also seems to like Internet voting.  A renaissance
> man.
>  > >>
>  > >>
> http://www.jhunewsletter.com/vnews/display.v/ART/2005/09/30/433c19833a818
>  > >>
>  > >> From Johns Hopkins University School Paper:
>  > >>
>  > >>*/Agarwal attributed the success of the (Freshman Class) election to
>  > >>aggressive advertising on campus, as well as to the implementation of a
>  > >>simpler system of online voting that allows students to access the
> voting
>  > >>Web site by entering their JHED IDs and passwords. /*
>  > >>
>  > >>*/Under the guidance of Hopkins professor and electronic-voting expert
>  > >>Avi Rubin, Agarwal contracted a software development and consulting
>  > >>company called SmartLogic Solutions to design the new voting system,
>  > >>accessible online at /**/ http://vote.jhu.edu./**/ /*
>  > >>
>  > >>*/The company was newly formed this summer by two Hopkins graduate
>  > >>students, Yair Flicker and John Trupiano. Flicker, who graduated with
> the
>  > >>Class of 2005, said that his own experiences with previous voting
> systems
>  > >>designed by the BoE guided SmartLogic's choice of design. /*
>  > >>
>  > >>*/"I personally have voted in some of BoE's previous voting systems
> where
>  > >>I had to enter long numbers from my J-Card," Flicker said. "When we
>  > >>designed the website, we wanted it to be as simple as possible for
>  > >>students to use." /*
>  > >>
>  > >>*/Flicker also said that the new voting system would avoid the pitfalls
>  > >>of requiring students to enter information like birthdays, which lead
> to
>  > >>the cancellation of last year's executive board and Young Trustees
>  > >>elections due to possible fraud.  /*
>  > >>
>  > >>*/Several freshman voters praised the new system's simplicity. "The
>  > >>online system was very easy," said Rahul Agarwal, who added that the
>  > >>class-wide e-mail directing freshman to the voting site was the most
>  > >>effective form of advertisement./*
>  > >>
>  > >>Aengus Lawlor wrote:
>  > >>
>  > >>>A federally funded group of voting system experts called on the United
>  > >>>States' Election Assistance Commission, which oversees the nation's
>  > >>>state-run elections, to revamp its recommended process for evaluating
> the
>  > >>>security of electronic voting devices.
>  > >>>
>  > >>>In comments published last week, the ten researchers that collectively
> make
>  > >>>up A Center for Correct, Usable, Reliable, Auditable and Transparent
>  > >>>Elections (ACCURATE) stated that current voting systems are not
> designed
>  > >>>with security in mind and current testing procedures mistakenly focus
> on
>  > >>>voting functionality, not system security. The center, funded by the
>  > >>>National Science Foundation in August, released the comments on the
> last day
>  > >>>of a public comment period held by the US Election Assistance
> Commission on
>  > >>>its Voluntary Voting System Guidelines.
>  > >>>
>  > >>>Read the rest of the article here:
>  > >>>
> http://www.theregister.co.uk/2005/10/05/usa_call_for_new_e-voting_guidelines/
>  > >>>
>  > >>>Aengus
>  > >>>
>  > >>>
>  > >>>_______________________________________________
>  > >>>E-voting mailing list
>  > >>>E-voting at lists.stdlib.net
>  > >>> http://lists.stdlib.net/mailman/listinfo/e-voting
>  > >>> http://evoting.cs.may.ie/
>  >
>  >
>  > _______________________________________________
>  > E-voting mailing list
>  > E-voting at lists.stdlib.net
>  > http://lists.stdlib.net/mailman/listinfo/e-voting
>  > http://evoting.cs.may.ie/
>  >
>
>
>
>  --
>  No virus found in this incoming message.
>  Checked by AVG Anti-Virus.
>  Version: 7.0.344 / Virus Database: 267.11.10/120 - Release Date: 10/5/2005
> _______________________________________________
> E-voting mailing list
> E-voting at lists.stdlib.net
> http://lists.stdlib.net/mailman/listinfo/e-voting
> http://evoting.cs.may.ie/
>
>



More information about the E-voting mailing list