[E-voting] E-voting experts call for revised security guidelines

Craig Burton caburt at alphalink.com.au
Fri Oct 7 05:59:18 IST 2005

> Each student goes to a central office with their photo ID, and picks 
> up a sealed
> envelope containing a PIN. This PIN is used to identify their vote in 
> the tally.

The envelopes are shuffled or the student can pick any one they want.
The envelopes are kept safe, unused ones shredded or something.

> A secure https web  link is used to communicate the vote and the PIN 
> to the
> voting system.  When polling closes, the election authority publishes 
> a file containing
> the complete list of votes including each voters PIN. The file is 
> simply placed
> on a web site somewhere.
> There are two things each voter can do after downloading the vote file.
> 1) check that their vote as cast is included in the file
> 2) check the results tally with the data in the file. This will
>    be done by software, which has to be trusted, but you
>    don't have to trust any particular implementation. You
>    can check with several different implementations if you wish.
>    What is the probability that multiple counting systems from different
>    sources will all produce the same erroneous result?
> Aside from the software used to verify the vote, what else do you
> have to trust ? Well nothing really. We have already conceded
> that this is not a secret ballot. The sealed PINs may help to conceal
> the votes from the election authorities though.

If the vote file is downloaded by 1% of the voters and no one complains 
their PIN-vote was wrong as they voted it, you can make assertions about 
the integrity of the election.   If 1% of 100K voters check their votes 
and are happy then there is less than a 0.0065 likelihood of fraud 
affecting no more than 500 votes.

You might also segregate out some PINs, note them, and issue them to a 
parallel testing group.  You mark the downloaded vote file that these 
PINs should not be counted.   The testers confirm their votes made it 
intact from a range of platforms, at certain boundary times etc etc.  It 
all adds to more confidence.

> So, where is the problem with this?

And there are much more elaborate things to do with PKI which strengthen 
this as in
I've probably read 50 other papers espousing other ways to do this.

Marian, you seem to assume the worst, in fact Avi and many others share 
your concerns and are not kidding themselves that black-box "e-banking" 
Internet voting is going to be adequate at scale.

More information about the E-voting mailing list