[Fwd: Re: [E-voting] About Estonian e-voting]

Craig Burton craig at e1c.net
Mon Oct 24 04:14:08 IST 2005

-------- Original Message --------
Subject: 	Re: [E-voting] About Estonian e-voting
Date: 	Mon, 24 Oct 2005 09:56:09 +1000
From: 	Craig Burton <caburt at alphalink.com.au>
To: 	Michael McMahon <michael at hexmedia.com>
References: 	<1129883637.25976.5.camel at toad.cs.tcd.ie> 
<4358E7FB.8070904 at hexmedia.com>

The mobile code isn't a likely target for a hack. Estonia would/should 
have had the mobile code audited and compiled by the auditor, signed as 
well.  Only one voter needs to spot this signature not being intact and 
the game's up.  Probably 1% of the voters might do this, that's 
plenty.   Other parts of the system need to be audited and signed as 
well.  These are any parts that can make or modify votes.  These parts 
need to be able to run in isolation so that they can be executed in a 
controlled environment.   Of course, the voter's PC and browser is not a 
properly controlled environment but the voters' PC's are hard to find 
and infiltrate en masse without breaking something or tripping up any 
number of honeypots.
The weak bit is still the voter's PC, no doubt, but the greater risk is 
an attack to disable it for voting altogether.

Michael McMahon wrote:

> I don't see how voters can verify with this system that their vote
> was recorded correctly. It seems to me that the downloaded 
> applet/ActiveX thingy could
> switch anyone's vote, and noone (not even the auditors) would be any 
> the wiser.
> It's the old problem again. You can make it either provably secret,
> or provably accurate, but it's very hard to do both.
> Michael.
> David O'Callaghan wrote:
>> Hi,
>> Some information from an Estonian colleague.
>> David
>> -------- Forwarded Message --------
>> Hi,
>> Some of you were interested in Estonian e-voting. Here are some links.
>> On the page of the Estonian National Electoral Committee there is a
>> description of the e-voting system: 
>> http://www.vvk.ee/elektr/docs/Yldkirjeldus-eng.pdf
>> This document gives pretty good overview about technical and legal 
>> issues
>> around e-voting.
>> The Slashdot runs now a story about e-voting:
>> Estonian Internet Voting Called a Success
>> http://politics.slashdot.org/article.pl?sid=05/10/18/226222&tid=95&tid=219 
>> (Lots of discussion about Estonia vs. Elbonia in the comments :-)
>> There are also some screenshots about voting process made by Linnar 
>> Viik,
>> all in estonian:
>> http://linnar.viik.ee/index.php?op=ViewArticle&articleId=123&blogId=1
>> Best wishes!
>> _______________________________________________
>> E-voting mailing list
>> E-voting at lists.stdlib.net
>> http://lists.stdlib.net/mailman/listinfo/e-voting
>> http://evoting.cs.may.ie/
> _______________________________________________
> E-voting mailing list
> E-voting at lists.stdlib.net
> http://lists.stdlib.net/mailman/listinfo/e-voting
> http://evoting.cs.may.ie/

Craig A Burton                    Independent Online Elections
Director                          Australian, USA and UK management
Everyone Counts PL                UK ODPM Framework Supplier
director at e1c.net                  everyonecounts.com
ABN 27 097 697 777                P +61 3 9347 2199

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.stdlib.net/pipermail/e-voting/attachments/20051024/7a2b7dee/attachment.html

More information about the E-voting mailing list