[Fwd: Re: [E-voting] About Estonian e-voting]

Michael McMahon michael at hexmedia.com
Mon Oct 24 10:29:02 IST 2005


Craig Burton wrote:
> The mobile code isn't a likely target for a hack. Estonia would/should 
> have had the mobile code audited and compiled by the auditor, signed as 
> well.  

The mobile code is only one link in the chain. What about the code on the server
side, which is not seen by the voters? There would be no signature to check then.

Auditing and compiling code by a third party doesn't seem practical to me.
First, auditing is not gauaranteed to find all bugs. Second, the process of
auditing, building and signing a piece of software is too complicated,
too hard to observe, and too easy to be interfered with.

> Only one voter needs to spot this signature not being intact and 
> the game's up.  Probably 1% of the voters might do this, that's 
> plenty.   Other parts of the system need to be audited and signed as 
> well.  These are any parts that can make or modify votes.  

Who is going to know which parts can modify votes or not? Ultimately,
you end up having to trust the developers of the system.




More information about the E-voting mailing list