[Fwd: Re: [E-voting] About Estonian e-voting]
caburt at alphalink.com.au
Mon Oct 24 12:40:43 IST 2005
Colm MacCarthaigh wrote:
>On Mon, Oct 24, 2005 at 09:10:35PM +1000, Craig Burton wrote:
>>Agree. We have to trust someone somewhere. Even in a paper election no
>>one observer can be everywhere at once.
>A lot of those observers are in competition, and very keen to see that
>the other side does not cheat. Cheating is vastly more manifest and
>detectable on paper.
We wouldn't be discussing it if it was never successful. One virtue of
electronic voting is that fewer hands touch the votes. So then you
might argue that various systems become these "hands" are are
unobservable to boot. But in fact, systems are a lot dumber than
hands. To cause an election to go my way, I have to act on certain
votes in certain ways. If something changes, my hack breaks.
This is well known and was very exciting for us programmers, but the
hack is brittle. If the UNIX source for login changes, the compiler
malware breaks. The compiler is a good place for a hack, that's why we
need a clean compiler if we are going to bother auditing code, I
suggested this above.
But if I change a voting application (lets say every mobile voting
client created is different each election, this is further obfuscated by
Java class obfuscators like Zelix), then a hack like the compiler hack
or something deeper, waiting in the bowels of the system, will probably
Hacks are machines too - they need precise conditions and good design,
it's not magic.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the E-voting