[Fwd: Re: [E-voting] About Estonian e-voting]

Craig Burton caburt at alphalink.com.au
Mon Oct 24 12:40:43 IST 2005



Colm MacCarthaigh wrote:

>On Mon, Oct 24, 2005 at 09:10:35PM +1000, Craig Burton wrote:
>  
>
>>Agree.  We have to trust someone somewhere.  Even in a paper election no 
>>one observer can be everywhere at once.  
>>    
>>
>
>A lot of those observers are in competition, and very keen to see that
>the other side does not cheat. Cheating is vastly more manifest and
>detectable on paper.
>  
>
We wouldn't be discussing it if it was never successful.  One virtue of 
electronic voting is that fewer hands touch the votes.   So then you 
might argue that various systems become these "hands" are are 
unobservable to boot.  But in fact, systems are a lot dumber than 
hands.  To cause an election to go my way, I have to act on certain 
votes in certain ways.  If something changes, my hack breaks. 

	http://www.acm.org/classics/sep95/


This is well known and was very exciting for us programmers, but the 
hack is brittle.  If the UNIX source for login changes, the compiler 
malware breaks.  The compiler is a good place for a hack, that's why we 
need a clean compiler if we are going to bother auditing code, I 
suggested this above.
But if I change a voting application (lets say every mobile voting 
client created is different each election, this is further obfuscated by 
Java class obfuscators like Zelix), then a hack like the compiler hack 
or something deeper, waiting in the bowels of the system, will probably 
break.

Hacks are machines too - they need precise conditions and good design, 
it's not magic. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.stdlib.net/pipermail/e-voting/attachments/20051024/cef08d57/attachment.htm


More information about the E-voting mailing list