[Fwd: Re: [E-voting] About Estonian e-voting]
colm at stdlib.net
Mon Oct 24 13:20:56 IST 2005
On Mon, Oct 24, 2005 at 10:13:14PM +1000, Craig Burton wrote:
> >That's not a virtue. That's a weakness.
> This relies on the hands being virtuous.
No it doesn't. Less hands means a lot less people to bribe, corrupt
or whatever. It's that simple. More hands means more opportunity for
oversight. This is basic security.
> >You will need a clean compiler, a clean version of every library that
> >compiler uses, a clean version of the kernel running the compiler, and
> >clean version of the hardware running the compiler. And you'll need all
> >of that all over again for the running binary. It is a complete waste of
> There are no absolutes; that's bad form.
This however is an absolutele. It is trivial to prove the above with
> A hack has to work, it has to work silently and specifically and it has
> to not be detected. It has to work in the presence of other software,
> it has to work on software that changes, it has to be developed, tested,
> successfully deployed, it has to wait till the right time.
Maybe, that all depends on the full details of the scenario.
> You imply ts a cakewalk to have whatever hack you can think of hidden
> anywhere you can imagine on any machine anywhere.
I do not imply this, at all.
> That's simply impossible.
The problem is that it's not. It is categorically possible, and we must
always ensure that we are protected against this possibility. Its
improbability is outweighed the the impact of such a problem.
> The real risks can be managed.
Absolutely, and VVAT is still the only convincing and practical
risk-management strategy I've seen.
> If this software process looks cumbersome, you haven't seen a
> Hare-Clarke recount with Robson Rotation (there are several permutations
> of the ballot layout) for 200,000 votes. Actually, I haven't either,
> but it took a month. That's enough.
That's an unrelated problem.
Colm MacCárthaigh Public Key: colm+pgp at stdlib.net
More information about the E-voting