[E-voting] The best VVAT is good for

Brian O'Byrne bobyrne at statesoft.ie
Mon Oct 24 16:35:29 IST 2005

On Monday 24 October 2005 16:24, Colm MacCarthaigh wrote:
> On Mon, Oct 24, 2005 at 04:21:07PM +0100, Catherine Ansbro wrote:
> > VVAT only has value as a partial mitigation against the
> > completely unacceptable option of a paper-less and unauditable
> > DRE.  I.e., it is somewhat better than the worst-case situation.
> >
> > But it is not a "solution" to aspire to, for the reasons I
> > mentioned previously.  And it is dangerous in itself in that it
> > can mislead people into thinking it is more of a solution than it
> > is.
> I think this confuses the issue. A Voter Verified Audit Trail is
> simply a mechanism by which the voter has verified the correct
> recording of their vote :-)
> For example; the current, completely un-electronic voting system
> posesses a VVAT in the form of our ordinary ballot papers, That's
> all a VVAT is.

A VVAT is a little more than that.

You described something voter verified, but to be an audit trail it 
must be independent, persistent, immutable and possible to reconcile 
against the vote that is counted.

A DRE machine that displays the vote on-screen and asks the voter to 
confirm the vote before recording it is arguably 'a mechanism by 
which the voter has verified the correct recording of their vote', 
but there is no audit trail.

To be very pedantic about it the VVPB we currently use is also not an 
audit trail. Information security professionals will talk about an 
audit trail having failure modes different to the thing being audited 
(or better: having no common failure modes), so a thing cannot be its 
own audit trail.

Brian O'Byrne, Statesoft Ltd.
Tel: +353 1 4100 993, +353 86 240 4719

More information about the E-voting mailing list