[Fwd: Re: [E-voting] About Estonian e-voting]

Michael McMahon michael at hexmedia.com
Mon Oct 24 18:01:09 IST 2005

Catherine Ansbro wrote:

> VVAT is full of holes, unless 100% of the ballots are counted by hand 
> after each election--and even this has its risks.
> 1) There are legal problems--VVAT is only as good as the laws 
> requiring that the paper ballots be counted by hand.  Experience 
> elsewhere has shown that this can be VERY problemmatical.  There's no 
> point considering VVAT without simultaneously considering companion 
> legislation.

Yes. be counted or at least verified by hand.

> 2) There are sociological problems--over time, with no difference in 
> results, there could be a tendency to get sloppy about the hand count, 
> creating pressure to do away with the obligatory hand count.  Since 
> there would be reliance on the early "electronic" results, the quality 
> and quanity of public oversight of the hand counting would be severely 
> diminished.

This is a risk. But at least it's a risk that would be visible when it 
happens.In the estimate I did, I figured
a typical audit would be less than an hours work for five people.

Worth noting, the crypto receipt systems do not suffer from this problem 
because there
is no manual handling needed at all.

> 3) Counting a "statistically relevant" sample (whether 1%, 3% or 10%) 
> does not assure detection of tampering.  Unlike accidental "mistakes" 
> or "glitches," hacking is not a random event that is necessarily 
> likely to be spread evenly.  It opens up other attacks, depending on 
> insider affiliation (and potential ability to control how the sample 
> is chosen).  Changing a very small number of votes can be enough to 
> change an election result.  Our election officials have already shown 
> willingness to ignore even large discrepancies.

We've argued this point before.What matters is that the sample is truly 
 It doesn't matter whether the errors are distributed randomly or not.
Taking a random sample, is something that can be observed. Therefore, random
samples will detect all kinds of errors including those caused by hacking.

It's true that changing a small number of votes could be enough to 
change a result. And it's not possible
to achieve 100% confidence by sampling, but IMO the effort required to 
deliberately hack the system
is way greater than the potential benefit, which is only a handful of votes.


More information about the E-voting mailing list