[E-voting] Any statisticians subscribed? Looking for a tipping point.

Craig Burton caburt at alphalink.com.au
Fri Sep 9 07:45:22 IST 2005

> And if REV is being used, this is automatically also a medium for 
> affecting a Central Counting Computer--so once again the use of this 
> voting methodology means that it can affect ALL the votes, not just 
> those votes that were placed using REV.   [snip]

Are you suggesting the central counting computer be placed online?  At 
the REV election I ran in the UK, REV votes were tallied as a subtotal 
(an EML schema) and this subtotal was added to other channel totals.  I 
have heard of the tally computer being online - the ACT eVACs counter 
was online in 2002, but I doubt anyone would do this now.  The tally 
computer should be a clean PC - something built or booted for the 
purpose of counting votes at that time.  It should take votes on CDR or 
some other WORM medium.  It should use a minimal operating system, no 
hard drive and provide a minimal, signed system for counting.  Anything 
else helps obscure trouble.

> One would also then have to factor in such things as likelihood of 
> fraud occurring at all the possible points of vulnerability.  If DREs 
> or Central Counting Computers or REV are used the number of 
> vulnerabilities are exponentially greater.  Postal votes (w/o Central 
> Counting Computer) also has many additional points of serious 
> vulnerability.

I think the likelihood is linearly greater.  You assume the 
vulnerabilities may be easily exploited in combination.  In fact, this 
is more of a chain probability : 0.1 to penetrate remote clients, 0.1 to 
penetrate the tally server, 0.1 to throw the count undetected == one in 
a thousand chance of success.   Consider also that exponential growth in 
fraud carries with it an exponentially increasing likelihood of 
discovery.  Fraud doesn't work if it is discovered (in time).  It only 
needs to be discovered and reported once, in one instance by one person 
or system and the game's up.   Bayes' theorem shows this non-linear 
probability increasing (for randomly occurring fraud, at least).

> In our current system the major point of vulnerability is during 
> transport of the ballots.  It requires trust of the Gardai, which may 
> or may not be warranted.  (And in any case, we should never have to 
> take ANYTHING relating to elections on trust.  This is an invitation 
> for trouble.)  This area would be more trustworthy if all transport of 
> ballots were required to include at least 2 candidate reps or 
> independent public observers.  As I've posted here before, I know of 
> one case where someone was hired to transport a box, and on delivery 
> she discovered that it was a ballot box.  There were no Gardai 
> accompanying her and she could have done anything she wanted with it.

Actually, that's an interesting idea : the largest diamond in the world 
was sent second class post from South Africa to London.  A convoy of 
armed guards with an empty box travelled another route.

OTOH if the votes are encrypted and voters can confirm inclusion, votes 
can be transported by whomever or whatever.


More information about the E-voting mailing list