[E-voting] UK shelves plans for e-voting trials

Craig Burton caburt at alphalink.com.au
Fri Sep 9 07:45:58 IST 2005


Brian,
My point is that some form of remote voting must be provided : whether 
it improves turnout or not is irrelevant.  Eligible voters have a legal 
right to vote and it can't be prohibitively difficult.  Likely voters 
aren't lazy, nor are they disengaged.  It's clear that many voters are 
too disbursed to attend local polls.  It's going to become clear that 
postal voting will not serve them very well.

Allowing REV submission of more than one vote (last vote counts) weakens 
coercion and selling.  A biometric of some sort would also make it hard 
for me to sell my "REV PIN" for someone else to use.

I wish I could provide the details of lots of successful REV pilots, but 
there have not been enough.  Ongoing REV pilots will simulate better REV 
systems.  It is an active research field.

DRE systems are isolated vote collectors.  REV systems are centralised 
client-server and no votes reside on the client.  The server can enjoy 
strong perimeter security.  That's a good start.  It's obviously better 
if a mobile voting client is used which encrypts the voter's vote on 
their PC so it remains encrypted back in the server databases.  A mobile 
client also strengthens the PC environment to an extent by allowing an 
off-line voting session, resisting Javascript probes in the browser, 
being more verifiable by being signed code etc.

REV gives the voter a non-identifying, non-evidential receipt.  Voters 
can use this to prove their inclusion.  DRE systems do not do this.  To 
quote Ted Selker "voter verifiability will only occur when the voter can 
know their vote is in the final tally, while they are still in the 
voting booth". 

REV hasn't really seen the light of day but it is a rapidly advancing 
field, making full use of cryptography (as in PKC), formal methods (as 
in the Dutch KOA system), transaction security (as in Kwangjo Kim's FIFA 
system), strong voter identification (as in the US DoD, Estonia and 
others using PKI) and "open code" designs (my own work: emitted Java 
remote client code encapsulates the entire election and is made public, 
is signed).  Worried about DDoS?  I gave a paper last week at EGOV05 in 
Denmark describing how I have made use of the Planet Lab and a dedicated 
Freenet installation to allow true peer-to-peer voting that can't be 
interrupted like a client-server system can.  Poor DREs have in fact 
contributed to the demand for REV.  When REV is finally deployed it will 
be done right : no government will risk another DRE debacle.  Private 
and public agencies are working hard on REV.

Craig


Brian O'Byrne wrote:

>Craig,
>
>REV has all the drawbacks and vulnerabilities of a DRE (Direct 
>recorded electronic) vote, with the additional concerns that:
>- Authentication of the voter is weak. (The person casting the vote 
>might not be who they pretend to be).
>- Coercion and vote selling are facilitated and cannot be detected.
>(Consider the very low tech of someone standing over you as you cast 
>your vote, threatening you with violence or offering cash).
>
>Postal voting also suffers from these two concerns, but at least the 
>vote count can be conducted in an open way, avoiding many of the 
>problems of DRE.
>
>The bottom line is that by choosing mail or remote electronic voting 
>you are sacraficing the integrity of the system in exchange for 
>convenience or increased turnout. Having more votes cast does not 
>help democracy if those votes are not an accurate picture of the will 
>of the electorate.
>
>A modern democratic election depends upon voter authentication, the 
>secrecy of the ballot and the integrity of the count. If you 
>compromise any one of these then you compromise the entire election.
>
>Brian.
>
>On Thursday 08 September 2005 14:16, Craig Burton wrote:
>  
>
>>Catherine,
>>I've read only two articles about this so far.  The one posted here
>>and the BBC one:
>>http://news.bbc.co.uk/1/hi/uk_politics/4219008.stm
>>This article frames postal voting as the go forward technology.  Of
>>course registration is the real vulnerability.
>>
>>I don't think either postal voting or REV are perfect, but postal
>>voting is weaker.  It gives no receipt, it has poor reach, the
>>postal system can be attacked where votes accumulate most etc.  Low
>>tech is enough to break it.  Postal voting was never meant to
>>scale, it has been the traditional method of minority fraud
>>wherever it has been used.
>>
>>However, if you think all voters can be compelled to attend polling
>>stations and there be no remote methods, you've got be kidding. 
>>People have never had less time to vote nor do they travel farther
>>from where they need to be to vote than they do now.
>>
>>I think voting has to be compulsory.  I think some REV methods are
>>going to be needed as a concession.  Obviously the REV methods to
>>be used need to be adequately secure.
>>
>>Best,
>>Craig.
>>
>>Catherine Ansbro wrote:
>>    
>>
>>>Craig,
>>>
>>>Both Remote E-Voting and Postal Voting are open invitations to
>>>fraud. It is dangerous and disingenuous to frame this as an
>>>"either/or" question between these 2 options.
>>>
>>>There is no point getting more people involved in voting if in
>>>doing so the integrity of the entire election is compromised.  In
>>>fact, this strategy is doubly dangerous because it is potentially
>>>grossly misleading:  it could lead people to think they are
>>>having a say by participating in an election, when in fact the
>>>election method has deprived them of their vote.
>>>
>>>Catherine
>>>
>>>Craig Burton wrote:
>>>      
>>>
>>>>Marian,
>>>>This isn't on the list.  So I CC them, hope that is OK.  DavidG
>>>>hates it when things are off the list.
>>>>REV is remote electronic voting.  It's also a type of skinny
>>>>milk we have in Australia, so please excuse any confusion.
>>>>
>>>>Marian Beddill wrote:
>>>>        
>>>>
>>>>>Craig;
>>>>>
>>>>>I don't recognize the acronyn "REV".  A search didn't help.
>>>>>Please define/explain.
>>>>>
>>>>>Marian
>>>>>
>>>>>At 9/7/2005  09:35 PM, you wrote:
>>>>>          
>>>>>
>>>>>>Ouch.  Fortunately postal voting will save the day.
>>>>>>
>>>>>>It's cheaper* than REV, it's safer** than REV and people love
>>>>>>it***. * But the cost goes up with scale.  I can't believe it
>>>>>>would be cheaper for 20M voters.
>>>>>>** Four convictions so far for postal pilot fraud, REV zero.
>>>>>>Per-household registrations : all the fun of family voting. 
>>>>>>And do you get a receipt?
>>>>>>*** 95% REV users wanted it to be ongoing.  We'll see about
>>>>>>postal - I predict the uptake will fall
>>>>>>
>>>>>>Good luck Estonia!
>>>>>>
>>>>>>Shane Hogan wrote:
>>>>>>            
>>>>>>
>>>>>>>From http://www.enn.ie/frontpage/news-9636510.html
>>>>>>>The UK government has dropped its plans to run trials of
>>>>>>>e-voting technology
>>>>>>>in advance of next year's local elections. The Office of the
>>>>>>>Deputy Prime
>>>>>>>Minister issued a statement cancelling a procurement that
>>>>>>>called for IT
>>>>>>>suppliers to provide it with technology to run pilots between
>>>>>>>2006 and 2010.
>>>>>>>"This notice has been cancelled as the government has decided
>>>>>>>not to invite
>>>>>>>applications to conduct electronic electoral modernisation
>>>>>>>pilots in 2006.
>>>>>>>All organisations that submitted an expression of interest in
>>>>>>>the tender
>>>>>>>have been notified of the cancellation," the ODPM said.
>>>>>>>Trials had been due
>>>>>>>to take place next year that would include internet, phone,
>>>>>>>SMS and digital
>>>>>>>TV voting, along with pilots of electronic polling stations
>>>>>>>and vote counting systems. E-voting pilots last took place in
>>>>>>>the UK in 2003; plans
>>>>>>>for further trials in 2004 were abandoned on the advice of
>>>>>>>the Electoral
>>>>>>>Commission. The government has not yet given a reason for the
>>>>>>>cancellation
>>>>>>>of this year's e-voting plans.
>>>>>>>
>>>>>>>
>>>>>>>_______________________________________________
>>>>>>>E-voting mailing list
>>>>>>>E-voting at lists.stdlib.net
>>>>>>>http://lists.stdlib.net/mailman/listinfo/e-voting
>>>>>>>http://evoting.cs.may.ie/
>>>>>>>              
>>>>>>>
>>>>>>_______________________________________________
>>>>>>E-voting mailing list
>>>>>>E-voting at lists.stdlib.net
>>>>>>http://lists.stdlib.net/mailman/listinfo/e-voting
>>>>>>http://evoting.cs.may.ie/
>>>>>>
>>>>>>
>>>>>>
>>>>>>--
>>>>>>No virus found in this incoming message.
>>>>>>Checked by AVG Anti-Virus.
>>>>>>Version: 7.0.344 / Virus Database: 267.10.19/92 - Release
>>>>>>Date: 9/7/2005
>>>>>>            
>>>>>>
>>>>>---------------------------------------------------------------
>>>>>---------
>>>>>
>>>>>
>>>>>No virus found in this incoming message.
>>>>>Checked by AVG Anti-Virus.
>>>>>Version: 7.0.344 / Virus Database: 267.10.18/90 - Release Date:
>>>>>5/09/2005
>>>>>          
>>>>>
>>>>----------------------------------------------------------------
>>>>--------
>>>>
>>>>_______________________________________________
>>>>E-voting mailing list
>>>>E-voting at lists.stdlib.net
>>>>http://lists.stdlib.net/mailman/listinfo/e-voting
>>>>http://evoting.cs.may.ie/
>>>>        
>>>>
>>>_______________________________________________
>>>E-voting mailing list
>>>E-voting at lists.stdlib.net
>>>http://lists.stdlib.net/mailman/listinfo/e-voting
>>>http://evoting.cs.may.ie/
>>>      
>>>
>>_______________________________________________
>>E-voting mailing list
>>E-voting at lists.stdlib.net
>>http://lists.stdlib.net/mailman/listinfo/e-voting
>>http://evoting.cs.may.ie/
>>    
>>
>
>  
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.stdlib.net/pipermail/e-voting/attachments/20050909/3875f916/attachment-0001.htm


More information about the E-voting mailing list