[E-voting] details about ClearVoting
gargans at iol.ie
Wed Aug 29 16:07:03 IST 2007
Thanks for the follow-up. As you note, this list isn't really the place
to analyse new voting systems, so I'll keep this brief. Feel free to
reply off-list if you wish.
- As a voter, walking into a voting booth, how can I know that your
software is running on the voting terminal in front of me, and not a
modified version? You yourself can be sure if you trust your methods,
but what choice has a voter other than to trust you?
- It's impossible for a voter who is not familiar with IT to
independently prove the correctness of your system.
- Your website notes "No other part of the system (light blue) needs to
be reviewed since they all come from the Linux distribution downloaded
from the Internet." This is patently false. Open Source doesn't imply
security and correctness any more than Closed Source does. Accidental
software errors are found all the time (read the changelogs for any
popular Open Source project) and there have been cases of deliberate
errors being introduced by malicious contributors. And those are only
the errors that HAVE been found - what about all the other errors that
have yet to be found?
Have you read Ken Thompsons's "Reflections on Trusting Trust" ?
It explains why you can't necessarily trust your compiler, even if it is
Open Source. http://cm.bell-labs.com/who/ken/trust.html
- Voters have to blindly trust the machine in front of them when voting.
- Only IT professionals can independently verify or debunk the
correctness of your method. Even if it is verified, there's no way to
prove the code running on voting day is the same code that was verified.
- Just because software is "Open Source", it doesn't mean it should be
trusted any more than Closed Source.
- Even with correct application code, you still need to trust the
compilers, linkers, loaders, kernel, BIOS, disk firmware, CPU microcode,
etc that are involved in running your application. It is impossible to
prove they all are working correctly.
This is why a VVAT is preferred - machines can't be trusted, no matter
how competent or honest their programmers are. It's better to have an
independent audit trail that can be verified by the voters themselves
without needing a degree in IT.
emanuele lombardi wrote:
> A few months ago I presented ClearVoting, a practical implementation of the
> Mercuri method.
> As you may recall, most replies were negative.
> I claimed that its software (ClearSoftware) ensures the easy detection of
> any computing tricks that could produce unwanted results. I claimed it but I
> didn't prove it and, as I should have known, this was a mistake.
> Now I've just published on the web all details how to write ClearSoftware
> http://www.ClearVoting.com/detail_software_en.php and all details about
> ClearVoting http://www.ClearVoting.com
> I know the purpose of the list is not to analyze new voting systems,
> nevertheless I would really appreciate any remark from expert people like
> Thank you very much for any help,
> Emanuele Lombardi
More information about the E-voting