[E-voting] details about ClearVoting

Paul Gargan gargans at iol.ie
Wed Aug 29 16:07:03 IST 2007

Hi Emanuele,

Thanks for the follow-up. As you note, this list isn't really the place 
to analyse new voting systems, so I'll keep this brief. Feel free to 
reply off-list if you wish.

- As a voter, walking into a voting booth, how can I know that your 
software is running on the voting terminal in front of me, and not a 
modified version? You yourself can be sure if you trust your methods, 
but what choice has a voter other than to trust you?

- It's impossible for a voter who is not familiar with IT to 
independently prove the correctness of your system.

- Your website notes "No other part of the system (light blue) needs to 
be reviewed since they all come from the Linux distribution downloaded 
from the Internet." This is patently false. Open Source doesn't imply 
security and correctness any more than Closed Source does. Accidental 
software errors are found all the time (read the changelogs for any 
popular Open Source project) and there have been cases of deliberate 
errors being introduced by malicious contributors. And those are only 
the errors that HAVE been found - what about all the other errors that 
have yet to be found?

Have you read Ken Thompsons's "Reflections on Trusting Trust" ?
It explains why you can't necessarily trust your compiler, even if it is 
Open Source. http://cm.bell-labs.com/who/ken/trust.html

In summary:

- Voters have to blindly trust the machine in front of them when voting.

- Only IT professionals can independently verify or debunk the 
correctness of your method. Even if it is verified, there's no way to 
prove the code running on voting day is the same code that was verified.

- Just because software is "Open Source", it doesn't mean it should be 
trusted any more than Closed Source.

- Even with correct application code, you still need to trust the 
compilers, linkers, loaders, kernel, BIOS, disk firmware, CPU microcode, 
etc that are involved in running your application. It is impossible to 
prove they all are working correctly.

This is why a VVAT is preferred - machines can't be trusted, no matter 
how competent or honest their programmers are. It's better to have an 
independent audit trail that can be verified by the voters themselves 
without needing a degree in IT.


emanuele lombardi wrote:
> Hi!
> A few months ago I presented ClearVoting, a practical implementation of the
> Mercuri method.
> As you may recall, most replies were negative.
> I claimed that its software (ClearSoftware) ensures the easy detection of
> any computing tricks that could produce unwanted results. I claimed it but I
> didn't prove it and, as I should have known, this was a mistake. 
> Now I've just published on the web all details how to write ClearSoftware
> http://www.ClearVoting.com/detail_software_en.php and all details about
> ClearVoting http://www.ClearVoting.com 
> I know the purpose of the list is not to analyze new voting systems,
> nevertheless I would really appreciate any remark from expert people like
> you.
> Thank you very much for any help,
> Emanuele Lombardi
> Italy 
> http://www.ClearVoting.com
> http://www.electronic-vote.org 

More information about the E-voting mailing list