[E-voting] details about ClearVoting

emanuele lombardi vote at electronic-vote.org
Thu Aug 30 11:19:34 IST 2007


Dear Paul,

thank you for your reply.
I would like to counter your points.

1) My system does print VVBP and those pieces of paper are the ONLY legal
votes.

2) Voters don't need to verify nor to trust the software that prints their
votes as they simply verify the VVBP has printed on it the name of voted
candidate (or party).

3) Voters need to trust the software that counts their votes. Of course
voters may have no competence to verify the software, but parties and
organizations have it. I'm sure we agree that party representatives must
carefully watch voting operations whichever the media and the technology.
Thus they will be present in any polling room even at the opening of
election when the software is installed booting kiosks from the media that
has been officially distributed by the Authority (central or local). 

 [ Anyway voters need to trust something or somebody whichever is the media
used for voting. In traditional paper elections, as a voter, I trust that
votes will be properly counted and also that poll workers will properly
write the results onto the official statements. Voters, unless they stay in
the polling room all the time, also need to trust parties representatives.]

4) I know Ken Thompsons's "Reflections on Trusting Trust", in fact I linked
it from my web site http://www.electronic-vote.org. Such reflections are the
reason why I decided ClearVoting to use any of the Open Source operating
systems available on the Internet. In fact nobody can think they are hacked
just to make fraud in my voting application.

The use of a Linux distribution downloaded from the Internet and the use of
software written in an interpreted language give a very high level of
confidence that nothing bad will happen. Please note that the use of an
interpreted language means that no compilation is involved. 

Even if we think that RedHat, Suse, Ubuntu, Debian, Mandriva, Fedora, Gentoo
all distribute some hacked version of their software, I can't image how such
hacked versions could ever make fraud in our Open Source voting software
that is not compiled and that accomplishes extremely simple operations like
the counting by one.

Anyway, to increase security the Linux to be used is chosen among the many
by the bipartisan commission that also chooses a release/version that is not
the latest. Do we really think that (for example) version 5.0 of Ubuntu
contained such hackings or errors that will make our PHP software give wrong
results of additions by one? 

5) How can any software running "under" the Operating System alter the
results of our high level software that simply adds integers? I don't see
what BIOS or disk firmware could ever do alter the results of the "n=n+1"
computations done by our software. In any case voting kiosk are standard PCs
that when are not used for voting can be used for other purposes by the
local administrations. If they work properly it means that their low level
software also works properly. 

Dear Paul,
I hope I made clear my points. I agree that any further mail can be direct
not no bore all the list.

Ciao,
Emanuele




More information about the E-voting mailing list