[E-voting] Evolution of e-Voting...

Michael McMahon michael at hexmedia.com
Wed Sep 12 11:40:44 IST 2007


David,

Meant to reply to your message about cryptographic e-voting systems (or 
"math" systems as you call them)
before now, but here goes anyway.

>
> I was today at a cryptography presentation that was talking about 
> advance in electronic voting.
>
...
> It will be very difficult for normal citizen and for most of those 
> that see the issues with "computer voting" to have the right level to 
> catch and verify that the "math voting" is having the required feature 
> and that is actually done/seen on the computer and used to 
> verify/proof is actually valid and meaningfull.
>
> Are there argument that hold against this new kind of eVoting?
> Can we make sure that the argument we use today will not be invalidate 
> tomorow because they do not work anymore with math voting?
> Do you see this as a risk too, or is it the magic solution?
It's not a magic solution, but I've believed for a long time that these 
"mathematical" systems are the only potentially
practical way to implement trustworthy electronic voting and counting 
systems which retain strong guarantees
of secrecy and accuracy. But, I see a few areas of concern that need to 
be satisfied before they can be really implemented.

First, is the question of cost. There has to be a real tangible benefit, 
which justifies the considerable cost
involved in electronic voting. But, I don't think that question can be 
answered until you have the detailed specification
of a proposed system. "The devil is in the detail" as they say. Having 
said that, secure e-voting systems
based on cryptographic receipts, ought to be less costly than secure 
e-voting systems based on VVPB.
(I'm talking about total election costs here).

Second is the question of understandability and trust. If nobody 
understands how these systems work,
then how can they possibly trust them? The problem up to now, has been 
that mostly, these systems
have been presented at an academic (mathematical) level, which is not 
very accessible to most election activists, to the
media, and certainly not to the general public. But I think that's ok, 
given that they are at such an
early stage of development. At some point, when the academics are 
convinced that all of the problems
they know about are solved, then it will become possible to better 
explain how they work.
What's likely to happen is that explanations will be provided at 
different levels, with certain
simplifying assumptions used to make it easier to understand. 
Ultimately, I don't believe
it is necessary for all voters to understand all of the details. It is 
ok for people to put
trust in others, so long as the trust is rationally based and not misplaced.

Also, trust in these systems ultimately depends on the security 
guarantees provided by the
cryptographic algorithms used. So, one of the questions to be considered 
is: what would the effect
be, if some of these algorithms become compromised in the future. Or 
perhaps, more signficantly,
what will the effect be, when people inevitably *claim* they are 
compromised? Personally, I think these questions
can be answered, but it is important that they are dealt with.
 
Third is the question of usability. There's no doubt that these systems 
require some more effort
on the part of the individual voter. How much more, depends very much on 
the exact system. But
in return for this extra effort, I believe the voter is rewarded with a 
much higher level of assurance
that their vote has been recorded and counted, correctly and 
anonymously. It also involves the voter
more centrally in a more interesting way.

In conclusion, I think it is possible and useful to debate some of the 
common characteristics
of these cryptographic based e-voting systems, but it's too early to 
make definite judgements
about whether we should use them.

Michael.



More information about the E-voting mailing list