[E-voting] Open source voting system

Catherine Ansbro cansbro at eircom.net
Mon Apr 8 17:38:18 IST 2013

Here in Ireland our initial focus when this forum was started was to 
avoid 1) and move to 2).

Over time (and personal experience of both the Irish & USA systems, and 
many knowledgeable tech contributors at blackboxvoting.org) it became 
clear that merely aiming for a system that is "verifiable" is an 
inappropriate goal for an election system on which democracy depends.

As various people have articulated--if it's not verified--by ORDINARY 
citizens--then the election (and government!) is no longer in the hands 
of the citizens & it's not a democracy.

A number of cryptographic solutions have been proposed sounding like 
that which Michael proposes.
In addition to the complexity (which is not possible to make 
understandable to ordinary voters), such systems are not suitable because--

1) By definition, encrypted software etc. is not "observable" by 
ordinary citizen observers. That's true of any software, but even more 
so by cryptographic software.

2) Someone has to have the key to the encryption: one or more insiders. 
This is a fatal flaw. No election system should require "trust", 
especially not of election administrators.

3) There's no way to validate that what runs at election time is what 
was tested or approved. This is still true of encrypted software.

4) It is not enough that an independent voter can verify their own vote. 
All kinds of shenanigans may have been done, with some of the other 
votes that I cannot verify--e.g., adding in extra votes in the name of 
voters who are known not to have voted at recent elections.


On 08/04/2013 17:07, michael at hexmedia.com wrote:
> On 2013-04-08 14:38, Kommer Kleijn wrote:
> [...]
>> I actually distinguish three levels of trust in a voting system:
>> 1)not-verifiable, 2)verifiable, 3)verified. Only the third is
>> acceptable for democratic elections. "It can eventually be verified"
>> is not good enough. The count needs to be actually verified by human
>> citizens. Up to today only forms of manual counting provide that
>> feature.
> I think the distinction between 1), 2) and 3) is important particularly
> in
> the US context, where they started out with not-verifiable voting
> systems,
> and in some cases at least, have ended up with "verifiable" systems,
> but the effort of verification is a significant burden. So, it's
> questionable whether,
> even with the best of intentions, it will be carried out in all cases.
> So, it's not a very satisfactory situation in the US.
> I haven't been following this subject for a few years, and it may well
> have moved on
> in directions unknown to me, but a while back I was
> interested in cryptographic voting and counting systems. I (still)
> believe that
> these have the potential to meet the requirements for "verified"
> election systems,
> where voters are not required to trust the election system provided by
> the
> election authorities. Since verification is done by independent
> software, and independent individuals, it is much more likely to happen
> in every election.
> I did a small bit of research myself, on a crypto system for
> voting/counting PR-STV
> and I know others have done similar (and better) work than mine.
> But, what it showed (to me) is that despite the apparent complexity in
> systems like STV,
> it is possible to record and count votes by software and prove
> afterwards that it was
> all done correctly and without having to reveal any information that
> isn't revealed
> in today's manual election systems.
> One problem with these systems though is how complicated they are to
> understand,
> and nobody is going to trust a system they don't understand. Having
> said that,
> I think that problem may be surmountable. Understanding of technology
> tends to
> be at different levels anyway. In any case, there are other issues, not
> least
> the scepticism that the previous generation of voting systems has
> created.
> So, I don't see anything like this happening any time soon.
> As regards this project, my 2 cents would be that it should be done in
> the context
> of a complete election system. It's not really worth solving one piece
> of the puzzle
> (a scanning system) without knowing how (or if) it fits into an overall
> solution for
> some election system.
> Michael.
> _______________________________________________
> E-voting mailing list
> E-voting at lists.stdlib.net
> http://lists.stdlib.net/mailman/listinfo/e-voting
> http://evoting.cs.may.ie/
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 2013.0.2904 / Virus Database: 2641/6224 - Release Date: 04/04/13

More information about the E-voting mailing list