Re: Fw: Meet the $499 Mac.

From: Ron Crane <voting_at_lastland_dot_net>
Date: Mon Aug 29 2005 - 10:28:08 CDT
Nathan L. Adams wrote:
Hash: SHA1

Ron Crane wrote:
Once I thought there might be a practical way to ensure reasonably
secure e-voting, and that OVC was pioneering that way. Now I believe
that there is no such way, and that those who would plant malicious code
will always be several steps ahead of those who would uproot it.

This is going to sound harsh, and I appologize in advance for that (I am
honestly NOT trying to flame you personally)... But don't confuse your
own abilities vs. malicious code planters with other peoples' abilities
vs. malicious code planters.
Similarly, don't overestimate your own abilities to anticipate and head off threats, particularly those presented by malicious vendors using devices hidden in firmware or hardware. Your argument is but to say "It doesn't matter if you don't have faith in yourself to head off the threats, you can have faith in me." Yeah.
I do agree whole heartily that we should Keep It Simple, Stupid; that
will only make the auditing process much easier (a Good Thing). But
there isn't anything magical or mysterious to fear about computers in
general. If properly done (and I think the OVC is on the right track)
e-voting can be as secure (or better) than other voting technologies
(including hand-written paper ballots).
No "magic" or "mystery" is involved in the cheats I postulate: merely common human motivations (greed and the quest for power), the means to put those motivations into action (being a vendor with complete knowledge of every aspect of every system shipped), and the opportunity to do so (while building and maintaining those systems). Computer technology advances every day, and systems based upon it thus continually present new threats (e.g., new covert channels for the transmission of "triggers" and/or cheating code). In contrast, properly-constructed (precinct-based) hand-count procedures do not have this failing. Yes, they can be gamed -- to a limited degree and one precinct at a time. Widely-deployed e-voting systems can be gamed a nation at a time.

Finally, e-voting is not, and never will be, capable of effective public supervision. While, with VVPB, a conscientious individual will be able to verify whether her vote is recorded correctly on the human-readable portion of her ballot, no one can say that the election as a whole was presented correctly (presentation frauds on the voting stations) or recorded correctly (for the 20th time, does anyone know of any study indicating the effectiveness of voter verification?). Tabulation is in somewhat better shape, assuming the use of properly-conducted sampling HAND recounts (notice how we always fall back on that for real security?) But because individual citizens of ordinary training and intelligence cannot effectively supervise the process as a whole, they must simply have faith that e-voting-based elections are conducted properly (as you just urged me to do with respect to your ability to head off attacks). This transfers control of elections from the citizenry as a whole to a small group of technocrats, which is, of course, a recipe for totalitarianism.

Thus e-voting systems combine the need for continuous vigilance against ever-increasing threats with the inability to effectively be supervised by anyone other than members of a very small elite. I guess there's no problem with this, and that I should simply have faith. I don't, won't, and am moving on to help create and implement effective procedures for precinct-based hand-counted paper -- a system that can be supervised in detail by any person of ordinary intelligence and experience, and which, thus, requires only a bare minimum of faith.


OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Wed Aug 31 23:17:33 2005

This archive was generated by hypermail 2.1.8 : Thu Sep 15 2005 - 11:44:12 CDT