Re: Re: Request for technical opinion on EBIs

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Mon May 24 2004 - 19:56:15 CDT

On May 24, 2004, at 8:41 PM, David Mertz wrote:
> Since an attacker can covertly record the order of votes (even if with
> some statistical fuzziness), nothing in vote records may include
> sequence or timestamp information, nor allow any way to reconstruct
> that. Almost the opposite principle as sensible log files for most
> computer systems.

Charlie will probably chime in here about my overstatement. Looking at
it, I admit I *do* reach a bit too far in my characterization. Actual
votes cannot be sequenced, but that's not quite the same thing as my
claim that -nothing- can be.

So let me backpedal slightly: You -could-, for example, timestamp
records of the raw time at which votes were cast, if these records
cannot be correlated with vote contents. And it's probably good to
record the times when machines are initialized and finalized. And
maybe a bit more.

But I stand by the attitude I want to promote. In most systems, you
can throw in all kinda of timestamps and logs, -just in case- they
might prove useful. For OVC, every time you want to record any
sequence or time information, you need first to think hard about
whether that can compromise voter anonymity (even through statistical
attacks).

For example, Charlie has proposed that a certain kind of back-reference
from ballots to prior ballots could help detect tampering or other
problems (this could be in either EBIs or on actual paper ballots).
He's right, in fact. But at first blush, that provides sequence
information about ballots. There may be a way to implement Charlie's
idea with suitable cryptographic masking, thereby preserving anonymity.
  Or there may not, details have not been proposed yet. I feel strongly
that our first attitude towards this kind of proposal should be
skepticism... but no so much so that we're not willing to accept
records that can be proven to maintain anonymity suitably.
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Mon May 31 23:18:03 2004

This archive was generated by hypermail 2.1.8 : Mon May 31 2004 - 23:18:17 CDT