Re: Fw: Voting Systems Rating Workshop

From: charlie strauss <cems_at_earthlink_dot_net>
Date: Tue May 02 2006 - 11:31:54 CDT

The very premise of these "secure voting" systems bothers me. It seems to cast intrisically reliable and tamper resistant systems like paper ballots with contemporeneous electronic records as horse and buggy technology and want to supplant them with as yet uncracked gee-whiz mathematics or gizmhos. (I'll note I'm not a luddite: I'm part mathematician and have even coded my own RSA algorithms).

whereas the real issue is if something is transparently secure to the voters and has a robust recover system when there is less than 100% perfect exectution of any component from operater error to programmer error to mechanical error.

So if there is a way to influence this nist analysis it should be used to emphasize human factors studies, intrisic robustness, and trade-study on the need for improved "security". That is, if you impose some new security requirement but that requirment is incompatible with, say, cut-sheet paper summary ballots, have you really impoved voting. Sure maybe it's more "secure" in terms of informatic untamperability in some narrow portion of the data processing stream, but was it worth the loss in other attributes of voting.

I fear this might be a stalking horse by manufacutuers to invent new "requirements" that only the touchscreen DRE type systems can satisfy. We saw this ruse previously with the Vote-HERE technology that tried to create new desiderata for voting like allowing a voter to verify his ballot made it to city hall, or giving out receipts like Chaum's algorithm. Those Desiderata are undesirable since they forclose other far more important and sometime intangible attributes in voting systems.

Finally I have an extremely jaundiced view of the security of data protection algorithms. Just like all the security in the world won't withstand a crappy passwrod or a keyboard logger, there's frequently ways to defeat these things by thinking outside the box. Moreover nearly every system I have stiudied (e.g. Vote Here) tends to move the point of attack from a distributed conspiracy requiring many local attacks to a single point of failure at a central point (e.g. someone somewhere has to know the secret keys). I'd prefer voting hacks to have to be retail rather than wholesale.

OVC-discuss mailing list
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Wed May 31 23:17:02 2006

This archive was generated by hypermail 2.1.8 : Wed May 31 2006 - 23:17:07 CDT