Re: securing electronic ballots

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Mon Nov 24 2003 - 11:39:55 CST

|> We welcome vigorous debate, and we are honored to receive input from such
|> an expert on cryptography like you. But we could also use some help with
|> immediate tasks. (Clay Lenhart) wrote:
|Alan, I only care about one thing: securing the electronic ballots.
|More specifically, I think the goal should be: electronically detecting
|tampering of the ballots.
|Back to the original point, some of us will only work on one section of
|the software.

It's fine, of course, for Clay to only be interested in the one aspect.
But it's not so easily divorcible from other issues.

For example, tampering with printed ballots is just as important as
tampering with the electronic ones. Specifically, a very generic attack
on the integrity of electronic records could force a physical recount--
but if that was accompanied by a more sophisticated falsification of the
physical records... well, we're screwed.

Moreover, even the electronic security is more complicated than just the
signing algorithm involved. If the interface code (or something it
relies on, like a device driver) is corrupted, it could perhaps produce
false electronic ballots with the right signatures and/or fail to record
legitimate ones. Sure in-transmission tampering needs to be addressed,
but so do lots of interrelated issues.

...that is, AFTER the demo.

Yours, David...

Keeping medicines from the bloodstreams of the sick; food from the bellies
of the hungry; books from the hands of the uneducated; technology from the
underdeveloped; and putting advocates of freedom in prisons.  Intellectual
property is to the 21st century what the slave trade was to the 16th.
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Sun Nov 30 23:17:07 2003

This archive was generated by hypermail 2.1.8 : Sun Nov 30 2003 - 23:17:13 CST