Electronic vote poses big security risk

daveirl

This post has been deleted.

MÓC

simple solution.

voting boot prints a reciept, voter puts reciept in ballot box,
the result can be calculated using the machine and verified using
the ballot box

daveirl

This post has been deleted.

Greenbean

I think it sounds good. It keeps things quick and it makes it much more transparent - the receipts don't have to be counted, just stored, unless there is a question of fraud, and then we have a hardcopy fallback to check with. Stops someone simply moving a slider bar on some computer somewhere and knowing they will get away with it.

bonkey

Ms Lillington does not fully understand the issue, or is being deliberately disingenuous.

First the issue of failure.

Yes computer systems fail. So what? This hasnt stopped us putting them in life support systems, letting them control the mechanisms of airplanes carrying hundreds of people, or indeed control driverless metro trains carrying thousands of people daily.

Failure can be worked around. This is a simple fact. The question is whether or not acceptable fail-safes can be built in at an acceptable cost.

Given the relative lack of complexity of electronic voting, I would be inclined to say yes.

Now the issue of auditability and accountability.

Ms. Lillington would have us believe that a piece of hardware and the programs that run on it are not sufficiently auditable. On the other hand, she completely fails to recognise the lack of auditability and accountability which exists in the paper-based system.

If someone "loses" or "adds" several ballot papers (or boxes of them) in a paper-based election, where is the auditability or accountability? How did graveyards have such high turnouts over the years in Ireland? How could "vote early and often" have arrived as a tongue-in-cheek catchphrase for a major political party's voting methodology if the paper-based system is so good?

The simple fact is that anonymity and auditability are incompatible. They are incompatible in paper-based, mecanical and electronic systems. Ms. Lillington points out the failings in one area, but neglects to show that the alternative (traditional paper) is any more secure.

Lillington is starting from a correct premise - that Internet voting is impractical from a security and surity point of view. However, her logic in extending this to electronic voting booths is flawed. Internet voting cannot be made secure, and this can be proven. On the other hand, it is possible to design electronic voting booths which are proveably as sage and secure as the current systems, and which have the same degree of reliability which we entrust our lives to in so many ways in this modern world (planes, trains, automobiles, hospitals, traffic signals, etc. etc. etc.).

Whether or not this is what has been done is not the question. What Lillington is saying is like saying that because its possible to design a car which will blow up after 10 miles of driving, that no car can safely be driven for more than 10 miles.

Ultimately, what Lillington is saying is that we cannot trust computer programs, because they are written by people and can therefore be subverted.

What she neglects to mention is that the alternative is to allow people to do the counting directly....as if this is somehow more reliable?

jc

<edited to correct incorrect gender usage, as pointed out by adam>

dahamsta

It's Ms Lillington bonkey, or possibly Miss. If Karlin Lillington is a Mr, I fear I may be forced to reevaulate my entire sexual philosophy.

adam

bonkey

Originally posted by dahamsta
It's Ms Lillington bonkey, or possibly Miss. If Karlin Lillington is a Mr, I fear I may be forced to reevaulate my entire sexual philosophy.

adam

Oops. My bad.

Ahem.....allow me to edit...

daveirl

This post has been deleted.

sceptre

I might agree with you if all votes were put through the transfer system. While they use the "bundle" system in general elections, any move towards true PR is a good thing. I hate to think that my vote's transfers would be ignored, all transfers merely based on the average bundle they use now.

Gelmir

Just make sure the whole thing is running on Linux.

seamus

Simple solution.

Person votes. Value is added to db. Db is backed up onto separate disc. Simple. If it fails during someone's vote, a copy of the state of the db is there.........Aren't most of you people programmers?...

Shazbat

I didn't like the e-voting. Mainly because every voting machine had only a couple of hundred voters on it (as far as I could see, in my polling station). And the voters that use each machine are all in the same area ie same street or road.

This should be randomised as it gives an opportunity to unscrupolous persons to see what way a certain street or estate is voting. Which is a definite infringement on anonymity. This information would be very useful for campaigning purposes (to name but one)

The ballot box system would have been the same (voters on the same street casting their vote into the same box) but I think that having it all computerised would make it alot easier to gather the information (if somebody wanted to of course).

I don't know enough about the system to really come to any real conclusions. Does anybody know if I have a valid point or am I just talking through my arse?

Secondly, if somebody had have walked in with a powerful magnet could they have fúcked up the voting machine?

MrPudding

Originally posted by Shazbat


Secondly, if somebody had have walked in with a powerful magnet could they have fúcked up the voting machine?

I also don't know if a powerful magnet would mess up the machine it is possible I suppose but I would hope the storage devices are shielded. If they aren't it shouldn't be too difficult to make them shielded. On a similar note does anyone know if someone squirted lighter fluid into one of the ballot boxes and then lit it would it mess up the ballot box?

leeroybrown

The biggest problem that I would have with Electronic voting is that I enjoy all the protracted counts, transfers, tallys, etc. that go with the current paper based counting system.

Otherwise, I'm perfectly happy to vote electronically.

A properly designed Electronic voting station saving the data on a reliable storage medium is not a problem.

meglome

Considering the whole dimpled ballot fiasco in Florida allowing Bush to get elected, you have to wonder could electronic voting be worse?

While saying that I'd like to see the spec's/security features of the Irish system.

MrPudding

Originally posted by leeroybrown
The biggest problem that I would have with Electronic voting is that I enjoy all the protracted counts, transfers, tallys, etc. that go with the current paper based counting system.

Otherwise, I'm perfectly happy to vote electronically.

A properly designed Electronic voting station saving the data on a reliable storage medium is not a problem.

I am the complete opposite, I want instant gratification and I want it now. I'm sure it would be possible to secure a stand alone electronic device to all but the most violent attempts to ruin it or the data it holds. When they were showing one of the machines off on the lata late show (I think) they showed the data cartridge, it was a fairly hefty looking beast.

Shazbat

Originally posted by MrPudding
... On a similar note does anyone know if someone squirted lighter fluid into one of the ballot boxes and then lit it would it mess up the ballot box?

Facetiousness is a very ugly thing.

Michael Collins

Originally posted by Shazbat
Facetiousness is a very ugly thing.

Actually I think MrPudding made a very valid point. People (not just here) seem to be trying to find flaws with the electronic voting system. Obivouly if someone wanted to destroy the machine they could, just like they could with the ballet box.

Electronic voting is the way of the future; the benefits clearly out-weigh the possible risks - which can be reduced to a neglibile risk when proper precautions are taken. There's little or no chance of there being uncounted votes, like we had in the general election, for example. The majority of security risks with electronic voting we had with paper ballets too.

bonkey

Originally posted by Michael Collins
There's little or no chance of there being uncounted votes, like we had in the general election, for example. The majority of security risks with electronic voting we had with paper ballets too.

Just like the majority of security risks with Visa payments over the internet exist on paper-based transactions as well, but in one case they're a big issue, and in the other they're simply ignored or accepted.


jc

gandalf

Well personally voting Electronically did not actually feel like voting at all. I've voted in every vote since I got the vote and that just seemed like a really dodgy pub game. It now changes the results from a knive edge event where politicans suffer (which imho is a good thing) into a episode of Banzai (VOTE NOW

---

If you choose candidate one then you BIG Looooser ).

Personally I think the idea of a receipt been printed is a good one in case there is a problem then there is a record of what way people voted.

Gandalf

(No Sir the Excel spreadsheet never lies.........hang on whats this formula =IF(VOTE1="FF",(VOTE1*2),-1))

MrPudding

Originally posted by Shazbat
Facetiousness is a very ugly thing.

Sorry if I offended you. I do get annoyed with the "old is best down with the new" attitude. Of course there will be problems with any new system, this does not mean that the old system is flawless. Further it does not mean that the problems with the new system, if need be, cannot be fixed.

Shinji

Given some fairly basic crypto systems, it should be possible to create an entirely secure, tamper-proof system which is nigh on impossible to defraud, hack or muck up. I had a chat with a fairly hardcore crypto guy about this quite recently and he outlined the general thinking among online crypto groups on this; while existing e-voting systems don't conform to these standards (because governments still prefer security through obscurity - they can't understand how an open source system can possibly be more secure than a secret one), it would be pathetically easy to build one that did.

The question is not if e-voting is perfect, it's whether it's better than paper voting in every way - and I certainly believe that given the right system in place, it could be more secure, faster and less prone to tampering than any paper voting system that has ever been created.

Of course the yanks in Florida aren't helping things - they just completely cocked up a vote there using e-voting and have eroded confidence in the system massively. Best bit of it? In typical "bloody stupid american company" fashion, the machines they're using GUARANTEE to be accurate and secure... As long as nobody takes them apart to find out what their security measures are. So if the state wanted to prove that the machines messed up, they'd have to take them apart, thus invalidating the warranty and allowing the company who made them to get off scot-free...

Fooger

Having worked on the elections for many years, and now feel I would know the whole process of counting well, I don’t understand how people can say this new system is tamper proof. The old system may have had its flaws but it was well ironed out and the count itself was completely transparent. I do not worry or care about whether or not the machine can be broken as it is a proverbial tank of a machine and weighs a ton I worry more about a government party being able to tamper with the count.

It just seems that no one can verify the system if it produces the wrong result. No I am not saying that I worry if the count could be miss-calculated or if the system can be hacked, Jesus why bother! If you wanted to be smart tamper with the display device or better yet if you are even smarter just go behind the door pretend you are doing something on the machine and come back with the result you want. (they are now talking about not having the public humiliation of the last election happen again so things may get even worse).

Now I am related to the county registrar so I do trust her and all involved but I don’t so why others should have to. Why swap a transparent system for a non- transparent one.


I agree whole heartily that it should produce a receipt or card of some kind ( I've been saying this since I first saw these things funnily enough I didn't think of the simple logic of both receipt and cartridge ,silly me)

Shazbat

Originally posted by MrPudding
Sorry if I offended you. I do get annoyed with the "old is best down with the new" attitude. Of course there will be problems with any new system, this does not mean that the old system is flawless. Further it does not mean that the problems with the new system, if need be, cannot be fixed.

Don't get me wrong I am 100% for e-voting. But I think the government should do an exercise in giving the electorate a bit of info on it. Just to ease any concerns people might have.

I agree the old system isn't flawless. Its a very time consuming task counting all the votes by hand. And the lengthy recounts in the last general election could have been avoided with the new system.

I think that the idea of a receipt being issued to every voter is a good one. As everybody who has worked with computers knows it does no harm to have a hard copy as a precaution against unforseen events.

Meh

Originally posted by Shazbat
I think that the idea of a receipt being issued to every voter is a good one.

But that would interfere with the secrecy of the ballot. People would sell their votes and use the receipt to prove they voted according to the sale.

Currently, Bertie could pay me €100 to vote for him. But he doesn't, because there's no way for him to be sure I've kept my side of the bargain. With receipts, he could verify whether I voted for him or not.

gandalf

Sorry Meh maybe it wasn't explained well enough. You put the receipt in a ballot box and if there was a problem with the electronic vote then the ballot box can be counted.

Gandalf.

bonkey

Originally posted by Fooger
I don’t understand how people can say this new system is tamper proof.

No-one has said the new system is tamper-proof. What they have said is that it is not actually that technically difficult to build a system which is tamper proof.

If I said that because paper-based elections in some African nations have been shown to be corrupt, it is impossible to build a tamper-proof paper-based system, would you consider it a solid argument?

If you wanted to be smart tamper with the display device or better yet if you are even smarter just go behind the door pretend you are doing something on the machine and come back with the result you want.

Oh - you mean like the way you could just write the wrong figures up on the board in a paper-based election, or take a ballot box behind a closed door to "check something" and come back with the result you want.

Yes - I'm being facetious. However, the analogy is still the same. If you design a procedure which allows an individual unauthorised or unsupervised access to the inner workings of a system which isnt black-box sealed, then you have singularly failed to build a tamper-proof system.

Anyone can design a system which can be tampered with. What we're saying is that a bit of careful thought, and a couple of procedures (analagous to procedures which exist for paper-based voting) and bobs your uncle.

Why swap a transparent system for a non- transparent one.

OK - you can keep calling electronic systems "non-transparent" all you like, but you havent shown why. No-one has. It is, and can be, as transparent as you like.

Tell you what - name one area where you claim paper-based systems offer more transparency, and I will show you that you are either mistaken, or simply choosing to believe that the word of one individual/group offers transparency, and that the word of a different individual/group doesnt.

I agree whole heartily that it should produce a receipt or card of some kind ( I've been saying this since I first saw these things funnily enough I didn't think of the simple logic of both receipt and cartridge ,silly me)

Show me the receipt you get from a paper-based vote, and how this offers you any degree of additional certainty, and I'll concede that the electronic system should have a similar concept.

Otherwise, explain what the paper-based system has which the electronic system doesnt, which invalidates the need for this.

jc

Fooger

What I mean by transparent is that the entire paper process is viewed by the public and the various parties involved. The votes are first sorted and counted to check that the numbers in each box cross-checks with the number of people who voted in that area. Then the votes are sorted and then counted. The votes never leave public view and if anyone were to tamper with this system they would simply be seen to do so. This simple anti-tamper system works perfectly and I don’t see how it can be recreated on any electronic system which is done on too small a scale to be seen, making it more insecure rather then less.

DeVore

Originally posted by Fooger
What I mean by transparent is that the entire paper process is viewed by the public and the various parties involved. The votes are first sorted and counted to check that the numbers in each box cross-checks with the number of people who voted in that area.

That can be done with e-voting. The number of votes cast should total with the sheets of people who turned up and signed in to vote.

Then the votes are sorted and then counted.

As they are with the e-voting system. In fact, they are counted ACCURATELY which you cant say about hand counting.

The votes never leave public view and if anyone were to tamper with this system they would simply be seen to do so.

they do leave the public view. They get put into a box for a start! That box gets put in a van (presumably under heavy guard... hey, those guards could be BRIBED to take a DIFFERENT BOX out of the van when they get there...) etc etc. The vote counting is public yes but the votes they are COUNTING could be from anywhere.

Its like a magicians trick... when he offers you the ropes to check or to count the cards... its always going to be ok. He's already done the trick and knows he's home free.

This simple anti-tamper system works perfectly and I don’t see how it can be recreated on any electronic system which is done on too small a scale to be seen, making it more insecure rather then less.

Dont trust you're eyes. Trust your brain.
The only way they are EVER going to have secure system is when they open the process up to peer review. Because, well , frankly we are smarter then they are. And there are more of us.

As Bonkey says, it comes down to trust on occasions. You trust the guards to transport the ballot boxes. You equally will have to trust someone the same amount in e-voting.

DeV.

Fooger

I think some people seem to be missing my point and seem to be arguing an e-vote verses paper-vote which is not my point at all. Neither e-vote nor paper-vote can be tamper-proof but the count in a paper-vote is still a transparent system and therefore has an inherent advantage. My point being that if the e-voting system is so tamper-proof why NOT use a receipt and cartridge. The e-vote system would then therefore have to be perfect which I doubt it is.

MrPudding

Originally posted by Fooger
Neither e-vote nor paper-vote can be tamper-proof but the count in a paper-vote is still a transparent system and therefore has an inherent advantage.

I seem to be missing something, perhaps it is because I love tech stuff, how is the paper system more transparent? Do you mean that people can see lots of bits of folded paper which may or may not be votes? (Be aware, I am not calling into question the honesty of anyone involved in the administration of elections etc)

bonkey

Originally posted by Fooger
the count in a paper-vote is still a transparent system and therefore has an inherent advantage.

I fail to see the advantage.

As Shinji already pointed out, if you're gonna cheat the system, you do so before the count, not during.

If you honestly believe there is an advantage, then please tell us what it is.

My point being that if the e-voting system is so tamper-proof why NOT use a receipt and cartridge.

Simple - because it is unnecessary. It serves no practical purpose. It introduces risks (such as the afore-mentioned ability to sell your vote, given that you can now prove what way you voted.)

Its the same reason that a paper-based vote doesnt supply you with a carbon copy of your voting paper as a receipt. Its unnecessary, serves no practical purpose, and introduces risks.

The e-vote system would then therefore have to be perfect which I doubt it is.

OK - let me say this one last time because it doesnt seem to be sinking in.

The e-voting system in Ireland is not perfect, not transparent, and not proven to be secure enough for anyone's liking.

This, however, has no bearing on the argument that e-voting can be transparent, proveably secure, and as close to perfect as mankind is capable of.

Like I've already said - corrupt paper-based elections do not mean paper-based systems cannot be dependable. Similarly, badly designed e-voting systems have no bearing on the dependability which is achievable when the design is correct.

Look at it this way....

what if we said...fine...the e-voting system will generate a hard-copy, machine-readable summary of all the votes, which will be handled by counting machines, and made available to the public.

This way the public can verify that the count is accurate.

BUT, I hear you say....how do we know the machine-readable output is correct. Well, quite honestly, you dont. Then again, as Shinji already pointed out, how do you know the boxes being counted accurately represent the votes cast? You dont. In both cases, you have to take someone else's word for it.

Now, I can take this analagy, and show that you can cut out the need for the machine-readable results to be in any format bar electronic. I can show how we can have at least as much faith in an electronic vote collection/storage system as we can have in a paper-based one, and probably more so.

Note I am still NOT talking about the current Irish implementation.

jc

Fooger

At no point did anyone say that there should be a machine-readable printout. As was it would be a receipt or card which would then be put into a ballot box to verify the electronic vote. Any receipt system that does not let the voter see there own receipt would be a flawed system and I also doubt they can prove to someone else how they voted when said receipt is in the ballot box. This has been gone over already. No system can be perfect but with no way to really crosscheck the electronic vote you are just putting a dangerous flaw in the system.

bonkey

Originally posted by Fooger
No system can be perfect but with no way to really crosscheck the electronic vote you are just putting a dangerous flaw in the system.

And exactly how do you perform the equivalent cross-check on a paper-based ballot?

Or, if you dont, why do the same dangers not apply?

jc

aine

whatever about the security risk...is anybody else going to miss the excitement and the atmosphere that defines count centres???
the tallymen's first estimates etc......
I mean does anybody else think that the manner in which Nora Owen lost her seat in the last election was a complete anticlimax to her career in politics??? at least by the old system she would have had some idea that it was coming, but she became Fine Gael's first casualty in such a horrible fashion!!e-voting completely dehumanises the system and makes it into something very clinical!

ironape

this argument comes up everywhere: crypto, electronic money, paper money, email....blaa blaa blaa.

It all boils down to the fact that we are all big hypocrites. On the one hand we complain that a new technonlogy isn't safe/invades our privacy/makes life sterile, yet it is these technologies that, over time, we embrace blindly and wholly.

Valid credit card numbers can be made up from a formula that a ten year old could understand. I certainly wouldn't call that safe. A couple of months ago my sister received a strange credit card bill with transactions somewhere in spain. Now obviously she didn't have to pay these because she bought something five minutes later 1000 miles away so there wasn't much difficulty in convincing the credit card company that it wasn't a valid transaction. Yet, in reality we (credit card holders) are the ones who have to pay for these poor security holes (someone has to). So we use a very poor technology and pay to get shafted by it. Doesn't make sense to me.

Back to the point: The e-voting system has the potential to be as weak as the paper system but it (e-voting) has the advantage of having the potential to be much, much more secure than the paper sysem. So the problem lies not with the idea of e-voting itself but with its implementation (which in my opinion is poor - anyone who adopt a security through obscurity method is copping out in my book).

So: its our own fault

Ape

bonkey

Originally posted by ironape
Valid credit card numbers can be made up from a formula that a ten year old could understand. I certainly wouldn't call that safe.

Now, see, theres more of it. Explain why it isnt safe. GO on. Here...let me help you on your way.....

1) Physical transactions need the card.

Your knowledge of the formula is useless here unless you have some serious card-counterfeiting technology. Also, youre limited to constantly spending under the floor limit and praying that youre not in the 1% of people who get hit by random auths at this level, which will involve sending the real cardholder name, expiration date, etc to Visa for verification.

2) Phone-, mail- and internet- based transactions all require the card-holder name, and expiration date of the card.

Again, your formula is useless without carholder-specific information...which, if you were able to obtain it, would make the formula obsolete.

In fact, I'd love to know how this formula isnt safe, given that Visa et al each sent millions developing a system which was specifically designed to be safe even though the formula you speak of would be well known.

Fear of technology is nothing more than fear of change. People are blindly willing to trust systems they know, or that have been around long enough, but will not accept the same flaws in any new system....mostly because such flaws are "too risky".

jc

ironape

I used to work at....a place...(nothin dodgy)that dealt a lot through credit card transactions - probably half (or more) of their business (phone and face-to-face). And they ONLY used the credit card number to validate the transaction. The card numer was checked against the formula - you could type in gobeldygook for the name, address whatever...people often did (eg. I.P.Freely, I.C.Weiner....) and it wouldn't matter, only the number needed to be a possibly valid number. This was not reassuring considering the staff *frequently* stole from them (cash, not credit cards). However, I once witnessed a person making one up "for a laugh" (he did refund it afterwards). Maybe this type of business is the exception rather than the rule, I don't know. But if visa/mastercard allow a business to operate with that kind of relaxed attitude (and software package) then my faith in the security of a credit card is not entirely firm, considering the moral values of the staff working there. Again I'm sure this is a minority case.

Ok, so physically having the card is needed when you're shopping face-to-face but online I would be to differ. Are credit card names checked against numbers online, live ? I don't personally have any experience with this so I don't know. Anyone care to inform us?

Ape

bonkey

Originally posted by ironape
I used to work at....a place...(nothin dodgy)that dealt a lot through credit card transactions - probably half (or more) of their business (phone and face-to-face). And they ONLY used the credit card number to validate the transaction.

I used to work for a Credit Card issuer/receiver.

Your company was in violation of Visa regulations.

Ok, so physically having the card is needed when you're shopping face-to-face but online I would be to differ. Are credit card names checked against numbers online, live ? I don't personally have any experience with this so I don't know. Anyone care to inform us?

Online you require name, card billing address, expiration date, as well as the number. These regs are, if I remember correctly, identical (or almost identical) to mail-order regs.

You may not need the billing address if there arent physical goods being purchased....I cant remember. You do still require the carholder name (as it appears on the card) and the expiration date.

jc

ironape

I have no doubt that the company was violating visa regulations but I would have thought visa would have inspected the equipment or at least the company would have to report to visa what type of equipment they were using. The company started business with the same software package that they use today(as far as I know) so surely visa must have asked them what hardware/software they were going to use when they were setting up their business? So either they lied (improbable) or else visa allowed them to use this package which, by its very nature, is against their regulations.

Maybe they just do so much business they don't care?

It's visa's responsability to make sure companies are using equipment within their specifications. If people are allowed to use hardware/software which do not meet these requirements then thats a big fat security hole. More importantly, companies are allowed write commercial software packages whose basis is visa's transaction systems and sell them? surely visa know about this? So why do they let people do it? its a big security hole.

Ape

bonkey

Originally posted by ironape
I have no doubt that the company was violating visa regulations but I would have thought visa would have inspected the equipment or at least the company would have to report to visa what type of equipment they were using. ...

So why do they let people do it? its a big security hole.

What is most probably happening is that the company has a license to accept face-to-face transactions, which do not require any information about expiration date etc. - these are supposed to be checked manually by the shopkeeper.

They are then using this license to perform other Visa transactions that they are technically not allowed to. However, unless someone actually complains, Visa have no way of knowing that the transactions they receive were not face-to-face, but actually from phone-calls.

This is exactly the point I was driving at. The problems with the existing systems - voting and credit cards - are open to all sorts of abuse, and it is honestly only those who understand the current systems fully who can see their true strengths and weaknesses. Yet those who do not have that knowledge are still willing to accept them because, well, they seem to work. I happen to have a lot of knowledge about credit card systems, including a fair bit about the best ways to defraud them (which Im not willing to discuss, before anyone asks).

New stuff, on the other hand, is bad because the same not-so-fully informed people can see potential flaws (real or imagined) and this makes the new systems unacceptable. The fact that the same flaws may exist in the current system couldnt be important...cause, like I said, the current system works!!

Its flawed logic. If the current system can work with these flaws, then so can a newer system.

See - and I bet you all thought I was gone hopelessly off topic

jc

PH01

I'm not really concerned about the security element of electronic voting though i do think that if we got a paper receipt that would be posted into a ballot box would be a good idea just in case something happens to all that electonic stuff.

But what I'll miss is the excitement of count day. I took part in the tallies on count day last May and call me 'sad' but it was a fantastic experience. You got to see how the vote was going and who it was going to and where it came from. You found out really early who would be likely to be crying into their beer that night and who'd be swimming in champagne. I was there for the whole day and had then to be dragged from the place.
And the TV, radio and internet coverage is only brilliant. Nothing matches it.

With the electonic voting and results the witness element is taken away. When the polls close there will be two hours of counting and the results published. All over by midnight.
Not very exciting

ironape

why accept a system, existing or new, that has flaws?

I guess we're all just sheep in the end.



baaa.

MrPudding

Originally posted by PH01
I'm not really concerned about the security element of electronic voting though i do think that if we got a paper receipt that would be posted into a ballot box would be a good idea just in case something happens to all that electonic stuff.

What do you do if something happens to the paper stuff. Electronic media is not automatically super easy to destroy, damage or wipe, much the same as the paper used in ballots is not indestructabe. What exactly is it that makes electronic media easier to damage or destroy?

Again, I have not seen the specs but I would hope that that data storage media was well shielded and protected. If it is the case that it is not that has to change. If the engineers put there minds to it I'm sure they could do it.

I understand that people want it to be 100% secure and safe but I don't think that that would be possible. What would, IMO, be possible is a system that is more secure, more accurate, faster and more transparent than the current system.

Earthhorse

If there's really a concern about no cross check then when not have two separate pieces of software doing the tally. The applications could be programmed separately, one could be open source the other not. When the button's pressed a message is sent to both.

Once all votes are cast both programmes do their tally, one sends its result to the blue panel the other to the green panel. If the numbers don't match then the system's been compromised, neh?

ironape

but theres no point in having two programs doing the same thing when you can have one well written, secure one that will do the job properly. The program itself could have redundancies (ie. store the data twice, or three times in encrypted databases on seperate hardware). The machine could digitally sign the database or individual vote for that matter - then each vote would be individually verifiable, assuming the voting machine is physically secure.

Ape

seaghdhas

Would incorporating both methods into one be more trusted to everyone? Maybe a button can be pressed to remove all ambiguity, which would then punch a hole in one tape or another, which could then be counted by machine at speed with a possible manual counting method to back it up. A tape could be as anomymous as any other from the same polling station.

bonkey

Originally posted by ironape
but theres no point in having two programs doing the same thing when you can have one well written, secure one that will do the job properly.

Sure. Thats why Airbus put three seperately coded systems into their fly-by-wire aircraft, which compare answers, looking for unanimity or at least a majority decision.

Like I said at the outset...if this design method is safe enough to trust your life in an airplane with, it should damn well be safe enough to trust your vote with.

jc

Earthhorse

ironape, to reiterate what Bonkey's just said my point was about cross checking rather than data integrity.

seaghdas, your suggestion for me would remove a lot of the benefits of having the system at all. A manual tally will almost certainly produce a different result, particularly in large constituencies, due to human error. The benefits of having the system computerised are increased speed, accuracy and reduced cost. Your proposal would negate these affects.

seaghdhas

Isn't the issue largely to do with trusting a computerised counting system? Holes punched on one long tape for each ballot machine could be counted by machine, basically by reading the position of the holes on the allotted portion of the tape. These could be set up to be counted manually if there was a question about the result. It's a different answer to voting entirely electronically witha slip being printed which would then be counted if necessary since the process of counting electronically and manually is covered by a single physical entry, much like the manual system that exists already.

bonkey

Originally posted by seaghdhas
Isn't the issue largely to do with trusting a computerised counting system?

Only for people who refuse to accept the fact that computerised counting systems can be made 100% reliable....especially when you use multiple independantly coded systems each of which is taking th e same inputs, so you can compare the outputs.

Holes punched on one long tape for each ballot machine could be counted by machine, basically by reading the position of the holes on the allotted portion of the tape.

Sure...and you can replace tape with CD-ROM and burn the bits, or with a HD and store the bits electronically. There is no need to use paper. Besides, with paper, you are still open to the "chad fiasco" of the Florida count - what if the paper only gets partially punched?

For any problem you can imagine with computers (other than hardware failure) there is an analagous problem in a manual or hybrid system, but people refuse to accept that they are actually analagous.

Hardware failure, incidentally, can be worked around.

jc