-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2 Mar 2004 at 9:54, Fergal Daly wrote:
Why? You can get a military hardened CPU from Atmel or even Intel for less than a x86 CPU. It just won't run Windows.
Fair enough. I assumed they'd be more expensive. Still doesn't change the fact that when you look at the circuit board all you can see is a plastic package and that there's no non-destructive way of finding out if you've really, really got an genuine xyz military hardened processor or just something pretending to be one.
x86 processors are /vastly/ more complex than they need to be because of the legacy requirements. Really they're a RISC CPU nowadays with a translation front-end converting the x86 into RISC ops. However that said, there is a huge scale of economy in x86 chips only ARM could probably come close to - hence me suggesting the Atmel.
I think you're thinking too much in how it could be compromised on a technical level whilst ignoring the feedback effects of a compromise. Voting is not like a bank vault where if you break it you win outright - at best, you get four years or so of power. In reality, many factors can play to make your term much shorter and certainly if it emerged that an election was tampered with, any sitting government would have to call another election. The media simply wouldn't permit otherwise.
If you look at the US 2000 presidential elections which were almost certainly rigged, nevertheless Congress allocated quite a lot of money to replace the voting equipment despite the major spending cutbacks of the Bush administration. Unfortunately that's gone on Diebold voting machines which make the Irish voting machines look fantastic, but it's a good example of the feedback system working.
You've gone way outside the requirements for a voting machine here. I agree with you that a practically tamper proof machine is possible, however we are talking about machines which will spend 364 days a year switched off in a warehouse in the back of beyond and then they'll spend a full day in an unfriendly environment being used in private by punters.
What's important is not that the machines are tamper proof - it's that there's *fairly* tamper proof, enough that people trust them and the process. If they emerge to not be so (and there's plenty of journalists sniffing around here never mind whistleblowers), there will be substantial feedback from the public to improve the system. Which means politicians get to give more wads of cash to their friends and thus everyone is happy.
Nevertheless, I'm still opposed to them. For what is gained per euro spent, they are a waste of money better spent on (say) health.
One problem is that it greatly complicates vote storage and anonymnity. I can't see it ever being accepted because most people want to know that when they cast their vote it's done and nothing can undo it.
I did say peer to peer and distributed - therefore there is no central server apart from the trust delegator (which says which phones can vote and which can't). Anonymity is easy to implement in a massively distributed system. And what I really like about such a system is that anyone can ask their mobile what votes were cast for the country and get precisely the same figures as the TV or anyone else gets - obviously if they don't, one can kick up a fuss. My mobile is equal to Bertie's mobile in every way in such a configuration.
Cheers, Niall