[Fsfe-ie] perspective on e-voting

Niall Douglas s_fsfeurope2 at nedprod.com
Thu Mar 4 02:14:38 CET 2004

Hash: SHA1

On 3 Mar 2004 at 10:49, Fergal Daly wrote:

> > x86 processors are /vastly/ more complex than they need to be
> > because of the legacy requirements. Really they're a RISC CPU
> > nowadays with a translation front-end converting the x86 into RISC
> > ops. However that said, there is a huge scale of economy in x86
> > chips only ARM could probably come close to - hence me suggesting
> > the Atmel.
> Thank you, I know what modern x86s do and why they're cheap, hence my
> impression that it would be cheaper than a specialised processor.

Sorry, I didn't mean to sound condescending - I merely meant to say 
that military CPU's are cheaper because they're much simpler than x86 

> Again, it doesn't matter in the slightest whether the chip is hardened
> or commodity, cheap or expensige or anything else it will still be
> easy to replace it with a rigged look-a-like.

I'd like to see anyone design a CPU which can recognise when the 
software running on it is tallying votes and adjust them 

> This current government has a slim majority and they have gutted the
> Freedom of Information Act despite public and media outcry. They are
> probably about to pass fundamentally change our voting system a
> completely united opposition and massive media and public discomfort.
> Once you have a majority in the Dail you can do what you like as long
> as it's constitutional and in 5 years that covers a hell of a lot of
> bad stuff. There is no "congress" which will come to the rescue. The
> closest thing is the Seanad which can only delay legislation, it
> cannot stop it.

Well, that's what governments do - get into power, spread government 
cash among their friends and change the system to ensure they stay in 
power. What else did you expect? The system has been identical for 
over 2000 years!

This is why I like rainbow coalitions - the more they hate each 
other, the less chance of corruption. Unfortunately they're not very 
efficient :(

> "Fairly" is not enough. The stakes are very high, high enough that
> someone could decide to invest quite a chunk of money into winning.

Really? And you honestly believe elections aren't already bought?

> Finding tampering after the fact is a disaster, it's possible that
> laws would be unmade, tax "uncollected" and criminals "unconvicted"
> and it totally undermines the credibility of any future system.

Certainly not, that would undermine public confidence and besides, I 
know of no government that wasn't extremely keen to enact more laws, 
collect more taxes and lock up more criminals. The principal purpose 
of government is to create more need for government.

> There is only 1 improvement needed and it makes tamper proofing, open
> source and everything else nice to have but not essential. Add paper.
> Once you have paper, it doesn't matter how badly the machines perform
> whether through tampering or through other errors the paper will not
> change. Paper is not perfect of course but it's a hell of a lot harder
> to fiddle and the attacks are well known and well understood by the
> people who are keeping guard.

When you have lots of people in a system, you get the best chance for 
whistleblowing. An automated system will not flag abuse except in 
very obvious easily circumvented ways.

Therefore the least corruptible voting system is one with the least 
machines in it. Paper trails help, but it's the people who really 

> I don't see how distributed and peer to peer makes vote revocation and
> recasting any easier. If anything it makes it harder because you could
> have multiple copies of both your new and your old vote(s) floating
> around the system.

You need to look into how capabilities are revoked in a capability 
system. Obviously there must be a closing time after which votes 
cannot be changed - after that the network propagates changes until 
all nodes are in homeostasis which couldn't take more than an hour 
for a population of 4 million. Until that final point your mobile 
merely reports the (inaccurate) state of the voting so far, thus 
enabling people to recast their vote based on who's winning or 
losing. I think this system would improve on PR substantially.

> The requirements for voting are unusual. In this system you must
> retain anonymity without allowing multiple voting which is quite
> different to Freenet for example. In the system you favour, you must
> combine anonymity with the ability to cancel your old vote and vote
> again. Also, anonymity and audit trails do not go well together.

I see no problem. The technology required is similar for anonymous 
p2p systems whereby your encrypted vote travels randomly along a 
random set of other nodes similarly to anonymous remailers. 
Backtracing that vote wouldn't be impossible, but it would be 
extremely hard - harder than installing a spycam into a voting booth.

In terms of auditing, your mobile knows your vote and so can ask 
other nodes for what they think your vote is. Your mobile possesses 
the only key to read that vote, thus ensuring anonymity. An 
alternative method could be a kohonen style neural network which by 
its regularity indicates the quality of the network.

While you can't guarantee your vote was cast correctly in such a 
system, you can to a better percentile than the current manual system 
loses votes. This is good enough being an improvement and all.

> While it may be theoretically possible to design this system
> correctly, it would complex, it would still require that you trust the
> central server (which could wrongly deny you your right to vote or
> could be DOSed) and most importantly, it would be totally
> incomprehensible to the vast majority of voters, including many IT
> professionals,

The voter merely need navigate a menu and choose their candidate. 
They can also check a real time graph of the current voting results. 
I can't see this being incomprehensible for anyone able to use a 
mobile phone.

I admit that there is no current system implementing such an idea but 
from what I know of ancillory technologies, it is feasible. We do 
need mobile phones to be considerably better number crunchers than at 
present plus the government would have to buy the bandwidth off the 
operators so it's free for everyone to use. But I bet it'd be vastly 
cheaper than current election costs and besides, I really think 
people will like the immediacy of it.


Version: idw's PGP-Frontend / 9-2003 + PGP 8.0.2


More information about the FSFE-IE mailing list