[Fsfe-ie] perspective on e-voting

[Fergal Daly]

On Thu, Mar 04, 2004 at 01:14:38AM -0000, Niall Douglas wrote:
> > Again, it doesn't matter in the slightest whether the chip is hardened
> > or commodity, cheap or expensige or anything else it will still be
> > easy to replace it with a rigged look-a-like.
> 
> I'd like to see anyone design a CPU which can recognise when the 
> software running on it is tallying votes and adjust them 
> appropriately.

It's much easier than that, a very simple RF signal would do the trick or
perhaps a timer or a specific sequence of instructions or a sequence of data
values some register (corresponding to a specific set of voting
preferences).

> > "Fairly" is not enough. The stakes are very high, high enough that
> > someone could decide to invest quite a chunk of money into winning.
> 
> Really? And you honestly believe elections aren't already bought?

Depnds on what you mean by bought. If you mean bribed and tampered then, I
don't believe that. If you mean the biggest advertiser wins then there is
some truth to that but there are issues that no amount of spending will buy
a vote for.

> > Finding tampering after the fact is a disaster, it's possible that
> > laws would be unmade, tax "uncollected" and criminals "unconvicted"
> > and it totally undermines the credibility of any future system.
> 
> Certainly not, that would undermine public confidence and besides, I 
> know of no government that wasn't extremely keen to enact more laws, 
> collect more taxes and lock up more criminals. The principal purpose 
> of government is to create more need for government.

If a government is found to have been illegally elected then any laws it
passed would well be invalid. I wasn't suggesting that the incoming
government would choose to unconvict criminals and unmake laws. They may
have no choice. If I'm convicted under a law enacted by an illegally elected
goverment then I have a very good case for being freed.

In fact, this is the reason the president has the power to refer a law to
the supreme court before it is enacted. If it is found to be constitutional
at that stage then it can never be challenged afterwards. This has been done
before, by DeValera and one other president I think (there was an article in
the Times a few days ago about it). He rightly pissed off the goverment by
doing this, a FF government who couldn't believe that Dev was doing this to
his own party. He did it because the laws were so important that if they
were overturned later it would be disastrous.

Apparently there's a good chance our President will do this with the evoting
law for exactly this reason.

> When you have lots of people in a system, you get the best chance for 
> whistleblowing. An automated system will not flag abuse except in 
> very obvious easily circumvented ways.
> 
> Therefore the least corruptible voting system is one with the least 
> machines in it. Paper trails help, but it's the people who really 
> count.

Absolutely. Although I do think machines can help. A scanner in every booth
that allows you to check your vote for legibility and unspoiledness is a
good machine. No storage, no connections, dirt cheap.

Similar scanners to help the counters might be good also but extensive
manual checks should be done too.

> > I don't see how distributed and peer to peer makes vote revocation and
> > recasting any easier. If anything it makes it harder because you could
> > have multiple copies of both your new and your old vote(s) floating
> > around the system.
> 
> You need to look into how capabilities are revoked in a capability 
> system. Obviously there must be a closing time after which votes 
> cannot be changed - after that the network propagates changes until 
> all nodes are in homeostasis which couldn't take more than an hour 
> for a population of 4 million. Until that final point your mobile 
> merely reports the (inaccurate) state of the voting so far, thus 
> enabling people to recast their vote based on who's winning or 
> losing. I think this system would improve on PR substantially.

It's an interesting system but could suffer from an accelerating big crunch
as it gets towards closing time as people cast, count, recast and recount
more and more more frantically towards the end, it also means that everyone
is tied up voting all day if things are going to be close.

> In terms of auditing, your mobile knows your vote and so can ask 
> other nodes for what they think your vote is. Your mobile possesses 
> the only key to read that vote, thus ensuring anonymity. An 
> alternative method could be a kohonen style neural network which by 
> its regularity indicates the quality of the network.
> 
> While you can't guarantee your vote was cast correctly in such a 
> system, you can to a better percentile than the current manual system 
> loses votes. This is good enough being an improvement and all.

I don't have figures on it but the number of lost votes has not been raised
as an issue here.

> > While it may be theoretically possible to design this system
> > correctly, it would complex, it would still require that you trust the
> > central server (which could wrongly deny you your right to vote or
> > could be DOSed) and most importantly, it would be totally
> > incomprehensible to the vast majority of voters, including many IT
> > professionals,
> 
> The voter merely need navigate a menu and choose their candidate. 
> They can also check a real time graph of the current voting results. 
> I can't see this being incomprehensible for anyone able to use a 
> mobile phone.

I didn't mean the interface, I'm talking about the fact that no one will
actually understand what's going on behind the scenes. The current paper
system is absolutely transparent. Anyone can watch any part of it, that is
why people trust it. A system which seems to magically produce the result,
no matter how fair it actually is, is a big step backwards in my view,

F