LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for August 28, 2008

Fedora, Red Hat, and distributor security

LWN.net Weekly Edition for August 21, 2008

Standards, the kernel, and Postfix

In defense of Ubuntu

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

voting "machines" eliminate voting

voting "machines" eliminate voting

Posted Mar 18, 2008 18:12 UTC (Tue) by joey (subscriber, #328)
In reply to: voting "machines" eliminate voting by grouch
Parent article: Sequoia v. Ed Felten 

It's certianly possible to do verifiable electronic voting. Here, for example, is the tally
sheet for the last Debian election. Using this tally sheet, each voter can verify that their
vote was counted, while the secrecy of who they voted for is preserved.

http://www.debian.org/vote/2007/vote_001_tally.txt

The ballots themselves are gpg signed by the voters.
Every step of this vote can be verified and audited.

(Log in to post comments)

voting "machines" eliminate voting

Posted Mar 18, 2008 18:58 UTC (Tue) by AJWM (subscriber, #15888) [Link] 

> The ballots themselves are gpg signed by the voters.

Looks like the voters combine their vote with a personal secret key and find the md5sum,
making it difficult to reverse to break anonymity.

That's fine for a relatively small set of technically competent voters.  How would you design
a system that implements this for, say, 100 million voters, half of whom are of below-average
intelligence?

voting "machines" eliminate voting

Posted Mar 18, 2008 19:34 UTC (Tue) by tialaramex (subscriber, #21167) [Link] 

Right, the most important thing about any voting system is public confidence. Most people in a
democracy have only a vague and probably erroneous idea of how it actually works, but so long
as they have confidence that it /does/ work it remains viable.

It's much like the situation with runs on the bank. Irrational behavior by investors who've
lost confidence can bring a well run financial institution to its knees in hours, while over
the road a confidence trickster is running a pyramid scam doomed to fail but they can't take
money from investors fast enough.

It's not enough to build a system that math wizards and other experts judge to be sound, it
must be so simple that you can take a dozen people off the street and expect every one of them
to explain correctly how and why it works. That's why so many countries have stuck with marks
written on pieces of paper, stuffing the pieces of paper into sealed metal boxes, and lots of
people standing around putting the papers into piles and counting them. My grandmother can
understand that.

It even aids public understanding when things go wrong. Some guy with a nice suit who
"modified the binary code of a voting machine" and thus changed the outcome of an election is
difficult to understand - a jury may never grasp what he's really accused of doing. But the
equivalent operation on real ballot papers involves a group of people deliberately miscounting
or putting papers in the wrong piles. A child can see that's naughty, and a jury will convict.

voting "machines" eliminate voting

Posted Mar 18, 2008 23:11 UTC (Tue) by joey (subscriber, #328) [Link] 

In all fairness, I should note that publishing a tally sheet like this, which you can use to
prove your vote to a third party, does make it easy for votes to be bought. Which is a
property that is not desirable in a real-life voting system..

voting "machines" eliminate voting

Posted Mar 18, 2008 23:42 UTC (Tue) by hingo (subscriber, #14792) [Link]

As I understand it, the Debian voting is also based on sending gpg encrypted and signed votes to a server that is trusted to keep it secret. That would also not work in real elections. A good voting protocol must be designed so that the "who gave this vote" and "what is the content of the vote" are never known to the same party/component. At the same time of course it must be proven that who gave the vote is eligible to vote and voted only once.

There are however protocols that can do this, some quite good, some "almost there". This is quite a good summary of all protocols out there.

voting "machines" eliminate voting

Posted Mar 19, 2008 7:41 UTC (Wed) by pkolloch (subscriber, #21709) [Link] 

Or look at 

http://de.wikipedia.org/wiki/Bingo_Voting (German)

or

http://punchscan.org/

voting "machines" eliminate voting

Posted Mar 19, 2008 9:43 UTC (Wed) by tialaramex (subscriber, #21167) [Link] 

“A good voting protocol must be designed so that...”

As I wrote above, the important thing is public confidence.  Britain's major public elections
have always made it possible (though not trivial) to match every single vote cast to the
voter's name and address.  But British people have yet to do more than occasionally moan that
this seems a little underhanded.

To get specific, each ballot paper in a British election is numbered and when you're handed a
ballot paper its number is written next to your name on the list of those eligible to vote in
the election. This material must by law be kept for some time after the election is over. All
you need is a reverse index (painful sixty years ago, but easy now) and you have a list of how
everyone voted.

We know (from documents released under a time limit rule) that previous governments have
secretly authorised security services to match the numbers up and then target people who voted
for certain minority parties. Obviously today's government denies that it would do such a
thing, but that's the nature of politics.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds