Domain: votehere.net
Stories and comments across the archive that link to votehere.net.
Comments · 18
-
Re:NO NO NO NO NO
There are some ideas that would let voters keep receipts (which they can use to verify that their vote was counted as they intended), while at the same time preventing coercion. Check out David Chaum's and Andrew Neff's voting protocols. Chaum's protocol was mentioned on Slashdot before...
-
Re:There problem is more than the machines
VoteHere's technology seems to be the obvious correct answer.
-
Another systemThis company's system also gives receipts.
The system as a whole allows
- each voter to verify that their vote was "cast as intended" (i.e., what's got into the ballot box hasn't been corrupted on the way); and
- anyone at all to verify that the tally was "counted as cast", i.e., is an accurate sum of what's in the ballot box
This means that, apart from denial-of-service problems, it doesn't really matter what software is on the machine in the polling place -- if the voter was able to confirm that their ballot was "cast as intended", then by definition the machine did the right thing.
-
Re:Combination..
Me again from VoteHere, open source is fine if it is all you have, but it is far better to have an auditable data trail. Remember, that computers like the ones in most voting machines are "general purpose computing devices" so it is difficult to know exactly what code is running on them. Opening the source will help you be sure that there somewhere exists good software that if you ran it in the voting machines would lead to an accurate election, but it does not give any confidence that the machine actually was running that software, and only that software. Paper makes for a fine audit trail if you have nothing better, but ask anyone who voted in Chicago in the last century how well it does by itself to prevent election fraud. It is far better to extend the auditable portion of the data all the way through the election process to tabulation so that anyone could verify that the final count did in fact match the populous' intent.
-
Re:This doesn't seem quite bulletproof enough...
The trouble with your MD5 approach is that it does not offer any protection against coercion. This is a relatively difficult thing to guard against.
If I were a bad guy in your system (remember, when dealing with security you must always be the bad guy) I'd give you a list of who to vote for, and you must bring me back a receipt and then tell me your SSN. I can probably get your SSN via some other channel, anyhow. Once you return, I put into my computer how I told you to vote, and your SSN and make sure you followed the rules. NO? I blow away your cute little pet dog! Or some other nefarious deed.
A one-way has is a useful thing in some circumstances... What you need is a zero-knowledge proof.
(disclaimer: I work for VoteHere, Inc and we have a somewhat better system than Chaum, but it is a bit harder to explain with pretty pictures. -
Re:Code shouldn't be important!
Indeed not. See here for a system whose correctness can be proven entirely from the data it emits.
-
Re:Seriously
votehere.net thinks it is possible. See this page for some documentation on a product that is indeed secure, private, and universally verifiable. The last paper is the meatiest; it's hard-core math.
-
Re:No Receipts to Voters!
Nice to see someone applying cryptography to voting. There's a real product that uses crypto in voting; you might enjoy reading the whitepapers. Kind of heavy on the math, but interesting.
-
How about a peer-reviewable *protocol*?
Peer-reviewable software is nice, but there's still no way to be certain that the source that got reviewed corresponds to the binary running on the computers. On the other hand, a protocol whose security depends entirely upon the publshed data doesn't have that problem -- put crudely, if a voting computer yields data that checks out, then it doesn't matter a whit what the software on that computer did (assuming it didn't leak information). You can read about such a protocol here.
-
Re:Electronic voting
One implementation plausibly claims to be up to the task -- look here.
-
Re:Why not use digital cash-like protocols?
Actually, it is possible for the voter to be certain that their vote was properly recorded, while maintaining anonymity. See this paper for an overview.
-
Mr. Rubin's company is having a go at it
Avi Rubin is on the board of advisors of VoteHere; they have some not-stupid ideas about making electronic voting genuinely secure. And I think they're willing to make their code public.
-
Re:There is always a Way
I don't know if this has anything to do with Cryptomathic, but this paper shows one solution. Basically the ballots come in encyrpted and signed, and you "shuffle" them in a way that separates the ballots from the signatures, but provably preserves the encrypted data.
-
hmm...
well, it's about time there was an open source alternative to the previously announced systems by at&t, dell and compaq.
the best part about an open source system is that by definition, it'll have an open architecture that lets it interoperate with other systems...not to toe the slashdot line, but the last thing we need is a proprietary voting protocol run by a big company.
last i heard as well, california and arizona were implementing this the way it sounds, i.e. voters can actually vote over the internet...i think it was using some sort of shared public-key security to encrypt the ballots, and the key for decrypting the ballots is shared among election officials, so that no one party can view the actual ballot. -
Re:The worst problem with computerized voting is..
I made a comment about votehere.net elsewhere, but one of their solutions is an encrypted server with a distributed key. This would ideally protect the data, and also ensure that only "qualified" people have the keys which must be inserted to activate the counting process.
There are a lot of laws and requirements for voting that the company claims they have solved. Some of them include verifying that each voter only voted once - which requires knowing something about the voter, but when the counting is done, the ballot must not show whose ballot it was.
Another thing they claim to have solved is how to ensure safe transfer of the ballot while never storing or seeing unencrypted data (as SSL might do), yet not requiring everyone to download and install special software or versions of web browsers. We'll see if they can really pull that off...
-
votehere.net
I didn't see anyone comment about this, but votehere.net already has a plan in place that would phase in the process of electronic voting. It can work for home voting as well as at precincts (allowing people to go to the precinct of their choice), which could help eliminate traffic problems as well as not require people to have internet connectivity. They did some testing for this election.
-
VoteHere.net --flawed
Someone mentioned the VoteHere electronic voting experiment. Unfortunately, we see the growths that we wanted to prevent growing out of it. When one attempts to enter the voting area, it tells me, verbatim:
To enter this area, you must be running Microsoft Internet Explorer 4.0 (or later) on a Windows computer. You can upgrade to Internet Explorer 4.0 for free by clicking the button below:
Need I say more?
-
It's being done in america right now