Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Secure and Verifiable Voting System

Posted by michael on from the he-makes-it-look-easy dept.

meese writes "The cryptographer David Chaum, through discussion with top cryptographers such as Ron Rivest, has designed a secure and verifiable voting system. One of the goals of his design is that anyone can verify that votes were tabulated correctly. It's good to see real security/crypto people working on this problem. They also have a press release."

11 of 346 comments (clear)

  1. I'm sure he put lots of thought into it, by blueberry(4*atan(1)) · · Score: 3, Insightful
    and it may be a good system. However, it is more complex than the current checkbox or hole punch system. The more complexity, the more difficult it is to fully consider all the possible vulnerabilities.

    I vote (ha! get it?) that we just stick with paper and pen until we have more chance to discuss and develop alternatives. Just voting is key to any democracy, so tread lightly!

    --

    Visit the best Liberal Blog: DU

  2. Too bad.. by xchino · · Score: 3, Insightful

    It's too bad this won't get any support, as it doesn't make politicians any profit. Maybe if they could promise Bush Ohio's vote, or line some pockets with green, they'll get some government backing. I think there should be a law against a politician having invested interest into the means by which they are elected.

    --
    Everyone is entitled to their own opinion. It's just that yours is stupid.
  3. Not acceptable by Marcus+Erroneous · · Score: 4, Insightful

    How in the world do you expect the penny ante politicians to get elected with an honest, secure system? More importantly, how is Bu$h supposed to get re-elected with a fair, impartial, secure and verifiable voting system? Fortunately, here in the good ol' US of A, we're free to chose a more politically useful system. ;)

    --
    You must be the change you wish to see in the world - Ghandi
  4. Re:This doesn't seem quite bulletproof enough... by harangutan · · Score: 3, Insightful

    What if instead, the voter was given a printout of the MD5 of a combination of (digesting all of) everyone they voted for and their (the voter's) social security number?

    Not a chance. First of all the SSN, even if it were as difficult to obtain as you suppose (hint: it's not), this wouldn't be of help in vote-selling, as the voter would cheerfully surrender his SSN if he wanted to get paid.

    As for the rest, you're radically overestimating the number of permutations an election can typically have -- a dozen yes or no decisions and one or two candidates each for a handful of offices could be permuted by any cheap desktop PC in very short order.

  5. How we'll REALLY know . . . by CleverNickName · · Score: 4, Insightful

    We'll know that this is a real and secure voting method just as soon as all the incumbents and lobbyists come out and blast it as "dangerous" and find some way to connect it to terrorism.

  6. Too complicated... by jjh37997 · · Score: 4, Insightful

    Here's what we need...

    A touch screen voting booth that lets voters select the canidates they want.

    After the voter casts their vote the booth prints out a ballot that's a machine readable scantron sheet.

    The voter checks to make sure that the canidates they selected are recorded on the ballot and feeds it into a scantron reader. It's this machine that actually records the voter's vote.

    This way not only do we get the benifit of a machine count but a paper trail to boot.

  7. Re:Combination.. by cjgross · · Score: 5, Insightful

    In order to be verifiable, you need the paper output. If they voting machines would generate a unique paper output from each machine as a backup, votes could be recounted and audited. Each paper ballot could be encrypted and stored in 2D electronic barcode. It would be easy to scan and verify and data could not be altered without invalidating the crc's. Electronic voting will never be stand alone until we have a valid way to audit the results. cjg

    --
    "It is a miracle that curiosity survives formal education."
  8. Re:Combination.. by Anonymous Coward · · Score: 5, Insightful

    Me again from VoteHere, open source is fine if it is all you have, but it is far better to have an auditable data trail. Remember, that computers like the ones in most voting machines are "general purpose computing devices" so it is difficult to know exactly what code is running on them. Opening the source will help you be sure that there somewhere exists good software that if you ran it in the voting machines would lead to an accurate election, but it does not give any confidence that the machine actually was running that software, and only that software. Paper makes for a fine audit trail if you have nothing better, but ask anyone who voted in Chicago in the last century how well it does by itself to prevent election fraud. It is far better to extend the auditable portion of the data all the way through the election process to tabulation so that anyone could verify that the final count did in fact match the populous' intent.

  9. Re:Combination.. by kilgore_47 · · Score: 4, Insightful

    bigpat wrote: Having some sort of receipt just misses the point and seems overly complicated. But mostly it doesn't properly address privacy concerns and vote buying or coersion... if you have a receipt and the votes that correspond to that receipt are publicly released and you were told to vote a certain way by your union or boss, then you can be coerced to show your receipt to someone

    You didn't read it right. You can't print out your throwaway half and see who you voted for. You can print out (from the website) a copy of the half you took with you, to confirm that your vote wasn't tampered with between you placing it and it getting to the central database or wherever. This sentence (from the article) confused me for a moment too, and I think you misunderstood it: "You would then be able to check for yourself that it has been posted correctly by, for instance, printing it out and overlaying the two and seeing that they are the same." They mean you can print out your half, not the other half that would reveal who you voted for.

    The whole point of these fancy reciepts is that nobody can use your receipt to see who you voted for. They can only use your receipt to confirm your vote is on the site (and as such, that you voted).

    (Mods should really mod the parent comment down as it's spreading a total misunderstanding of the concept).

    --
    ___
    The way to see by faith is to shut the eye of reason. --Ben Franklin
  10. Re:Combination.. by cfradenburg · · Score: 4, Insightful

    While the barcode is a good idea, in my opinion the main advantage to having a paper printout is so that the voter can visually verify that their vote is correct. Due to the fact that the main issue here is votes getting recorded correctly confirmation on the screen isn't enough. A barcode isn't good enough for that unless it's easy to read (have a sheet with what each code matches for example.) While we're at it, why do electronic voting at all if they need to be verified with counting? If the paper is just there in case someone disputes the results that's one thing but if it will be counted to verify anyway it's not worth doing electronic voting. The other issue with a printout is voter privacy. This isn't as large with the groups I hang out with but to others it may be a very big deal. This means that every page or section of a page that records a vote on paper must be hidden before the next voter enters. Not something that's hard but it needs to be considered.

  11. Re:One question.... by egarland · · Score: 3, Insightful

    Someone please mod this down as overrated!!!

    You can build secure systems on top of insecure components. See any encrypted internet protocol for an example.

    --
    set softtabstop=4 shiftwidth=4 expandtab nocp worlddomination