Slashdot Mirror
A Secure and Verifiable Voting System
meese writes "The cryptographer David Chaum, through discussion with top cryptographers such as Ron Rivest, has designed a secure and verifiable voting system. One of the goals of his design is that anyone can verify that votes were tabulated correctly. It's good to see real security/crypto people working on this problem. They also have a press release."
...is an awesome mathematician/cryptographer. I'm working on a project (on SourceForge, but it's not nearly far enough along for me to announce anything on /. yet) based on his digital cash system, and some other things he's done. Yes, I know it's patented, but it's really meant as a proof-of-concept type deal.
I just hope that if Chaum starts a company for his e-voting solution, it fares better than Digicash. IIRC, he wouldn't sell to M$ for $100M or to Visa for $40M, but ended up bankrupting Digicash and having to leave it. I'm not sure if I've got all the details right, so anyone's welcome to correct me.
I claim first use of "Error No. 0B" - or "No. 0B error." It'll be the new ID 10T!
How in the world do you expect the penny ante politicians to get elected with an honest, secure system? More importantly, how is Bu$h supposed to get re-elected with a fair, impartial, secure and verifiable voting system? Fortunately, here in the good ol' US of A, we're free to chose a more politically useful system. ;)
You must be the change you wish to see in the world - Ghandi
The fogies in Fla missed voting correctly by about a 1/4 inch. You just missed voting correctly by 24 hours.
You know what?
It's not as simple as that. To prevent vote-selling, it can't be possible to someone to walk out the door with proof that they voted for a certain person. The press release gets further into these details; describing a convoluted two-piece receipt system.
Like, hey, who the hell does this Rivest guy think he is, and what (apart from this stupid "Ph.D" stuff in "Computer Science" or "Mathematics" or "Cryptography", such a small title he has) makes him think he's any smarter than Penelope Bonsall, who's got a way cooler title "Director of the Office of Election Administration at the Federal Election Commission".
Rivest's system is clearly unworkable. Where's the wining and dining of sales reps? Where's the backroom deals involving hookers and cocaine? Where's the vendor-lock-in? Where are the service contracts and extra government departments required to oversee them? Oh, sure, Rivest can lay the smack down on "where's the beef" when it comes to building a secure and verifiable electronic voting system, but where's the pork?
We'll know that this is a real and secure voting method just as soon as all the incumbents and lobbyists come out and blast it as "dangerous" and find some way to connect it to terrorism.
Here's what we need...
A touch screen voting booth that lets voters select the canidates they want.
After the voter casts their vote the booth prints out a ballot that's a machine readable scantron sheet.
The voter checks to make sure that the canidates they selected are recorded on the ballot and feeds it into a scantron reader. It's this machine that actually records the voter's vote.
This way not only do we get the benifit of a machine count but a paper trail to boot.
In order to be verifiable, you need the paper output. If they voting machines would generate a unique paper output from each machine as a backup, votes could be recounted and audited. Each paper ballot could be encrypted and stored in 2D electronic barcode. It would be easy to scan and verify and data could not be altered without invalidating the crc's. Electronic voting will never be stand alone until we have a valid way to audit the results. cjg
"It is a miracle that curiosity survives formal education."
Me again from VoteHere, open source is fine if it is all you have, but it is far better to have an auditable data trail. Remember, that computers like the ones in most voting machines are "general purpose computing devices" so it is difficult to know exactly what code is running on them. Opening the source will help you be sure that there somewhere exists good software that if you ran it in the voting machines would lead to an accurate election, but it does not give any confidence that the machine actually was running that software, and only that software. Paper makes for a fine audit trail if you have nothing better, but ask anyone who voted in Chicago in the last century how well it does by itself to prevent election fraud. It is far better to extend the auditable portion of the data all the way through the election process to tabulation so that anyone could verify that the final count did in fact match the populous' intent.
in an workshop held here in Brazil (Alfred Menezes and Darrel Hankerson were the other lecturers). Folks, the system is perfect. There's nothing to complain about it -- laymen can check that their votes were counted through so-called `visual cryptography' (an idea of Adi Shamir IIRC), while everything else you'd expect from a secure and reliable voting system is provided. One can only hope that this is deployed somewhere, but I'm not holding my breath.
Read the paper, it's really jawdropping. Cryptography at its finest.
Join the NFSNET. Our prime goal is making little numbers out of big ones. http://www.nfsnet.org/
bigpat wrote: Having some sort of receipt just misses the point and seems overly complicated. But mostly it doesn't properly address privacy concerns and vote buying or coersion... if you have a receipt and the votes that correspond to that receipt are publicly released and you were told to vote a certain way by your union or boss, then you can be coerced to show your receipt to someone
You didn't read it right. You can't print out your throwaway half and see who you voted for. You can print out (from the website) a copy of the half you took with you, to confirm that your vote wasn't tampered with between you placing it and it getting to the central database or wherever. This sentence (from the article) confused me for a moment too, and I think you misunderstood it: "You would then be able to check for yourself that it has been posted correctly by, for instance, printing it out and overlaying the two and seeing that they are the same." They mean you can print out your half, not the other half that would reveal who you voted for.
The whole point of these fancy reciepts is that nobody can use your receipt to see who you voted for. They can only use your receipt to confirm your vote is on the site (and as such, that you voted).
(Mods should really mod the parent comment down as it's spreading a total misunderstanding of the concept).
___
The way to see by faith is to shut the eye of reason. --Ben Franklin
You did not read the paper very carefully. The receipt can be proven to have the proper 'signature' (think public key cryptography), and it can be proven to have been tallied. But it CANNOT be proven to correspond to a specific vote, thus it cannot be used for coercion. The paper makes that explicitly clear in the first couple pages of the report.
"I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.
While the barcode is a good idea, in my opinion the main advantage to having a paper printout is so that the voter can visually verify that their vote is correct. Due to the fact that the main issue here is votes getting recorded correctly confirmation on the screen isn't enough. A barcode isn't good enough for that unless it's easy to read (have a sheet with what each code matches for example.) While we're at it, why do electronic voting at all if they need to be verified with counting? If the paper is just there in case someone disputes the results that's one thing but if it will be counted to verify anyway it's not worth doing electronic voting. The other issue with a printout is voter privacy. This isn't as large with the groups I hang out with but to others it may be a very big deal. This means that every page or section of a page that records a vote on paper must be hidden before the next voter enters. Not something that's hard but it needs to be considered.