Slashdot Mirror

← Back to Stories (view on slashdot.org)

Avi Rubin Has Some Optimistic Words About E-Voting

Posted by timothy on from the let-the-las-vegans-run-the-show dept.

An anonymous reader writes "For more than a decade, Aviel "Avi" Rubin, a professor of computer science at Johns Hopkins University in the US and an e-voting activist, has been a vocal critic of e-voting systems. In this interview Rubin talks about the recent US presidential primary election cycle and his thoughts on e-voting going into the November US elections."

6 of 231 comments (clear)

  1. "Print" version, without the nasty formatting by Anonymous Coward · · Score: 1, Informative

    Version of the story without the crazy formatting that makes it work to read: E-voting activist more optimistic about voting systems.

  2. Re:The problem by __aarcfd8085 · · Score: 2, Informative

    I think the main problem with the system as it stands now is that with some e-voting systems that are set up poorly you cannot tell if rigging or similar has occured. In a paper system if all else fails you can still go back and re count everything.

    An electronic system would allow, not just the finally result to be manipulated but the original data to be changed. You couldn't even tell if there had been any rigging.

    E-voting is a lot better than postal votes though, they may increase voter turn out and allow the bed bound etc to vote but, if people can't be bothered to leave the house to vote then it seems they shouldn't vote I would say having a travelling polling station is a better solution for the bed bound voters anyway.

    A good example is from here in the UK. http://news.bbc.co.uk/1/hi/england/hampshire/6681209.stm where the royal mail lost the votes.

    I would imagine that if you'r determined to rig an election you will manage it, there is no such thing as an infallible system.

  3. Re:The problem by Timosch · · Score: 3, Informative

    Nothing is unbreakable. Except One Time Pad, if used correctly.

  4. Re:The problem by lenski · · Score: 4, Informative

    I have been a "presiding judge" and let me tell you that where are multiple people watching what's going on all the time.

    Which means that while manipulating paper-ballot systems is possible, it is by no means easy. Furthermore, paper ballot systems are intrinsically decentralized: To manipulate an election, one would need to manipulate the ballot boxes in multiple precincts, requiring the cooperation, or at least failure to observe suspicious activity by a much larger number of insiders.

    Compare that to the implicit centralization of counting that occurs when a given county or state purchases its voting machines from a single vendor. A far smaller number of bad actors is required to do real damage with evoting systems, and worse yet, it's essentially impossible to recognize easter-egg or other malicious code, particularly with respect to proprietary systems.

    This being slashdot, I assume you are already aware of the essential impossibility of detecting malicious easter eggs through classical black-box system testing techniques. Given that the proprietary vendors consider their code to be a State Secret (IMHO out of embarrassment over how piss-poor it tends to be given its criticality to democratic decisionmaking), black box testing is all the boards of election and their independent testers can use.

    Consider further that boards of elections and secretaries of state have very limited time, funding to and technical skill to validate hardware and software systems that the vendors really don't want pried open for a look-see.

  5. Re:One e-voting system for you by Anonymous Coward · · Score: 1, Informative

    Then you supply a website were the voter enters the long number and it shows me my vote. [...]

    ... and the government/employer/local mafia boss can verify that the voter voted what he was told/payed to vote by having them go to said website and display their vote.

    The problem is much harder than you present it to be, because a voter must not be able to *prove* to an outside party what she voted.

    I recently heard Ron Rivest (as in the "R" from RSA) talk about an e-voting scheme he's been working on. Cryptology is definitely involved, but not in the simplistic way you describe. And the end result is that it's very hard for a lay-person to really be convinced that their vote was counted properly.

  6. Re:The problem by Opportunist · · Score: 2, Informative

    Good idea, in theory. In practice, the mitm is inside the client's PC. It's not someone outside the PC. And since encryption/decryption happens inside the PC, it's trivial to put the mitm before en- and after decryption.

    I would attack the interface between user and program and present the user an interface that he cannot distinguish from the real interface.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.