RE: Civitas: Toward a Secure Voting System http://www.cs.cornell.edu/andru/papers/civitas.html
as mentioned by Andrew Myers of Cornell I will add it to my "to do" list to read about Civitas when I finish a few other projects. For now, I took the liberty of asking a few computer scientists who are experts in voting systems what they thought about Civitas and here are three responses: 1. From BEN ADIDA: "Civitas... is worth exploring and studying ... There are lots of good ideas out there on improving elections, and Civitas is a very interesting project. Civitas falls in the category of open-audit voting systems, meaning systems that provide mathematical proofs that the vote was correctly tallied. It's a category of system that is truly revolutionary, and one to which I wish the voting activist community would pay closer attention." [NOTE: I have studied other voting systems that claimed to provide mathematical proof that the election results were accurate and they did not.] 2. From DOUG JONES: "It's a mix-net cryptographic system, much like many of Chaum's proposals. As such, it's fair to ask "how many people really understand this system?" I won't jump on the bandwagon for such systems until someone can design such a system where the election observers representing the political parties at the county building can observe the system and know that the system actually being used is the system they understand. When I observed the use of Internet voting in the Dutch 2006 parliamentary elections, what I saw was a government election bureaucracy that didn't understand the system they were administering. One result was that they misunderstood how to achieve the potential that system had for security, for example, by doing things behind locked doors (justified on the grounds that the activity was security critical) that had to be done in public if the system was to be secure. Also, there were divisions of authority that were required to meet security criteria, but on the ground, in the offices where such divisions were required, none of the clerks understood that and they didn't divide the authority. (The Dutch system was not based on mix nets. As a result, it was not as coersion resistant as the Civitas system, but the administrative failures I saw would equally threaten a system like Civitas.) Now to the technical side: Trust Assumption 3: Voters trust their voting client. This is not prudent in today's world, where it is estimated that 1/4 of all destkop PCs have been recruited into bot nets -- that is to say, are not merely infected by latent malware but have active malware resident on them. In this environment, no PC should be trusted with any security critical information. In fact, in this situation, we are very close to the point where random destruction of PCs is the least-cost path to improving the security of the Internet. Trust assumption 4: The channels on which voters cast their votes are anonymous. In today's Internet, anonymity is getting harder and harder to assure, except through extralegal channels such as the bot nets that spammers use to flood the internet with their, uh, crap." [NOTE: Doug Jones, CS Prof at U of IA knows more about the details of voting systems than anyone I know.] 3. From DAVID WEBBER "It's very simple - you already sent the answer to the Obama and McCain campaigns. Unless there is matching paper records manually cast by the human voter - while the scientists may claim whatever they want about secure votes - there is no way to verify their all-electronic-digital records actually match what humans really did in the physical real world. It's the REVERSE that is the problem! How can you guarantee that their wonderful computer system is somehow not either intentionally or otherwise losing or adding votes? Where is the physical proof to match their digital records that are completely ephemeral inside the machine. Just look here's my vote my vote my vote my vote my vote my vote my vote my vote my vote I'm so sorry there was a bug in my voting software. Easy huh?" [NOTE: David Webber is an XML/EML Oasis proponent who has been working to develop a new open source voting system and bring it to market.] -- Kathy Dopp The material expressed herein is the informed product of the author Kathy Dopp's fact-finding and investigative efforts. Dopp is a Mathematician, Expert in election audit mathematics and procedures; in exit poll discrepancy analysis; and can be reached at P.O. Box 680192 Park City, UT 84068 phone 435-658-4657 http://utahcountvotes.org http://electionmathematics.org http://electionarchive.org How to Audit Election Outcome Accuracy http://electionarchive.org/ucvAnalysis/US/paper-audits/legislative/VoteCountAuditBillRequest.pdf History of Confidence Election Auditing Development & Overview of Election Auditing Fundamentals http://electionarchive.org/ucvAnalysis/US/paper-audits/History-of-Election-Auditing-Development.pdf Voters Have Reason to Worry http://utahcountvotes.org/UT/UtahCountVotes-ThadHall-Response.pdf ---- Election-Methods mailing list - see http://electorama.com/em for list info
