Kathy Dopp wrote: > In fact there has never been even a theoretical design for an > electronic voting system or even electronic paper ballot vote counting > system that does not have known security leaks.
In my design, whether or not there are security holes in the vote-counting system itself, the certificates that it produces cannot feasibly be forged without first solving mathematical problems that have never yet been solved despite extreme efforts by many very smart people (namely, finding an efficient way to invert one-way functions). So in this way, the possibility of leaks can be rendered irrelevant, in the sense that if the security of the system was compromised, the election outcome could still not be affected substantially, without the forgeries being easily detected by many parties. > In fact some computer scientists just recently mathematically PROVED > that it is impossible to even verify that the certified software is > actually running on a voting machine. Can you give me the reference to that? I'd like to take a look at their assumptions. Although that theorem may be true in some technical sense, it seems to me that voters who are sufficiently paranoid ought still to be able to convince themselves to their satisfaction of the validity of the certificates they receive from the system. They could use several independent computers or services to verify the certificate. They could write the validation software themselves and run it on a computer fresh from the factory that has never been exposed to a possible source of viruses. Or on several computers from independent companies. Or if nothing else, a sufficiently intelligent and determined voter can always carry out the mathematical checks by hand. The fact that there will a few people who are both intelligent enough and paranoid enough to do these checks should give the rest of the voters a high level of confidence that there is not any widespread miscounting going on (else it would have been noticed by these people). The opposite problem, that a few voters could accuse the electronic system of a misreading of their ballot that didn't actually occur, in order to undermine the system's credibility (motivated possibly because these people found it easier to stuff ballot boxes themselves in a paper system) is more difficult to solve. But one approach would be to require that physical evidence be provided to support such claims. For example, organizations concerned about possible miscounting could test the accuracy of the system themselves by sending "test voters" into public polling places; these voters could carry with them hidden video cameras recording the entire process of entering their vote into the system. Then later, if the certificate generated by the system for that voter did not match the video showing the ballot selections that were actually entered, the organization could produce the certificate and the video, and together that could be considered to be unimpeachable physical evidence that some miscounting really had occurred somewhere in the system. If many organizations try to perform such checks, and are unable to produce any such physical evidence of ballot misreading, and all voters who verify their certificates (using multiple verification tools) find them to be valid, it should be possible to generate a high level of confidence in the overall system. No system is perfectly secure (even paper balloting) and so the goal is just to make fraud and miscounting more difficult than it is presently. I believe this is possible to do electronically, given the right system design. I'll post a white paper describing my system in a later message. -Mike -- Dr. Michael P. Frank, Ph.D. (MIT '99) 820 Hillcrest Ave., Quincy FL 32351-1618 email: [EMAIL PROTECTED] cell: (850) 597-2046, fax/tel: (850) 627-6585 ---- Election-Methods mailing list - see http://electorama.com/em for list info
