Basically, we agree. I am working on helios not because I think it should or will be used for public elections, but because I think it can be useful for private elections, and introduce users to better voting methods. Also, honestly, the math is fun.
Jameson 2012/2/23 Kathy Dopp <[email protected]> > There are always multiple ways to violate the integrity of secretly > cast e-ballots. For instance, even in encryption systems the ballot > definition files are another point of attack. The system cannot be > protected from insiders who program it and administer the system. I.e. > with voting we cannot have both voter anonymity and verifiable > security with any e-ballots > > Small coding mistake led to big Internet voting system failure > > Read more: Small coding mistake led to big Internet voting system > failure - FierceGovernmentIT > > > http://www.fiercegovernmentit.com/story/small-coding-mistake-led-big-internet-voting-system-failure/2012-02-22#ixzz1nDP1a2Kg > > > http://www.fiercegovernmentit.com/story/small-coding-mistake-led-big-internet-voting-system-failure/2012-02-22 > > The main security weakness that let University of Michigan researchers > take control over a planned city of Washington, D.C. Internet voting > system pilot for overseas voters in 2010 was "a tiny oversight in a > single line of code," > > Read more: Small coding mistake led to big Internet voting system > failure - FierceGovernmentIT > > http://www.fiercegovernmentit.com/story/small-coding-mistake-led-big-internet-voting-system-failure/2012-02-22#ixzz1nDPGFUVN > Subscribe: > http://www.fiercegovernmentit.com/signup?sourceform=Viral-Tynt-FierceGovernmentIT-FierceGovernmentIT > > > > > On Thu, Feb 23, 2012 at 6:36 AM, Jameson Quinn <[email protected]> > wrote: > > > > > > 2012/2/23 Jameson Quinn <[email protected]> > >> > >> > >> > >> 2012/2/22 Kathy Dopp <[email protected]> > >>> > >>> Below is a quote from Ben Adida, creator of Helios. > >>> > >>> We now have documented evidence ...that viruses like Stuxnet that > >>> corrupt nuclear power plants by spreading from one Windows machine to > >>> the other have been built. And so if you run a very large scale > >>> election for a president of a G8 country, why wouldn’t we see a > >>> similar scenario? Certainly, it’s worth just as much money; it’s worth > >>> just as much strategically. . . . All the verifiability doesn’t change > >>> the fact that a client side corruption in my browser can flip my vote > >>> even before it’s encrypted, and if we . . . must have a lot of voters > >>> verify their process, I think we’re going to lose, because most voters > >>> don’t quite do that yet. > >>> > >>> - Adida, Ben. 2011. Panelist remarks – Internet voting panel. > >>> EVT/WOTE’11, the Electronic Voting Tech. Workshop / Workshop on > >>> Trustworthy Elections. Aug. 9, 2011. URL http://www.usenix. > >>> org/events/evtwote11/stream/benaloh_panel/index.html. > >>> > >>> The above quote on Helios was sent to me from Barbara Simons, > >>> coauthor, with another computer scientists Doug Jones of an upcoming > >>> very well-researched and well-written book: "Broken Ballots: Will Your > >>> Vote Count?" The book will be published by April 15th approx. > >>> > >>> > >>> > >> Yes, I said that: "It is insecure against trojans on the voter's machine > >> at the time of the initial vote, ... not something I'd trust for public > >> elections...." > >> > >> This actually is not an insurmountable difficulty. There are two ways > you > >> could face it: > >> > >> 1. Still using the voter's home machine, you could combine the > >> cryptography with captchas: the voter would have to match a picture > next to > >> the candidate with a list of pictures in different order in order to > >> rate/rank that candidate. However, this is inconvenient, and to make it > >> secure you would need time limits. It also does nothing to address the > >> digital divide. This latter issue, not security, is the reason I find > this > >> solution unacceptable for political elections. > >> > >> 2. You could use secure machines, booted from CD with no hard drive, at > >> polling stations. > > > > > > Of course, if you're using polling stations anyway, you should be > printing > > hand-marked or at least voter-verified paper ballots and giving > > cryptographically-verifiable receipts. That is to say, even if you can > build > > a context where Helios is 100% secure (less than one flaw expected in the > > age of the known universe), there is no good reason not to add other > reasons > > for people to trust the result. The goal of an election is not just to BE > > secure, but to APPEAR secure, even to people who don't understand or > trust > > mathematical and computational security measures. > > > > Jameson > > > >> > >> But yes, I explicitly stated that helios as-is is NOT secure enough to > use > >> for a high-stakes election with more than around 10K voters. > >> > >> Jameson > > > > > > > > -- > > Kathy Dopp > http://electionmathematics.org > Town of Colonie, NY 12304 > "One of the best ways to keep any conversation civil is to support the > discussion with true facts." > "Renewable energy is homeland security." > > Fundamentals of Verifiable Elections > http://kathydopp.com/wordpress/?p=174 > > View some of my research on my SSRN Author page: > http://ssrn.com/author=1451051 >
---- Election-Methods mailing list - see http://electorama.com/em for list info
