List:
Safevote is seeking parties worldwide interested in reviewing the revolutionary
concept of a compact anonymous digital certificate (CADC), before it is
presented as a voluntary public standard. CADCs can be easily used by the
visually impaired and should raise the level of anonymous voter authentication
and ballot control in electronic (DRE) and Internet voting at precincts or kiosks.
The CADC is supported by Safevote as an industry initiative to provide for
security without sacrificing privacy. The CACD can be used for anonymous
voter authentication, ballot authentication, to stop double-voting when
allowing voters to cast ballots at any precinct in a state ("vote from
anywhere"), and in creating tamperproof audit-trails. In the future, with
remote voting, CADCs can also be used to prevent spoofing and
man-in-the-middle attacks.
Anyone concerned about defending voter privacy in the digital age is also
welcome to review the proposal.
The CADC is called the "digital vote certificate" (DVC) in Safevote's
implementation (see www.safevote.com/demo2000/) and has been
successfully used in a public test with the Secretary of State in California
(see www.safevote.com/contracosta/).
The entire CADC can be printed in just six characters, which can be supplied
in Braille or audio format as well. The CADC can perform functions usually
provided today by smart-cards, floppies or memory modules used for voter
authentication in DRE machines and Internet voting proposals. However,
a CADC is just a discardable piece of paper, which is valid only once. To vote,
the voter enters the CADC and a password into a machine. Both are authenticated
off-line based on 1024-bit keys stored in the machine. This machine has no
previous copy of either the CADC or the password. The machine is then able to
decrypt the ballot style and other payloads from the CADC, before fetching and
presenting the ballot to the voter. Contrary to PINs or conventional passwords,
a CADC and its password are never stored online.
Since the CADC is so small, any voter would intuitively see that their private data
(name, address) cannot fit in the six-characters of a CADC, besides the technical
assurance from experts that can inspect the CADC standard *and* the limitations
of the platform where the CADCs are verified.
As an example of the potential for CADC application and in addition to voter
and ballot authentication at one machine, the CADC can be used for example to
reduce costs, improve online reliability and stop double-voting in "vote from
anywhere" proposals, with state-wide authentication of voters, ballot styles
and ballots -- while fully preserving voter anonymity.
The CADC functions were already documented to the Secretary of State in
California during the Contra Costa test, and to several qualified experts. A public
document with the full specifications for CADCs will be made available as a public
standard proposal to the IVTA and other bodies, before the CADC is used in a
public binding election.
This request for review is provided in preparation for the public standard
proposal. The CADC standard can be used by both DRE and Internet voting
vendors, using their own implementations or licensing Safevote's implementation.
Safevote has no commercial motivation in publicly opening the specifications
of CADCs, except its belief in the commercial benefits of public disclosure
and scrutiny for voting systems.
I am at your disposal for any further comments.
Cheers,
Ed Gerck, Ph.D.
CEO
