"E-balloting", secrecy, and trust.
J. Johnson
jj at scn.org
Sat Dec 19 01:00:05 PST 1998
Barb's concern about the vulnerability of electronic voting to "root"
access is somewhat naive: it is the nature of all extant computer
operating systems that there is a "superuser"--"root", or its non-Unix
equivalent--that can do anything on the system. Which is why
computers used in public elections are very stringently secured--and
definitely _not_ networked. And why the mere concept of running a
_secure_ voting system on SCN is not only contraindicated, but also
contradictive.
But that concern is also profoundly significant for _voting_ systems.
For example, consider a simple ("classic"?) system of paper ballots
stuffed (?!) into a ballot box, and then tallied by hand: explicit,
and _trusted_, supervision of the system is necessary to prevent all
sorts of abuse. The various methods of protection--prior registration
of voters, marking voters with indelible ink, having witnesses monitor
the processes, etc.--can diffuse the trust required, even make it more
accountable, but cannot eliminate it. It's much like entropy: you can
push it around into a more convenient place or form, but you cannot
avoid it. Same thing with voting systems: slice it, dice it,
out-source it, but in the end even the cleverest schemes depend on
some kind of trust.
Well, sort of. It turns out that trust--more precisely, trusting that
someone is doing the "right" thing without opportunity to confirm it
with direct observation--is a characteristic of systems with _secret_
elements (like secret balloting). Consider a group where members must
cast votes publicly: once the votes are publicly recorded, the
results are a "simple matter of arithmetic". _Every_ step is
verifiable, so there is no place for the process to be secretly
subverted. (And no one need depend on "the government" for the
results.)
To summarize: any voting system that has a "secret" part, and is
therefore not publicly verifiable, must, at some level, rely on trust.
And is therefore vulnerable to malfeasance and subversion, regardless
of how it is implemented.
=== JJ =================================================================
* * * * * * * * * * * * * * From the Listowner * * * * * * * * * * * *
. To unsubscribe from this list, send a message to:
majordomo at scn.org In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * * http://www.scn.org/volunteers/scn-l/ * * * * * * *
More information about the scn
mailing list