[Fsfe-ie] perspective on e-voting

Niall Douglas s_fsfeurope2 at nedprod.com
Wed Mar 3 04:28:52 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2 Mar 2004 at 9:54, Fergal Daly wrote:

> > Why? You can get a military hardened CPU from Atmel or even Intel
> > for less than a x86 CPU. It just won't run Windows.
> 
> Fair enough. I assumed they'd be more expensive. Still doesn't change
> the fact that when you look at the circuit board all you can see is a
> plastic package and that there's no non-destructive way of finding out
> if you've really, really got an genuine xyz military hardened
> processor or just something pretending to be one.

x86 processors are /vastly/ more complex than they need to be because 
of the legacy requirements. Really they're a RISC CPU nowadays with a 
translation front-end converting the x86 into RISC ops. However that 
said, there is a huge scale of economy in x86 chips only ARM could 
probably come close to - hence me suggesting the Atmel.

I think you're thinking too much in how it could be compromised on a 
technical level whilst ignoring the feedback effects of a compromise. 
Voting is not like a bank vault where if you break it you win 
outright - at best, you get four years or so of power. In reality, 
many factors can play to make your term much shorter and certainly if 
it emerged that an election was tampered with, any sitting government 
would have to call another election. The media simply wouldn't permit 
otherwise.

If you look at the US 2000 presidential elections which were almost 
certainly rigged, nevertheless Congress allocated quite a lot of 
money to replace the voting equipment despite the major spending 
cutbacks of the Bush administration. Unfortunately that's gone on 
Diebold voting machines which make the Irish voting machines look 
fantastic, but it's a good example of the feedback system working.

> You've gone way outside the requirements for a voting machine here. I
> agree with you that a practically tamper proof machine is possible,
> however we are talking about machines which will spend 364 days a year
> switched off in a warehouse in the back of beyond and then they'll
> spend a full day in an unfriendly environment being used in private by
> punters.

What's important is not that the machines are tamper proof - it's 
that there's *fairly* tamper proof, enough that people trust them and 
the process. If they emerge to not be so (and there's plenty of 
journalists sniffing around here never mind whistleblowers), there 
will be substantial feedback from the public to improve the system. 
Which means politicians get to give more wads of cash to their 
friends and thus everyone is happy.

Nevertheless, I'm still opposed to them. For what is gained per euro 
spent, they are a waste of money better spent on (say) health.

> One problem is that it greatly complicates vote storage and
> anonymnity. I can't see it ever being accepted because most people
> want to know that when they cast their vote it's done and nothing can
> undo it.

I did say peer to peer and distributed - therefore there is no 
central server apart from the trust delegator (which says which 
phones can vote and which can't). Anonymity is easy to implement in a 
massively distributed system. And what I really like about such a 
system is that anyone can ask their mobile what votes were cast for 
the country and get precisely the same figures as the TV or anyone 
else gets - obviously if they don't, one can kick up a fuss. My 
mobile is equal to Bertie's mobile in every way in such a 
configuration.

Cheers,
Niall





-----BEGIN PGP SIGNATURE-----
Version: idw's PGP-Frontend 4.9.6.1 / 9-2003 + PGP 8.0.2

iQA/AwUBQEVQ9MEcvDLFGKbPEQIWqACcC3vsXWkpxs99NurchWvvD2Mo2a4AoI8w
QbWui6rgYDdlRex9hXLWYVi3
=w6jE
-----END PGP SIGNATURE-----



More information about the FSFE-IE mailing list