[ale] Thoughts on Electronic Voting

[Michael D. Hirsch]

On Tuesday 05 November 2002 10:42 pm, Joseph A Knapka wrote:
> Jeff Hubbs wrote:
>
> [a lot of thought-proviking stuff, which I snipped in order to get
> to:]
>
> > Inasmuch as I know that it would be possible to design and deploy
> > electronic voting systems with a high level of integrity, their
> > inherent complexity makes auditability by reasonable means
> > impossible.
>
> Difficult, perhaps. Not impossible. It would be up to the implementor
> to produce auditable code, not a mess of spaghetti. Of course,
> crypto code should be obviously correct, not obfuscated (the
> adage about security through obscurity applies).

I was thinking about this in the shower this morning, and here is a 
scheme I would trust a lot more.  Unfortunately, I can't imagine it 
being adopted.

The basic trick is to have two companies build electronic voting system 
with a shared format for recording the vote on a smart card.  You vote 
on a machine from company A which records your choices on the smart 
card.  Then you insert the card in company B's machine and check that 
your choices are correct on that machine, too.  After you confirm your 
vote on B's machine your vote is permanently cast and the smart card is 
wiped.

The vote is tallied twice--once on each machine.  If the two tallies do 
not agree, then something is wrong.  If they do agree, then you can be 
reasonably clear that unless the two companies colluded (and there 
would have to be strict separation of the two companies) the vote is 
correct.

--Michael

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.