Michael_Heyman@NAI.com[SMTP:Michael_Heyman@NAI.com] wrote:
Peter Trei wrote:
Frankly, the whole online-verification step seems like an unnecessary complication.
Except to those of us who don't trust the system.
Implemented correctly it could be cheap and complications could be hidden from the voter. It could be cheaper - no need to pay people to do an audit when "the people" will do it for you. You only need a small fraction of "the people" to verify their votes to get a high level of confidence that the election is valid. You only need one failure to cast doubt on the election. This requires an un-forgeable receipt that cannot be used for coercion. Un-forgeable we have been doing for a while now with lots of different PK options. A receipt that cannot be used for coercion cannot give any indication to others of who you voted for. Right now this is a big complication (at least to me - I don't know how to create such a receipt that doesn't require mental gymnastics on the part of the voter).
As Ian has noted, self-auditability and uncoercibility seem to be to be mutually exclusive requirements. If you're going to assume that the whole system is untrustworthy, you're still screwed despite the receipts - if the website says that yes, your vote counted in the final total, that still does not tell you that the right candidate was declared the winner. That would only happen if enough voters pooled their verifications to show that that had to be the case (this is equivalent to a recount). In a close-run two candidate race, if a number of voters equal to half the gap between the the candidate's totals failed to verify and report that their vote was recorded correctly, the result is still untrustworthy. ....and any system which relies on advanced mathematics will be unintelligible and mistrusted by the average voter. Peter