----- Original Message ----- From: "Tim May" <tcmay@got.net> To: <cypherpunks@algebra.com> Sent: Friday, November 10, 2000 9:11 PM Subject: CDR: Re: A secure voting protocol
The problems with these protocols are obvious to all who have looked at these things over the years:
* most voters, at least 99% of them, will not understand or trust or bother with the protocols
[Augusto] Well... how many people don't understand SSL and still use it for home banking?
* the steps will of course all be automated into some WindowsMe or Mac client called "MyVote." This package will itself not be trusted by most people.
[Augusto] Code signing might be an option, but (a) who is going to sign the code (governement, parties, independent organizations, all of them), and (b) how is this code signature *securely* verified?
* the large fraction of people who are not computer literate, or who don't own a PC, etc. will have to use someone else's PC or terminal. This then raises all the usual issues about their blinding numbers, passphrases, keystrokes, etc., being captured or manipulated by someone else.
[Augusto] One can still maintain public sites for casting votes, using the same "MyVote" system and identifying themselves with smartcards.
Physical ballot voting has its problems, but at least people _understand_ the concept of marking a ballot, as opposed to "blinding the exponent of their elliptic curve function and then solving the discrete log problem for an n-out-of-m multi-round tournament."
[Augusto] Same as above [SSL].
Further, people can _watch_ their ballots going into a voting box, a "mix." I know I watch my ballot going in. And while it is _possible_ for secret cameras to be videotaping my choices, or for DNA from my fingers being able to "mark" my ballot, I understand from basic economic and ontologic issues that these measures are very unlikely. This assurance doesn't exist with the protocol described above. Some folks will think their protocol failed, some will think there is a "backdoor" for seeing how they voted, some will think their are not adequate methods for auditing or double-checking the protocols.
I would not trust such a system, or be willing to take night school classes in crypto and higher math in order to begin to understand the system...so imagine what other folks will think.
It won't happen in our lifetimes. It may happen in European nations, but only because the average citizen does what he is told to do more so than American paranoids and individualists will do.
[Augusto] I would like to see this happening after the scientific/academic community approves a secure protocol and its implementation architecture. And I also understand that it will be quite hard to convince the general voter of the security of e-voting. Regards, Augusto Jun Devegili