CDR: Re: A secure voting protocol

Augusto Jun Devegili devegili at inf.ufsc.br
Fri Nov 10 15:40:29 PST 2000 

----- Original Message -----
From: "Tim May" <tcmay at got.net>
To: <cypherpunks at algebra.com>
Sent: Friday, November 10, 2000 9:11 PM
Subject: CDR: Re: A secure voting protocol


> The problems with these protocols are obvious to all who have looked
> at these things over the years:

> * most voters, at least 99% of them, will not understand or trust or
> bother with the protocols

[Augusto] Well... how many people don't understand SSL and still use it for
home banking?

> * the steps will of course all be automated into some WindowsMe or
> Mac client called "MyVote." This package will itself not be trusted
> by most people.

[Augusto] Code signing might be an option, but (a) who is going to sign the
code (governement, parties, independent organizations, all of them), and (b)
how is this code signature *securely* verified?

> * the large fraction of people who are not computer literate, or who
> don't own a PC, etc. will have to use someone else's PC or terminal.
> This then raises all the usual issues about their blinding numbers,
> passphrases, keystrokes, etc., being captured or manipulated by
> someone else.

[Augusto] One can still maintain public sites for casting votes, using the
same "MyVote" system and identifying themselves with smartcards.

> Physical ballot voting has its problems, but at least people
> _understand_ the concept of marking a ballot, as opposed to "blinding
> the exponent of their elliptic curve function and then solving the
> discrete log problem for an n-out-of-m multi-round tournament."

[Augusto] Same as above [SSL].

> Further, people can _watch_ their ballots going into a voting box, a
> "mix." I know I watch my ballot going in. And while it is _possible_
> for secret cameras to be videotaping my choices, or for DNA from my
> fingers being able to "mark" my ballot, I understand from basic
> economic and ontologic issues that these measures are very unlikely.
> This assurance doesn't exist with the protocol described above. Some
> folks will think their protocol failed, some will think there is a
> "backdoor" for seeing how they voted, some will think their are not
> adequate methods for auditing or double-checking the protocols.
>
> I would not trust such a system, or be willing to take night school
> classes in crypto and higher math in order to begin to understand the
> system...so imagine what other folks will think.
>
> It won't happen in our lifetimes. It may happen in European nations,
> but only because the average citizen does what he is told to do more
> so than American paranoids and individualists will do.

[Augusto] I would like to see this happening after the scientific/academic
community approves a secure protocol and its implementation architecture.
And I also understand that it will be quite hard to convince the general
voter of the security of e-voting.

Regards,

Augusto Jun Devegili

More information about the cypherpunks-legacy mailing list