On 12 Sep 2019, at 11:56, Eric Rescorla <ekr@xxxxxxxx> wrote:
[Changing the subject line because this is a change of topic.]
IMHO, if the interest is in protecting the democratic process, the first
place we should look is the digital voting infrastructure, as that is the
vector most abused. Knowing what I do about network and computer security
in general, I have come to the conclusion that hand counted paper ballots
with a strong chain of custody are the only way to ensure a free and fair
election.
This is pretty off-topic for IETF, but might be interesting to people.
I certainly agree that software independence ( https://en.wikipedia.org/wiki/Software_independence) is a good objective for voting systems, and hand-counted paper ballots are one good way to achieve that. However, there are voting environments where they are problematic. Specifically, because the time to hand-count ballots scales with both the number of ballots and the number of contests, in places like California where there a large number of contests per election it can be difficult to do a complete hand-count in a reasonable period of time.
One good alternative is hand-marked optical scan ballots which are then verified via a risk limiting audit ( https://en.wikipedia.org/wiki/Risk-limiting_audit). This can provide a much more efficient count that still has software independence up to a given risk level \alpha.
The theory and practice of elections and the specific challenges with on-line voting is a whole ecosystem of its own with conferences, journals and an active community of academics, vendors and governments discussing a fairly broad spectrum from information theory, statistics and cryptography through to operational and platform security, software quality, public policy and law.
I am no expert in any of this but I happen to have an academic supervisor who is. If anybody would like an introduction to that world e.g. as an alternative to trying to reinvent it at the IETF, I'd be happy to make one.
Joe |
Attachment:
signature.asc
Description: Message signed with OpenPGP