Re: Voting Security (was: The Next Genaration)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



We have a few resident experts in this area (like myself and EKR); happy to lead a discussion on this or present as needed.

On Thu, Sep 12, 2019 at 14:21 Joe Abley <jabley@xxxxxxxxxxx> wrote:
On 12 Sep 2019, at 11:56, Eric Rescorla <ekr@xxxxxxxx> wrote:

[Changing the subject line because this is a change of topic.]

On Thu, Sep 12, 2019 at 8:37 AM <shogunx@xxxxxxxxxxxxxxxxx> wrote:
IMHO, if the interest is in protecting the democratic process, the first
place we should look is the digital voting infrastructure, as that is the
vector most abused.  Knowing what I do about network and computer security
in general, I have come to the conclusion that hand counted paper ballots
with a strong chain of custody are the only way to ensure a free and fair
election.

This is pretty off-topic for IETF, but might be interesting to people.

I certainly agree that software independence (https://en.wikipedia.org/wiki/Software_independence) is a good objective for voting systems, and hand-counted paper ballots are one good way to achieve that. However, there are voting environments where they are problematic. Specifically, because the time to hand-count ballots scales with both the number of ballots and the number of contests, in places like California where there a large number of contests per election it can be difficult to do a complete hand-count in a reasonable period of time.

One good alternative is hand-marked optical scan ballots which are then verified via a risk limiting audit (https://en.wikipedia.org/wiki/Risk-limiting_audit). This can provide a much more efficient count that still has software independence up to a given risk level \alpha.

The theory and practice of elections and the specific challenges with on-line voting is a whole ecosystem of its own with conferences, journals and an active community of academics, vendors and governments discussing a fairly broad spectrum from information theory, statistics and cryptography through to operational and platform security, software quality, public policy and law.

I am no expert in any of this but I happen to have an academic supervisor who is. If anybody would like an introduction to that world e.g. as an alternative to trying to reinvent it at the IETF, I'd be happy to make one.


Joe
--
Joseph Lorenzo Hall
Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
1401 K ST NW STE 200, Washington DC 20005-3497
e: joe@xxxxxxx, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux