[Cryptography] practical verifiable systems -- forensic and otherwise, cheap and otherwise
Bill Frantz
frantz at pwpconsult.com
Tue Mar 3 18:18:53 EST 2015
On 3/3/15 at 1:14 PM, jthorn at astro.indiana.edu (Jonathan
Thornburg) wrote:
>On Mon, Mar 02, 2015 at 01:09:57PM -0700, John Denker wrote:
>>Here's another example dear to my heart: Vote-counting
>>equipment. ...
>
>It seems to me that any system involving a scanner and software is
>much *less* secure than an all-paper scheme (with humans counting the
>ballots at the polling site after polling closes, watched by multiple
>other humans from different parties) (multiple other humans have of
>course also checked that the ballot boxes were empty at the start of
>polling, and have watched the ballot boxes all day):
>* scanner+software --> vulnerable to a variety of software attacks
>--> a single software attack can potentially
>compromise the count at every polling place
>across the country
>* all-paper + human watchers/counters
>--> vulnerable to "up-the-sleeve" and other
>"stage-magician" tricks
>--> those attacks require a trained/skilled attacker
>at the (each) polling place, and hence are very
>hard to run -- and keep secret -- at a big enough
>scale to affect national results
Verified Voting <http://verifiedvoting.org/> has spend a lot of
time and effort in this issue. It is much more complex than
appears at first.
My favorite attack on paper systems was a piece of pencil "lead"
glued under a finger nail on one of the vote counters. If he
encountered an ballot voting for the "wrong" candidate, he
simply used the pencil lead to add a vote for another candidate,
making the ballot a spoiled ballot and negating the vote for the
wrong candidate.
I like the system that uses a scanner, but takes between 1 and 5
percent of the precincts and does a full manual audit of their
paper ballots and electronic results.
YMMV.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz |The nice thing about standards| Periwinkle
(408)356-8506 |is there are so many to choose| 16345
Englewood Ave
www.pwpconsult.com |from. - Andrew Tanenbaum | Los Gatos,
CA 95032
More information about the cryptography
mailing list