Re: electronic voting system

From: Michael Amling (nospam_at_nospam.com)
Date: 11/19/04 

Date: Thu, 18 Nov 2004 23:14:47 GMT

Bill Unruh wrote:
> Zeljko Vrba <ime.prezime@oss.unist.hr> writes:
>
> ]-----BEGIN PGP SIGNED MESSAGE-----
> ]Hash: RIPEMD160
>
> ]What is wrong with the following electronic voting scenario:
>
> ]1. The government issues as many blank smart-cards as there are registered
> ] voters. Each card has a unique serial number that is made public.

   Where does the government get cards with these properties? What
prevents NGO's or neighboring governments from issuing cards that could
be confused with these cards or could act in the place of these cards or
have the same serial numbers as these cards?
   What keeps the government from using the cards that are not picked up
by registered voters?

>
> ]2. There are two state-wide lists: one of registered voters, and one with
> ] serial numbers of issued cards.
>
> ]3. Each voter picks up his card at a government office. This is recorded in
> ] the voters list (which must be always online) so that he can't pick up a
> ] card at another office. He is allowed to choose an arbitrary unmarked card
> ] from a pile of cards. That way the serial number of the card can't be
> ] linked to the voter so that his vote remains unknown to anyone but himself.
>
> ]4. At the office, the voter inserts the card into the provided terminal

   At the government office? Where the voter just picked up a card in
the next room? Or at the voter's office?

> ] equipment to generate a public/private key pair (this is to ensure that the
> ] private key is not known to the card manufacturer beforehand). The

   Is the card generating this random number? How do we prove the random
number generators are any good? If the terminal is generating it, how do
we know it isn't keeping a copy of the private key? What keeps the voter
from accidentally, deliberately or phishily revealing the private key?

> ] goverment publishes the 'certificate' for the registered voter's card
> ] containing (public key, card serial number) pair as the only information.

   If the voter just picked up the card in the next room, how do we keep
the government or anyone else from associating a public key or serial
number with a voter?

>
> ]5. When it comes to elections, the voter signs the (choice, card serial#)
> ] with his on-card private key.

   Are the voters walking around with these cards after picking them up
and before the election? Some will get lost. Some will be sold on eBay.
Some will be handed to the voter's spouse, employer, union steward,
precinct captain, perhaps with the words "Here. You figure this out."

   How does the voter verify that what's being signed is actually a list
of the voter's choices?

   How do the voters' signed choices get to the county tallying center?
How do we know they all get there?

>
> ]This scenario has the following properties:
> ] - anonimity (public card data and voter's choice can't be linked to the
> ] real person)
> ] - votes can't be forged
> ] - votes can be easily verified to be authentic
> ] - it is possible to prevent a single voter to vote multiple times
> ] - it is not possible to insert additional cards in the list to fake votes
> ] because there is a state-wide list of serial numbers. votes with card
> ] serial number not appearing on the government list of serials are
> ] discarded (unless someone tampers with the list, which should be protected
> ] against modification).
>
> And it is impossibly complicated. Even getting voters to register is hard.
> To have them spend an hour or two going through this palaver to get a card
> which they can then at a later date use to vote is hopeless. It is another
> example of technical fixes which correspond in no way to human behaviour.
>
> ]
> ]One problem with this scheme that comes to mind is with lost cards: a voter
>
> And that is another problem.
>
> ]can't request a replacement card without proving that he lost the previous
> ](otherwise, he could lie that he lost the card and thus obtain the right to
> ]two votes). However, the proof would reveal all of his past votes.
>
> How would the proof do that?

   Perhaps the OP is thinking that the voter can provide the private key
from the lost card (which I doubt an actual voter would be able to do).
The card with the corresponding public key could then be stricken from
the list of valid cards and a replacement issued.

--Mike Amling

Relevant Pages

  • Re: electronic voting system
    ... Each card has a unique serial number that is made public. ... Each voter picks up his card at a government office. ... ] - votes can be easily verified to be authentic ... ] serial number not appearing on the government list of serials are ...
    (sci.crypt)
  • Open Source Solution Required: Issuing 100 million secure voter ID cards to the citizens of Banglade
    ... issuing voter ID cards in Bangladesh might plan to use this - not ... We have 100 million people to be issued with voter ID card. ... one of the largest civilian fingerprint databases in the world. ... database which will eventually lead to the formulation of smart ...
    (comp.unix.bsd.freebsd.misc)
  • electronic voting system
    ... Each card has a unique serial number that is made public. ... Each voter picks up his card at a government office. ... - votes can be easily verified to be authentic ... serial number not appearing on the government list of serials are ...
    (sci.crypt)
  • Re: keep the nigger out of office
    ... Man threatened voter officials over tardy registration card ... OCTOBER 8--Angered by a delay in the receipt of his voter registration ... Williams told a state official ...
    (rec.sport.pro-wrestling)
  • Re: Candorville 2 Nov 2006
    ... 1969 green card that I can't use for identification because while I ... just no way I could get a voter registration card, ... precinct officers finds the name in the index, ... then write his or her name and residence address or, ...
    (rec.arts.comics.strips)
Quantcast