|
Edited on Tue May-16-06 09:46 AM by dmesg
I've been lurking this forum for a bit and just want to say I'm so happy to hear I'm not just a lone paranoid nut for fearing electronic voting fraud. At worst I'm a paranoid nut with lots of company...
But anyways, this thought has made me think about what kinds of electronic voting could work. I'm a computer programmer. I do a lot of work building systems that can both anonymously and verifiably record transactions -- you wouldn't have eBay or Amazon without systems like that (and yes, it depresses me that people are more concerned with security when they buy a "Gone With the Wind" commemorative plate than when they vote). But here's my outline.
1. Open source. We absolutely MUST be able to audit the source code of the application, and be able to compare the results of our compiler's output of it with the reference build.
2. Physically secured communications. The voting machines MUST communicate over physically private networks.
3. One-way hashes of individual votes. Concatenate an identifier of the voter, an identifier of the candidate voted for, an identifier of the voting machine, and a timestamp and subject this to a one-way hash like SHA256. The voter receives a record of his or her identifier, the identifier of the voting machine used, and the timestamp of his or her vote. The hashes are then published so an individual voter can verify that his or her vote for candidate A was recorded, but a third party can not verify that person B voted for candidate A, nor even that person B voted at all.
4. Each vote is recorded in combination with a record of which polling station (though not voter, machine, or timestamp) it was cast at, as well as a sequence identifier. Furthermore, an additional field is stored. For the first vote, this field is a one-way hash of the candidate and a sequence initialization (or even better, the first vote is an uncounted initialization vector) For successive votes, it is some unique combination like XOR of the previous vote's value in this field and the one-way hash of the candidate and the next member of the sequence. That way every vote can -- still anonymously -- be put in the sequence cast and, if not prevent tampering, at least go a very long way towards making it difficult.
With a system basically like this, we would have these advantages:
1. Greater confidence that the application itself is not programmed with some sort of back door or manipulative function
2. Greater confidence that the communications between voting machines are not being surveiled or altered
3. Each voter can, if he wishes, verify that his vote is among the recorded votes for that polling station
4. Independent auditors can, without being able to identify individual voters' choices, verify that each vote recorded was recorded in sequence without tampering
As a computer person, it causes me great distress to see the technology we have not just go unused, but be perverted to manipulate elections. We have strong cryptography for a reason, and hiding information is only half of it. We can also use it to verify information, anonymously if we wish.
But, we'll see a system like this the day monkeys fly out of my butt...
EDIT: had a missing clause in step 4
|