Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Somewhat OT- open source software for US voting machines



On 2008-10-06 20:26 +0900 (Mon), Edmund Edgar wrote:

> OK, here's what I'm thinking:
> You can't put 100% trust in the electronic system.
> You can't put 100% trust in the paper system.

Right. But this is a tautalogy; you can't put 100% trust in *any*
system. So from a security analyst's point of view, this analysis is
useless. What security analysts instead think about is, "what amount of
security do I get at what expense."

With paper systems, it's relatively easy to achieve a high level of
security, assuming the folks involved have much interest at all in the
results. If they do, various candidates will have no problem supplying
plenty of scrutineers for the voting and the count. Additionally, the
system is easy to observe, is heavily distributed, making collusion on
any large scale quite difficult, and is relatively cheap. (The biggest
expenses are for election officials and printing ballots.)

On the computer side, it's much harder to achieve a high level of
security. There are many, many more avenues of attack, some at fairly
high levels in the hierarchy, making collusion, for example, much more
of a possibility. The system itself is much more complex, and it is very
difficult or even practically impossible to observe parts of it. And it
costs a lot more than the alternative.

So if you run the systems in parallel, what do you get? Either you must
trust the paper system when there is any discrepancy, in which case the
expenditure on the electronic system was pointless anyway, or you must
do a very expensive audit to see which was wrong, which has a very high
probability of proving that the paper system produced the (more) correct
result anyway.

In the mean time, all that money you've spent on the electronic system,
which is likely to result in very little or no payback, could have
been spent on improving the paper system. I'm sure anybody experienced
with it can provide plenty of ideas for improvement there, from better
training (of officials, scruitineers, and voters) to avoiding the need
for mail-in ballots by sending officials and scrutineers out to remote
areas where necessary.

The basic fact to keep in mind is that, when you are advocating adding
an electronic system, you are not just advocating doing that, but also
advocating *not* doing a whole lot of other things that could have been
done with the time, money and effort expended on it.

cjs
-- 
Curt Sampson       <cjs@example.com>        +81 90 7737 2974   
Mobile sites and software consulting: http://www.starling-software.com


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links