[EM] Civitas: Toward a Secure Voting System

Kathy Dopp kathy.dopp at gmail.com
Fri Aug 15 23:39:31 PDT 2008 

RE: Civitas: Toward a Secure Voting System
http://www.cs.cornell.edu/andru/papers/civitas.html

as mentioned by Andrew Myers of Cornell

I will add it to my "to do" list to read about Civitas when I finish a
few other projects.  For now, I took the liberty of asking a few
computer scientists who are experts in voting systems what they
thought about Civitas and here are three responses:

1. From BEN ADIDA:

"Civitas... is worth exploring and studying ... There are lots of good
ideas out there on improving elections, and Civitas is a very
interesting project. Civitas falls in the category of open-audit
voting systems, meaning systems that provide mathematical proofs that
the vote was correctly
tallied. It's a category of system that is truly revolutionary, and
one to which I wish the voting activist community would pay closer
attention."

[NOTE: I have studied other voting systems that claimed to provide
mathematical proof that the election results were accurate and they
did not.]

2. From DOUG JONES:

"It's a mix-net cryptographic system, much like many of Chaum's proposals.

As such, it's fair to ask "how many people really understand this system?"

I won't jump on the bandwagon for such systems until someone can
design such a system where the election observers representing the
political parties at the county building can observe the system and
know that the system actually being used is the system they
understand.

When I observed the use of Internet voting in the Dutch 2006
parliamentary elections, what I saw was a government election
bureaucracy that didn't understand the system they were administering.
 One result was that they misunderstood how to achieve the potential
that system had for security, for example, by doing things behind
locked doors (justified on the grounds that the activity was security
critical) that had to be done in public if the system was to be
secure.  Also, there were divisions of authority that were required to
meet security criteria, but on the ground, in the offices where such
divisions were required, none of the clerks understood that and they
didn't divide the authority.

(The Dutch system was not based on mix nets.  As a result, it was not
as coersion resistant as the Civitas system, but the administrative
failures I saw would equally threaten a system like Civitas.)

Now to the technical side:  Trust Assumption 3:  Voters trust their
voting client.  This is not prudent in today's world, where it is
estimated that 1/4 of all destkop PCs have been recruited into bot
nets -- that is to say, are not merely infected by latent malware but
have active malware resident on them.  In this environment, no PC
should be trusted with any security critical information.

In fact, in this situation, we are very close to the point where
random destruction of PCs is the least-cost path to improving the
security of the Internet.

Trust assumption 4:  The channels on which voters cast their votes are
anonymous.  In today's Internet, anonymity is getting harder and
harder to assure, except through extralegal channels such as the bot
nets that spammers use to flood the internet with their, uh, crap."

[NOTE: Doug Jones, CS Prof at U of IA knows more about the details of
voting systems than anyone I know.]

3. From DAVID WEBBER

"It's very simple - you already sent the answer to the Obama and
McCain campaigns.

Unless there is matching paper records manually cast by the human
voter - while the scientists may claim whatever they want about secure
votes - there is no way to verify their all-electronic-digital records
actually match what humans really did in the physical real world.

It's the REVERSE that is the problem!  How can you guarantee that
their wonderful computer system is somehow not either intentionally or
otherwise losing or adding votes?  Where is the physical proof to
match their digital records that are completely ephemeral inside the
machine.

Just look here's

my vote
my vote
my vote
my vote
my vote
my vote
my vote
my vote
my vote

I'm so sorry there was a bug in my voting software.

Easy huh?"

[NOTE: David Webber is an XML/EML Oasis proponent who has been working
to develop a new open source voting system and bring it to market.]
--

Kathy Dopp

The material expressed herein is the informed product of the author
Kathy Dopp's fact-finding and investigative efforts. Dopp is a
Mathematician, Expert in election audit mathematics and procedures; in
exit poll discrepancy analysis; and can be reached at

P.O. Box 680192
Park City, UT 84068
phone 435-658-4657

http://utahcountvotes.org
http://electionmathematics.org
http://electionarchive.org

How to Audit Election Outcome Accuracy
http://electionarchive.org/ucvAnalysis/US/paper-audits/legislative/VoteCountAuditBillRequest.pdf

History of Confidence Election Auditing Development & Overview of
Election Auditing Fundamentals
http://electionarchive.org/ucvAnalysis/US/paper-audits/History-of-Election-Auditing-Development.pdf

Voters Have Reason to Worry
http://utahcountvotes.org/UT/UtahCountVotes-ThadHall-Response.pdf

More information about the Election-Methods mailing list