Basically, we agree. I am working on helios not because I think it should or will be used for public elections, but because I think it can be useful for private elections, and introduce users to better voting methods. Also, honestly, the math is fun.<div>
<br></div><div>Jameson<br><br><div class="gmail_quote">2012/2/23 Kathy Dopp <span dir="ltr"><<a href="mailto:kathy.dopp@gmail.com">kathy.dopp@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
There are always multiple ways to violate the integrity of secretly<br>
cast e-ballots. For instance, even in encryption systems the ballot<br>
definition files are another point of attack. The system cannot be<br>
protected from insiders who program it and administer the system. I.e.<br>
with voting we cannot have both voter anonymity and verifiable<br>
security with any e-ballots<br>
<br>
Small coding mistake led to big Internet voting system failure<br>
<br>
Read more: Small coding mistake led to big Internet voting system<br>
failure - FierceGovernmentIT<br>
<br>
<a href="http://www.fiercegovernmentit.com/story/small-coding-mistake-led-big-internet-voting-system-failure/2012-02-22#ixzz1nDP1a2Kg" target="_blank">http://www.fiercegovernmentit.com/story/small-coding-mistake-led-big-internet-voting-system-failure/2012-02-22#ixzz1nDP1a2Kg</a><br>
<br>
<a href="http://www.fiercegovernmentit.com/story/small-coding-mistake-led-big-internet-voting-system-failure/2012-02-22" target="_blank">http://www.fiercegovernmentit.com/story/small-coding-mistake-led-big-internet-voting-system-failure/2012-02-22</a><br>
<br>
The main security weakness that let University of Michigan researchers<br>
take control over a planned city of Washington, D.C. Internet voting<br>
system pilot for overseas voters in 2010 was "a tiny oversight in a<br>
single line of code,"<br>
<br>
Read more: Small coding mistake led to big Internet voting system<br>
failure - FierceGovernmentIT<br>
<a href="http://www.fiercegovernmentit.com/story/small-coding-mistake-led-big-internet-voting-system-failure/2012-02-22#ixzz1nDPGFUVN" target="_blank">http://www.fiercegovernmentit.com/story/small-coding-mistake-led-big-internet-voting-system-failure/2012-02-22#ixzz1nDPGFUVN</a><br>
Subscribe: <a href="http://www.fiercegovernmentit.com/signup?sourceform=Viral-Tynt-FierceGovernmentIT-FierceGovernmentIT" target="_blank">http://www.fiercegovernmentit.com/signup?sourceform=Viral-Tynt-FierceGovernmentIT-FierceGovernmentIT</a><br>
<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
<br>
On Thu, Feb 23, 2012 at 6:36 AM, Jameson Quinn <<a href="mailto:jameson.quinn@gmail.com">jameson.quinn@gmail.com</a>> wrote:<br>
><br>
><br>
> 2012/2/23 Jameson Quinn <<a href="mailto:jameson.quinn@gmail.com">jameson.quinn@gmail.com</a>><br>
>><br>
>><br>
>><br>
>> 2012/2/22 Kathy Dopp <<a href="mailto:kathy.dopp@gmail.com">kathy.dopp@gmail.com</a>><br>
>>><br>
>>> Below is a quote from Ben Adida, creator of Helios.<br>
>>><br>
>>> We now have documented evidence ...that viruses like Stuxnet that<br>
>>> corrupt nuclear power plants by spreading from one Windows machine to<br>
>>> the other have been built. And so if you run a very large scale<br>
>>> election for a president of a G8 country, why wouldn’t we see a<br>
>>> similar scenario? Certainly, it’s worth just as much money; it’s worth<br>
>>> just as much strategically. . . . All the verifiability doesn’t change<br>
>>> the fact that a client side corruption in my browser can flip my vote<br>
>>> even before it’s encrypted, and if we . . . must have a lot of voters<br>
>>> verify their process, I think we’re going to lose, because most voters<br>
>>> don’t quite do that yet.<br>
>>><br>
>>> - Adida, Ben. 2011. Panelist remarks – Internet voting panel.<br>
>>> EVT/WOTE’11, the Electronic Voting Tech. Workshop / Workshop on<br>
>>> Trustworthy Elections. Aug. 9, 2011. URL <a href="http://www.usenix" target="_blank">http://www.usenix</a>.<br>
>>> org/events/evtwote11/stream/benaloh_panel/index.html.<br>
>>><br>
>>> The above quote on Helios was sent to me from Barbara Simons,<br>
>>> coauthor, with another computer scientists Doug Jones of an upcoming<br>
>>> very well-researched and well-written book: "Broken Ballots: Will Your<br>
>>> Vote Count?" The book will be published by April 15th approx.<br>
>>><br>
>>><br>
>>><br>
>> Yes, I said that: "It is insecure against trojans on the voter's machine<br>
>> at the time of the initial vote, ... not something I'd trust for public<br>
>> elections...."<br>
>><br>
>> This actually is not an insurmountable difficulty. There are two ways you<br>
>> could face it:<br>
>><br>
>> 1. Still using the voter's home machine, you could combine the<br>
>> cryptography with captchas: the voter would have to match a picture next to<br>
>> the candidate with a list of pictures in different order in order to<br>
>> rate/rank that candidate. However, this is inconvenient, and to make it<br>
>> secure you would need time limits. It also does nothing to address the<br>
>> digital divide. This latter issue, not security, is the reason I find this<br>
>> solution unacceptable for political elections.<br>
>><br>
>> 2. You could use secure machines, booted from CD with no hard drive, at<br>
>> polling stations.<br>
><br>
><br>
> Of course, if you're using polling stations anyway, you should be printing<br>
> hand-marked or at least voter-verified paper ballots and giving<br>
> cryptographically-verifiable receipts. That is to say, even if you can build<br>
> a context where Helios is 100% secure (less than one flaw expected in the<br>
> age of the known universe), there is no good reason not to add other reasons<br>
> for people to trust the result. The goal of an election is not just to BE<br>
> secure, but to APPEAR secure, even to people who don't understand or trust<br>
> mathematical and computational security measures.<br>
><br>
> Jameson<br>
><br>
>><br>
>> But yes, I explicitly stated that helios as-is is NOT secure enough to use<br>
>> for a high-stakes election with more than around 10K voters.<br>
>><br>
>> Jameson<br>
><br>
><br>
<br>
<br>
<br>
</div></div><div class="HOEnZb"><div class="h5">--<br>
<br>
Kathy Dopp<br>
<a href="http://electionmathematics.org" target="_blank">http://electionmathematics.org</a><br>
Town of Colonie, NY 12304<br>
"One of the best ways to keep any conversation civil is to support the<br>
discussion with true facts."<br>
"Renewable energy is homeland security."<br>
<br>
Fundamentals of Verifiable Elections<br>
<a href="http://kathydopp.com/wordpress/?p=174" target="_blank">http://kathydopp.com/wordpress/?p=174</a><br>
<br>
View some of my research on my SSRN Author page:<br>
<a href="http://ssrn.com/author=1451051" target="_blank">http://ssrn.com/author=1451051</a><br>
</div></div></blockquote></div><br></div>