|
Re: internet voting -- ICANN, SmartInitiatives, etc.
2001-01-15 07:10:03
"Steven M. Bellovin" wrote:
In message <3A623581(_dot_)761092EC(_at_)nma(_dot_)com>, Ed Gerck writes:
Handling bugs is the major problem IMO (looks like we also agree here)
after DDoS, privacy, security, integrity, etc are handled (which are
not a small task, either). But this might not be so hard after all. Yes,
an election is a mission-critical application but it is also a fixed
application
if you design it well with a database paradigm. The database changes
for every election (candidates, offices, etc.) but the software is the same
at each different stations (registration, voting, ballot box, tallying,
reporting, auditing, etc.).
Of course, the software isn't fixed, any more than any other package is
fixed. If nothing else, each election will have software that includes
the bug fixes and new features added since the last election.
The real model for electronic voting isn't Florida, though; it's New
Mexico. In Bernalillo County, which used optical mark ballots, the
scanner was misprogrammed -- it ignored straight-ticket votes. In this
case, once the problem was recognized, the fix was relatively easy --
they corrected the program and rescanned the ballots. If the voting had
been online, there would have been no physical ballots to rescan.
In 1982 a team of 4 students at Rensselaer Polytech. created a secure
voting system. I was one of that team. We had many concerns to overcome,
none the least of which was how to separate the vote gathering from the
vote tallying. We separated out these functions precisely becase we were
concerned about being able to hand-count the votes later. This system
wasn't an academic exercise. Rather, it was driven by a desire to
demonstrate the ability to apply technology to the campus elections. It
worked well. Security was maintained by using physically separate
terminals and relying on aspects of the operating system. We're talking
3270-style terminals and an IBM mainframe, for those curious. The
terminals can be programmed such that all control comes from the host,
making them ideal for the task.
In our case, we stored each vote separately in a data file, effectively
keeping each person's ballot together. We designed the system to write
the files to multiple disk drives simultaneously, so we could compare
the data later (and protect against a drive failure).
This issue of having ballots available to look at later is important. In
the town where I now live, we use traditional paper ballots. I expect
it'd be a VERY difficult fight to move from them to ANYTHING automated.
And despite having written an early voting system, I still prefer voting
on paper.
And, elections already use software -- even if you just use punch cards.
So, this is NOT a new problem either. In fact, it is worse today because
it all closed source software (in the good name of security).
Believe me, that software scares me, too... And open source, though a
help, is hardly a panacea; finding bugs is *hard*, and testing is not
at all adequate.
I echo Steve's sentiments here. With the system I worked on 19 years
ago, we found bugs in the counting program once we had the final dataset
(i.e. after the vote), and had to make some adjustments there. Election
officials were in the room watching as we recoded a bit, got access to a
newer compiler that didn't have as many bugs in it, and eventually got
the results generated. The software continued to be used for quite a few
years after that, and each year it'd get tweaked to fix problems,
accomodate new ballots, and so forth.
Security programming, encryption and transmission are far from the only
areas where problems will exist. Election software isn't run often, and
it's updated as needed for each election. The disk files we stored had
the names of the candidates receiving votes in text, not in binary. As a
result, if it'd been necessary, the votes could have been hand-tallied.
I doubt I'll be dissuaded from a firm belief in the need for
human-readable ballots which can be counted and recounted manually.
--
-----------------------------------------------------------------
Daniel Senie dts(_at_)senie(_dot_)com
Amaranth Networks Inc. http://www.amaranth.com
| <Prev in Thread] |
Current Thread |
[Next in Thread> |
- Re: internet voting -- ICANN, SmartInitiatives, etc., (continued)
- Re: internet voting -- ICANN, SmartInitiatives, etc., Steven M. Bellovin
- Re: internet voting -- ICANN, SmartInitiatives, etc., Steven M. Bellovin
- Re: internet voting -- ICANN, SmartInitiatives, etc., Vernon Schryver
- Re: internet voting -- ICANN, SmartInitiatives, etc., Vernon Schryver
- Re: internet voting -- ICANN, SmartInitiatives, etc., Steven M. Bellovin
|
| Previous by Date: |
Re: internet voting -- ICANN, SmartInitiatives, etc., Ed Gerck |
| Next by Date: |
The Internet and the Law, the Economist, 13-19 January 2001, Sean Doran |
| Previous by Thread: |
Re: internet voting -- ICANN, SmartInitiatives, etc., Ed Gerck |
| Next by Thread: |
Zone transfer, Henning Schulzrinne |
| Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|