Wednesday 28 November 2007

E-Voting could improve on our 100 year old system

E-Voting systems are, by their very nature, complex systems that involve segregation of processes, advanced cryptography and rigorous development methods, and Jason is correct to point out that administration of such complex systems is a difficult area to address. It is therefore unsurprising that many of the current implementations of e-Voting systems have been, shall we say, lacking in a number of key areas. Academics tend to concentrate on the development of a new idea (for example a cryptographic protocol) rather than attempting to build a complete functional system that can be used correctly by stakeholders ranging from electoral administrators and council workers to the general public.

But this doesn’t mean that such a system can’t be built: simply that it is unlikely to emerge organically from academia or from the Open Source Software community. The only realistic environment that’s going to be able to engage all the stakeholders and create an electronic voting system is the business community, and only then if there is the incentive of a ready market. It wouldn’t be cheap to develop (the cost of a team of 10 developers working for a year would be around £400,000 for salary costs alone), but the cost of developing and implementing e-Voting systems pales in comparison to the costs of other government sponsored initiatives (see the NHS computer systems, ID cards, etc.) and can be further mitigated by leveraging the solutions into non-statutory commercial environments.

In fact, remote voting systems are similar in many ways to already existing sensitive on-line applications (despite Jason’s claims) and many of the lessons learnt in the remote banking sector can be applied to the remote e-Voting sphere. Verifiable auditing that guarantees immutability of audit records, message tracking and double checking, exception reporting, all of these are applicable to the area of electronic voting.

One final thing, which I hear denied so often by people that do know better, and on which the whole debate about e-voting seems to turn: currently voting in the UK is NOT anonymous! Your ballot paper has a number on it, and the number is written down against your name on the electoral roll. This information can only be released under judicial order, but it is entirely possible for your vote to be found after it is cast. We’ve had this system for over a 100 years, and it seems to be the elephant in the room for the anti-e-Voting campaigners in the UK. Because of this legal requirement e-Voting systems can be very similar to banking and e-commerce systems, since there is always a final link that can be examined by a judge if severe problems arise.

E-voting, in other words, may be complex to implement and administer, but is technically feasible to develop, and not too dissimilar from already existing, secure commercial systems - and has the potential to duplicate, or even improve on, our existing 100 year old system.


Cross posted from OurKingdom

Monday 25 June 2007

ORG report

You can't have missed that ORG have release their report on this years pilots. Unsurprisingly they've declared them a 'threat' to democracy, couldn't have seen that coming could we? A few problems with their reporting method though:

  • The outcome of the report had already been decided, i.e. eVoting bad.
  • Individual reports on pilots are not available, instead we get the edited highlights, i.e. the juicy bad bits, no breakdowns on how each pilot fared. Guess we'll have to wait for the Electoral Commissions report before we get that.
  • Makes recommendations for how to improve the process, whilst slamming the very idea, strange contradiction.
Something occurred to me whilst reading the report though. It's when Jason talks about Opt2Vote using .NET (no not on the client Jason, their solution is ASP.NET it's server side, but let's not let technical accuracy get in the way of a bit of good old MS bashing eh?) and bangs on about how Java is better, and then in a piece about auditing (about how there's no crypto that proves they were audited in the correct order, such as using dodgy hashing techniques). The two are subtle pointers towards... GNU.FREE! This fits with Jason's assertions that the process needs fixing whilst slamming the very idea... get the current round of pilots pulled and get GNU.Free involved.

Having said all that I'd have to agree that a more stringent testing and accreditation regime would be beneficial, perhaps Jason & ORG would like to put in some constructive comment on how this can be achieved? Unlikely.

Sunday 13 May 2007

And another one turns

Remember the site www.electronic-voting.org that I blogged about a while back? Well there must be something in the water as the author of that site has... guessed what? Devised an evoting system!

This makes the 3rd sceptic who's developing / distributing an evoting system, which seems to be a growing trend; attack the existing suppliers with your own product alongside.

Our friend Mr Kitcat has spoken up in defense of Emanuele Lombardi before, I wonder what he'd think of these lovely little lines:

The process for making such software is named ClearSoftware® and it is patented together with ClearVoting®

Since ClearSoftware® is patented, its details are not shown here

So Emanuele has come up with the perfect system for ensuring transparency and trust in a software system, but wouldn't publicly reveal details of it! I need to get me a patent like that.

Sunday 29 April 2007

Slashdot article

They've picked up a story I was going to post about anyway:

UK Voters Want to Vote Online

Some interesting comments in the story (bear in mind the majority of contributors are from the US, so they tend not to know about the odd bits of UK legislation):

"One of my biggest gripes about elections is how simplified the issues have become, and how difficult it is to understand what each candidate *really* stands for.IF they instituted online voting they could have drop down boxes for each candidate with summaries of opinions and hyperlinks to voting records, speeches... Hell, they could even link in the publically disclosed lists of contributors. I believe most voters don't have the time or inclination to do this sort of research on their own, but might be more inclined if the info was more easily accesible.A voter could spend all the time they like reading about each candidate and issue on the ballot *while* casting their vote.All it would take is some legislation and a bit of funding to amass the linked materials.Political spin would have a reduced effect on anyone with enough motivation to click a couple of links.Regards."

Saturday 28 April 2007

I turn, U turn

Jason's seems to be turning again. Despite eVoting being incredibly dangerous and a huge threat to democracy he's now posting links to OSS eVoting projects! (Shurely shome mistake?)

The article's very interesting, as it seems to contradict a number of arguments that Jason has raised, namely that of interception, alteration, co-ercion, receipts, etc.

I'll see if I can sniff out the source of this, could be an interesting read. But all in all a strange link for Jason to be posting... seems he only really dislikes non-OSS eVoting systems. I wonder if he'd be as positive if the source to a commercial system were released for peer-review?