Mercurial Mercurial > hg > sen-material / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
handouts/ho02.tex
changeset 185 f10d905e947f
parent 157 3a8fff66d62b
child 188 2555552d2c05
equal deleted inserted replaced
184:55968b3205cc 185:f10d905e947f 
     4 
     4 
     5 \begin{document}
 
     5 \begin{document}
 
     6 
     6 
     7 \section*{Handout 2 (E-Voting)}
 
     7 \section*{Handout 2 (E-Voting)}
 
     8 
     8 
     9 In security there are many counter-intuitive phenomena: for
 
     9 In security engineering, there are many counter-intuitive phenomena:
 
    10 example I am happy (more or less) to use online banking every
 
    10 for example I am happy (more or less) to use online banking every day,
 
    11 day, where if something goes wrong, I can potentially loose a
 
    11 where if something goes wrong, I can potentially lose a lot of money,
 
    12 lot of money, but I am staunchly against using electronic
 
    12 but I am staunchly against using electronic voting (lets call it
 
    13 voting (lets call it e-voting for short). E-voting is an idea
 
    13 e-voting for short). E-voting is an idea that is nowadays often
 
    14 that is nowadays often promoted in order to counter low
 
    14 promoted in order to counter low turnouts in elections\footnote{In my
 
    15 turnouts in elections\footnote{In my last local election where
 
    15   last local election where I was eligible to vote only 48\% of the
 
    16 I was eligible to vote only 48\% of the population have cast
 
    16   population have cast their ballot. I was, I shamefully admit, one of
 
    17 their ballot. I was, I shamefully admit, one of the
 
    17   the non-voters.} and generally sounds like a good idea. Right?
 
    18 non-voters.} and generally sounds like a good idea. Right?
 
    18 Voting from the comfort of your own home, or on your mobile on the go,
 
    19 Voting from the comfort of your own home, or on your mobile on
 
    19 what could possibly go wrong? Even the UK's head of the Electoral
 
    20 the go, what could possibly go wrong? Even the UK's head of
 
    20 Commission, Jenny Watson, argued in 2014 in a Guardian article that
 
    21 the Electoral Commission, Jenny Watson, argued in 2014 in a
 
    21 the UK should have e-voting. Her plausible argument is that 76\% of
 
    22 Guardian article that the UK should have e-voting. Her
 
    22 pensioners in the UK vote (in a general election?), but only 44\% of
 
    23 plausible argument is that 76\% of pensioners in the UK vote
 
    23 the under-25s. For which constituency politicians might therefore make
 
    24 (in a general election?), but only 44\% of the under-25s. For
 
    24 more favourable (short-term) decisions is clear. So being not yet
 
    25 which constituency politicians might therefore make more
 
       
    26 favourable (short-term) decisions is clear. So being not yet 
       
    27 pensioner, I should be in favour of e-voting, no?
 
    25 pensioner, I should be in favour of e-voting, no?
 
    28 
    26 
    29 Well, it turns out there are many things that can go wrong
 
    27 Well, it turns out there are many things that can go wrong with
 
    30 with e-voting, as I like to argue in this handout. E-voting in
 
    28 e-voting, as I like to argue in this handout. E-voting in a ``secure
 
    31 a ``secure way'' seems to be one of the things in computer
 
    29 way'' seems to be one of the things in computer science that are still
 
    32 science that are still very much unsolved. It is not on the 
    30 very much unsolved. It is not on the scale of Turing's halting
 
    33 scale of Turing's halting problem, which is proved that it can 
    31 problem, which is proved that it can never be solved in general, but
 
    34 never be solved in general, but it is unsolved with current 
    32 more in the category of being unsolvable with current technology. This
 
    35 technology. This is not just my opinion, but 
    33 is not just my opinion, but also shared by many security researchers
 
    36 from shared by Alex Halderman, who is the world-expert on this
 
    34 amogst them Alex Halderman, who is the world-expert on this subject
 
    37 subject and from whose course on Securing Digital Democracy
 
    35 and from whose course on Securing Digital Democracy I have most of my
 
    38 I have most of my information and inspiration. It is also
 
    36 information and inspiration. It is also a controversial topic in many
 
    39 a controversial topic in many countries:
 
    37 countries:
 
    40 
    38 
    41 \begin{itemize}
 
    39 \begin{itemize}
 
    42 \item The Netherlands between 1997--2006 had electronic voting
 
    40 \item The Netherlands between 1997--2006 had electronic voting
 
    43       machines, but ``hacktivists'' had found they can be
 
    41   machines, but ``hacktivists'' had found they can be hacked to change
 
    44       hacked and also emitted radio signals revealing how you
 
    42   votes and also emitted radio signals revealing how you voted.
 
    45       voted.
 
       
    46 
    43 
    47 \item Germany had used them in pilot studies, but in 2007 a
 
    44 \item Germany conducted pilot studies with e-voting, but in 2007 a law
 
    48       law suit has reached the highest court and it rejected
 
    45   suit has reached the highest court and it rejected e-voting on the
 
    49       electronic voting on the grounds of not being
 
    46   grounds of not being understandable by the general public.
 
    50       understandable by the general public.
 
       
    51 
    47 
    52 \item UK used optical scan voting systems in a few trail
 
    48 \item UK used optical scan voting systems in a few trail polls, but to
 
    53       polls, but to my knowledge does not use any e-voting in
 
    49   my knowledge does not use any e-voting in elections.
 
    54       elections. 
       
    55       
    50       
    56 \item The US used mechanical machines since the 1930s, later
 
    51 \item The US used mechanical machines since the 1930s, later punch
 
    57       punch cards, now DREs and optical scan voting machines.
 
    52   cards, now DREs and optical scan voting machines.
 
    58 
    53 
    59 \item Estonia used since 2007 the Internet for national
 
    54 \item Estonia used since 2007 the Internet for national
 
    60       elections. There were earlier pilot studies for voting
 
    55   elections. There were earlier pilot studies for voting via Internet
 
    61       via Internet in other countries.
 
    56   in other countries.
 
    62 
    57 
    63 \item India uses e-voting devices since at least 2003. They
 
    58 \item India uses e-voting devices since at least 2003. They used
 
    64       used ``keep-it-simple'' machines produced by a
 
    59   ``keep-it-simple'' machines produced by a government owned company.
 
    65       government owned company.
 
       
    66 
    60 
    67 \item South Africa used software for its tallying in the 1993
 
    61 \item South Africa used software for its tallying in the 1993
 
    68       elections (when Nelson Mandela was elected)
 
    62   elections (when Nelson Mandela was elected) and found that the
 
    69       and found that the tallying software was
 
    63   tallying software was rigged, but they were able to tally manually.
 
    70       rigged, but they were able to tally manually.      
       
    71 \end{itemize}
 
    64 \end{itemize}
 
    72 
    65 
    73 
    66 
    74 The reason that e-voting is such a hard problem is that we
 
    67 The reason that e-voting is such a hard problem is that we have
 
    75 have requirements about the voting process that conflict with
 
    68 requirements about the voting process that conflict with each
 
    76 each other. The five main requirements are:
 
    69 other. The five main requirements for voting in general are:
 
    77 
    70 
    78 \begin{itemize}
 
    71 \begin{itemize}
 
    79 \item {\bf Integrity} 
    72 \item {\bf Integrity} 
    80   \begin{itemize}
 
    73   \begin{itemize}
 
    81   \item The outcome of the vote matches with the voters'
 
    74   \item The outcome of the vote matches with the voters'
 
    83   \item There might be gigantic sums at stake and need to be defended against.
 
    76   \item There might be gigantic sums at stake and need to be defended against.
 
    84   \end{itemize}
 
    77   \end{itemize}
 
    85 \item {\bf Ballot Secrecy}
 
    78 \item {\bf Ballot Secrecy}
 
    86   \begin{itemize}
 
    79   \begin{itemize}
 
    87   \item Nobody can find out how you voted.
 
    80   \item Nobody can find out how you voted.
 
    88   \item (Stronger) Even if you try, you cannot prove how you voted.
 
    81   \item (Stronger) Even if you try, you cannot prove how you
 
       
    82     voted. The reason is that you want to avoid vote selling as has
 
       
    83     been tried, for example, by a few jokers in the recent 
       
    84     Scottish referendum.    
    89   \end{itemize}
 
    85   \end{itemize}
 
    90 \item {\bf Voter Authentication}
 
    86 \item {\bf Voter Authentication}
 
    91   \begin{itemize}
 
    87   \begin{itemize}
 
    92   \item Only authorised voters can vote up to the permitted number of votes.
 
    88   \item Only authorised voters can vote up to the permitted number of votes
 
       
    89     (in order to avoid the ``vote early, vote often'').
 
    93   \end{itemize}
 
    90   \end{itemize}
 
    94 \item {\bf Enfranchisement}
 
    91 \item {\bf Enfranchisement}
 
    95   \begin{itemize}
 
    92   \begin{itemize}
 
    96   \item Authorised voters should have the opportunity to vote.
 
    93   \item Authorised voters should have the opportunity to vote.
 
    97   \end{itemize}
 
    94   \end{itemize}
sen-material