diff -r 55968b3205cc -r f10d905e947f handouts/ho02.tex --- a/handouts/ho02.tex Fri Sep 26 12:14:41 2014 +0100 +++ b/handouts/ho02.tex Mon Sep 29 17:43:35 2014 +0100 @@ -6,74 +6,67 @@ \section*{Handout 2 (E-Voting)} -In security there are many counter-intuitive phenomena: for -example I am happy (more or less) to use online banking every -day, where if something goes wrong, I can potentially loose a -lot of money, but I am staunchly against using electronic -voting (lets call it e-voting for short). E-voting is an idea -that is nowadays often promoted in order to counter low -turnouts in elections\footnote{In my last local election where -I was eligible to vote only 48\% of the population have cast -their ballot. I was, I shamefully admit, one of the -non-voters.} and generally sounds like a good idea. Right? -Voting from the comfort of your own home, or on your mobile on -the go, what could possibly go wrong? Even the UK's head of -the Electoral Commission, Jenny Watson, argued in 2014 in a -Guardian article that the UK should have e-voting. Her -plausible argument is that 76\% of pensioners in the UK vote -(in a general election?), but only 44\% of the under-25s. For -which constituency politicians might therefore make more -favourable (short-term) decisions is clear. So being not yet +In security engineering, there are many counter-intuitive phenomena: +for example I am happy (more or less) to use online banking every day, +where if something goes wrong, I can potentially lose a lot of money, +but I am staunchly against using electronic voting (lets call it +e-voting for short). E-voting is an idea that is nowadays often +promoted in order to counter low turnouts in elections\footnote{In my + last local election where I was eligible to vote only 48\% of the + population have cast their ballot. I was, I shamefully admit, one of + the non-voters.} and generally sounds like a good idea. Right? +Voting from the comfort of your own home, or on your mobile on the go, +what could possibly go wrong? Even the UK's head of the Electoral +Commission, Jenny Watson, argued in 2014 in a Guardian article that +the UK should have e-voting. Her plausible argument is that 76\% of +pensioners in the UK vote (in a general election?), but only 44\% of +the under-25s. For which constituency politicians might therefore make +more favourable (short-term) decisions is clear. So being not yet pensioner, I should be in favour of e-voting, no? -Well, it turns out there are many things that can go wrong -with e-voting, as I like to argue in this handout. E-voting in -a ``secure way'' seems to be one of the things in computer -science that are still very much unsolved. It is not on the -scale of Turing's halting problem, which is proved that it can -never be solved in general, but it is unsolved with current -technology. This is not just my opinion, but -from shared by Alex Halderman, who is the world-expert on this -subject and from whose course on Securing Digital Democracy -I have most of my information and inspiration. It is also -a controversial topic in many countries: +Well, it turns out there are many things that can go wrong with +e-voting, as I like to argue in this handout. E-voting in a ``secure +way'' seems to be one of the things in computer science that are still +very much unsolved. It is not on the scale of Turing's halting +problem, which is proved that it can never be solved in general, but +more in the category of being unsolvable with current technology. This +is not just my opinion, but also shared by many security researchers +amogst them Alex Halderman, who is the world-expert on this subject +and from whose course on Securing Digital Democracy I have most of my +information and inspiration. It is also a controversial topic in many +countries: \begin{itemize} \item The Netherlands between 1997--2006 had electronic voting - machines, but ``hacktivists'' had found they can be - hacked and also emitted radio signals revealing how you - voted. + machines, but ``hacktivists'' had found they can be hacked to change + votes and also emitted radio signals revealing how you voted. -\item Germany had used them in pilot studies, but in 2007 a - law suit has reached the highest court and it rejected - electronic voting on the grounds of not being - understandable by the general public. +\item Germany conducted pilot studies with e-voting, but in 2007 a law + suit has reached the highest court and it rejected e-voting on the + grounds of not being understandable by the general public. -\item UK used optical scan voting systems in a few trail - polls, but to my knowledge does not use any e-voting in - elections. +\item UK used optical scan voting systems in a few trail polls, but to + my knowledge does not use any e-voting in elections. -\item The US used mechanical machines since the 1930s, later - punch cards, now DREs and optical scan voting machines. +\item The US used mechanical machines since the 1930s, later punch + cards, now DREs and optical scan voting machines. \item Estonia used since 2007 the Internet for national - elections. There were earlier pilot studies for voting - via Internet in other countries. + elections. There were earlier pilot studies for voting via Internet + in other countries. -\item India uses e-voting devices since at least 2003. They - used ``keep-it-simple'' machines produced by a - government owned company. +\item India uses e-voting devices since at least 2003. They used + ``keep-it-simple'' machines produced by a government owned company. \item South Africa used software for its tallying in the 1993 - elections (when Nelson Mandela was elected) - and found that the tallying software was - rigged, but they were able to tally manually. + elections (when Nelson Mandela was elected) and found that the + tallying software was rigged, but they were able to tally manually. \end{itemize} -The reason that e-voting is such a hard problem is that we -have requirements about the voting process that conflict with -each other. The five main requirements are: +The reason that e-voting is such a hard problem is that we have +requirements about the voting process that conflict with each +other. The five main requirements for voting in general are: \begin{itemize} \item {\bf Integrity} @@ -85,11 +78,15 @@ \item {\bf Ballot Secrecy} \begin{itemize} \item Nobody can find out how you voted. - \item (Stronger) Even if you try, you cannot prove how you voted. + \item (Stronger) Even if you try, you cannot prove how you + voted. The reason is that you want to avoid vote selling as has + been tried, for example, by a few jokers in the recent + Scottish referendum. \end{itemize} \item {\bf Voter Authentication} \begin{itemize} - \item Only authorised voters can vote up to the permitted number of votes. + \item Only authorised voters can vote up to the permitted number of votes + (in order to avoid the ``vote early, vote often''). \end{itemize} \item {\bf Enfranchisement} \begin{itemize}