# HG changeset patch # User Christian Urban # Date 1443394845 -3600 # Node ID 3c69029f4a1c0945717090cc03bea40a1262bdde # Parent b7d055cf16e82b30c876c0ff838706a836470dc9 updated diff -r b7d055cf16e8 -r 3c69029f4a1c handouts/ho02.pdf Binary file handouts/ho02.pdf has changed diff -r b7d055cf16e8 -r 3c69029f4a1c handouts/ho02.tex --- a/handouts/ho02.tex Fri Sep 25 17:37:07 2015 +0100 +++ b/handouts/ho02.tex Mon Sep 28 00:00:45 2015 +0100 @@ -44,7 +44,8 @@ \item The Netherlands between 1997--2006 had electronic voting machines, but ``hacktivists'' had found they can be hacked to change votes and also emitted radio signals - revealing how you voted. + revealing how you voted. Now e-voting has been abandoned + in the Netherlands. \item Germany conducted pilot studies with e-voting, but in 2007 a law suit has reached the highest court and it @@ -76,7 +77,10 @@ \item India uses e-voting devices since at least 2003. They use ``keep-it-simple'' machines produced by a - government owned company. + government owned company. There was some trouble for + an Indian researcher after he and an international + team of hackers showed that the devices are not + as secure as the government claimed. \item South Africa used software for its tallying in the 1993 elections (when Nelson Mandela was elected) and found @@ -184,7 +188,7 @@ for sure that elections were held in Athens as early as 600 BC, but might even date to the time of Mesopotamia and also in India some kind of republics might have existed before the -Alexander the Great invaded it. Have a look at Wikipedia about +Alexander the Great invaded them. Have a look at Wikipedia about the history of democracy for more information. These elections were mainly based on voting by show of hands. While this method of voting satisfies many of the requirements stipulated @@ -226,7 +230,9 @@ voter. The voter uses this prefilled ballot to cast the vote, and then returns the empty ballot paper back to the attacker who now compensates the voter. The blank ballot can be reused for the -next voter. +next voter. I let you ponder why it is important for this +attack that the voter returns the empty ballot to the +attacker. To sum up, the point is that paper ballots have evolved over some time and no single best method has emerged for preventing fraud. @@ -311,7 +317,13 @@ by the central government to obtain new voting equipment and in the process fell prey to pariahs which sold them a substandard product. Diebold was not the only pariah in this -area, but one of the more notorious ones. +area, but one of the more notorious ones.\footnote{An e-voting +researcher recently made a connection between the VW-exhaust +scandal and e-voting: His argument is that it is very hard +to test whether a program works correctly in a hostile +environment. The program can often recognise when it is +tested and behave correctly, but in the ``real test'' can +behave maliciously, just like the VW diesel engines.} Optical scan machines are slightly better from a security point of view but by no means good enough. Their main idea @@ -366,7 +378,7 @@ However, the weak spots in any Internet voting system are the voters' computers and the central server. Unfortunately, their -system is designed such that they needs to trust the integrity +system is designed such that they need to trust the integrity of voters’ computers, central server components and also the election staff. In 2014, a group of independent observers around Alex Halderman were able to scrutinise the election process in @@ -444,21 +456,22 @@ secrecy. This is different from online banking where the whole process is designed around authentication. If fraud occurs, you try to identify who did what (somebody’s account got zero; -somewhere the money went). Even if there might be more -gigantic sums at stake in online banking than with voting, -it can be solved. That does not mean there are no problems -with online banking. But with enough thought, they can -usually be overcome with technology we have currently. This -is different with e-voting: even the best have not come -up with something workable yet. +somewhere the money went). Even if there might be more +gigantic sums at stake in online banking than with voting, it +can be made reasonably secure and fraud-safe. That does not +mean there are no problems with online banking. But with +enough thought, they can usually be overcome with technology +we have currently. This is different with e-voting: even the +best have not come up with something workable yet. -This conclusion does not imply that in some special cases -of Internet voting cannot be made to work securely. Just in a +This conclusion does not imply that some special cases of +Internet voting cannot be made to work securely. Just in a general election where stakes are very high, it does not work. For example a good-enough and workable in-lecture online voting system where students' votes are anonymous and students -cannot tamper with the outcome, I am sure, can be implemented. +cannot tamper with the outcome, I am sure, can be implemented +(see some of my MSc projects). \subsubsection*{Further Reading}