[pp.int.general] Agora Voting System for a Liquid Democracy at FOSDEM

Yves Quemener quemener.yves at free.fr
Wed Jan 19 13:12:36 CET 2011 

Note that I agree that the system you proposed earlier may be acceptable 
if the authority trusted for privacy is made a bit more explicit in your 
proposal.

I may go as far as to say that this is one of the best workaround I have 
seen so far : make privacy credible through human means while making 
accuracy absolutely trustful through cryptographic ones.

The comparison with a banking system just serves as a reminder that 
saying "we trust crypto for banking therefore we can do elections 
through the same means" is dangerous. Diebold uses the exact same one. 
These two problems have different constraints and need to be solved 
differently.

On hardware trustability, I am not much concerned about 
vote-correctness, that is cryptographically ensured, but about privacy. 
I am in no way saying that other currently used solution is better, but 
just that it is impossible to trust a hardware prepared by someone else 
to not do malicious things.


On 01/19/2011 12:56 PM, Eduardo Robles Elvira wrote:
> On Wed, Jan 19, 2011 at 11:24 AM, Yves Quemener<quemener.yves at free.fr>  wrote:
>> No, that won't even work. How can I trust that you will really boot on the
>> CD ? Or that you don't have a BIOS spying on my vote ? Or that you don't
>> sniff keyboard and screen outputs ? There are many ways to cheat. That was
>> one of my arguments against black box voting machines : they pretend that
>> they are inspected but nowadays we could even hide a computer in any of the
>> connectors used by the "inspected" machine. Trusting a given hardware is
>> very hard nowadays and it will only get worse. That is why cryptography is
>> so important.
>
> No voting system to date is perfect, that's true and will never
> change. Vote by mail is widely accepted and used all over the globe,
> and it's far more insecure in that you need to trust the handlers of
> your mail in order for the vote to remain anonymous, for example. And
> it's equally prone to coercion as Internet Voting.
>
> In the end, all systems need robust check&  balances procedures to
> make things reasonably secure and avoid fraud.
>
> You don't trust my hardware even if it has been checked by a lot of
> experts? Fine. Take an old machine that was created even before this
> voting system existed, a machine you can trust. Disconnect it from the
> Internet. Reset the BIOS. Install GNU/Linux. Configure it to be able
> to do the encryption needed. Find in the papers or somewhere what are
> the election administrators for the election you want to vote. Then go
> one by one asking their public keys for this election. Then encrypt
> your vote in this machine and sign the encrypted vote too with your
> signature. The vote is prepared. Copy it to a pendrive and go to my
> untrusted machine and emit the vote (or connect that machine you had
> to Internet).
> Now you are confident that your vote is correct, and that it's
> correctly encrypted, so you can check the bulletin board and yada
> yada.
>
> On Wed, Jan 19, 2011 at 11:55 AM, Yves Quemener<quemener.yves at free.fr>  wrote:
>> Except that :
>> - In consumer electronic transactions you can spot fraud. Something is
>> provably missing from an account. Transaction can be traced.
>
> You can see if you vote is missing in the bulletin board. And if some
> of the authorities doing the mixnet anonimization process is corrupt,
> you *will* know. Electronic voting lets everyone check  that the
> tallying process was correct, and that's an added security feature in
> contrast with traditional voting systems.
>
>> - Banking system do not pretend to provide absolute privacy
>
> Neither do these cryptographic systems: they provide *reasonable* privacy.
>
> On Wed, Jan 19, 2011 at 12:26 PM, Maxime Rouquet
> <maxime.rouquet at partipirate.org>  wrote:
>> If you find a bank fraud you can sue the author and get money back. If this
>> caused more problems, you can ask for more money.
>>
>> If you find a vote fraud after it occurred, you cannot repair things easily.
>> You simply cannot cancel all the decisions taken after this vote. So you
>> need to be as sure as possible that there cannot be fraud.
>
> If you have been the victim of bank fraud, you can lose your home,
> your car, you can become stressed and you might lose your job, wife,
> children, even you might kill yourself. That's not easily repairable
> either.
> OTOH If only a few votes have been fraudulent, the voting results
> might not change. If many votes have been fraudulent, it's easier to
> detect.
>
> Regards,
>     Eduardo.
> ____________________________________________________
> Pirate Parties International - General Talk
> pp.international.general at lists.pirateweb.net
> http://lists.pirateweb.net/mailman/listinfo/pp.international.general

More information about the pp.international.general mailing list