[liberationtech] E-Voting

Andres list.andres at gmail.com
Fri Dec 2 11:26:49 PST 2016 

Rich, the article you link to talks about the risk of one individual voting machine being tampered with. That's not a concern with the Estonian system. The polling stations still run on ink and paper. When voting online you can use any hardware (PC, Mac, Linux, iPhone or Android phone, public or private) to vote and later verify your vote.

One device being tampered with will affect only a single (or perhaps a few more if shared) voter. It would also be uncovered if the voter verifies the vote on any other device.

Andres

> On 1 Dec 2016, at 19:43, Rich Kulawiec <rsk at gsp.org> wrote:
> 
> On Thu, Nov 17, 2016 at 06:02:36PM +0200, Andres wrote:
>> Could Intel and AMD team up and hide a backdoor on the vote counting
>> server's CPU? It certainly is in the realm of possibilities. However,
>> it's extremely cost prohibitive, risky and as a result unlikely.
> 
> It's not cost-prohibitive for someone (not necessarily Intel or AMD)
> to do this.  Not any more.
> 
> Read this:
> 
> 	Stealing an Election (Schneier on Security)
> 	https://www.schneier.com/crypto-gram/archives/2004/0415.html#4
> 
> A lot of articles and papers and reports been written about the problems
> of e-voting.  That little essay might be the most important one.  If you've
> gotten to this point and haven't read it: read it.  Bookmark it.  Read it
> again later.  And again.
> 
> Now consider that it was written in 2004.  Scale the number up to account
> for 12 years of dramatically increased campaign expenditures and the usual
> inflation.  Factor in that there are no longer merely individuals or
> parties/groups trying to sway the outcome of elections, but nations.
> 
> It is not unreasonable, at this point, to presume an attacker budget in
> the billion-dollar range.
> 
> Which means that lots of things we might once have ruled out as absurdly
> cost-prohibitive...aren't.
> 
> ---rsk
> -- 
> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.

More information about the liberationtech mailing list