[liberationtech] E-Voting

Andres list.andres at gmail.com
Thu Nov 17 08:02:36 PST 2016 

>> Transparency is certainly improved. You can check and change your vote
>> after casting it. Estonian government even provides an iOS and Android
>> mobile application for this.
> 
> Oh ho, within your own world it looks like you gave your vote. That does
> not prove a single thing. Even just pointing to that as something that
> convinces you shows how dangerous technology is.
A mathematical proof is not possible for any voting system except that which exists only on paper. Ballots can be compromised, votes bought, software hacked and hardware tampered with. The question is how costly and hard it is to do so. Could Intel and AMD team up and hide a backdoor on the vote counting server's CPU? It certainly is in the realm of possibilities. However, it's extremely cost prohibitive, risky and as a result unlikely. Could a handful of people manning a polling station stuff in extra ballots or take some out? A tad bit more likely.

In most countries digital ballot counting machines are used anyway and that opens up the same attack vectors as outlined above.

Making votes verifiable and mutable from any platform is the best possible approach to such conspirational scenarios. 

> Also, the situation in Estonia is quite different than in most other
> countries, and most of these differences can be attributed to their
> size. Just as a reminder, there are ~500 cities with a population larger
> than Estonia.
Sure, Estonia is relatively small, but scaling the infrastructure is, and never has been, an issue. Open to any arguments suggesting the contrary.

> The bigger the system, the larger the influence, especially in countries
> that do have an existing and well-oiled lobbying apparatus. I cannot see
> any larger country introducing any system that has similar security
> properties, and the ability to reliably set aside the maintenance costs.
> Anyone can see too well how broken maintenance of public infrastructure is.
The latter is a fallacy.

> So, on many levels, maybe nobody bothered to mess with the Estonian
> platform because it just doesn't matter from a global perspective.
Given Russia's past cyberattacks on Estonia (https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia <https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia>) and Estonia's political stance it would be safe to say that Russia would certainly be motivated to investigate the matter. By anecdotal evidence, the ruling coalition has not seen a pro-Russia party for the last 11 years so I think it's safe to assume Russia is unable to put their foot on the scale.

Andres
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20161117/f23fc552/attachment.html>

More information about the liberationtech mailing list