Page 134 - Towards Trustworthy Elections New Directions in Electronic Voting by Ed Gerck (auth.), David Chaum, Markus Jakobsson, Ronald L. Rivest, Peter Y. A. Ryan, Josh Benaloh, Miroslaw Kutylowski, Ben Adida ( (z-lib.org (1)
P. 134
Rezende
P.A.D.
126
convictions of electoral results’ correctness in the participation and experience of in-
dividual common voters, as something essential for the voter confidence which – we
believe – underlies the spirit of democracy.
From the technical standpoint, these experts may defend the retention of some
material representation of individual votes by electronic systems for another simple
reason: if they are convinced that the scientific resources and technological tools
available to, or even possible for, computer security are insufficient to sustain trust in
the outcome of fully electronic secret ballots, at least to an extent consistent with the
spirit of democracy.
Among these experts we find living icons of Computer Science, such as Ronald
Rivest (one of the inventors of the pioneer RSA method for digital signature), David
Chaum (inventor of eCash “digital cash“) and Bruce Schneier (cryptographer and
author of major best-sellers on computer security).
Their repute has led, for instance, at least one political scientist to argue why it is
much easier to protect financial electronic transactions against electronic fraud than to
tally a fully electronic ballot of secret votes with equivalent overall security [17].
Reliance on fully electronic mechanisms for voting and for election auditing pur-
poses yields more routes for plausible deniability to those who may wish to stealthily
interfere in the electoral result while controlling the underlying technology. Relying
solely on electronic measures for auditability has meant that any new measure de-
signed to close these routes end up opening their own.
As a contribution to this debate, we posit that the heart of the disconnect between
these two groups – formed by distinguished computer security experts and by election
officials or suppliers in favor of fully electronic voting systems – may stem from the
different way that each group, either by virtue of their craft or by gut feeling, under-
stands “security”:
• [1st sense]: security from the standpoint of voters (and experts on their behalf)
a) with rights to a secret ballot and to its correct tallying,
b) against possible manipulations of the electoral process,
c) by whoever in the electoral system,
d) which should be readily detectable by voter oversight;
• [2nd sense]: security from the standpoint of those running elections
a) with rights to program or operate the electoral system,
b) against detection by voter oversight,
c) of whatever act imputable to ineptitude or bad faith,
d) through which manipulations of the tallying is possible.
3 Risk and Modernity
The main difficulty we can point to, regarding the security of fully electronic voting
systems as we see it, is rooted in an inconsistency between two basic requirements.
The first of these requirements is vote secrecy, and the second is the requirement
for dematerialization of votes (if the voting system is to be fully electronic). The
inconsistency, explained in the next section, arises under real-world conditions, in
