----- Original Message ----- From: "Ed Gerck" <[EMAIL PROTECTED]>
[...] > This is not possible for current paper ballots, for several reasons. For > example, if you take a picture of your punch card as a proof of how you > voted, what is to prevent you -- after the picture is taken -- to punch > another hole for the same race and invalidate your vote? Or, to ask the > clerk for a second ballot, saying that you punched the wrong hole, > and vote for another candidate? The same happens for optical scan > cards. These "proofs" are easily deniable and, thus, have no value > to prove how the voter actually voted. > > Likewise, electronically, there is no way that a voter could prove how he > voted, even if the confirmation screen does list all the choices that the voter > has chosen, if that screen has two buttons: "go back", "confirm", and a > suitable logic. After the voter presses "confirm" the voter sees a "thank you" > screen without any choices present. The logic canbe set up in such a way > in terms of key presses and intermediate states that even photographing > the mouse cursor on a pressed "confirm" button does not prove that the voter > did not take the mouse out and, instead, pressed the "go back" button to > change his choices. Well the whole process can be filmed, not necessarily photographed... It's difficult to counter the "attack". In you screen example, you can photograph the vote and then immediately photograph the "thank you", if the photographs include the time in milliseconds, and the interval is short, you can be confident to some degree that the vote that was photographed was really the vote that was casted. You can have tamper resistant film/photograph devices and whatever you want, have the frames digitally signed and timestamped, but this is where I point out that you need to consider the value of the vote to estimate how far an extortionist would be willing to go. --Anton --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
