-
Security Seminar TODAY - Tuesday 4/11
Andrew Neff
of Votehere.net
-
on "Internet Voting Protocols and System Design"
Today at 4:15pm in Gates 498
Just as e-commerce has replaced old methods for consumer purchases
in many situations, e-voting is likely to soon arrive as an alternative
method for conducting large scale, public elections. The efficiencies
that it offers over conventional methods are apparent; but when it comes,
Internet Voting will either create a serious crack in the basic democratic
infrastructure, or create a better means of protection against election
fraud of all kinds than that offered by any system used to date. Which of
these effects are seen will depend on some basic properties of the system,
or systems, which are eventually adopted.
At VoteHere, we are committed to the principle that any election in which a
large amount of power and/or money is at stake must satisfy two basic criteria:
1. Privacy: Each voter must be able to keep his ballot choices secret
if he/she wishes.
2. Auditability: The power to assert the validity of the final election
tally should never be entrusted to one company, organization, or government
body. In fact, it should be distributed as widely as possible. In other
words, we should not accept the results of an election just because
"company X's computers say so."
The basic e-commerce model does not achieve either of these. While a
secure communication protocol such as SSL may keep a ballot private "on
the line", its contents are available to the vote collection agency once
it is received. Moreover, unless the contents of each voter's ballot is
later made public (which would destroy privacy), the vote collection agency
is in the position to fabricate the elections results without this fraud
being detected.
In the first part of this talk we will discuss the protocol, and
underlying mathematics, which have allowed us to create a system that
achieves both of these criteria. Our system has the property that it is
universally verifiable - any independent organization or individual can
inspect our "election transcript" (publication of such is a procedural
requirement) and execute a series of well defined mathematical steps on
it in order to verify the election results. Privacy is protected because
individual ballots are never decrypted. After presenting the protocol,
we will discuss some of the system implementation issues that we faced
during the task of turning the theoretical concepts into a robust product.
Finally, time permitting, we will discuss some of the social implications
- both real and perceived - that may shape the course of voting systems in
the future.
-++**==--++**==--++**==--++**==--++**==--++**==--++**==
This message was posted through the Stanford campus mailing list
server. If you wish to unsubscribe from this mailing list, send the
message body of "unsubscribe security-seminar" to [EMAIL PROTECTED]