ABOUT

  • Mainly about engagement and collaboration using social media and events, with some asides on living in London. More about David Wilcox and also how the blog started.
  • Search

    WWW
    http://partnerships.typepad.com/civic/

« Making e-democracy part of the everyday - even if that's YouTube rules | Main | E-democracy videos - now updated »

Comments

Hello David,

Can you elaborate on e-voting? Do you mean desk-top and PC voting, or do you mean the electronic device at the volting booth?

I agree that software can be hacked, but so is paper and pencil (such as US 2000 in Florida???) But I also think it has alot to do with the 'democractic' climate of the country.

Whether one is using pen & pencil, high tech, or thumb printing, if the top is not showing good example, what could one expect from the rest? PC, Internet, pen&pencil, thumb prints are nothing, but just tools.

As we have seen in recent years in some developing countries that either tasting their first voting rights, or to remostrate, the turned out were huge. Take the case of Zimbawe. How eager were the citizens looking for 'democracy'? They did not have e-democracy. They stood in long lines, in rain and in hot sun. They wanted democracy bad. And who were the "HACKERS"? The tugs sent to threaten them, abused them ...

What if we have the most 'secure' e-democracy, e-voting BUT then we have to watch our leaders slinging muds at one another during debates? Would that bring e-democracy any better?

Let's concentrate on the issue of rights and just. Of honesty and decency. When we have all that, when can make human kind understand that, democracy comes automatically.

A comment from a crypto point of view - although some of the ideas could be translated easily into political and corporate lingo too. What amazes me is the apparent (perceived?) and complete separation from the established electronic security industry - and history - that Diebold seem quite happy to foster.

These are *not* new issues - I know many cypherpunk-style fora have been kicking the nitty-gritty (both political and mathematical/technical) details around for many years, and even basic security practice for developing simple applications has undergone increased renewal. Indeed, if Microsoft have finally woken up to security methodology, there's no excuse for Diebold ;)

It's a shame, in a way, that many of these details are highly complex in nature - there's no way, for instance, that I could get my head round much of the maths involved in secure distributed networking. On the one hand, a public understanding of these complexities isn't necessary - in the same way that understanding the maths behind PGP isn't necessary to use it.

On the other hand, we must place this complexity alongside the infrastructure that it operates within - the voting system. The beauty of the current system here is simplicity (and hence understandability). Complexity opens the system up to uncertainty, which is inherently related to the links that information is transmitted over.

How can you be certain, for instance, that the "strong" crypto-protocols you're relying on aren't militarily-weak, or that man-in-the-middle attacks are a plausibility?

The open-source vs closed-source debate over better security models is far from being decided. The attitude of Diebold is fundamentally removed from this anyway, and hence fundamentally depressing. But even if it wasn't, the complexity remains.

I'm not sure that this isn't a completely intractable problem, but I do know that security starts with attitude. And paranoia. And, most importantly, *people*. Currently the attitude towards e-voting (and postal voting too) is of blank-faced naivety.

Actually, following on from my previous article, and having just read an EFF description of the *functional* problems plaguing some of the e-voting machines, the problem doesn't seem to just be attitude towards security. Basic software/product development processes (such as testing) seem to be being ignored as well.

This does, I think, highlight the debate in terms of whether we can trust machines, and whether we can trust the people developing those machines. We trust banks, for instance, and the networks over which transactions flow, and/but how is this different to trusting machines over which votes flow? Different people, different institutions, sure. Different technology? Different "moral" values of the transactions? Different compensation" models? I think these are all aspects of the question of whether we can "trust" e-voting mechanisms or not, but most are often ignored AFAICS.

The comments to this entry are closed.