[Foundation-l] Election query
Tim Starling
t.starling at physics.unimelb.edu.au
Sat Sep 23 23:51:46 UTC 2006
Alison Wheeler wrote:
> I didn't want to ask this actually while voting was open in case anyone
> got worried, but not that voting has closed I'd like to ask something.
>
> How are our votes actually counted and, more importantly, how can we each
> be certain that the votes we made are actually the ones which are being
> counted?
The voting system allows for spot-checks as follows:
* Download [[Special:Boardvote/dump]], and check that your record is there
* Check that your encrypted record has been signed with the appropriate
secret key (some votes in the first few hours of voting were signed with
the expired 2005 key, but most were signed with the 2006 key)
* Contact an election administrator, confirm your identity. Tell them
your encrypted record and who you voted for. Ask them to decrypt your
election record to ensure that the two match.
Spot checks like this provide some assurance against wide-scale
falsification of the records. However, the voting system is not
perfectly secure. For example, with root access to the servers, you
could add false votes for nonexistent people to the dump. This is
theoretically detectable, but it would be possible for such things to go
unnoticed. Small-scale fraud (small enough to escape random checks) is
also possible by compromising the client computer. And since we don't
yet use SSL, there is some vulnerability to compromise of the
communications channel.
I hope I'm not giving people a false sense of security by implementing
all this encryption stuff. The goal is only to make detection of attacks
easier, or at least theoretically possible. The absolute security of the
system still depends on the security of the constitutent parts, namely:
the election administrators, the servers, the clients and the network.
There is plenty of room for improvement in each department.
-- Tim Starling
More information about the foundation-l
mailing list