Anonymous wrote:
> On Sat, 09 Oct 1999 20:35:15 -0700, Ed Gerck <[EMAIL PROTECTED]> wrote:
>
> > In reference to the recent discussions on voting, I am
> > preparing a list of desirable properties of voting, as a
> > secure protocol. Of course, it may not be desirable or even
> > possible for a particular election process to include *all*
> > of them -- the objective is just to have a list of choices.
>
> So how well do these apply to the company that you started this thread
> on, votehere.net? Remember, the ones you called "snake oil"?
Your question seems to me to be a valid one. Indeed, I was the first but not
the only one to observe here that VoteHere's claims (and later "justification")
were pretty much content-empty and even, contradictory. However, rather
than stand here as a tribunal over VoteHere, for which I already stated my
opinion as you correctly recall, I intend to cast a broader view.
Now, if you want me to evaluate a company's products *notwithstanding* what
the company says, under the "justification" that the reader must distinguish
between a "market blurb" and actual fact (which is, however, not revealed),
then I don't think you have a valid question. After all, consumers will buy a
product based on what they read -- and if it says it can do all sorts of wonderful
things and does that just so that consumers can buy into the market blurb and
hence the product, then this is the same technique used to sell snake-oil.
In addition, to make it clearer, my broad question into the desirable properties
of voting as a secure protocol intends to help unify references, concepts and
terminology. No political or country-oriented criticism is to be construed
from it, which respects all the apparently divergent efforts found today.
Individuals or organizations may be cited as part of the fact-finding work
needed but their citation constitutes neither a favorable nor an unfavorable
recommendation or endorsement.
> > 1. Completeness: All valid votes are counted correctly, if all
> > participants are honest.
>
> Seems pretty easy to meet if everyone is honest.
At first, one may indeed think this is pretty weak, and even wonder why it is
so stated in the technical (crypto) literature. However, looking at it from the
matematical viewpoint, it simply means that the process is not a statistical
measure of voting (such as polling) and is not biased either (as in weighed
voting) -- *all* votes must be counted 1:1 if no one is dishonest. So, the
voting protocol must allow for a "complete" representation.
So, this does not mean that "everyone must honest" by assumption in order
for the protocol to work, it means that under honest assumptions (ie,
one standard test condition) the protocol will be correct for *all* votes
cast.
> > 2. Robustness: Dishonest voters, other participants or outsiders can't
> > disturb or disrupt an election.
>
> Votehere's system depends on a coalition of mutually suspicious parties
> to tally the vote (they mutually share the necessary decryption key).
> If enough of these refuse to cooperate then this could disrupt the
> election.
Also, to use your example of VoteHere, if the same voter uses different
names to cast votes then this voter could disturb the election. For example,
by voting for an abseentee. Or, by, on purpose, duplicating votes so that
election officials might be unable to tell which vote is correct. Indeed,
VoteHere's system is not robust.
> > 3. Privacy: The votes are casted anonymously.
>
> Likewise if the key holders all decided to collude together they could
> decrypt individual votes and remove anonymity. This and the previous
> failure are supposed to be unlikely because the parties involved are
> competitors and include officials with public accountability.
What you mention is irrelevant in this topic. The privacy question here
is not wheter all key holders may collude together (an unlikely scenario,
anyway, but one which they are all free to take) but whether anyone may
learn a voter's identity just by the voting data -- ie, irrespective of any
privacy desire by the voter.
We must also be careful with assumptions. Because "the parties involved are
competitors and include officials with public accountability" has never
prevented fraud to occur if there is either gain to the parties concerned
or loss to whoever was left out. "Public accountability" is also very tenuous
these days, and any cryptographic protocol that would depend on "public
accountability" should better call itself a "social protocol".
In fact, the whole objective of cryptographic protocols is to free us from
such non-technical assumptions on validity. Law is no substitute for
engineering (Bruce Schneier). So, protecting a voter's anonimity is a
protocol task -- irrespective of collusion by *others*.
> > 4. Unreusability: Every voter can vote only once.
Note that this is not granted in VoteHere's system, just to compare.
VoteHere ties votes to names, not voters. A voter with different names
(either his or by "corralling" legitimate voters) can vote any number of
times. In fact, VoteHere makes it easy to sell votes since bots can also
vote.
> > 5. Eligibility: Only legitimate voters can vote.
>
> This seemed to be the main concern which caused Ed to initially brand
> votehere.net as "snake oil?". Any cryptographic system has to assume
> a certain pre-established system for determining voter eligibility.
> Such real-world systems are inherently messy and imperfect and cannot
> have the clean provability of a mathematical system. By the standards of
> mathematical proof, any voting system would have to be called snake oil.
No, this was not my main concern to question (not brand) VoteHere's system.
My main concern was that the whole system had so many apparent flaws that
I could not see how it could deliver what it promised. And, VoteHere Neff's
declarations here did not reduce this impression, as list dialogue showed.
But, back to this topic. You raise IMO a valid question -- "what is a
legitmate voter?" This question can be answered with varying degrees
of cost, risk, legal effects and nuisance. Voter registration is the first issue
and we did read here about biometric data being used in NY, as one of the
attributes to be tested at the election site in order to define "what is a
legitmate voter". The second issue is voting identification, and all biometric
data is moot if an election protocol on the wire allows for data replay.
So, indeed, we must include the voter registration question before this
topic, which only concerns itself with voter identification. But, even
though lack of proper voter registration would make voter identification
"messy and imperfect", this topic is orthogonal to it.
The question of #5 thus is not whether voter identification was "perfect"
but whether only so identified voters can vote.
> > 6. Fairness: A voter casts his vote independently and is not influenced
> > (e.g. by publishing intermediate results of the election, copying and
> > casting of the encrypted vote slip of another voter as his own vote).
>
> The votehere system seems to be OK on this.
But, since knowledge of one voter/vote in VoteHere can make all
other voter/votes known to an election official (see previous msgs),
all voters must assume that their votes are not anonymous and live
with the consequences. So, its fairness is compromised by lack
of anonymity.
This also shows that these topics are not orthogonal to each other,
as usual in protocol requirements.
> > 7. Verifiability: The tally can not be forged, as it can be verified by
> > every voter. The verifiability is locally, if a voter can only check
> > if his own vote if counted c orrectly. If it is verifiable whether all
> > votes are counted correctly, then the verifiability is universally.
>
> The tally can be verified, it seems, but not enough information has been
> presented to distinguish between local vs universal verifiability in the
> votehere.net system.
Yes, universal verifiability must not depend on *all* voters verifying
and honestly telling everyone that indeed their vote was counted
correctly. Universal verifiability must be granted if *any* voter can
verify that *all* votes were counted correctly.
> > 8. Receiptfreeness: A voter can't prove to a coercer, how he has
> > voted. As a result, verifiable vote buying is impossible.
>
> It appears that the votehere system does not satisfy this, since the vote
> is published in encrypted form, so the voter can reveal the plaintext in
> a verifiable way. Of course even if the system mathematically protected
> against this you could still sell your vote by voting at home while the
> vote buyer watched you.
Selling at home is not the question of #8, nor when the voter would be willing
to sell. What #8 targets is a protection to the voter against being *coerced*
to prove how he has voted. For example, as discussed here in another thread,
is all voting results that the voter could produce would be equally plausible
to the coercer, then the voter does not have to reveal anything and the coercer
would gain nothing by coercing the voter.
> Overall it looks like votehere.net does pretty well on these points.
I counted zero points. But, I am still counting.
> Snake oil is a nasty phrase in this business. It's about the worst thing
> you can say about a crypto related enterprise. Next time it would be
> better to learn about the technology before commenting on it rather than
> the other way around.
As Greg said on the VoteHere thread, "Snake oil" is an apt description of a
product which is marketed as having certain characteristics (e.g., security)
but whose ingredients or properties are hidden from potential purchasers
-- and, I might add, even self-deny these properties when taken as set.
And as also often said, "If you don't want your product to be called snake
oil, don't offer sales literature without technical literature to go with it." To
make mistakes is one thing, quite another it to misrepresent products --
which seems likely to place the cuplrits in the realm of tort, fraud, unfair or
misleading business practices, and securities law if they have also been
soliciting or accepting investment.
Cheers,
Ed Gerck
