May 10, 2004

Secret Ballot Receipts and Transparent Integrity

Professor David Chaum is working on the voting problem. On the face of it, this is an intractable problem given the requirement of voter secrecy. Yet David Chaum is one of the handful of cryptographers who have changed the game - his blinded tokens invention remains one of the half dozen seminal discoveries of the last half-century.

Of course, in financial voting, the requirement for ballot box privacy is not so stringent. Indeed votes are typically transferable as proxies, if not strictly saleable. For this reason, we can pretty much accomplish financial voting with what we know and have already (an addition of a nymous feature or a new issue would be two ways to do it).

But it is always worth following what is happening on the other side of the fence. Here's the abstract for David's paper, Secret Ballot Receipts and Transparent Integrity:

"Introduced here is a new kind of receipt. In the voting booth, it is as convincing as any receipt. And once the voter takes it out of the booth, it can readily be used to ensure that the votes it contains are included correctly in the final tally. But it cannot be used in improper influence schemes to show how the voter voted. The system incorporating the receipts can be proven mathematically to ensure integrity of the election against whatever incorrectly-behaving machines might do to surreptitiously change votes. Not only can receipts and this level of integrity enhance voter confidence, but they eliminate the need for trusted voting machines."
Posted by iang at May 10, 2004 07:06 PM | TrackBack

Of course that is not a new concept, that the level of security necessary for electronic payments to be viable is not very high.

Losses from fraud (aggregated with other types of costs) need only be lower than the "benefits" in the hands of the actors who control the platform decisions. For example card services and even ATMs have never had very strong security, and have suffered costly losses, but were able to plow them back onto cardholders and retailers, and stiff the taxpayers with policing costs.

But I'm not posting this morning, to deliver a big editorial.

I just want to make the point that security for voting doesn't have to be very strong either. The value of one vote is NOT as high as say, the credit limit available in the average credit card, in the average purse or wallet.

What is *exceedlingly* valuable is a systematic weakness allowing a party to control *many* votes. Efforts to improve voting security might benefit from this insight. For example, you can get a false confidence from paper trails, verifying individual votes, while voting outcomes can still be changed by some piece of the downstream tabulating or reporting.

Oh well. A rather obvious point. Too much expresso again maybe.

I just think they should issue every citizen a "citizens signing device" at birth and be done with it. If the technology industry cant get such a simple thing right, then to HELL with them. Really, I am thinking of smashing my computer, along with my TV these days,

Let it happen. AR AP everywhere.

Posted by: Todd at May 16, 2004 04:43 PM