November 14, 2008

A voting design competition?

I'm at LISA and just listened to this one:

The State of Electronic Voting, 2008
David Wagner, University of California, Berkeley

As electronic voting has seen a surge in growth in the U.S. in recent years, controversy has swirled. Are these systems trustworthy? Can we rely upon them to count our votes? In this talk, I will discuss what is known and what isn't. I will survey some of the most important developments and analyses of voting systems, including the groundbreaking top-to-bottom review commissioned by California Secretary of State Debra Bowen last year. I will take stock of where we stand today, the outlook for the future, and the role that technologists can play in improving elections.

The one-line summary seems to be that voting machines are in a mess, and while there are brave efforts (California's review cited), there are no easy answers. It's a mess. This accords with my own prejudices: it looks like it should be a mess, by architectural requirements. My advice is to keep away, but today I didn't follow that advice, and have a suggestion!

One thing that is frequently suggested is that if the Internet community can build an Internet, surely we should be able to build a secure voting system. We can do big secure systems on the net, right? The counter example for this is IPSec or DNSSec or S/MIME: surely we should have been able to get a secure system into widespread use, but we seem to have failed at every turn here.

One reason why these things didn't work out is that the IETF committees who put them together got bogged down in details, as different stakeholders fought over different areas. The result is that familiar camel known as a secure but unusable architecture. Committees are at their best when they are retro-standardising an already successful design, such as SSL, because then they cannot dive into their own areas. They are forced to focus on the existing successful design.

Another suggestion is to use NIST or the NSA (same thing in this context) to design the system for us. But, this only works when we don't really care so much about the results. With encryption algorithms, for example, we the public get very suspicious about funny S-Boxes and the like, and skepticism dogged the famous DES algorithm as well as Skipjack and the cryptophones. For Hash designs, we are less fussed, because in application space much less much can go wrong if there is a secret way of futzing the hash.

Now, in the late 1990s, NIST took these issues seriously and took a novel path. They created a design competition to create a new encryption algorithm, asking anyone and everyone to propose. Any team around the world could submit an algorithm, and the final winner came from Belgium. As well, all the teams were encouraged to review the others' designs, and knock themselves out with criticisms. (By way of disclosure, Raif in my old Cryptix group created the Java framework for the AES proposals. It was that open that they took in help from crazy net hackers like ourselves.)

This worked! People mutter about AES as being a bit odd, but everyone admires the open design process, the use of the free and open scrutiny, and the way that the worldwide cryptography community rose to the challenge.

Why can't we do that with voting machines? All the elements seem to rhyme: stakeholders who will bog it down, conspiracy theories in abundance, desperate need of the people to see a secure outcome, and lots and lots of students and academics who love a big design challenge. NIST seems to be the ring-in to manage the process, and the result could be a standard design, which avoids the tricky issue of "mandating use".

Just a thought! I don't know whether this will work or not, but I can't see why not?

Posted by iang at November 14, 2008 02:42 PM | TrackBack

NSA is competent, and has an interest in getting something that works, thus can judge such a contest. Who would judge a contest for voting machines?

Posted by: James A. Donald at November 15, 2008 05:56 PM

>Who would judge a contest for voting machines?

The Carter center, OSCE-ODIHR and their counterparts. I.e.: the people whose core business it is to observe elections.

Posted by: Rop Gonggrijp at November 16, 2008 06:45 AM

Hi iang,

I'm emailing you in regards to an email I sent to you last month about a partnership, have you had a chance to think about it?

If you have any questions or would more information, please advise me and we can go from there.

Kind Regards,
Andrew Knight

Posted by: Andrew Knight at November 18, 2008 12:53 AM

Congratulations Ian, you made it into the Top 100, well done!!

Posted by: Dave Birch at November 23, 2008 01:17 PM

Who would judge a contest for voting machines?

Posted by: Riverskiy at November 25, 2008 06:05 AM

Elections in the 3rd world are a major problem. SEEV is a new innovative concept which uses entirely existing technologies (mobile phone sms and TAN-envelopes) in conjunction with an external international processing center to ensure that phantom voters, ballot-box stuffing, count fraud etc are a thing of the past. And the cost of this electronic voting should be less than present-day paper voting systems. SEEV could hold its first election within 6 months of project go-ahead.

Posted by: SEEV - a low-cost tamper-proof voting system at January 13, 2009 05:36 AM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.