Internet and e-mail policy and practice
including Notes on Internet E-mail


2020
Months
Jun
Aug
Sep Oct
Nov Dec

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home :: Internet


17 Jun 2020

Once again, why Internet voting doesn't work Internet

An acqaintances said "We trust our electronic systems to transfer millions of dollars of value; I suspect we will eventually develop schemes we will trust to record and count votes."

This is, unfortunately, one of the chronic fallacies that make voting security experts tear their remaining hair out. The security models are completely different so what banks do is completely irrelevant to voting.

There are no secrets in banking. Banking transactions are all auditable, a bank has a complete list of where all the money came from and where all the money went. In most cases, the transactions can be reversed if challenged. Even if they can't, the bank can say "you sent $100,000 to the Third State Bank of Bezerkestan, account 5551212, too bad they won't give it back." Plenty of stuff is partially secret, e.g., a bank may not report your transaction details to anyone but you, but it's not completely secret.

The key to voting security is that the contents of your ballot is secret from everyone, including you. There's a list of who voted, there's a list of what the votes are, and there has to be no way to link the two. Computers are really bad at that.


posted at: 19:09 :: permanent link to this entry :: 0 comments
posted at: 19:09 ::
permanent link to this entry :: 0 comments

comments...        (Jump to the end to add your own comment)

Add your comment...

Note: all comments require an email address to send a confirmation to verify that it was posted by a person and not a spambot. The comment won't be visible until you click the link in the confirmation. Unless you check the box below, which almost nobody does, your email won't be displayed, and I won't use it for other purposes.

 
Name:
Email: you@wherever (required, for confirmation)
Title: (optional)
Comments:
Show my Email address
Save my Name and Email for next time

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
Dave Piscitello on Ransomware
16 days ago

A keen grasp of the obvious
My high security debit card
562 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.