Friday, September 17, 2004
electronic voting in the UK - technical report
An excerpt from "Implementation of Electronic Voting in the UK Technical Options Report" (found via the CCSR list).
A Comparison with Other Secure Transactions
It is useful to compare voting with other online transactions for which security is needed.
The most obvious comparison is with banking. Attacking an electronic voting system is unlikely to bring the immediate financial rewards that a successful attack on the banking system would, and thus some types of well-resourced attack are less likely. However, the likelihood of well-resourced attacks is still sufficiently high to be problematic.
The consequences of a successful attack are very different with electronic voting, than with banking, though. Banks can, and do, take a financial analysis of how much loss they can stand and insure against such losses. It may be that a political decision could be taken that the loss of a certain percentage of votes is acceptable, but in the absence of such a decision, security appropriate for banking cannot be considered sufficient for electronic voting. Banks have also maintained confidence in the face of repeated losses through computer crime by covering up the cause of those losses. It is inconceivable that, in the event of a successful attack on electronic voting, such a cover-up would be acceptable to the electorate if subsequently disclosed. In a similar vein, individuals can be, and are, compensated for financial losses due to disruption/failures/hacking of online banking. It is not easy to see how there could be equivalent compensation for disruption/failures/hacking of an individuals vote, even if somehow it was discovered which individuals were affected (which might not be possible with some sorts of disruption).
Another issue is anonymity: electronic voting differs from the aforementioned applications due to the fact that, in addition to the requirements for accuracy and privacy, there is the mandated necessity to provide ... anonymity. In other words, banking applications can (in fact must) allow tracking back to the user of the system, but the [electronic voting system] must ensure that such tracking is impossible. (Mercuri, 2001, pp8-9).
Electronic voting also differs from financial transactions in that the risk that an election delayed by a few days will have a different result is unacceptably high. By contrast substantial financial transactions between two willing partners usually can be conducted a few days later if there are problems with ecommerce applications, since such transactions are rarely conducted on a whim.
Comments:
Post a Comment