Bruno Kerouanton

Most people a bit involved in IT security think the same about electronic voting machines. They are quite interesting regarding to the complex challenges they happen to demonstrate about privacy and safety.

It’s quite difficult to keep anonymity and at the same time to proove that everybody has voted only once, and there have been several mathematicians and cryptography experts working on protocols that could help to solve this.

There are solutions but it requires really complex setup such as using a modified public-key cryptographical protocol, and digital certificates designed for this usage. It also requires that the calculations and the whole chain of trust is safe, bug-free and foolproof. That is impossible to check. More and more people are now believing that electronic voting machines aren’t a good solution - yet - since there are still too many unknown elements and risks such as eavesdropping, electronic emanations, bugs, manipulations and even subliminal behavior that could prevent a citizen from voting in normal conditions (preserving its privacy and being sure the vote count is normal).

Cedric Blancher’s Blog has got an interesting review of this, please look at his entry !

RESUME Les machines à voter électroniques, c’est l’avenir selon certains. Sauf que ces derniers ne se rendent pas (ou ne veulent pas se rendre) compte des problèmes de sécurité associés à ce nouveau moyen. Comment garantir l’anonymat tout en pouvant s’assurer que la personne n’a voté qu’une seule fois ? Comment s’assurer que le votant aura son intimité garantie ? Actuellement, même si des méthodes existent, elles ne sont à priori pas appliquées car trop complexes ou tout simplement parce que les concepteurs de telles machines ne les connaissent tout bonnement pas (ou ne veulent pas les implémenter par souci d’économie ou de simplicité). Voir le Blog de Cédric Blancher à ce sujet !