Of Park Benches, Cardboard Boxes, Armored Cars and Voting
The Swiss have implemented quantum cryptography to transfer votes to a central tallying authority. This is pretty cool, and I applaud the Swiss for trying new technologies to improve election security.
However, marketing this as “unbreakable encryption” is troubling. I can’t help but see this as a version of Gene Spafford’s warning writ large:
SSL is like using an armored truck to transport rolls of pennies between someone on a park bench and someone doing business from a cardboard box.
Now, a vote is worth more than rolls of pennies, but the analogy remains appropriate: so what if the pipe is super secure, unbreakable even, if the voting machine isn’t secure? And, more importantly in the case of voting, who cares if the encryption is unbreakable if a citizen can’t verify that her vote made it into the final tally? After all, what happens to that super secure data once it comes out at the other end? How can your average citizen check that it was tallied appropriately?
That’s what most people don’t get about open-audit voting with cryptography: the techniques are not all that much about encryption, they’re mostly about public accountability and verifying that the election was performed correctly. Whether you’re using RSA, Elliptic Curves, Lattices, or quantum crypto, matters little.
What matters is how much assurance the voter gets that the election was run correctly. And quantum crypto doesn’t achieve much on that front.
4 Comments »
RSS feed for comments on this post. TrackBack URI
Leave a comment
Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
October 17th, 2007 @ 3:56 pm
What do you think about the argument that if a known technology is sufficient that should be used for critical applications like voting rather than something that is relatively immature? (this is similar to why space devices use hardened processors from years and years ago)
I’ve seen this debate batted back and forth… and I can see the merits for each side.
October 17th, 2007 @ 11:43 pm
Joe: the difficult issue lies in the definition of “sufficient.” Is RSA sufficient for this particular application? Yes, I think so, and thus yes, I think the argument you mention applies.
But it’s still worth experimenting with new technologies. This is an argument that Andy Neff was the first to make, as far as I know, in the context of voting: if we’re going to improve the state of voting, we’ll need to do test runs of new technology, and it has to be in real elections. Maybe pick a few precincts where the technology is tested, accepting that you may well have to rerun the election for those precincts. Sounds difficult, but how else can we make progress?
Back to the issue of “sufficient.” Some folks think that not having true voter receipts is sufficient. I disagree
So if everyone agrees on what is sufficient, I think your argument applies. Where it gets tough is when folks disagree on what’s truly necessary, and I suspect that happens often.
October 18th, 2007 @ 9:39 am
If only we could replicate the election environment easily… it must be one of the hardest experimental environments to replicate… I’d wager it’s impossible. Other types of elections (union, etc.) just aren’t the same. Sigh. Thanks for the interaction that your blog provides… btw, I’m looking for postdocs, etc. starting fall/summer 2008; if you know of any that might want lawyer/science hybrids, let me know! (send me email rather than a public reply here). best, Joe
November 2nd, 2007 @ 9:52 am
[...] from Ben Adidas’s post Of Park Benches, Cardboard Boxes, Armored Cars and Voting: However, marketing this as “unbreakable encryption” is troubling. I can’t help but see this [...]