The Swiss have implemented quantum cryptography to transfer votes to a central tallying authority. This is pretty cool, and I applaud the Swiss for trying new technologies to improve election security.
However, marketing this as “unbreakable encryption” is troubling. I can’t help but see this as a version of Gene Spafford’s warning writ large:
SSL is like using an armored truck to transport rolls of pennies between someone on a park bench and someone doing business from a cardboard box.
Now, a vote is worth more than rolls of pennies, but the analogy remains appropriate: so what if the pipe is super secure, unbreakable even, if the voting machine isn’t secure? And, more importantly in the case of voting, who cares if the encryption is unbreakable if a citizen can’t verify that her vote made it into the final tally? After all, what happens to that super secure data once it comes out at the other end? How can your average citizen check that it was tallied appropriately?
That’s what most people don’t get about open-audit voting with cryptography: the techniques are not all that much about encryption, they’re mostly about public accountability and verifying that the election was performed correctly. Whether you’re using RSA, Elliptic Curves, Lattices, or quantum crypto, matters little.
What matters is how much assurance the voter gets that the election was run correctly. And quantum crypto doesn’t achieve much on that front.
Benlog 
Comments
7 responses to “Of Park Benches, Cardboard Boxes, Armored Cars and Voting”
What do you think about the argument that if a known technology is sufficient that should be used for critical applications like voting rather than something that is relatively immature? (this is similar to why space devices use hardened processors from years and years ago)
I’ve seen this debate batted back and forth… and I can see the merits for each side.
What do you think about the argument that if a known technology is sufficient that should be used for critical applications like voting rather than something that is relatively immature? (this is similar to why space devices use hardened processors from years and years ago)
I’ve seen this debate batted back and forth… and I can see the merits for each side.
Joe: the difficult issue lies in the definition of “sufficient.” Is RSA sufficient for this particular application? Yes, I think so, and thus yes, I think the argument you mention applies.
But it’s still worth experimenting with new technologies. This is an argument that Andy Neff was the first to make, as far as I know, in the context of voting: if we’re going to improve the state of voting, we’ll need to do test runs of new technology, and it has to be in real elections. Maybe pick a few precincts where the technology is tested, accepting that you may well have to rerun the election for those precincts. Sounds difficult, but how else can we make progress?
Back to the issue of “sufficient.” Some folks think that not having true voter receipts is sufficient. I disagree 🙂 So if everyone agrees on what is sufficient, I think your argument applies. Where it gets tough is when folks disagree on what’s truly necessary, and I suspect that happens often.
Joe: the difficult issue lies in the definition of “sufficient.” Is RSA sufficient for this particular application? Yes, I think so, and thus yes, I think the argument you mention applies.
But it’s still worth experimenting with new technologies. This is an argument that Andy Neff was the first to make, as far as I know, in the context of voting: if we’re going to improve the state of voting, we’ll need to do test runs of new technology, and it has to be in real elections. Maybe pick a few precincts where the technology is tested, accepting that you may well have to rerun the election for those precincts. Sounds difficult, but how else can we make progress?
Back to the issue of “sufficient.” Some folks think that not having true voter receipts is sufficient. I disagree 🙂 So if everyone agrees on what is sufficient, I think your argument applies. Where it gets tough is when folks disagree on what’s truly necessary, and I suspect that happens often.
If only we could replicate the election environment easily… it must be one of the hardest experimental environments to replicate… I’d wager it’s impossible. Other types of elections (union, etc.) just aren’t the same. Sigh. Thanks for the interaction that your blog provides… btw, I’m looking for postdocs, etc. starting fall/summer 2008; if you know of any that might want lawyer/science hybrids, let me know! (send me email rather than a public reply here). best, Joe
If only we could replicate the election environment easily… it must be one of the hardest experimental environments to replicate… I’d wager it’s impossible. Other types of elections (union, etc.) just aren’t the same. Sigh. Thanks for the interaction that your blog provides… btw, I’m looking for postdocs, etc. starting fall/summer 2008; if you know of any that might want lawyer/science hybrids, let me know! (send me email rather than a public reply here). best, Joe
[…] from Ben Adidas’s post Of Park Benches, Cardboard Boxes, Armored Cars and Voting: However, marketing this as “unbreakable encryption” is troubling. I can’t help but see this […]