The image “” cannot be displayed, because it contains errors.


National Issues

A Case of the Wrong Technology Applied Incorrectly PDF  | Print |  Email
By Avi Rubin, Johns Hopkins University   
October 26, 2007

This article appeared on Avi Rubin's Blog and is reposted here with permission of the author.


In this week's Economist magazine, an article describes how the Swiss general election that was held on October 21 was to use quantum cryptography to protect the transmission of votes from the polling stations to the central tabulation centers. Quoting from the article:

    The authorities will use quantum cryptography—a way to transmit information that detects eavesdroppers and errors almost immediately—to ensure not only that votes are kept secret but also that they are all counted.
I first became aware of this project when a New Scientist reporter sent me a note about it and asked for my opinion. I assumed that it was a joke or that the reporter had heard wrong. After all, protecting electronic transmissions is the one problem I can think of in all of this that is not really hard. Here are some of the problems in electronic voting that are hard:

  • Ensuring that the software on the voting machines is the correct software. The proposed solution of having a library of hash values of the correct binaries of voting machine software and checking the voting machines does not work. There is no way to perform the check of the hash of the code that is running in the machines. In fact, any attempt to check that hash value would provide an opportunity for an attacker to change the code then and there.

  • Ensuring that the software on the voting machines is not malicious.Even if the "correct" code is running on the voting machine, there is no deterministic way to determine that the code was not designed with a back door in it that could affect the outcome of the election.

  • Ensuring that no unknown bugs in the voting machines can affect the outcome.Even if the "correct" code is running on the voting machine and even if there is no intentional malicious code in the machine, there is no way to ensure that the code does not contain inadvertent bugs or unexpected failure modes that could disrupt an election or cause the wrong result to be computed.

Quantum cryptography is a novel and very interesting topic. There are potentially many applications that could benefit from this technology, and I have always been a big fan. But, quantum cryptography does not address the problems in electronic voting that are actually difficult to solve. Transmitting the votes from the polls to the central tabulation center can be done with traditional cryptography. Authentication functions can provide tamper resistance and encryption can provide secrecy, assuming that secrecy is actually desirable here. I believe it is not, as every aspect of the process should be transparent, and I see no reason to keep the precinct results secret. Just the opposite is true - it is important for observers to see princinct level results.

I applaud the Swiss for pursuing innovation, but in this case, they are using the wrong tool to solve the wrong problem in an inappropriate way.
Comment on This Article
You must login to leave comments...
Other Visitors Comments
You must login to see comments...
< Prev   Next >
National Pages
Federal Government
Federal Legislation
Help America Vote Act (HAVA)
Election Assistance Commission (EAC)
Federal Election Commission
Department of Justice - Voting Section
Non-Government Institutions
Independent Testing Authority
The Election Center
Carter Baker Commission
Voting System Standards
Electoral College
Open Source Voting System Software
Proposed Legislation
Voting Rights
Campaign Finance
Overseas/Military Voting
Electronic Verification
: mosShowVIMenu( $params ); break; } ?>