Hi, Francesco and d-legal, Francesco Poli dijo [Mon, Jul 15, 2013 at 08:02:34PM +0200]: > > Estonia has been using e-elections software since 2005 and now it's > > finally verifiable: > > > > https://github.com/vvk-ehk/evalimine > > > > But the licence is cc-by-nc-nd. > > There are a number of things that strike me as awkward in this piece of > news. > > First of all, we are talking about a program here, aren't we? > CC licenses are recommended *against* for programs, even by the Creative > Commons Project itself [1] Right. Of course, the Estonian authorities might regard their system as an intellectual product that can be executed (although they don't expect people to do it). Right, programs are not the best kind of content for CC licenses — but it's not inherently impossible. > Secondly, the choice of a blatantly non-free CC-by-nc-nd license makes > me suspect that the intent is to obtain a (misunderstood) anti-tampering > security by forbidding any modification whatsoever (nd = > no-derivative): if this is the case, I think that the result is very > different from the intended one; the program is clearly non-free, but no > security is obtained, since what matters is (technically) guaranteeing > that the publicly visible source really corresponds to what is being > executed on the voting system, not that nobody is legally able to > create modified versions of the program. > > I am Cc:ing Gunnar Wolf on this point, since he has written a lot of > articles on e-voting in his blog, and he may have something more > specific to say about this aspect. Umh, on this subject we could argue quite longly ;-) But IMO it boils down to: - Electronic voting can never achieve the level of security than paper-based voting - Absentee- or home-voting (i.e. using Internet as the means of communicating with the voting authority) further lessens the overall security, by three principal factors: + The lack of verification of the person (the authorities now validate a document, not the fact that the document sustains the recognized identity of a citizen who is in front of them) + A person is no longer guaranteed a secret vote. People can be extorted to vote together with (or "supervised" by) people with authority over them (familiar, work, whatever). + Opening a system to online-based communication allows a vector through which a hostile attacker can get to the system and somehow subvert it. Not having the voting system connected to a live public network would ensure *at least* a bit of security to it. There are many other points that make me quite wary. Thanks for pointing me with this topic. But, anyway, I believe debian-devel is not the right forum to discuss the merits and dangers of e-voting. Having the source code for Estonia's system is better than not having it. Now, right, there is no assurance that is the precise code (and version) the Estonian citizens get to use when voting. And having the code for their system gives no guarantees regarding the other components of the electoral process (framework, toolchain, DBMS, kernel, firewalling configuration, the many factors on other systems controlling their network's access, etc.)
Attachment:
signature.asc
Description: Digital signature