Hi, Francesco and d-legal,
Francesco Poli dijo [Mon, Jul 15, 2013 at 08:02:34PM +0200]:
> > Estonia has been using e-elections software since 2005 and now it's
> > finally verifiable:
> >
> > https://github.com/vvk-ehk/evalimine
> >
> > But the licence is cc-by-nc-nd.
>
> There are a number of things that strike me as awkward in this piece of
> news.
>
> First of all, we are talking about a program here, aren't we?
> CC licenses are recommended *against* for programs, even by the Creative
> Commons Project itself [1]
Right. Of course, the Estonian authorities might regard their system
as an intellectual product that can be executed (although they don't
expect people to do it). Right, programs are not the best kind of
content for CC licenses — but it's not inherently impossible.
> Secondly, the choice of a blatantly non-free CC-by-nc-nd license makes
> me suspect that the intent is to obtain a (misunderstood) anti-tampering
> security by forbidding any modification whatsoever (nd =
> no-derivative): if this is the case, I think that the result is very
> different from the intended one; the program is clearly non-free, but no
> security is obtained, since what matters is (technically) guaranteeing
> that the publicly visible source really corresponds to what is being
> executed on the voting system, not that nobody is legally able to
> create modified versions of the program.
>
> I am Cc:ing Gunnar Wolf on this point, since he has written a lot of
> articles on e-voting in his blog, and he may have something more
> specific to say about this aspect.
Umh, on this subject we could argue quite longly ;-) But IMO it boils
down to:
- Electronic voting can never achieve the level of security than
paper-based voting
- Absentee- or home-voting (i.e. using Internet as the means of
communicating with the voting authority) further lessens the overall
security, by three principal factors:
+ The lack of verification of the person (the authorities now
validate a document, not the fact that the document sustains the
recognized identity of a citizen who is in front of them)
+ A person is no longer guaranteed a secret vote. People can be
extorted to vote together with (or "supervised" by) people with
authority over them (familiar, work, whatever).
+ Opening a system to online-based communication allows a vector
through which a hostile attacker can get to the system and somehow
subvert it. Not having the voting system connected to a live
public network would ensure *at least* a bit of security to it.
There are many other points that make me quite wary. Thanks for
pointing me with this topic. But, anyway, I believe debian-devel is
not the right forum to discuss the merits and dangers of e-voting.
Having the source code for Estonia's system is better than not having
it. Now, right, there is no assurance that is the precise code (and
version) the Estonian citizens get to use when voting. And having the
code for their system gives no guarantees regarding the other
components of the electoral process (framework, toolchain, DBMS,
kernel, firewalling configuration, the many factors on other systems
controlling their network's access, etc.)
Attachment:
signature.asc
Description: Digital signature