The Pre-Arranged-Transfer-Pattern Hack

How publically-accessible proportional-representation voting data allows votes to be bought and sold

(please add comments at bottom of page)

Ireland's proposed e-voting system (ICTE website) contains an interesting feature. All vote data will be uploaded to a public website, allowing third parties to download the raw votes, and simulate counting themselves, verify the results, experiment with new transfer methods, etc.

This has been identified as a good feature by several commentators, notably Annrai O'Toole and Brendan Tangney in their 6 April 2004 Irish Times article entitled 'Time for a rational debate about the future of electronic voting', who noted, 'analysing voter trends should not be limited to a high priesthood of tallymen. Electronic voting could yet make experts of us all!'

The data is anonymized, replacing real names with random numbers, so that an attacker cannot determine which way a given person voted.

However, Ciaran Quinn on the ICTE mailing list has noted that this feature still does allow votes to be bought and sold. In summary, it exposes a means for an attacker to determine if an accomplice or accomplices voted the way they were instructed to vote. Here's the mails in question:

From: Ciaran Quinn <election .at. polarbears.com>
To: Irish Citizens for Trustworthy Evoting <e-voting .at. lists.stdlib.net>
Subject: [E-voting] STV and e-voting incompatible

I have just downloaded the election results for Dublin North and I have
just realised that there is a very simple way of selling one's vote
using e-voting.

There were 12 candidates in Dublin North. I estimate that there must be
almost 500 million possible vote combinations. If I wanted to buy votes
>from a group of voters, I would give them instructions of the sequence
in which they were to vote (eg I would give each voters a list of
numbers such as 3 5 10 2 1 6 9 4 8 11 7 12 showing them how to mark
their ballot paper. Each voter would get a slightly different
combination. When the election is over, all I would have to do is to
check which combinations occurred and pay the relevant voters).

Date:    Sat, 06 Dec 2003 22:07:15 +0000
From:    Ciaran Quinn <election .at. polarbears.com>
To:      David GLAUDE <dglaude .at. gmx.net>,
         Irish Citizens for Trustworthy Evoting <e-voting .at. lists.stdlib.net>
cc:      
Subject: Re: Fwd: [E-voting] STV and e-voting incompatible

By my calculations, in a 12-candidate STV election, there are actually
522,956,313 different ways of marking the ballot paper.
(12!+11!+10!+9!+8!+7!+6!+5!+4!+3!+2!+1!)
In STV, the 12 candidates are listed and the voter numbers the
candidates from 1 to 12 (they can stop at any point if they wish).

Having said that, if I was paying someone to vote for a candidate, I
would want them to have the same no. 1 every time, so there would be
43954713 combinations remaining for about 40,000 voters, which is plenty
to allocate specific combinations to each voter. If only full
combinations of 1 to 12 were generated, there would only be a 1000-1
chance of someone else accidentally using that combination.

It would not be difficult to set up a website outside Ireland where
people could sell their votes at election time. The voter would log on
to the site and be given a unique pattern of vote preferences to use. 

Comments

(none yet)

PreArrangedTransferHack (last edited 2004-04-30 17:44:43 by ip68-4-10-228)