Ed Gerck, Ph.D.


Ed Gerck, Ph.D. (Physics, LMU and Max-Planck Institute for Quantum Optics, Munich, Germany), M. Sc. (Physics, ITA/CTA, Brazil), Engineer (Electronics, ITA/CTA, Brazil)

Contact: ed a­t gerck • com with subject prefix [EG]
Copyright © 1997-2016 by E. Gerck. All rights reserved, free copying and citation allowed with source and author reference.

Click for Biography and Papers >>

Personal Statement on Electronic and Internet Voting

INTERNET MODEL

ABOUT

Ed Gerck sees cybersecurity as a new area in physics (Gerck, 1997), where "trust is that which is essential to a communication channel, but cannot be transferred using that channel."

This trust definition provides a framework for understanding human trust (as expected fulfillment of behavior) and for bridging trust between humans and machines (as qualified information based on factors independent of that information). The trust definition also directly creates a mathematical framework for cybersecurity, with a fresh, quantitative approach to help solve the vexing information security problems we see everyday in homes, offices, cloud providers, and in the most advanced agencies of the most advanced nation states.

Understanding trust in terms of a communication process motivates the design and development of large-scale, secure and reliable Internet-based infrastructure services where users (including their machines, operating systems and software) are not initially trusted to any extent. In other words, one can now introduce trust as an explicit part of the Internet design, with least changes as possible, which trust was implicit when the Internet (prior to commercial operation) was based on an honor system for the users and their machines (see INTERNET MODEL).

In particular, the trust definition shows that trusting user intervention (even to simply update software) is a very weak assumption, leading to interest in solutions that can solve current security and network problems without trusting user intervention.

For references and related work on trust, use the search keyword: gerck trust

Ed Gerck's work has received extensive worldwide press coverage from New York Times, Le Monde, O Globo, Forbes, CBS, CNN, Business Week, Wired, San Jose Mercury News, Aftonbladet and USA Today. In 1999 Dr. Gerck was a member of the Registry Advisory Board of Network Solutions, Inc. (NSI). Dr. Gerck is also the founder of Gerck Research, a scientific cooperative, the Meta-Certificate Group (MCG), chairman of the board of the Internet Voting Technology Alliance (IVTA), founder of NMA, Inc. and founder and CEO of Safevote, Inc.

Personal Statement on Electronic and Internet Voting

While correctly criticizing current problems in electronic voting, some profoundly reject any kind of voting that is electronic, as if the only possible outcome of such an election would be a "government by magic". But magic, endemic fraud in paper ballots, for 200 years in the U.S., is exactly one of the reasons that is driving this society to develop better solutions. We already found ways for using the Internet to file Income Tax Returns, to buy a book, to reliably read stock quotes and trade them, and so we shall likewise find ways to use the Internet to make votes count correctly, with less hassle, less fraud and less cost than today, albeit with moderation and caution.

With public elections, usually requiring polling and tabulating millions of votes, we have no choice but to move from art to science. Votes need to be verified and voters are certainly one party that can do it. However, you never want to allow the voter to take any kind of "receipt" out of the voting station if that receipt can be used to determine how the voter voted, e.g. by matching a number or pattern on the ballot. No one should be able to prove how the voter voted, not even the voter. Otherwise, vote selling and coercion cannot be prevented. I also think that there should be independent representations of the ballot data, as witnesses of the ballot as cast by the voter. When these witnesses exist, they must all be audited for consistency. This can be done efficiently with a proper random sampling. Further, as it is already legal today in the U.S., voters should be able to cast their ballots at a poll precinct as well as at home, at work, and abroad.

I believe, as evidenced in my research that you can read and test, that all of this can be done using paper and/or computers and/or networks of computers, including cases where the network can be the phone network and/or the Internet. Further, I believe that using computers and networks, while there must be great caution and moderation, has the yet unrealized but greatest potential to reduce fraud, increase voter diversity, increase voter participation and reduce costs.

As a critical point that has not been mentioned yet by anyone else in voting, I see that election systems need to eliminate all physical connections between production system (the election) and development (the vendor). This is a security lesson from the banking sector. Vendors, including Safevote, must not be allowed to operate their machines during an election, as it is routinely done today in the US. This current, bad security practice also contains a potential conflict of interest, as the vendor has an interest in selling a machine or process that is difficult to operate.

Finally, all aspects of an election need to be secure, auditable and verifiable according to these principles. There's certainly room for progress in voting.

Background: My statement above is based on a technologically-neutral model for voting that applies to paper, electronic and network voting, available as the "The Witness-Voting System", described in the invited opening chapter in "Towards Trustworthy Elections, New Directions in Electronic Voting", published by Springer Verlag. Chaum, David, et. al. (Ed.), (c) 2010, pages 1-36. ISBN-10: 1-4020-7301-1. For a personal-use reprint, click The Witness-Voting System [PDF] >>

I derived this model by realizing that Claude Shannon's statement --and solution-- of the "fundamental problem of communication" in information-theory could be used in voting theory. What I call the fundamental problem of voting is that of reproducing at a point called the ballot box exactly a message selected by the voter at another point, the voting station. The message is the ballot cast by the voter at the voting station. The messages have meaning; that is they refer to or are correlated according to some system with certain physical (e.g., people, propositions) or conceptual (e.g., offices) entities. These semantic aspects of voting are irrelevant to the engineering problem. The significant aspect is that the actual message (the ballot cast) is one selected by the voter from a set of possible messages (all the different ballots that can be cast for all possible combinations of vote choices). The system must be designed to operate for each possible selection (including blank votes), while excluding others that are not possible (overvotes, for example). In this information-theoretic model, the ballot cast is the message, the ballot box (at one point) is the receiver and the voter (at another point) is the sender. The message is a priori unknown at the receiver, the ballot box. The model shows that there is a gap between the voter and the ballot box, which gap prevents the voter from really knowing what ballot will be tallied -- this gap occurs in all voting systems where votes are cast privately, even if the ballots are not anonymous (i.e., not anonymous means here that all ballots and all voters are uniquely linkable). The information-theoretic solution, described in my papers, includes noise (e.g., attacks and faults) channels that can delete, change, copy or insert messages (ballots) between the voter and the ballot box, and vice versa. The effects of noise (human and machine created) can be reduced to an arbitrarily low level, as close to zero as one desires, by using correction channels between the voter and the ballot box. This result is based on the 10-th Theorem by Claude Shannon in information-theory. These correction channels are what I call "witnesses" in The Witness-Voting System.



INTERNET MODEL

The original, and current, Internet design has been mostly based on an honor system for the end points. The model being that the connection is less trusted than the end points, as access to the end points was granted under an honor system — and usage rules were effectively enforceable.

Reality showed that this model was upside down for commercial operation. The end points are less trusted than the connection. In fact, even if usage rules are enforceable at some connection points, the end points cannot be controlled. Anyone can connect to the network. There is no honor system. Usage rules are in fact not enforceable, users can hide and change their end points. The solution is to introduce trust as an explicit part of the design, which trust was implicit when the Internet was based on an honor system. Of course, updating the Internet design to fit its current operating conditions is useful not only to stop spam. Social engineering and spoofing attacks also rely on the old honor system where users are trusted. "Trust no one" should be the initial state under the new Internet paradigm. The bottom line is that trust depends on corroboration with multiple channels (see Trust, above) while today we have neither (a) the multiple channels nor (b) the corroboration mechanisms. So, we lack trust because we can't communicate it. Current work by Ed Gerck and team includes these topics, proposals and tests to combat spam, spoofing, and denial of service, as well as information-theoretic secure authentication integrated with authorization for access control.

DISCLAIMER: This page does not intend to cover all the details of the technologies reported, or all the variants thereof. Its coverage is limited to provide support and references to the work in progress and to unify references, concepts and terminology. No political or country-oriented criticism is to be construed from this page, which respects all the apparently divergent efforts found today on the subjects treated. Individuals or organizations are cited as part of the fact-finding work needed for this page and their citation constitutes neither a favorable nor an unfavorable recommendation or endorsement. These statements are my own and do not represent the view of any organization or government.

Copyright © 1997-2015 by E. Gerck. All rights reserved, free copying and citation allowed with source and author reference.


Contact Information
ed a­t gerck • com