From Network World:
Swiss officials are using quantum cryptography technology to protect voting ballots cast in the Geneva region of Switzerland during parliamentary elections to be held Oct. 21, marking the first time this type of advanced encryption will be used for election protection purposes.
For the Swiss ballot-collection process, the quantum cryptography system made by id Quantique will be used to secure the link between the central ballot-counting station in downtown Geneva and a government data center in the suburbs.
“We would like to provide optimal security conditions for the work of counting the ballots,” said Robert Hensler, the Geneva State Chancellor, in a statement issued today. “In this context, the value added by quantum cryptography concerns not so much protection from outside attempts to interfere as the ability to verify that the data have not been corrupted in transit between entry and storage.”
Got that? Swiss officials will be using quantum crypto to encrypt the communication channel between a central ballot counting station and a government data center. It’s only used for a small part of the election process and, to the best of my knowledge, the information that is being transmitted along this channel ought to be public information anyways.
So I see nothing of value here. Standard communication techniques like SSL would have worked fine. I’m not alone in my assessment.
From Avi Rubin’s post A case of the wrong technology applied incorrectly:
I first became aware of this project when a New Scientist reporter sent me a note about it and asked for my opinion. I assumed that it was a joke or that the reporter had heard wrong. After all, protecting electronic transmissions is the one problem I can think of in all of this that is not really hard.
Quantum cryptography is a novel and very interesting topic. There are potentially many applications that could benefit from this technology, and I have always been a big fan. But, quantum cryptography does not address the problems in electronic voting that are actually difficult to solve. Transmitting the votes from the polls to the central tabulation center can be done with traditional cryptography. Authentication functions can provide tamper resistance and encryption can provide secrecy, assuming that secrecy is actually desirable here. I believe it is not, as every aspect of the process should be transparent, and I see no reason to keep the precinct results secret. Just the opposite is true – it is important for observers to see princinct level results.
I applaud the Swiss for pursuing innovation, but in this case, they are using the wrong tool to solve the wrong problem in an inappropriate way.
And from Ben Adidas’s post Of Park Benches, Cardboard Boxes, Armored Cars and Voting:
However, marketing this as “unbreakable encryption” is troubling. I can’t help but see this as a version of Gene Spafford’s warning writ large:
SSL is like using an armored truck to transport rolls of pennies between someone on a park bench and someone doing business from a cardboard box.
Now, a vote is worth more than rolls of pennies, but the analogy remains appropriate: so what if the pipe is super secure, unbreakable even, if the voting machine isn’t secure? And, more importantly in the case of voting, who cares if the encryption is unbreakable if a citizen can’t verify that her vote made it into the final tally? After all, what happens to that super secure data once it comes out at the other end? How can your average citizen check that it was tallied appropriately?
And here is a gem from the Slashdot post on this:
I love this misguided attempt at security
I’ts kinda like when someone says they are using 4096 bit encryption for their SSL banking, and not realizing their password is being stolen by a keylogger.
The biggest problem we face today is *not* the encryption. We have bags of good encryption technologies out there, from AES (symmetric) to a variety of Public Key techniques. The problem actually comes from the people and processes at either end of the encryption pipe.
Guess what – no-ones SSID has (probably) ever been stolen while in transit via SSL over the internet. The millions of SSIDs stolen to date have been theft of laptops or admins not securing their websites properly. Hopefully they will understand this, and spend an equal portion of their time/energy securing their endpoints.