Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday May 07 2019, @12:39PM   Printer-friendly
from the primary-software dept.

Submitted via IRC for ErnestTBass

From checking in at a polling place on a tablet to registering to vote by smartphone to using an electronic voting machine to cast a ballot, computers have become an increasingly common part of voting in America.

But the underlying technology behind some of those processes is often a black box. Private companies, not state or local governments, develop and maintain most of the software and hardware that keep democracy chugging along. That has kept journalists, academics and even lawmakers from speaking with certainty about election security.

In an effort to improve confidence in elections, Microsoft announced Monday that it is releasing an open-source software development kit called ElectionGuard that will use encryption techniques to let voters know when their vote is counted. It will also allow election officials and third parties to verify election results to make sure there was no interference with the results.

"It's very much like the cybersecurity version of a tamper-proof bottle," said Tom Burt, Microsoft's vice president of customer security and trust, in an interview with NPR. "Tamper-proof bottles don't prevent any hack of the contents of the bottle, but it makes it makes it harder, and it definitely reveals when the tampering has occurred."

Developed with the computer science company Galois, the kit will be available free of charge for election technology vendors to incorporate into their voting systems.

Source: https://www.npr.org/2019/05/06/720071488/ahead-of-2020-microsoft-unveils-tool-to-allow-voters-to-track-their-ballots


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by sshelton76 on Tuesday May 07 2019, @04:21PM (12 children)

    by sshelton76 (7978) on Tuesday May 07 2019, @04:21PM (#840237)

    There is another thread on this where they started discussing what an open voting solution would look like.
    The topic diverged to blockchain and crypto.
    Below is the crux of a defensive-patent I've been working on in an effort to create an open global standard for electronic voting.
    Looking forward to constructive commentary and presently looking for my flame proof undies.

    Elements of infrastructure for electronic ballot submission and security

    Herein is described a method and apparatus to provide the highest levels of security and anonymity for electronic voting systems.

    Current e-voting systems are blackboxes that have a track record of being compromised and this situation is unacceptable. A return to paper ballots is not a good option because it would be a return to all the problems that the evoting systems were designed to alleviate. It is clear a novel approach is warranted, one which takes a security first perspective.

    Our invention differs from others solutions in that it has end to end verifiability and yet there is no way for any individual vote to be traced back to any individual voter unless the voter themselves initiates the process.

    In this system, the process begins with the agency tasked with ballot creation. The ballot creators build an electronic ballot as per normal using a front end tool which translates the ballot to an electronic format which is both human and machine readable such as JSON.

    This ballot is then electronically signed and submitted to a special purpose blockchain network where it serves the same purpose that an electronic smart contract would serve, that is to say it tracks counters for each candidate or option on the ballot and maintains counters and timestamps for each option in each element of the race. It is a unique message receiver on the blockchain.

    Prior to poll opening, the polling station is supplied with paper tickets that have been pre-printed. These paper tickets contain a randomly generated assymmetric keypair meaning they have both a private key and a corresponding public key. These must be absolutely unique and they are one time use only.

    Once polls open, voters check in as per normal and draw a single paper ticket at random from the supply on hand, then proceed to a voting booth.
    If the polling location has multiple ballots, they should also supply the voter with a code to select the correct ballot for their precinct, this can be as simple as a card containing a mathematical hash of the ballot that can be scanned at the machine.

    As the voter arrives at the booth, they input the public key either through a keyboard or by scanning the ticket if the voting machine is so equipped.

    The voting machine checks that the public key is provisioned / generated for that location and has not yet been used.

    The voting machine downloads the ballot if necessary and then proceeds to present the user with options present on the ballot.
    The voter inputs their choices and completes the voting process as per normal.
    The voter is presented a confirmation screen of their choices as they are to be recorded.

    Once the voter is satisfied, they scan the private key element of their ticket.

    The voting machine verifies that the private and public key match. It then encodes the user's choices into a format consumable by the blockchain. The machine uses the voter's private key to sign the encoded vote data, then it counter-signs the encoded and signed data with it's own unique key, thereby providing proof that this machine was the one used to cast that vote.

    The machine submits the counter-signed, witnessed vote to the other machines in the local network, who also sign and witness. A unique transaction id is calculated from a hash of the combination of the unsigned bytes and the current timestamp. This transaction id is presented to the voter with the option to print a paper copy for their own personal records.

    At this point the voter can check online at any third party verifier using either their public key, or the transaction id to verify that their vote has been counted. If it was not counted then the voter can raise an exception with the poll manager and flag the machine in question. If the jurisdiction permits it, the transaction id can be considered a "spoiled" ballot, if it either was not counted or was counted incorrectly, and this should allow a provisional ballot to be cast by the voter through whatever means are considered the norm in that jurisdiction, including but not limited to a second chance to vote or a petition for review by the court.

    If after the polls close, if the voter is later concerned about the status of their vote, they can check with one or more independent third party verifiers to ensure their vote really did count.

    Because each vote must be signed by the unique key of the machine indicating where it was cast and because machines are expected to be tracked from the warehouse to the individual polling location and back again, if a machine is tampered with it becomes quite easy to see and flag by anyone working to validate the blockchain. This becomes even more easy to verify if individual machines are assigned / reserved at voter check in with a secondary timestamping process.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: -1, Offtopic) by Anonymous Coward on Tuesday May 07 2019, @04:34PM (11 children)

    by Anonymous Coward on Tuesday May 07 2019, @04:34PM (#840252)

    Dude! You're an advertiser! Off with your head!

    Somebody, please! Throw this guy a Spam mod!

    • (Score: 2) by sshelton76 on Tuesday May 07 2019, @04:43PM (6 children)

      by sshelton76 (7978) on Tuesday May 07 2019, @04:43PM (#840262)

      Huh? That's literally not my point at all.
      The topic is a discussion on e-voting. It diverged into blockchain and crypto based options in a different thread.

      I happen to be working on the side on a defensive patent for a system to provide high levels of integrity and said I would post a gloss here so people can see how a solid solution could be put together. If approved this would become part of a larger effort to establish a secure global standard for e-voting.

      Nothing was advertised. No one is asking you to visit a website and there is no effort to endorse a product either existing nor forthcoming.

      Really just soliciting feedback, especially if there are holes somewhere I hadn't considered.

      • (Score: -1, Troll) by Anonymous Coward on Tuesday May 07 2019, @05:01PM (5 children)

        by Anonymous Coward on Tuesday May 07 2019, @05:01PM (#840270)

        You are advertising your invention that differs from others solutions

        It doesn't differ from any of the others, it is a electronic contraption that nobody needs. The only people that want this crap are the people who are selling it! You're trying to sell refrigerators to the Eskimos.

        • (Score: 2) by sshelton76 on Tuesday May 07 2019, @05:14PM (4 children)

          by sshelton76 (7978) on Tuesday May 07 2019, @05:14PM (#840272)

          You have a very strange definition of advertising. Normally the intent of advertising is to inform the public of an item for sale.

          To my mind this is more like an RFC...
          https://en.wikipedia.org/wiki/Request_for_Comments [wikipedia.org]

          • (Score: -1, Troll) by Anonymous Coward on Tuesday May 07 2019, @05:50PM (3 children)

            by Anonymous Coward on Tuesday May 07 2019, @05:50PM (#840296)

            Yes, you are trying to sell black box voting. We don't want black box voting. It simply can never be trusted unless the entire thing can be plainly understood by anybody that graduated grade school. We must get a "receipt". Paper is still the best, most secure, verifiable by humans without assistance or obfuscation. It's cheap and easy, why the resistance?

            You might have a nice instant messenger or email server/client though if the encryption is that good.

            • (Score: 2) by sshelton76 on Tuesday May 07 2019, @06:05PM (2 children)

              by sshelton76 (7978) on Tuesday May 07 2019, @06:05PM (#840307)

              Ok never mind, sorry I thought you read the description I posted. Read the post all the way through. Let go of any pre-conceived assumptions about what it contains and come at it from the perspective that my intention isn't to sell you on an idea, but simply to present a way it can be done. I don't spell it out, but yes you get a receipt. Two of them actually, a unique ticket from the polling check in process required to initiate the voting process and a receipt with a transaction number when you're done. But it's not a blackbox and it is fully verifiable. Just read it first and then try to pick it apart please.

    • (Score: 2) by All Your Lawn Are Belong To Us on Tuesday May 07 2019, @06:09PM (3 children)

      by All Your Lawn Are Belong To Us (6553) on Tuesday May 07 2019, @06:09PM (#840310) Journal

      Done. Oh, wait, modded him up because you're wrong.

      --
      This sig for rent.
      • (Score: 2) by sshelton76 on Tuesday May 07 2019, @07:15PM (2 children)

        by sshelton76 (7978) on Tuesday May 07 2019, @07:15PM (#840366)

        Thanks!
        Any thoughts on the design though?

        • (Score: 2) by All Your Lawn Are Belong To Us on Tuesday May 07 2019, @07:52PM (1 child)

          by All Your Lawn Are Belong To Us (6553) on Tuesday May 07 2019, @07:52PM (#840387) Journal

          Interesting proposal. The three questions I have would be:

          1) If the ballot is downloaded, how does the voting machine verify the signature of the correct ballot / what prevents my invading in the middle and feeding a false ballot (with, say reversed choices) to the station the voter is using? (And there isn't any reason the machine can't be preprogrammed with a table of legitimate signature hashes to recognize and crunch the ballot itself to verify it itself, just isn't quite spelled out that way).

          2) Similar concern with the uploaded consumption format - is it assured that it is crunching "All Your Lawn" as the candidate, or is it encoding "He Chose Number Two on Question 7"? (Or do I get a receipt that checks out that my ballot was counted by that was corrupt by being presented with a fake ballot).

          3) Any concerns with the format and write-in choices / would the reception format be flexible enough for that sort of transmission.

          I have a feeling that when you were speaking of consumable formatting this would be one that would solve questions 2/3, again just isn't quite explicitly stated that way.

          Otherwise, really interesting idea and very much agreed that the entirety of the system proper should be open enough that any skilled person can verify the authenticity of it. (And make it applicable to other polling/voting contexts than public elections).

          --
          This sig for rent.
          • (Score: 2) by sshelton76 on Tuesday May 07 2019, @08:27PM

            by sshelton76 (7978) on Tuesday May 07 2019, @08:27PM (#840405)

            Ohh these are great questions, thank you!

            I'll try to answer them as concisely as possible, feel free to ask for more details though.

            1) The machine would have a certificate installed that would contain the public key of authorized ballot issuers. So when it downloads the ballot, the ballot is just a collection of bytes and a signature. Using the public key it is possible to verify that the ballot is complete and untampered with. The gloss doesn't specify the particular encryption, but the overall patent is much longer and promulgates a process such as the one here... https://nacl.cr.yp.to/sign.html [cr.yp.to] Because the ballot creator's public key is by definition public along with the ballot itself, you could also download the ballot to an app on your phone, examine it and practice voting while standing in line at the polls. You just couldn't submit the vote until you interacted with a machine authorized by the election authority. You could try, but it would be rejected automatically since part of the security model is based on pre-authorizing specific devices which have their own unique keys.

            2) In most blockchain scenarios your transaction id is a hash of the data. However for transparency purposes, this system prints a receipt that uses an encoding that looks like... machineid.timestamp.selection1.selection2... Now it is important to note, that most jurisdictions have an option for a write in candidate. In order to preserve that option the selections are free form unicode strings. If they do not match an existing option, the option is added to the blockchain counter for that selection upon receipt of the vote. Obviously we case correct, where appropriate on the client side, but it does leave a problem we have yet to address where one person might put in "Nunez" and someone else might put in "Nunnez" and someone else might put in "Nu~nez" (imagine that ~n is the spanish letter after n called en-yeah and giving the sound of "nya". Anyways because of this disparity, it is possible candidate Nunez may wish to contest the results, but at least the results are recorded even if spread out a bit. It is because of this freeform ability that we do not simply select an offset in an array.

            3) See my answer to #2

            The complete transaction id includes machine id, timestamp and selection choices. But that is for the voter's receipt. The machine id and timestamp will by definition be unique and the voter can then check the blockchain at that point to see their particular vote and precisely how it counted.

            One other advantage of this approach is that it also accommodates locales where there are legal requirements that the ballot be in multiple languages. We have the ballot framework and options encoded in the original upload, but ballot creators can add language translation files later so long a they sign them. The language files would be available at ballothash.en and ballothash.es etc.