Submitted via IRC for ErnestTBass
From checking in at a polling place on a tablet to registering to vote by smartphone to using an electronic voting machine to cast a ballot, computers have become an increasingly common part of voting in America.
But the underlying technology behind some of those processes is often a black box. Private companies, not state or local governments, develop and maintain most of the software and hardware that keep democracy chugging along. That has kept journalists, academics and even lawmakers from speaking with certainty about election security.
In an effort to improve confidence in elections, Microsoft announced Monday that it is releasing an open-source software development kit called ElectionGuard that will use encryption techniques to let voters know when their vote is counted. It will also allow election officials and third parties to verify election results to make sure there was no interference with the results.
"It's very much like the cybersecurity version of a tamper-proof bottle," said Tom Burt, Microsoft's vice president of customer security and trust, in an interview with NPR. "Tamper-proof bottles don't prevent any hack of the contents of the bottle, but it makes it makes it harder, and it definitely reveals when the tampering has occurred."
Developed with the computer science company Galois, the kit will be available free of charge for election technology vendors to incorporate into their voting systems.
(Score: 2) by c0lo on Wednesday May 08 2019, @12:49PM (7 children)
A single example does not demonstrate the impossibility of the approach.
Adjust the technology so that you can place the computation of blockchains for US elections on servers run by Russian government (and vice versa) without any of the parts being able to alter the cast vote. It is possible - start with the idea that the "notary public" that the distributed blockchain implements need only to certify the integrity of the message.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by RamiK on Wednesday May 08 2019, @08:13PM (6 children)
No no you're doing it again. You're substituting the oversight of the running parties with a third party. Instead of Democrats, Republicans and whatever representatives' oversight, you want the Russians, and fuck knows which Russians, to oversight the process for you? Look, this oversight of the physical process is possibly the only still functioning aspect of American elections. The party funds are a mess. The candidates are a joke. Everyone is lying. Gerrymandering is all over. The primaries are whatever the party functionaries decide on... And instead of trying to address all that, you go after this ridiculously low-handing fruit of a problem with a huge computer network that can be fixed with a few paper slips and envelops instead?
compiling...
(Score: 2) by c0lo on Wednesday May 08 2019, @11:33PM (5 children)
Thanks for making clear I delude myself when expecting to have an engineering discussion on S/N.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by RamiK on Thursday May 09 2019, @12:27PM (4 children)
It is an engineering discussion. It's just not the one corporations would have you talk. Using blockchain to engineer better election machines is the equivalent of "But I've used the best butter!" when your watch isn't showing the right time and you decide it must be broken so lets lube it up with the finest lubricant on hand... You incorrectly diagnose the problem. Offer the wrong solution. And then complain about the results saying it was the best solution we had.
The F35... Windows Mobile... Windows 10... Smart TVs... Honestly there's so many example of best-butter solution it's embarrassing. And while we'd like to blame management, I've personally seen plenty of engineers picking up the spreading knife and blockchain and AI happen to be some of the finest examples. Sure, they have their usages. But not here. Not now. And probably not ever.
compiling...
(Score: 2) by c0lo on Thursday May 09 2019, @01:22PM (3 children)
Mate, I'm not saying that Microsoft will offer a solution that anyone can trust.
I'm saying that computerized voting is possible with the same or higher degree of trustfulness as the pen-and-paper method.
Sure, setting it up will be a higher investment, so one will need to balance the cost/benefit when it comes to implementing it.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by RamiK on Thursday May 09 2019, @02:39PM (2 children)
Trustfulness? I thought this is an engineering discussion. Not a religious epistemology discussion. People trust authority figures. People trust symbols. People trust in Trump. Of course it's possible to achieve whichever level of trust so long as you pour enough Kool-Aid down everyone's throats while spreading plenty of pork all around. That's not the issue. The issue is that you don't need to trust paper envelops since you can empirically prove they work by attending the counting.
Can you name some of those benefits? Cause for the life of me I can't think of any but I can most certainly think, and shudder, at the costs.
Look, these machines aren't scientific equipment. They just give that impression through smoke of mirrors. They're not tested by their users. They're not calibrated against real world experiments. They're one-armed bandits. All those lights and moving parts are there to delude. And it doesn't matter how much crypto you put in there when it's just the one group of people designing and building the machines. The house operates them. The house calibrates them. The house is telling you the odds. And you know what? Strangely enough, the house always wins.
compiling...
(Score: 2) by c0lo on Thursday May 09 2019, @03:54PM (1 child)
Yes. Trust is an engineering concept.
E.g. in cryptography is the ratio between the effort/cost an attacker needs to spend to crack your encryption vs the effort/cost you incur to encrypt your information.
Not to be confused with faith.
Here's an example [google.com].
There are cases when the cost of just doing it pen-and-paper and the cost of lost opportunity (of not having a government for 2 months until manually counted and recounted if the result is contested) would justify the investment.
Besides, you are thinking in the context of "Oh, I need to vote only once every 4 years, if ever; faster more secure ballot counting doesn't worth it".
What if the cost of organizing and running a referendum becomes so low that you can get even a direct democracy, Swissland-style? (*shudders* - Americans voting 3-4 times a year on things that affects them? Oh, the horror! the horror!)
Again, speaking slower and louder: I... am... not... saying... you... need... to... trust... voting... machines... produced... by... Microsoft... or any other corporation. You got it this time?
I only say: machines one can trust are possible to build and deploy. Do you disagree?
Example - Banknotes: do you trust them? Why wouldn't be possible to have a non-for-profit non-political entity, very much on the same principle as the national bank, to take care of building and certifying such machines?
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by RamiK on Thursday May 09 2019, @06:15PM
Cryptography isn't engineering. It's an applied field of math and computer sciences. There cryptography that don't know how to code at all.
More importantly, trust (computational, cryptographic or otherwise) is most definitely not defined as such a ratio: https://en.wikipedia.org/wiki/Computational_trust#Defining_trust [wikipedia.org]
What you're describing is one of the alternative metric to security level. And they're all theoretical since there's no known way to prove the claim otherwise we would be having so many red colored entries here: https://en.wikipedia.org/wiki/Cipher_security_summary#Common_ciphers [wikipedia.org]
It doesn't cost anyone a penny to wait weeks or even months for the exact count. It's not like the world shutdowns waiting for the vote.
K. Lets ask the Swiss. https://www.swissinfo.ch/eng/politics/digital-voting_geneva-shelves-e-voting-platform-on-cost-grounds/44577490 [swissinfo.ch]
Of course I disagree. I trust no machine. I test to see if it works and assess how well it will keep working. I don't even trust my own body when running or lifting weights. I slowly accelerate or add loads. And things still get bloody. Because machines of all kinds are not to be trusted.
No. I trust the laws that govern the banks. And I trust the nation that holds guns to the heads of failed bankers. Which is why I don't accept US banknotes unless it's for a quick small transaction. Because I know if a US bank collapses no one will give me my money back.
Because the power structure doesn't match. A small (not too-big-to-fail monopoly) for-profit lives and dies by their reputation. But the nature of these machines and software is to be designed and built by monolithic conglomerates that are beyond the reach of the law and can get away with murder. Maybe in a small and functioning European nation it would be possible to put out a contract for a non patent-encumbered open-source hardware and software design and then another contract for units different companies could produce and provide... But the moment companies like Microsoft are named the whole thing died. Regardless of the specs. Regardless of who is sitting in the working groups, Microsoft will get the contract. Just like how Lockheed Martin and Colt always get their share. Because that's what the US economy is all about.
compiling...