Submitted via IRC for ErnestTBass
From checking in at a polling place on a tablet to registering to vote by smartphone to using an electronic voting machine to cast a ballot, computers have become an increasingly common part of voting in America.
But the underlying technology behind some of those processes is often a black box. Private companies, not state or local governments, develop and maintain most of the software and hardware that keep democracy chugging along. That has kept journalists, academics and even lawmakers from speaking with certainty about election security.
In an effort to improve confidence in elections, Microsoft announced Monday that it is releasing an open-source software development kit called ElectionGuard that will use encryption techniques to let voters know when their vote is counted. It will also allow election officials and third parties to verify election results to make sure there was no interference with the results.
"It's very much like the cybersecurity version of a tamper-proof bottle," said Tom Burt, Microsoft's vice president of customer security and trust, in an interview with NPR. "Tamper-proof bottles don't prevent any hack of the contents of the bottle, but it makes it makes it harder, and it definitely reveals when the tampering has occurred."
Developed with the computer science company Galois, the kit will be available free of charge for election technology vendors to incorporate into their voting systems.
Related Stories
Bruce Schneier, along with Ryan Shandler and Anthony J. DeMattee, has published a a blog post on the role that confidence has in elections and, specifically, the role that electronic voting systems have had in undermining that trust.
This technological leap has made voting more accessible and efficient, and sometimes more secure. But these new systems are also more complex. And that complexity plays into the hands of those looking to undermine democracy.
In recent years, authoritarian regimes have refined a chillingly effective strategy to chip away at Americans’ faith in democracy by relentlessly sowing doubt about the tools U.S. states use to conduct elections. It’s a sustained campaign to fracture civic faith and make Americans believe that democracy is rigged, especially when their side loses.
Previously:
(2022) A Scientist's Quest for an Accessible, Unhackable Voting Machine
(2020) U.S. Offers Reward of $10M for Info Leading to Discovery of Election Meddling
(2020) HBO's 'Kill Chain' Documentary Highlights Flaws in US Election Machines
(2019) Researchers Assembled Over 100 Voting Machines. Hackers Broke Into Every Single One.
(2019) DARPA's $10 Million Voting Machine Couldn't be Hacked at DefCon (for the Wrong Reasons)
(2019) Top Voting Machine Maker Reverses Position on Election Security, Promises Paper Ballots
(2019) Amid Worries About Election Security, Microsoft Unveils Voting Machine Software
(2018) I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming
(2018) Def Con 26 Voting Village Sees an 11-Year-Old Crack a Voting Machine
and many more ...
(Score: 5, Insightful) by canopic jug on Tuesday May 07 2019, @12:56PM (26 children)
Blackboxes are inappropriate in voting infrastructure. That applies to both the voting software as well as the underlying framework and the operating system. The machines need to fully disclose how they operate and be fully transparent in their operation. These M$ systems are thus inherently undemocratic. M$ is just trying to gum up the works for yet another election cycle and prevent the US from living up to open and fair elections.
However, all that debate about the software is just a red herring. Computers, especially M$ computers, have not place in open and fair elections. Hand-counted paper ballots are the hardest to corrupt and, as shown in other countries, does scale. By pursuing electronic voting of any stripe, they are ensuring that the US will not be ready for the 2020 election [media.ccc.de]. These "voting" machines keep gettign shredded at the DEF CON Voting Village each year, without improvement in sight [cnet.com]. About the only good news in the last 20 years on the topic is that a number of Secretaries of State are now aware [cyberscoop.com] of the problem.
Money is not free speech. Elections should not be auctions.
(Score: 1, Disagree) by c0lo on Tuesday May 07 2019, @01:23PM (24 children)
They are called end-to-end auditable voting systems [wikipedia.org]
All the systems in this category will guarantee
Supplementary, the (open source) SDK mentioned in TFA seems to guarantee that no voter can demonstrate to a third party what vote s/he cast.
What those system don't guarantee: ballot stuffing. But neither paper ballot can guarantee that.
One on top of the other, no worse than paper-only ballot.
Funny how this reminds me of 200+ electoral staff dead by exhaustion [soylentnews.org]
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 5, Insightful) by RamiK on Tuesday May 07 2019, @01:40PM (15 children)
That's idiotic. Even if the interface is reporting your own vote correctly via this and that supposedly anonymous key-pair crypto, there's nothing guaranteeing it's being tallied for the final results or that there aren't fake votes.
That is, you vote signing in with a key so the vote is associated with a key. But you have no way of telling if the counting process isn't full of fake citizens and fake keys or if they even bothered counting you.
Physical paper slips. In Envelopes. Put in the box. With observers from all interested parties throughout the process. That's the only somewhat guaranteed way to do things. All this computing is just ways to obscure the process and let in fake votes.
compiling...
(Score: 1, Interesting) by Anonymous Coward on Tuesday May 07 2019, @02:35PM (4 children)
"That is, you vote signing in with a key so the vote is associated with a key. But you have no way of telling if the counting process isn't full of fake citizens and fake keys or if they even bothered counting you."
That can be solved by block chain hashing against a non-reproducible event, turning the entire block of votes from one machine into a single unified register. But since Redmond is an NSA stooge, all that is really happening here is the manufacture of an "instant coupe de tete" machine. They'll probably claim that they are chaining against something with a shit ton of entropy, but it won't matter because it won't be verifiable locally. Which means you'll just have to trust them. (yeah, sure)
One way to do it is to arrange the voting booths around a string courtet for example. Each machine takes a constant video of the cortet, each video frame is block chained, each vote is block chained into the video frames. This would mean that you could watch the video and iterate the votes as it played. Any inserted data would show up as blown frames, and the video would fail to play. Every voter would get a reciept that could be validated against the video. The recorder could be as corrupt as it wants, as long as the PLAYER is open source and maintained by hundreds of sites. Say 100 national governments all obliged to audit eachothers repos. Of course half of them would declare the other halfs repos to be corrupt, and probably start a world war because they would rather kill us all than actually have a working voting system.
The idea is not new. Many of these concepts have been around since Johnny Nemonic.
It can be done. It just won't be done by MS. It simply isn't possible for them to keep their dick out of the government. If you want to see this happen, learn to code and kickstart it. Because it can be done. But it can only be done as FOSS.
(Score: 2) by sshelton76 on Tuesday May 07 2019, @03:18PM (1 child)
I'm at work right now so cannot give a coherent response to the above, but this thread isn't far off track.
I expect this thread will get lengthy in my absence so I'll start my own on the topic, but whoever is posting about blockchain stuff here, I have also been working on the side with a group that is working to create an international standard for evoting machines where a blockchain is one part of the solution. I like your enthusiasm, if you want to be part of the solution hit me up on github (same username), and I'll put you in touch.
Meantime, for the benefit of the group. I have a patent pending on elements involved in an evoting standard and it solves all the issues addressed in this thread as well as a bunch more you haven't even considered. Check back in a few hours, I'll start a new thread when I get out of the meeting I'm presently in. We can discuss it, I'm always interested in constructive feedback.
(Score: 0) by Anonymous Coward on Wednesday May 08 2019, @01:12PM
" I have a patent pending on elements involved"
So what your saying is I, along with the entire rest of the world, is invited to suck you dick for 20 years, because you took ideas that have been discussed online for a decade and submitted them to a beurocrat?
(Score: 2) by RamiK on Tuesday May 07 2019, @05:49PM (1 child)
Doubtful. What's stopping an existing regime's ruling party from fabricating users via this blockchained national registry and casting their votes when they're operating over 50% of the blockchain? They can just claim "foreign hackers" tried deleting votes and then what?
More poorly thought off solutions. For the 100th time, the machines themselves can't be trusted. There's nothing stopping the manufacturer from feeding all those machines the same 3D deep-faked videos at different angles. There's literally hundreds of companies currently developing this tech under different "AI" projects. We had one just the other day doing full body fabrication for fashion shows.
But lets talk about public trust, interests and how it all looks. Why rely on anything except the direct eye-witnesses from all parties for voting? What for? So people won't have to queue in-line? You have any idea how amazingly bad this is looking and sounding when the same governments that don't mind having you queue up hours at the DMV or submit IRS forms by hand suddenly decides they'll make voting efficient by hiding functional parts from the voters? Is this a direct democracy? Is one day every couple of years where people don't work is such a huge financial drain on society? Have the US run out of national holidays to cancel?
At best this is an ill conceived notion brought up by academics and software engineers that code first, ask why bother second. Realistically this is job of a couple of unscrupulous corporations trying to lemon the public out of some pork. At worst, this is a conspiracy to destroy democracy at its core.
Understand, nothing will solve this. Software... Hardware... You're putting layers between elements you already mistrust and can barely validate through interested but conflicting parties but now you also need to trust the layers and their auditors.
compiling...
(Score: 0) by Anonymous Coward on Wednesday May 08 2019, @01:06PM
"blockchained national registry and casting their votes when they're operating over 50% of the blockchain?"
bitcoin != blockchain.
Like most people you are conflating "blockchain" with "cryptocurrency". The distributed database part, while novel, is not blockchain. You can have a blockchain system on a non-networked computer. Hashblocks have been around since the 80's. It was the distributed database part, and the scarcity model that made bitcoin unique. While the term "blockchain" is often used synonymously, the actual blockchain part is only a small part of what bitcoin is. Somebody here made a really good post about this on S/N several days ago.
I'm not talking about cryptocurrency model, I'm talking about the actual hashblock. Which is trivial to implement is any programming language that has an RSA lib. Really such a voting system could have been prototyped with AVI and BASIC as early as the early 1990s. I'm not saying BASIC is a good choice, I'm saying all the parts of the model are there, have been there, for a very long time.
Voting systems have a really small amount of cryptographic entropy. It is a trivial matter to freeze votes in time. The difficult part is the nonrepudiation, validation, and auditing part. This is because those things are mathematically complex, but have to be able to be implemented in the field by a clerk, reliably. The only practical way to do that (that I can think of) is to bind the small piece of entropy, to a much larger piece of entropy that is nonrepiduable, can be validated by any idiot, and can be audited reliably after the fact. Conveiniently live video provides exactly such a source of entropy. The important part of that, is the "live" part. It has to be live and it has to be local, because multiple clerks have to be able to validate it and testify to its authenticity at the precinct.
Recording the vote is the easy part. Validating is the hard part. I believe it has been achievable for a long time. The question you should be asking yourself, is not whether it is possible given the technology available. The question is whether the technology to date in the U.S. has been universally confounded for some reason other than incompetence.
The OP is puzzling. It is a well documented fact that Redmond has been involved in the the direct influence and corruption of nation states to its own ends for decades. Personally I suspect they were responsible for (W.) stemming from the DOJ case against them that was promptly dropped as soon as he took office.
That isn't to say that what the OP suggests can't be done. It can, just not by them. And it doesn't matter whether their implementation is good. The idea that MS can build a reliable voting system is about as plausible as ISIS building a reliable voting system. Perhaps that is their intent? To use their extraordinarily bad reputation to smear the entire concept in the public consciousness, and thereby delay a valid implementation from happening?
Right? Because if you built one that was actually good now, would you not expect their million dollar libel machine to rip it to shreds in every newspaper, periodical and news website they own? I don't think there is any question than 80% of journalists nationally would be ordered to suck every dick in Redmond if it meant a reliable long term advertising contract for their employers.
The tech is just a reflection of us. If the tech fails, it isn't the tech that failed.
(Score: 2) by c0lo on Tuesday May 07 2019, @10:44PM (9 children)
That's idiotic. It's like saying the cryptocurrency thingy can't work.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by RamiK on Wednesday May 08 2019, @09:57AM (8 children)
Cryptocurrency works as long as it's distributed between different parties sufficiently under the majority ownership problem. Each and every one of the proposed voting via blockchain schemes I've seen involves the government or some select group of "trusted" parties issuing and holding majority.
https://www.investopedia.com/terms/1/51-attack.asp [investopedia.com]
Here's another example why non of this high-tech nonsense can work: Imagine a dna scanner at every booth validating the person's identity. Perfect, right? Wrong. The people operating the machines... The people building the machines... The people writing the database holding the identities... The people inserting new entries into the database... The people owning the servers... The people owning the buildings that host the servers... What you did is move the trust from the party observers watching those envelops going in and counted out, to a cabal of invisible interest holders. And that's with a perfect identity per person mechanism. So what exactly having all that cryptography suppose to do? Make it more convoluted for most of the parties to agree on splitting the base saying the guys that don't agree were "hacked"?
compiling...
(Score: 2) by c0lo on Wednesday May 08 2019, @12:49PM (7 children)
A single example does not demonstrate the impossibility of the approach.
Adjust the technology so that you can place the computation of blockchains for US elections on servers run by Russian government (and vice versa) without any of the parts being able to alter the cast vote. It is possible - start with the idea that the "notary public" that the distributed blockchain implements need only to certify the integrity of the message.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by RamiK on Wednesday May 08 2019, @08:13PM (6 children)
No no you're doing it again. You're substituting the oversight of the running parties with a third party. Instead of Democrats, Republicans and whatever representatives' oversight, you want the Russians, and fuck knows which Russians, to oversight the process for you? Look, this oversight of the physical process is possibly the only still functioning aspect of American elections. The party funds are a mess. The candidates are a joke. Everyone is lying. Gerrymandering is all over. The primaries are whatever the party functionaries decide on... And instead of trying to address all that, you go after this ridiculously low-handing fruit of a problem with a huge computer network that can be fixed with a few paper slips and envelops instead?
compiling...
(Score: 2) by c0lo on Wednesday May 08 2019, @11:33PM (5 children)
Thanks for making clear I delude myself when expecting to have an engineering discussion on S/N.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by RamiK on Thursday May 09 2019, @12:27PM (4 children)
It is an engineering discussion. It's just not the one corporations would have you talk. Using blockchain to engineer better election machines is the equivalent of "But I've used the best butter!" when your watch isn't showing the right time and you decide it must be broken so lets lube it up with the finest lubricant on hand... You incorrectly diagnose the problem. Offer the wrong solution. And then complain about the results saying it was the best solution we had.
The F35... Windows Mobile... Windows 10... Smart TVs... Honestly there's so many example of best-butter solution it's embarrassing. And while we'd like to blame management, I've personally seen plenty of engineers picking up the spreading knife and blockchain and AI happen to be some of the finest examples. Sure, they have their usages. But not here. Not now. And probably not ever.
compiling...
(Score: 2) by c0lo on Thursday May 09 2019, @01:22PM (3 children)
Mate, I'm not saying that Microsoft will offer a solution that anyone can trust.
I'm saying that computerized voting is possible with the same or higher degree of trustfulness as the pen-and-paper method.
Sure, setting it up will be a higher investment, so one will need to balance the cost/benefit when it comes to implementing it.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by RamiK on Thursday May 09 2019, @02:39PM (2 children)
Trustfulness? I thought this is an engineering discussion. Not a religious epistemology discussion. People trust authority figures. People trust symbols. People trust in Trump. Of course it's possible to achieve whichever level of trust so long as you pour enough Kool-Aid down everyone's throats while spreading plenty of pork all around. That's not the issue. The issue is that you don't need to trust paper envelops since you can empirically prove they work by attending the counting.
Can you name some of those benefits? Cause for the life of me I can't think of any but I can most certainly think, and shudder, at the costs.
Look, these machines aren't scientific equipment. They just give that impression through smoke of mirrors. They're not tested by their users. They're not calibrated against real world experiments. They're one-armed bandits. All those lights and moving parts are there to delude. And it doesn't matter how much crypto you put in there when it's just the one group of people designing and building the machines. The house operates them. The house calibrates them. The house is telling you the odds. And you know what? Strangely enough, the house always wins.
compiling...
(Score: 2) by c0lo on Thursday May 09 2019, @03:54PM (1 child)
Yes. Trust is an engineering concept.
E.g. in cryptography is the ratio between the effort/cost an attacker needs to spend to crack your encryption vs the effort/cost you incur to encrypt your information.
Not to be confused with faith.
Here's an example [google.com].
There are cases when the cost of just doing it pen-and-paper and the cost of lost opportunity (of not having a government for 2 months until manually counted and recounted if the result is contested) would justify the investment.
Besides, you are thinking in the context of "Oh, I need to vote only once every 4 years, if ever; faster more secure ballot counting doesn't worth it".
What if the cost of organizing and running a referendum becomes so low that you can get even a direct democracy, Swissland-style? (*shudders* - Americans voting 3-4 times a year on things that affects them? Oh, the horror! the horror!)
Again, speaking slower and louder: I... am... not... saying... you... need... to... trust... voting... machines... produced... by... Microsoft... or any other corporation. You got it this time?
I only say: machines one can trust are possible to build and deploy. Do you disagree?
Example - Banknotes: do you trust them? Why wouldn't be possible to have a non-for-profit non-political entity, very much on the same principle as the national bank, to take care of building and certifying such machines?
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by RamiK on Thursday May 09 2019, @06:15PM
Cryptography isn't engineering. It's an applied field of math and computer sciences. There cryptography that don't know how to code at all.
More importantly, trust (computational, cryptographic or otherwise) is most definitely not defined as such a ratio: https://en.wikipedia.org/wiki/Computational_trust#Defining_trust [wikipedia.org]
What you're describing is one of the alternative metric to security level. And they're all theoretical since there's no known way to prove the claim otherwise we would be having so many red colored entries here: https://en.wikipedia.org/wiki/Cipher_security_summary#Common_ciphers [wikipedia.org]
It doesn't cost anyone a penny to wait weeks or even months for the exact count. It's not like the world shutdowns waiting for the vote.
K. Lets ask the Swiss. https://www.swissinfo.ch/eng/politics/digital-voting_geneva-shelves-e-voting-platform-on-cost-grounds/44577490 [swissinfo.ch]
Of course I disagree. I trust no machine. I test to see if it works and assess how well it will keep working. I don't even trust my own body when running or lifting weights. I slowly accelerate or add loads. And things still get bloody. Because machines of all kinds are not to be trusted.
No. I trust the laws that govern the banks. And I trust the nation that holds guns to the heads of failed bankers. Which is why I don't accept US banknotes unless it's for a quick small transaction. Because I know if a US bank collapses no one will give me my money back.
Because the power structure doesn't match. A small (not too-big-to-fail monopoly) for-profit lives and dies by their reputation. But the nature of these machines and software is to be designed and built by monolithic conglomerates that are beyond the reach of the law and can get away with murder. Maybe in a small and functioning European nation it would be possible to put out a contract for a non patent-encumbered open-source hardware and software design and then another contract for units different companies could produce and provide... But the moment companies like Microsoft are named the whole thing died. Regardless of the specs. Regardless of who is sitting in the working groups, Microsoft will get the contract. Just like how Lockheed Martin and Colt always get their share. Because that's what the US economy is all about.
compiling...
(Score: 1, Disagree) by fustakrakich on Tuesday May 07 2019, @04:31PM (7 children)
Sorry, man, it's black box mysticism. The entire chain needs to be human readable, without electricity. Anything more complicated than a bunch of eyeballs just can't work for this.
La politica e i criminali sono la stessa cosa..
(Score: 2) by c0lo on Tuesday May 07 2019, @10:39PM (6 children)
Have to disagree with it. The fact that you don't understand it and consider it mysticism doesn't make it 'blakq magic:.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 1) by fustakrakich on Tuesday May 07 2019, @10:51PM (5 children)
You asking us to have faith in the machine. *That I cannot do* Paper still requires the least amount of faith, at the least cost and the least effort. The machine is cool, but not without the matching printout, with permanent ink :-)
La politica e i criminali sono la stessa cosa..
(Score: 2) by c0lo on Tuesday May 07 2019, @11:32PM (4 children)
Not (blind) faith, but (reserved) trust.
The same trust (and not faith) you have when using your car.
You trust that the physics of the combustion and the thermodynamics is sound, you trust that the engineers designed the engine so that it doesn't kill you, you trust your mechanic has done the service correctly, you trust that the road are good enough for the model of your car all the way to your destination, you trust yourself to be able to react properly to driving conditions. And yet there's still a risk that you may die during driving and you accept that risk because it's small enough.
Some reflections on trust, security and society from Bruce Schneier [schneier.com]. Nothing magic or religious in nature.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 1) by fustakrakich on Tuesday May 07 2019, @11:40PM (3 children)
but (reserved) trust.
That's what the paper is for. What exactly is the problem?
La politica e i criminali sono la stessa cosa..
(Score: 2) by c0lo on Wednesday May 08 2019, @12:27AM (2 children)
Neither paper is foolproof. The effort of counting (nearly 300 died counting votes [qz.com]) and the error rate is higher for paper.
I'll grant you that an electronic system:
Should the society remain at the level of buggies because the rate of car accidents is higher for cars?
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 1) by fustakrakich on Wednesday May 08 2019, @02:17AM (1 child)
That's a horrible analogy. Computers do not offer significant improvements over paper, only expedience. That's not always a good thing.
You can have your computers, but give us paper or forget it. I don't know why you insist. It's a silly argument. Trust isn't a good thing either. Trust is an adversarial relationship. You "trust" your enemies. If you have to trust your friends, they are not your friends. The best thing for an election is minimal trust and maximal verification. Paper is still best for that. The computer can assist.
La politica e i criminali sono la stessa cosa..
(Score: 2) by c0lo on Wednesday May 08 2019, @08:31AM
You have a very peculiar definition of trust.
I'm done with it.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by DeathMonkey on Tuesday May 07 2019, @05:51PM
The system MS is designing is specifically NOT a black bock.
Now, we may not necessarily trust them as a vendor, but I think you're jumping to a conclusion.
(Score: 4, Informative) by Oakenshield on Tuesday May 07 2019, @01:18PM (5 children)
The big push for electronic voting machines is a ridiculous solution in search of a problem. If not for the "hanging chad" controversy in Bush v Gore we would still be using dirt simple, unhackable technology. I do not understand why we cannot all use simple optical scanner machines (Scantron) if you absolutely need instantaneous reporting when the polls close. Otherwise, use a plain paper ballot. They seem to work just as intended for absentee ballots. At least in my state, the Diebold machines do print a paper trail in a secured compartment with a window you can view.
(Score: 4, Informative) by c0lo on Tuesday May 07 2019, @01:27PM (2 children)
"For every complex problem there is an answer that is clear, simple, and wrong"
H. L. Mencken
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Tuesday May 07 2019, @06:07PM (1 child)
Error: The problem is not complex. Vote. Count. Report. None of these stages absolutely require electronic anything for the actual grunt-work (and yes, they do for the setup, but that's a "so what" and sorry for making a Straw Man but I fear someone else will). They are being made more complex by the powers that want money spent and retention in office. That's all.
(Completely ironic given, "The Russians are coming, the Russians are coming!" our best response is to introduce further complexities into the system.)
(Score: 2) by c0lo on Tuesday May 07 2019, @10:36PM
You sure your vote is counted? Maybe somebody just discarded it or used it as toilet paper.
Make sure your vote is not changed? Maybe somebody just ticked your vote for another candidate.
How you make sure the above doesn't happen? Complexity in real world, with multiple meatbags executing 'algorithms' and checks, instead of software.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Tuesday May 07 2019, @06:03PM (1 child)
They don't make as much progress for the economy. And that's not entirely sarcasm. There are many, many systems in the world which are "good enough" if you take away the profit motive. But the second you do that you risk taking away the forward progress which any economy absolutely must have lest the entire system collapse.
(Score: 2) by Oakenshield on Tuesday May 07 2019, @07:55PM
Forward "progress" is not necessarily improvement, particularly in the tech world. I give you 3D televisions, foldable phones, and the Metro/Modern interface as examples.
(Score: 1, Insightful) by Anonymous Coward on Tuesday May 07 2019, @01:30PM (2 children)
When you click the EULA to vote, you agree to let Microsoft send non-personally identifiable information to selected third party partners for analysis and to allow for the adjustment of this data if deemed to have been made under the influence of non-trusted political parties.
(Score: 4, Funny) by Anonymous Coward on Tuesday May 07 2019, @01:32PM (1 child)
Clippy: "I see you're trying to vote Green which is a waste of a vote. Would you like me to change your vote to Democratic?"
(Score: 2, Insightful) by Anonymous Coward on Tuesday May 07 2019, @03:48PM
And since this is Microsoft we are talking about, closing the dialog will be treated the same as pressing the 'OK' button.
(Score: 2) by Alfred on Tuesday May 07 2019, @01:34PM (4 children)
At least they don't mention blockchain.
(Score: 0) by Anonymous Coward on Tuesday May 07 2019, @02:02PM (1 child)
Votes For Sure
(Score: 3, Interesting) by Gaaark on Tuesday May 07 2019, @03:55PM
And the only way to vote is with your Zune!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. I have always been here. ---Gaaark 2.0 --
(Score: 2) by c0lo on Tuesday May 07 2019, @10:49PM (1 child)
If they write it against DontNET Core (open source itself), it can run on Linux.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Wednesday May 08 2019, @01:46AM
> If they write it against DontNET Core (open source itself), it can run on Linux.
Wrong. DontNet is only Open Core. The crucial parts don't run on anything else except specific versions of Windows..
If the whole stack ends up being open source, only then will I give it consideration. Until then, it looks like Microsoft is still up to its old tricks.
(Score: 4, Interesting) by DannyB on Tuesday May 07 2019, @02:18PM (3 children)
If your voting system does not produce a paper ballot, human readable, which is then scanned by machine: YOU'RE DOING IT WRONG.
Paper ballots are a permanent record. Not remotely hackable. Recountable. Tangible. Easy to see, touch and handle by humans watching and guarding the integrity of the voting area.
Even if you have a DIEBOLD system, even if it is running Visual Basic on Win XP and internet connected, if it prints a clear paper ballot, then it is obvious when there is a problem.
Any optical scan counting system should read the ballot in the same way a human reads it. No hidden machine readable codes, etc.
AND EXTRA CREDIT: Have a backup system where preprinted paper ballots are available that can be marked by pen/pencil -- and scanned. That way even if all the technology goes down, voting can continue. Votes can be seen, counted, and later scanned and counted by automation. Include that in your design.
The server will be down for replacement of vacuum tubes, belts, worn parts and lubrication of gears and bearings.
(Score: 0) by Anonymous Coward on Tuesday May 07 2019, @02:37PM (2 children)
Don't forget a portable open source scanner to randomly spot check the the results of the commercial systems. Can't be too careful.
(Score: 3, Interesting) by DannyB on Tuesday May 07 2019, @02:58PM
Open Source is not mutually exclusive with Commercial. This spot check system you speak of would be commercial, even if open source and auditable.
The entire system should be open source. But it will still be purchased by local governments from commercial vendors.
I maintain that a permanent paper human readable recountable record is a powerful protection against tampering with the systems. The technology is simply a tool to make it faster and easier to produce that paper record.
The server will be down for replacement of vacuum tubes, belts, worn parts and lubrication of gears and bearings.
(Score: 0) by Anonymous Coward on Tuesday May 07 2019, @04:24PM
yeah, pls stop using "commercial" when you mean "proprietary". it sounds like enemy propaganda.
(Score: 3, Interesting) by sshelton76 on Tuesday May 07 2019, @04:21PM (12 children)
There is another thread on this where they started discussing what an open voting solution would look like.
The topic diverged to blockchain and crypto.
Below is the crux of a defensive-patent I've been working on in an effort to create an open global standard for electronic voting.
Looking forward to constructive commentary and presently looking for my flame proof undies.
Elements of infrastructure for electronic ballot submission and security
Herein is described a method and apparatus to provide the highest levels of security and anonymity for electronic voting systems.
Current e-voting systems are blackboxes that have a track record of being compromised and this situation is unacceptable. A return to paper ballots is not a good option because it would be a return to all the problems that the evoting systems were designed to alleviate. It is clear a novel approach is warranted, one which takes a security first perspective.
Our invention differs from others solutions in that it has end to end verifiability and yet there is no way for any individual vote to be traced back to any individual voter unless the voter themselves initiates the process.
In this system, the process begins with the agency tasked with ballot creation. The ballot creators build an electronic ballot as per normal using a front end tool which translates the ballot to an electronic format which is both human and machine readable such as JSON.
This ballot is then electronically signed and submitted to a special purpose blockchain network where it serves the same purpose that an electronic smart contract would serve, that is to say it tracks counters for each candidate or option on the ballot and maintains counters and timestamps for each option in each element of the race. It is a unique message receiver on the blockchain.
Prior to poll opening, the polling station is supplied with paper tickets that have been pre-printed. These paper tickets contain a randomly generated assymmetric keypair meaning they have both a private key and a corresponding public key. These must be absolutely unique and they are one time use only.
Once polls open, voters check in as per normal and draw a single paper ticket at random from the supply on hand, then proceed to a voting booth.
If the polling location has multiple ballots, they should also supply the voter with a code to select the correct ballot for their precinct, this can be as simple as a card containing a mathematical hash of the ballot that can be scanned at the machine.
As the voter arrives at the booth, they input the public key either through a keyboard or by scanning the ticket if the voting machine is so equipped.
The voting machine checks that the public key is provisioned / generated for that location and has not yet been used.
The voting machine downloads the ballot if necessary and then proceeds to present the user with options present on the ballot.
The voter inputs their choices and completes the voting process as per normal.
The voter is presented a confirmation screen of their choices as they are to be recorded.
Once the voter is satisfied, they scan the private key element of their ticket.
The voting machine verifies that the private and public key match. It then encodes the user's choices into a format consumable by the blockchain. The machine uses the voter's private key to sign the encoded vote data, then it counter-signs the encoded and signed data with it's own unique key, thereby providing proof that this machine was the one used to cast that vote.
The machine submits the counter-signed, witnessed vote to the other machines in the local network, who also sign and witness. A unique transaction id is calculated from a hash of the combination of the unsigned bytes and the current timestamp. This transaction id is presented to the voter with the option to print a paper copy for their own personal records.
At this point the voter can check online at any third party verifier using either their public key, or the transaction id to verify that their vote has been counted. If it was not counted then the voter can raise an exception with the poll manager and flag the machine in question. If the jurisdiction permits it, the transaction id can be considered a "spoiled" ballot, if it either was not counted or was counted incorrectly, and this should allow a provisional ballot to be cast by the voter through whatever means are considered the norm in that jurisdiction, including but not limited to a second chance to vote or a petition for review by the court.
If after the polls close, if the voter is later concerned about the status of their vote, they can check with one or more independent third party verifiers to ensure their vote really did count.
Because each vote must be signed by the unique key of the machine indicating where it was cast and because machines are expected to be tracked from the warehouse to the individual polling location and back again, if a machine is tampered with it becomes quite easy to see and flag by anyone working to validate the blockchain. This becomes even more easy to verify if individual machines are assigned / reserved at voter check in with a secondary timestamping process.
(Score: -1, Offtopic) by Anonymous Coward on Tuesday May 07 2019, @04:34PM (11 children)
Dude! You're an advertiser! Off with your head!
Somebody, please! Throw this guy a Spam mod!
(Score: 2) by sshelton76 on Tuesday May 07 2019, @04:43PM (6 children)
Huh? That's literally not my point at all.
The topic is a discussion on e-voting. It diverged into blockchain and crypto based options in a different thread.
I happen to be working on the side on a defensive patent for a system to provide high levels of integrity and said I would post a gloss here so people can see how a solid solution could be put together. If approved this would become part of a larger effort to establish a secure global standard for e-voting.
Nothing was advertised. No one is asking you to visit a website and there is no effort to endorse a product either existing nor forthcoming.
Really just soliciting feedback, especially if there are holes somewhere I hadn't considered.
(Score: -1, Troll) by Anonymous Coward on Tuesday May 07 2019, @05:01PM (5 children)
You are advertising your invention that differs from others solutions
It doesn't differ from any of the others, it is a electronic contraption that nobody needs. The only people that want this crap are the people who are selling it! You're trying to sell refrigerators to the Eskimos.
(Score: 2) by sshelton76 on Tuesday May 07 2019, @05:14PM (4 children)
You have a very strange definition of advertising. Normally the intent of advertising is to inform the public of an item for sale.
To my mind this is more like an RFC...
https://en.wikipedia.org/wiki/Request_for_Comments [wikipedia.org]
(Score: -1, Troll) by Anonymous Coward on Tuesday May 07 2019, @05:50PM (3 children)
Yes, you are trying to sell black box voting. We don't want black box voting. It simply can never be trusted unless the entire thing can be plainly understood by anybody that graduated grade school. We must get a "receipt". Paper is still the best, most secure, verifiable by humans without assistance or obfuscation. It's cheap and easy, why the resistance?
You might have a nice instant messenger or email server/client though if the encryption is that good.
(Score: 2) by sshelton76 on Tuesday May 07 2019, @06:05PM (2 children)
Ok never mind, sorry I thought you read the description I posted. Read the post all the way through. Let go of any pre-conceived assumptions about what it contains and come at it from the perspective that my intention isn't to sell you on an idea, but simply to present a way it can be done. I don't spell it out, but yes you get a receipt. Two of them actually, a unique ticket from the polling check in process required to initiate the voting process and a receipt with a transaction number when you're done. But it's not a blackbox and it is fully verifiable. Just read it first and then try to pick it apart please.
(Score: 2) by All Your Lawn Are Belong To Us on Tuesday May 07 2019, @06:09PM (1 child)
DFTT, man. ;)
This sig for rent.
(Score: 2) by sshelton76 on Tuesday May 07 2019, @06:15PM
He seemed sincere, didn't seem to be a troll. But thanks for the heads up, I'll be more cautious in the future.
(Score: 2) by All Your Lawn Are Belong To Us on Tuesday May 07 2019, @06:09PM (3 children)
Done. Oh, wait, modded him up because you're wrong.
This sig for rent.
(Score: 2) by sshelton76 on Tuesday May 07 2019, @07:15PM (2 children)
Thanks!
Any thoughts on the design though?
(Score: 2) by All Your Lawn Are Belong To Us on Tuesday May 07 2019, @07:52PM (1 child)
Interesting proposal. The three questions I have would be:
1) If the ballot is downloaded, how does the voting machine verify the signature of the correct ballot / what prevents my invading in the middle and feeding a false ballot (with, say reversed choices) to the station the voter is using? (And there isn't any reason the machine can't be preprogrammed with a table of legitimate signature hashes to recognize and crunch the ballot itself to verify it itself, just isn't quite spelled out that way).
2) Similar concern with the uploaded consumption format - is it assured that it is crunching "All Your Lawn" as the candidate, or is it encoding "He Chose Number Two on Question 7"? (Or do I get a receipt that checks out that my ballot was counted by that was corrupt by being presented with a fake ballot).
3) Any concerns with the format and write-in choices / would the reception format be flexible enough for that sort of transmission.
I have a feeling that when you were speaking of consumable formatting this would be one that would solve questions 2/3, again just isn't quite explicitly stated that way.
Otherwise, really interesting idea and very much agreed that the entirety of the system proper should be open enough that any skilled person can verify the authenticity of it. (And make it applicable to other polling/voting contexts than public elections).
This sig for rent.
(Score: 2) by sshelton76 on Tuesday May 07 2019, @08:27PM
Ohh these are great questions, thank you!
I'll try to answer them as concisely as possible, feel free to ask for more details though.
1) The machine would have a certificate installed that would contain the public key of authorized ballot issuers. So when it downloads the ballot, the ballot is just a collection of bytes and a signature. Using the public key it is possible to verify that the ballot is complete and untampered with. The gloss doesn't specify the particular encryption, but the overall patent is much longer and promulgates a process such as the one here... https://nacl.cr.yp.to/sign.html [cr.yp.to] Because the ballot creator's public key is by definition public along with the ballot itself, you could also download the ballot to an app on your phone, examine it and practice voting while standing in line at the polls. You just couldn't submit the vote until you interacted with a machine authorized by the election authority. You could try, but it would be rejected automatically since part of the security model is based on pre-authorizing specific devices which have their own unique keys.
2) In most blockchain scenarios your transaction id is a hash of the data. However for transparency purposes, this system prints a receipt that uses an encoding that looks like... machineid.timestamp.selection1.selection2... Now it is important to note, that most jurisdictions have an option for a write in candidate. In order to preserve that option the selections are free form unicode strings. If they do not match an existing option, the option is added to the blockchain counter for that selection upon receipt of the vote. Obviously we case correct, where appropriate on the client side, but it does leave a problem we have yet to address where one person might put in "Nunez" and someone else might put in "Nunnez" and someone else might put in "Nu~nez" (imagine that ~n is the spanish letter after n called en-yeah and giving the sound of "nya". Anyways because of this disparity, it is possible candidate Nunez may wish to contest the results, but at least the results are recorded even if spread out a bit. It is because of this freeform ability that we do not simply select an offset in an array.
3) See my answer to #2
The complete transaction id includes machine id, timestamp and selection choices. But that is for the voter's receipt. The machine id and timestamp will by definition be unique and the voter can then check the blockchain at that point to see their particular vote and precisely how it counted.
One other advantage of this approach is that it also accommodates locales where there are legal requirements that the ballot be in multiple languages. We have the ballot framework and options encoded in the original upload, but ballot creators can add language translation files later so long a they sign them. The language files would be available at ballothash.en and ballothash.es etc.
(Score: 1) by fustakrakich on Tuesday May 07 2019, @04:24PM (15 children)
We have to demand paper ballots. Everything else is bullshit featherbedding. I am amazed there is an argument over this.
La politica e i criminali sono la stessa cosa..
(Score: 2) by sshelton76 on Tuesday May 07 2019, @04:27PM (14 children)
Pen and paper can be easily faked. Ever heard of ballot stuffing?
(Score: 1) by fustakrakich on Tuesday May 07 2019, @04:36PM (13 children)
Yeah, but it's easy to catch. Can't do that with your black box! We don't need that snake oil!
La politica e i criminali sono la stessa cosa..
(Score: 2) by sshelton76 on Tuesday May 07 2019, @04:47PM (12 children)
Umm if you say so...
https://www.npr.org/2018/12/08/674543576/voting-by-mail-is-on-the-rise-but-could-alleged-n-c-election-fraud-change-that [npr.org]
https://www.cnn.com/2019/04/12/asia/indonesia-malaysia-ballot-investigation-intl/index.html [cnn.com]
Unless of course they are destroyed, amirite?
https://www.sun-sentinel.com/local/broward/fl-sb-broward-elections-supervisor-broke-law-snipes-canova-20180514-story.html [sun-sentinel.com]
There are better solutions than pen and paper. But they do need to be implemented securely.
(Score: 1) by fustakrakich on Tuesday May 07 2019, @05:21PM (11 children)
Electronic machinery will not make it any better if corrupt people are working the machine. Best to stick with paper that we can all verify without a magic wand. I ain't buyin', and I hope everybody sees through the bullshit also. We have no need... okay, maybe as a secondary backup (in case of the convenient warehouse fire) and rapid tallies for the tabloids, I'll give you that. But nothing should be official until the paper ballots are counted, in front of real human beings.
La politica e i criminali sono la stessa cosa..
(Score: 4, Interesting) by sshelton76 on Tuesday May 07 2019, @05:58PM (10 children)
What if I told you that about 1 out of 20 times I get incorrect change from cashiers and this supports an overall conclusion that humans get fatigued easily and generally suck at counting?
What if there were a simple way to ensure an individual vote had been counted correctly without the chance of any corruption or human counting error?
What if I told you it can be proven that every vote was properly cast by an individual authorized to vote.
What if I told you there was a way for each and every individual to see that their own vote was properly counted at every stage, while still allowing the individual voter to stay anonymous to the rest of the world?
What if I told you there was a way that you as a voter could prove that not only were you one of ten thousand people who voted for your candidate that day, but that your vote was the 6699th vote for that candidate overall, you were the 1234th vote for that candidate from your district, your vote was the 90th for that candidate at that polling location and the 17th vote for that candidate from that particular booth. All that and literally no one but you can see it unless you authorize them to.
What if I told you that if the individual polling results don't reflect what you expected that you could "spoil" your own ballot and get it "uncounted" then ensure it was recast correctly?
This is all possible with properly constructed evoting and none of it is possible with simple pen and paper.
Meanwhile, pen and paper supporters seem to forget that individual vote counters are humans, they fatigue easily and if they are involved in counting it is not typically out of a simple sense of civic pride, but out of fear that someone other than their favorite candidate or party may win.
This is why the political parties usually have each party double or triple check eachother and this is slow and leads to conflicts of opinion about what that pen and paper ballot actually said. The extra handling also leads to additional spoilage in many cases.
Look man, I just want you to understand where I'm coming from on this. Why I'm so involved. Each election cycle since 2004 I have served at the polls as a supervisor. I setup machines, dealt with spoilt ballots and ensured ballot security as well as dealing with voters, the humble, this pissed off and the confused.
I do this because since my time in the military I really do give a damn about the integrity of our elections and I know that starts at home. Pen and paper ballots are not a good solution. They might stop a casual hacker, but casual hackers aren't the threat here. Entrenched political influence is the real threat. Pen and paper leads to entirely too much fraud real or perceived.
I also work in IT security, especially INFOSEC and cryptography. I see the nexus here of my work as a poll supervisor and my work in INFOSEC. I'm not saying I have all the answers, but I have worked for years and put significant thought into these problems. Pen and paper are not the solution. Closed black boxes are also not the solution. The solution must be open and it must be end to end verifiable. It might seem like magic, but that's why documenting the shit out of what happens under the hood and most importantly documenting how to verify what is supposed to happen under the hood actually happened and what to do if that doesn't happen, is the key to ensuring election integrity.
(Score: 0) by Anonymous Coward on Tuesday May 07 2019, @06:51PM (2 children)
> Entrenched political influence is the real threat.
Lawrence Lessig outlines the severity of just that problem [youtube.com], but stops short of pointing to any full solutions. His move against the current methods of campaign financing back in 2016 came close. His new tack is to try to get the candidates to mention it before the primaries. Again, while he does not have a solution he does describe why it is overdue to address the problem.
(Score: 2) by sshelton76 on Tuesday May 07 2019, @07:17PM (1 child)
Well my solution is to never vote incumbent. But with only 2 political parties and not a whole lot of real difference between them, it does feel like throwing my vote away. This is one reason I keep working every election cycle as a supervisor. I can put down at least some of the shenanigans. Since I don't care about any party nor any candidate, I at least get to feel impartial.
(Score: 1) by fustakrakich on Tuesday May 07 2019, @10:35PM
But with only 2 political parties
Really? Only two candidates for each office?
In which city/state is that, if I may ask?
La politica e i criminali sono la stessa cosa..
(Score: 2, Interesting) by fustakrakich on Tuesday May 07 2019, @08:07PM (6 children)
Ok, you understand the black box better than most. but that's my point, voting needs to be verifiable by unskilled labor to be trustworthy. I'm fine with using both electronic and paper, complimentary is okay, but paper must always be in the equation. Without it, all the electronics is nothing but magic, even the open stuff. It can never be as transparent as chicken scratch on papyrus.
Entrenched political influence is the real threat.
Who is more able to meddle with the machines, totally unseen? Paper has to be physically moved and destroyed, that's much easier to detect, with a simple infrared camera and a recorder. The risk of getting caught is much higher with paper.
For me it's too simple, gotta show papers. I can't prove my vote is counted any other way. It's not too much to ask. All the objections only make me suspicious.
La politica e i criminali sono la stessa cosa..
(Score: 2) by sshelton76 on Tuesday May 07 2019, @08:32PM (1 child)
Well read my example in the posting above this and give me some feedback please.
(Score: 1) by fustakrakich on Tuesday May 07 2019, @10:18PM
Well, I thought I did. The computers are welcome, but only along with the paper. Even the best technical explanations are going to fall on deaf ears for those who don't understand computers. It's all mysticism. And I'm still not convinced of their integrity either. Too many interested players making the machine and writing the code. And there's a lot of pasta on the walls. Best if we keep it simple for all our benefits.
La politica e i criminali sono la stessa cosa..
(Score: 2) by c0lo on Tuesday May 07 2019, @10:55PM (3 children)
Is, wow, somebody changed his mind on S/N. We are doomed, the end of world is near.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 1) by fustakrakich on Tuesday May 07 2019, @11:27PM (2 children)
What change? I still want a paper printout. And that is what has to be counted to make the results official.
La politica e i criminali sono la stessa cosa..
(Score: 3, Funny) by c0lo on Tuesday May 07 2019, @11:35PM (1 child)
You no longer require that the pen and paper is the only way to go and you accept that the pen can be a technological implement as complex as a computer.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 1) by fustakrakich on Tuesday May 07 2019, @11:42PM
OMG! That's hilarious! Most excellent!
La politica e i criminali sono la stessa cosa..
(Score: 0, Disagree) by Anonymous Coward on Tuesday May 07 2019, @11:11PM
Paper / app to computer.
User marks on paper or uses an app to vote. This is submitted or scanned by the electronic vote system.
Electronic with paper backup.
Vote electronically. Voter gets a very small printout with a code chaining their ID and vote. This can be entered into a website with basic details, last name and post code, to confirm that the vote is on the system.
This vote into a machine and walk away is just mind boggling. It's one database query away from vote rigging.