SoylentNews is people
SoylentNews
Submitted via IRC for ErnestTBass
From checking in at a polling place on a tablet to registering to vote by smartphone to using an electronic voting machine to cast a ballot, computers have become an increasingly common part of voting in America.
But the underlying technology behind some of those processes is often a black box. Private companies, not state or local governments, develop and maintain most of the software and hardware that keep democracy chugging along. That has kept journalists, academics and even lawmakers from speaking with certainty about election security.
In an effort to improve confidence in elections, Microsoft announced Monday that it is releasing an open-source software development kit called ElectionGuard that will use encryption techniques to let voters know when their vote is counted. It will also allow election officials and third parties to verify election results to make sure there was no interference with the results.
"It's very much like the cybersecurity version of a tamper-proof bottle," said Tom Burt, Microsoft's vice president of customer security and trust, in an interview with NPR. "Tamper-proof bottles don't prevent any hack of the contents of the bottle, but it makes it makes it harder, and it definitely reveals when the tampering has occurred."
Developed with the computer science company Galois, the kit will be available free of charge for election technology vendors to incorporate into their voting systems.
(Score: 1, Interesting) by Anonymous Coward on Tuesday May 07 2019, @02:35PM (4 children)
"That is, you vote signing in with a key so the vote is associated with a key. But you have no way of telling if the counting process isn't full of fake citizens and fake keys or if they even bothered counting you."
That can be solved by block chain hashing against a non-reproducible event, turning the entire block of votes from one machine into a single unified register. But since Redmond is an NSA stooge, all that is really happening here is the manufacture of an "instant coupe de tete" machine. They'll probably claim that they are chaining against something with a shit ton of entropy, but it won't matter because it won't be verifiable locally. Which means you'll just have to trust them. (yeah, sure)
One way to do it is to arrange the voting booths around a string courtet for example. Each machine takes a constant video of the cortet, each video frame is block chained, each vote is block chained into the video frames. This would mean that you could watch the video and iterate the votes as it played. Any inserted data would show up as blown frames, and the video would fail to play. Every voter would get a reciept that could be validated against the video. The recorder could be as corrupt as it wants, as long as the PLAYER is open source and maintained by hundreds of sites. Say 100 national governments all obliged to audit eachothers repos. Of course half of them would declare the other halfs repos to be corrupt, and probably start a world war because they would rather kill us all than actually have a working voting system.
The idea is not new. Many of these concepts have been around since Johnny Nemonic.
It can be done. It just won't be done by MS. It simply isn't possible for them to keep their dick out of the government. If you want to see this happen, learn to code and kickstart it. Because it can be done. But it can only be done as FOSS.
(Score: 2) by sshelton76 on Tuesday May 07 2019, @03:18PM (1 child)
I'm at work right now so cannot give a coherent response to the above, but this thread isn't far off track.
I expect this thread will get lengthy in my absence so I'll start my own on the topic, but whoever is posting about blockchain stuff here, I have also been working on the side with a group that is working to create an international standard for evoting machines where a blockchain is one part of the solution. I like your enthusiasm, if you want to be part of the solution hit me up on github (same username), and I'll put you in touch.
Meantime, for the benefit of the group. I have a patent pending on elements involved in an evoting standard and it solves all the issues addressed in this thread as well as a bunch more you haven't even considered. Check back in a few hours, I'll start a new thread when I get out of the meeting I'm presently in. We can discuss it, I'm always interested in constructive feedback.
(Score: 0) by Anonymous Coward on Wednesday May 08 2019, @01:12PM
" I have a patent pending on elements involved"
So what your saying is I, along with the entire rest of the world, is invited to suck you dick for 20 years, because you took ideas that have been discussed online for a decade and submitted them to a beurocrat?
(Score: 2) by RamiK on Tuesday May 07 2019, @05:49PM (1 child)
Doubtful. What's stopping an existing regime's ruling party from fabricating users via this blockchained national registry and casting their votes when they're operating over 50% of the blockchain? They can just claim "foreign hackers" tried deleting votes and then what?
More poorly thought off solutions. For the 100th time, the machines themselves can't be trusted. There's nothing stopping the manufacturer from feeding all those machines the same 3D deep-faked videos at different angles. There's literally hundreds of companies currently developing this tech under different "AI" projects. We had one just the other day doing full body fabrication for fashion shows.
But lets talk about public trust, interests and how it all looks. Why rely on anything except the direct eye-witnesses from all parties for voting? What for? So people won't have to queue in-line? You have any idea how amazingly bad this is looking and sounding when the same governments that don't mind having you queue up hours at the DMV or submit IRS forms by hand suddenly decides they'll make voting efficient by hiding functional parts from the voters? Is this a direct democracy? Is one day every couple of years where people don't work is such a huge financial drain on society? Have the US run out of national holidays to cancel?
At best this is an ill conceived notion brought up by academics and software engineers that code first, ask why bother second. Realistically this is job of a couple of unscrupulous corporations trying to lemon the public out of some pork. At worst, this is a conspiracy to destroy democracy at its core.
Understand, nothing will solve this. Software... Hardware... You're putting layers between elements you already mistrust and can barely validate through interested but conflicting parties but now you also need to trust the layers and their auditors.
compiling...
(Score: 0) by Anonymous Coward on Wednesday May 08 2019, @01:06PM
"blockchained national registry and casting their votes when they're operating over 50% of the blockchain?"
bitcoin != blockchain.
Like most people you are conflating "blockchain" with "cryptocurrency". The distributed database part, while novel, is not blockchain. You can have a blockchain system on a non-networked computer. Hashblocks have been around since the 80's. It was the distributed database part, and the scarcity model that made bitcoin unique. While the term "blockchain" is often used synonymously, the actual blockchain part is only a small part of what bitcoin is. Somebody here made a really good post about this on S/N several days ago.
I'm not talking about cryptocurrency model, I'm talking about the actual hashblock. Which is trivial to implement is any programming language that has an RSA lib. Really such a voting system could have been prototyped with AVI and BASIC as early as the early 1990s. I'm not saying BASIC is a good choice, I'm saying all the parts of the model are there, have been there, for a very long time.
Voting systems have a really small amount of cryptographic entropy. It is a trivial matter to freeze votes in time. The difficult part is the nonrepudiation, validation, and auditing part. This is because those things are mathematically complex, but have to be able to be implemented in the field by a clerk, reliably. The only practical way to do that (that I can think of) is to bind the small piece of entropy, to a much larger piece of entropy that is nonrepiduable, can be validated by any idiot, and can be audited reliably after the fact. Conveiniently live video provides exactly such a source of entropy. The important part of that, is the "live" part. It has to be live and it has to be local, because multiple clerks have to be able to validate it and testify to its authenticity at the precinct.
Recording the vote is the easy part. Validating is the hard part. I believe it has been achievable for a long time. The question you should be asking yourself, is not whether it is possible given the technology available. The question is whether the technology to date in the U.S. has been universally confounded for some reason other than incompetence.
The OP is puzzling. It is a well documented fact that Redmond has been involved in the the direct influence and corruption of nation states to its own ends for decades. Personally I suspect they were responsible for (W.) stemming from the DOJ case against them that was promptly dropped as soon as he took office.
That isn't to say that what the OP suggests can't be done. It can, just not by them. And it doesn't matter whether their implementation is good. The idea that MS can build a reliable voting system is about as plausible as ISIS building a reliable voting system. Perhaps that is their intent? To use their extraordinarily bad reputation to smear the entire concept in the public consciousness, and thereby delay a valid implementation from happening?
Right? Because if you built one that was actually good now, would you not expect their million dollar libel machine to rip it to shreds in every newspaper, periodical and news website they own? I don't think there is any question than 80% of journalists nationally would be ordered to suck every dick in Redmond if it meant a reliable long term advertising contract for their employers.
The tech is just a reflection of us. If the tech fails, it isn't the tech that failed.