SoylentNews is people
SoylentNews
Submitted via IRC for ErnestTBass
From checking in at a polling place on a tablet to registering to vote by smartphone to using an electronic voting machine to cast a ballot, computers have become an increasingly common part of voting in America.
But the underlying technology behind some of those processes is often a black box. Private companies, not state or local governments, develop and maintain most of the software and hardware that keep democracy chugging along. That has kept journalists, academics and even lawmakers from speaking with certainty about election security.
In an effort to improve confidence in elections, Microsoft announced Monday that it is releasing an open-source software development kit called ElectionGuard that will use encryption techniques to let voters know when their vote is counted. It will also allow election officials and third parties to verify election results to make sure there was no interference with the results.
"It's very much like the cybersecurity version of a tamper-proof bottle," said Tom Burt, Microsoft's vice president of customer security and trust, in an interview with NPR. "Tamper-proof bottles don't prevent any hack of the contents of the bottle, but it makes it makes it harder, and it definitely reveals when the tampering has occurred."
Developed with the computer science company Galois, the kit will be available free of charge for election technology vendors to incorporate into their voting systems.
(Score: -1, Offtopic) by Anonymous Coward on Tuesday May 07 2019, @04:34PM (11 children)
Dude! You're an advertiser! Off with your head!
Somebody, please! Throw this guy a Spam mod!
(Score: 2) by sshelton76 on Tuesday May 07 2019, @04:43PM (6 children)
Huh? That's literally not my point at all.
The topic is a discussion on e-voting. It diverged into blockchain and crypto based options in a different thread.
I happen to be working on the side on a defensive patent for a system to provide high levels of integrity and said I would post a gloss here so people can see how a solid solution could be put together. If approved this would become part of a larger effort to establish a secure global standard for e-voting.
Nothing was advertised. No one is asking you to visit a website and there is no effort to endorse a product either existing nor forthcoming.
Really just soliciting feedback, especially if there are holes somewhere I hadn't considered.
(Score: -1, Troll) by Anonymous Coward on Tuesday May 07 2019, @05:01PM (5 children)
You are advertising your invention that differs from others solutions
It doesn't differ from any of the others, it is a electronic contraption that nobody needs. The only people that want this crap are the people who are selling it! You're trying to sell refrigerators to the Eskimos.
(Score: 2) by sshelton76 on Tuesday May 07 2019, @05:14PM (4 children)
You have a very strange definition of advertising. Normally the intent of advertising is to inform the public of an item for sale.
To my mind this is more like an RFC...
https://en.wikipedia.org/wiki/Request_for_Comments [wikipedia.org]
(Score: -1, Troll) by Anonymous Coward on Tuesday May 07 2019, @05:50PM (3 children)
Yes, you are trying to sell black box voting. We don't want black box voting. It simply can never be trusted unless the entire thing can be plainly understood by anybody that graduated grade school. We must get a "receipt". Paper is still the best, most secure, verifiable by humans without assistance or obfuscation. It's cheap and easy, why the resistance?
You might have a nice instant messenger or email server/client though if the encryption is that good.
(Score: 2) by sshelton76 on Tuesday May 07 2019, @06:05PM (2 children)
Ok never mind, sorry I thought you read the description I posted. Read the post all the way through. Let go of any pre-conceived assumptions about what it contains and come at it from the perspective that my intention isn't to sell you on an idea, but simply to present a way it can be done. I don't spell it out, but yes you get a receipt. Two of them actually, a unique ticket from the polling check in process required to initiate the voting process and a receipt with a transaction number when you're done. But it's not a blackbox and it is fully verifiable. Just read it first and then try to pick it apart please.
(Score: 2) by All Your Lawn Are Belong To Us on Tuesday May 07 2019, @06:09PM (1 child)
DFTT, man. ;)
This sig for rent.
(Score: 2) by sshelton76 on Tuesday May 07 2019, @06:15PM
He seemed sincere, didn't seem to be a troll. But thanks for the heads up, I'll be more cautious in the future.
(Score: 2) by All Your Lawn Are Belong To Us on Tuesday May 07 2019, @06:09PM (3 children)
Done. Oh, wait, modded him up because you're wrong.
This sig for rent.
(Score: 2) by sshelton76 on Tuesday May 07 2019, @07:15PM (2 children)
Thanks!
Any thoughts on the design though?
(Score: 2) by All Your Lawn Are Belong To Us on Tuesday May 07 2019, @07:52PM (1 child)
Interesting proposal. The three questions I have would be:
1) If the ballot is downloaded, how does the voting machine verify the signature of the correct ballot / what prevents my invading in the middle and feeding a false ballot (with, say reversed choices) to the station the voter is using? (And there isn't any reason the machine can't be preprogrammed with a table of legitimate signature hashes to recognize and crunch the ballot itself to verify it itself, just isn't quite spelled out that way).
2) Similar concern with the uploaded consumption format - is it assured that it is crunching "All Your Lawn" as the candidate, or is it encoding "He Chose Number Two on Question 7"? (Or do I get a receipt that checks out that my ballot was counted by that was corrupt by being presented with a fake ballot).
3) Any concerns with the format and write-in choices / would the reception format be flexible enough for that sort of transmission.
I have a feeling that when you were speaking of consumable formatting this would be one that would solve questions 2/3, again just isn't quite explicitly stated that way.
Otherwise, really interesting idea and very much agreed that the entirety of the system proper should be open enough that any skilled person can verify the authenticity of it. (And make it applicable to other polling/voting contexts than public elections).
This sig for rent.
(Score: 2) by sshelton76 on Tuesday May 07 2019, @08:27PM
Ohh these are great questions, thank you!
I'll try to answer them as concisely as possible, feel free to ask for more details though.
1) The machine would have a certificate installed that would contain the public key of authorized ballot issuers. So when it downloads the ballot, the ballot is just a collection of bytes and a signature. Using the public key it is possible to verify that the ballot is complete and untampered with. The gloss doesn't specify the particular encryption, but the overall patent is much longer and promulgates a process such as the one here... https://nacl.cr.yp.to/sign.html [cr.yp.to] Because the ballot creator's public key is by definition public along with the ballot itself, you could also download the ballot to an app on your phone, examine it and practice voting while standing in line at the polls. You just couldn't submit the vote until you interacted with a machine authorized by the election authority. You could try, but it would be rejected automatically since part of the security model is based on pre-authorizing specific devices which have their own unique keys.
2) In most blockchain scenarios your transaction id is a hash of the data. However for transparency purposes, this system prints a receipt that uses an encoding that looks like... machineid.timestamp.selection1.selection2... Now it is important to note, that most jurisdictions have an option for a write in candidate. In order to preserve that option the selections are free form unicode strings. If they do not match an existing option, the option is added to the blockchain counter for that selection upon receipt of the vote. Obviously we case correct, where appropriate on the client side, but it does leave a problem we have yet to address where one person might put in "Nunez" and someone else might put in "Nunnez" and someone else might put in "Nu~nez" (imagine that ~n is the spanish letter after n called en-yeah and giving the sound of "nya". Anyways because of this disparity, it is possible candidate Nunez may wish to contest the results, but at least the results are recorded even if spread out a bit. It is because of this freeform ability that we do not simply select an offset in an array.
3) See my answer to #2
The complete transaction id includes machine id, timestamp and selection choices. But that is for the voter's receipt. The machine id and timestamp will by definition be unique and the voter can then check the blockchain at that point to see their particular vote and precisely how it counted.
One other advantage of this approach is that it also accommodates locales where there are legal requirements that the ballot be in multiple languages. We have the ballot framework and options encoded in the original upload, but ballot creators can add language translation files later so long a they sign them. The language files would be available at ballothash.en and ballothash.es etc.