Smart Voting

GreeBo

Capt'n Midnight wrote: »

For evoting would you use a web page or an app ?
If a web page then you are exposed to browser vulnerabilities.
If an app then you need Android, IOS, Windows and various versions and lots of attach surface.

Personally I'd probably use an app, but you can make secure webpages too.

And phishing is a thing too, and fake apps.

Indeed, but they are but I dont see how they are relevant.
A fake app isnt going to be able to add a vote to the blockchain, so would be useless.
What would they phish? The app/page is up for the duration of the vote.

Lets pretend for a minute that evoting from a phone isn't a really bad idea.

How very generous of you, care to explain why or you just going to throw that out there?

It's trivial to take someone's identity.
https://www.bbc.com/news/business-46047714

Thanks to megapixel cameras and selfies lots of fingerprints have been downloaded off the net. So fingerprints aren't a guarantee either.

Again, I dont disagree, but you are still missing the point I have made over and over again. If someone, somehow steals your vote, you know about it and can do something about it. Unlike today where you wouldnt even know.

GreeBo

For Forks Sake wrote: »

Capt'n Midnight wrote: »

You have to be sure you don't pick an address of someone else they are coercing .

You think they are going to track the address of everyone?

In reality if there are 15 candidates then there are 1,307,674,368,000 different ways to vote. Good look finding a matching address.

So in your first point I have to worry about a collisions but in your second point a collision is highly unlikely? That seems convenient?

The number of addresses is pretty much irrelevant, I'm not looking for a specific address, I'm looking for a specific value at any address, of which there are only 15 in your example. So I need to find 15 addresses that have the 15 values Im looking for. If its that or a bullet in the head, I'll probably spend the 30 mins to find the addresses.

AndrewJRenko

GreeBo wrote: »

You think they are going to track the address of everyone?

Someone is tracking the address of everyone. Someone, or some system, has the list of people and addresses. That is a fatal flaw in your proposal, as it ties the person to their vote.

xckjoo

GreeBo wrote: »

Personally I'd probably use an app, but you can make secure webpages too.

Ok. Lets just focus on the app idea for a second, but it's equally as applicable to webpages. We'll even ignore the glaring risk of being forced to cast the vote in front of the coercer.

So you open the app and login in some way. First it needs to ensure that you are who you say you are. Lets keep things simple and say it's a biometric identification such as fingerprint. So you login and cast your vote. Now you need to be able to verify that vote was cast in the way you want it (for the right person or whatever). So either it 1) shows you the vote when you login or 2) gives you a key that you can then input into a website that'll pull up the vote. Is there a third I'm missing? With either of those approaches your vote is now intrinsically tied to your identity, which is a problem.

Now lets think about if you're being forced to vote in a certain way by bad men. Maybe they're threatening your family. Maybe they're just threatening you if you're not too worried about your family. If you don't give them your key as proof, they're going to do bad man stuff to you and yours. Do you think they'd just be happy with you telling them what the key is or scribbling it down on paper? They'd want to see it in original form. Either 1) you logging back into the app and showing them, or 2) you showing them the key as it was given to you in its original form. Even if it's just displayed onscreen after you cast the vote, they can insist you keep the app open on the screen until they see it. Even a screenshot would be enough. Don't provide it in its original form and it's bye-bye mammy and daddy Geebo. Now how do you fake it? And that's if you ignore all the glaring issues to get you that far.





Is the issue here that you don't think being coerced into voting is really a problem that needs to be considered?

AndrewJRenko

xckjoo wrote: »

Is the issue here that you don't think being coerced into voting is really a problem that needs to be considered?

I've heard the claim that coercion voting and vote selling isn't a problem in Ireland so we don't need to worry about preventing it.


That's a bit like saying that polio isn't a problem so we don't need to worry about vaccinating against it.


The reason why we don't have a problem with coercion voting and vote selling is because the current system with the individual polling booth prevents it.

GreeBo

xckjoo wrote: »

Ok. Lets just focus on the app idea for a second, but it's equally as applicable to webpages. We'll even ignore the glaring risk of being forced to cast the vote in front of the coercer.

So you open the app and login in some way. First it needs to ensure that you are who you say you are. Lets keep things simple and say it's a biometric identification such as fingerprint. So you login and cast your vote. Now you need to be able to verify that vote was cast in the way you want it (for the right person or whatever). So either it 1) shows you the vote when you login or 2) gives you a key that you can then input into a website that'll pull up the vote. Is there a third I'm missing? With either of those approaches your vote is now intrinsically tied to your identity, which is a problem.

So why do you *have* to be able to verify it?
If your whole issue is that you could, lets say you couldn't do it once you log/time out.
Does that address your issue?

If you happen to remember your address you can go view it and confirm it, if you dont you can't.

Now lets think about if you're being forced to vote in a certain way by bad men. Maybe they're threatening your family. Maybe they're just threatening you if you're not too worried about your family. If you don't give them your key as proof, they're going to do bad man stuff to you and yours. Do you think they'd just be happy with you telling them what the key is or scribbling it down on paper? They'd want to see it in original form. Either 1) you logging back into the app and showing them, or 2) you showing them the key as it was given to you in its original form. Even if it's just displayed onscreen after you cast the vote, they can insist you keep the app open on the screen until they see it. Even a screenshot would be enough. Don't provide it in its original form and it's bye-bye mammy and daddy Geebo. Now how do you fake it? And that's if you ignore all the glaring issues to get you that far.

So lets say your address is never shown to you and you cant verify after the act of voting completes.
You login, are assigned a random address and cast your vote. Your vote is added to the blockchain and is there forever more, but you cant verify it after your vote completes.

See below for the main point on this.

Is the issue here that you don't think being coerced into voting is really a problem that needs to be considered?

I guess the issue is that I dont see a marginal difference in the issues being faced today.
Someone can force me to take a photo of my ballot paper and its bye-bye mammy and daddy if I dont. How do I fake that?
Why is it suddenly different when its smart voting?

Saying "oh but the law says you cant take a photo" is nonsense. How about the law says you cant take a screenshot of your electronic vote too. Problem solved?

I'd argue that you could have as much influence on a vote today as you could with "smart voting", based on the issues you point out above.
e.g. how many votes can you change if you have to be standing in front of someone while they vote?
Its fewer than if you just force a number of people to record their completed ballot paper.

xckjoo

GreeBo wrote: »

So why do you *have* to be able to verify it?
If your whole issue is that you could, lets say you couldn't do it once you log/time out.
Does that address your issue?

If you happen to remember your address you can go view it and confirm it, if you dont you can't.

.....
But that's one of the main features you were touting as being an advantage in this system! And without it the system is completely un-auditable no? Off the top of my head I can't think of any way you'd be able to verify that there's no shady dealings going on. The outcome could literally have been preset and we'd have no way of knowing.

GreeBo wrote: »

So lets say your address is never shown to you and you cant verify after the act of voting completes.
You login, are assigned a random address and cast your vote. Your vote is added to the blockchain and is there forever more, but you cant verify it after your vote completes.

See below for the main point on this.


I guess the issue is that I dont see a marginal difference in the issues being faced today.
Someone can force me to take a photo of my ballot paper and its bye-bye mammy and daddy if I dont. How do I fake that?
Why is it suddenly different when its smart voting?

Saying "oh but the law says you cant take a photo" is nonsense. How about the law says you cant take a screenshot of your electronic vote too. Problem solved?

I'd argue that you could have as much influence on a vote today as you could with "smart voting", based on the issues you point out above.
e.g. how many votes can you change if you have to be standing in front of someone while they vote?
Its fewer than if you just force a number of people to record their completed ballot paper.

I know you don't understand the difference but it has been explained to you repeatedly and you don't seem to have made any attempt to understand it. Were they all in Andrews posts? I'm not going near explaining the current system to you again as it seems to be a waste of time. I'm starting to feel like I'm arguing colour with a blind person.

Try this angle. Take your argument about the current security as a given. But your system offers no improvement over it. But now you're in the digital domain instead of the analog and everything is faster and more efficient, including the corruption of it. If a huge chunk of the country is in the polling booth (never personally encountered a curtained booth or even separate room) is taking photos of their ballots, someone somewhere is going to flag it. Not if they're doing it from their phones though. Do you think all those people employed at the polling station are just there to smile and hand out paper?

GreeBo

xckjoo wrote: »

.....
But that's one of the main features you were touting as being an advantage in this system! And without it the system is completely un-auditable no? Off the top of my head I can't think of any way you'd be able to verify that there's no shady dealings going on. The outcome could literally have been preset and we'd have no way of knowing.

Well you would have a verification of your vote as it was cast and then it would be gone. No worse than watching your ballot disappear into a box?

I know you don't understand the difference but it has been explained to you repeatedly and you don't seem to have made any attempt to understand it.

No one is explaining it, they just keep telling me its different and I keep saying its not.

Were they all in Andrews posts? I'm not going near explaining the current system to you again as it seems to be a waste of time. I'm starting to feel like I'm arguing colour with a blind person.

I dont need you to current system to me, I need you to explain how the vulnerability you keep telling me is in "my system" isnt in the current one. I've explained numerous times how it is and given examples and the only reply is "oh thats against the law".We are talking about vote fixing, if "the law" is enough to stop it then we dont have a problem in either system.

Try this angle. Take your argument about the current security as a given. But your system offers no improvement over it. But now you're in the digital domain instead of the analog and everything is faster and more efficient, including the corruption of it.

You are ignoring the fact that with the blockchain system the votes cannot be changed once they are confirmed? Thats the main benefit that I would see.
How is the corruption faster and more efficient exactly?

If I threw out such a generic point as that I would like correctly lambasted for it. You are now basically saying "ah sure you can hack anything on a computer" which is a very ignorant, uninformed thing to say, which I dont believe you are.

If a huge chunk of the country is in the polling booth (never personally encountered a curtained booth or even separate room) is taking photos of their ballots, someone somewhere is going to flag it. Not if they're doing it from their phones though. Do you think all those people employed at the polling station are just there to smile and hand out paper?

Well they certainly arent there to confirm voters identities as I've never been asked, but despite another poster bringing that up, you just bypass that issue.
Why is that?

dulpit

GreeBo wrote: »

Well they certainly arent there to confirm voters identities as I've never been asked, but despite another poster bringing that up, you just bypass that issue.
Why is that?

They are, they're supposed to check about 1 in 5 (my mother was a presiding officer for years).

Two things you haven't answered that I can see:
1) The initial providing of details to the populace (address/whatever) - how is this generated, how is it sent?
2) If a flaw was found and targeted in the overall system (blockchain option) - then you can target that one area and the whole system is vulnerable. This is not replicated with the current process, where it strikes me as next to impossible to target the whole election...

AndrewJRenko

GreeBo wrote: »

So why do you *have* to be able to verify it?
If your whole issue is that you could, lets say you couldn't do it once you log/time out.
Does that address your issue?

If you happen to remember your address you can go view it and confirm it, if you dont you can't.

If you can't verify it, how do you know that the vote that you cast is the vote that was saved in the system. If you can verify it (by saving your original address, for example), you can sell your vote or be coerced to vote.

GreeBo wrote: »

I guess the issue is that I dont see a marginal difference in the issues being faced today.
Someone can force me to take a photo of my ballot paper and its bye-bye mammy and daddy if I dont. How do I fake that?
Why is it suddenly different when its smart voting?

Because IF someone did force you to take a photo of your paper vote, you could take a photo, and then change your vote with a bit of scribbling or rubbing out before putting it into the ballot box. It would not be a reliable method of coercion, unlike your proposed system.

GreeBo wrote: »

Saying "oh but the law says you cant take a photo" is nonsense. How about the law says you cant take a screenshot of your electronic vote too. Problem solved?

It's not so much the matter of the law. It is the that the photo is not a reliable record of the final vote that goes into the ballot box, so it would be an unreliable method of coercion.

GreeBo wrote: »

I'd argue that you could have as much influence on a vote today as you could with "smart voting", based on the issues you point out above.
e.g. how many votes can you change if you have to be standing in front of someone while they vote?
Its fewer than if you just force a number of people to record their completed ballot paper.

You can argue what you like, but there is no credible, realistic method to hack any significant number of votes in the current system.


With an electronic system, if the vote can be verified, then it can be sold or coerced. If it can't be verified, we have no way of knowing that the vote cast was the vote recorded.

GreeBo wrote: »

Well you would have a verification of your vote as it was cast and then it would be gone. No worse than watching your ballot disappear into a box?

It is an awful lot worse. The controls around the ballot box are visible, physical, easily understandable to a wide audience. There has never been an incident of significant vote hacking in Ireland.


The controls around a digital ballot box are invisible, ephemeral and depend on people following instructions. The digital vote is ephemeral, and can change without any record or audit.

GreeBo wrote: »

I dont need you to current system to me, I need you to explain how the vulnerability you keep telling me is in "my system" isnt in the current one. I've explained numerous times how it is and given examples and the only reply is "oh thats against the law".We are talking about vote fixing, if "the law" is enough to stop it then we dont have a problem in either system.

There is no method of changing large numbers of votes at the touch of a button in the current paper system.


There are many methods of changing large numbers of votes at the touch of a button in a digital system.

GreeBo wrote: »

You are ignoring the fact that with the blockchain system the votes cannot be changed once they are confirmed? Thats the main benefit that I would see.
How is the corruption faster and more efficient exactly?

How do we know that the vote cast is the vote confirmed? How do we know that the blockchain used to record the votes is the blockchain used to count the votes?



If the vote can't be verified, it can be changed. If the vote can be verified, it can be sold or coerced.

GreeBo wrote: »

If I threw out such a generic point as that I would like correctly lambasted for it. You are now basically saying "ah sure you can hack anything on a computer" which is a very ignorant, uninformed thing to say, which I dont believe you are.

It's not about whether you can hack a vote stored in a blockchain.


It's about how the voter knows that the vote cast IS the vote stored in the blockchain. If you can't verify it, the voter can't have confidence. If you can verify it, you can sell it.

xckjoo

GreeBo wrote: »

Well you would have a verification of your vote as it was cast and then it would be gone. No worse than watching your ballot disappear into a box?

Because there's checks and balances in place in a physical medium that isn't in the digital. I've listed a few before. Others have listed more. Do some reading maybe? Have you done any outside research beyond this thread?

GreeBo wrote: »

No one is explaining it, they just keep telling me its different and I keep saying its not.

I dont need you to current system to me, I need you to explain how the vulnerability you keep telling me is in "my system" isnt in the current one. I've explained numerous times how it is and given examples and the only reply is "oh thats against the law".We are talking about vote fixing, if "the law" is enough to stop it then we dont have a problem in either system.

How do you not see that that statement is a completely contradictory? As I said above, it has been explained, but you either don't accept it or comprehend it. I'm not a civics teacher.
And please show me where I gave the law as a barrier to vote fixing.

GreeBo wrote: »

You are ignoring the fact that with the blockchain system the votes cannot be changed once they are confirmed? Thats the main benefit that I would see.

I'm not ignoring it it's just not an argument. I understand that the blockchain cannot be retroactively changed. But I also hold that true of the current system. You seem to be under the impression that anything can go in the ballot box and anything can come out and there's no checks and balances. There is. Look into because I can't babystep you through it anymore.

GreeBo wrote: »

How is the corruption faster and more efficient exactly?
If I threw out such a generic point as that I would like correctly lambasted for it. You are now basically saying "ah sure you can hack anything on a computer" which is a very ignorant, uninformed thing to say, which I dont believe you are.

I hate to burst your bubble, but everything can be hacked with enough time and effort. Have a look at some cyber security related sites. It might not be the algorithm itself that's broken, but the system supply-chain or just social engineering to gain root access to systems. Doesn't even have to be hacked. Could be DDoSed to a halt. I'm not sure what it would mean to a country if the voting system failed on the day of the election. Or what happens if people claim they tried to vote but the network was down. Are you being denied your constitutional right to vote if you can't access the server(s)?

GreeBo wrote: »

Well they certainly arent there to confirm voters identities as I've never been asked, but despite another poster bringing that up, you just bypass that issue.
Why is that?

Because I was addressing different points..... Come on guy. You're better than that. Are you so out of ideas you need to try the old "but you didn't mention this one other specific point out of millions so you must be afraid of it" line? Weak sauce

On that note, I think we should all have to show ID when voting. I usually shove mine in their face. I never said the current system is perfect, but that doesn't mean we throw it away for one with more potential issues.



Edit: AndrewJRenko posted this retort to taking a photo of your ballot that I had forgotten about. Reposting as I assume you're still blocking him:

Because IF someone did force you to take a photo of your paper vote, you could take a photo, and then change your vote with a bit of scribbling or rubbing out before putting it into the ballot box. It would not be a reliable method of coercion, unlike your proposed system.

It's not so much the matter of the law. It is the that the photo is not a reliable record of the final vote that goes into the ballot box, so it would be an unreliable method of coercion.

GreeBo

dulpit wrote: »

They are, they're supposed to check about 1 in 5 (my mother was a presiding officer for years).

"supposed to".
That's one of the benefits I stated earlier, removing humans from the chain.
I've *never* been asked and Im sure if we took a poll on here I wouldnt be alone.
Checking 1 in 5 doesnt really seem that useful, 80% of your votes could be fraudulent!

Two things you haven't answered that I can see:
1) The initial providing of details to the populace (address/whatever) - how is this generated, how is it sent?

This is probably the most difficult bit to solve, but I think there are things you could do.

If you register your the device you are planning on using ahead of time and then once voting opens the details are pushed to you.
The device could be registered yearly or whatever using the same method as you register to vote today. If you change your device then you register another one, a bit like moving address.

You unlock your device using (say) biometrics and if the voting is open then you get an address pushed to you, otherwise you get nothing.
This would be susceptible to someone being with you when you vote, but I'm not sure the numbers here would be any worse than the 4 in 5 you could have above, or you could have with someone forcing you to vote a certain way and record your ballot paper.

As for them being generated, if you know the number you need (which would be the number of registered voters) then you can generate them in advance and randomly give them out.

2) If a flaw was found and targeted in the overall system (blockchain option) - then you can target that one area and the whole system is vulnerable. This is not replicated with the current process, where it strikes me as next to impossible to target the whole election...

I'm not sure I'm following, but are you saying that if a vulnerability was found in the blockchain implementation then then entire vote would be compromised? If so I guess that's a thought experiment until there is an issue discovered with blockchain (which to my knowledge hasn't happened yet)?

GreeBo

xckjoo wrote: »

Because there's checks and balances in place in a physical medium that isn't in the digital. I've listed a few before. Others have listed more. Do some reading maybe? Have you done any outside research beyond this thread?

Research my thought experiment that I came up with randomly a couple of days ago? Not extensively, no.

Sorry, but why cant you have checks in balances in a digital medium?
If you wanted to, you could audit every single aspect of the vote, but that would link voters to votes, so you might not want to.

How do you not see that that statement is a completely contradictory? As I said above, it has been explained, but you either don't accept it or comprehend it. I'm not a civics teacher.

Because its not. You cant say "your system wont work because of X" if the current system has the same X flaw, otherwise you are saying the current system doesn't work.

And please show me where I gave the law as a barrier to vote fixing.

I didnt say you said that, actually.
"I've explained numerous times how it is and given examples and the only reply is "oh thats against the law""

I'm not ignoring it it's just not an argument. I understand that the blockchain cannot be retroactively changed. But I also hold that true of the current system. You seem to be under the impression that anything can go in the ballot box and anything can come out and there's no checks and balances. There is. Look into because I can't babystep you through it anymore.

You mean other than the 4 out of 5 people who could be impersonating someone else?
It doesnt just have to be manipulated after the vote, if the "wrong" vote is cast then the current system doesnt do squat to fix that.

I hate to burst your bubble, but everything can be hacked with enough time and effort. Have a look at some cyber security related sites. It might not be the algorithm itself that's broken, but the system supply-chain or just social engineering to gain root access to systems. Doesn't even have to be hacked. Could be DDoSed to a halt. I'm not sure what it would mean to a country if the voting system failed on the day of the election. Or what happens if people claim they tried to vote but the network was down. Are you being denied your constitutional right to vote if you can't access the server(s)?

Thanks, but my bubble is intact.
Its very hard to hack a network that is only up for under a day, I mentioned that already.
What social engineering can be used to hack a network that doesn't exist for 364 days a year?

If you couldn't access the network you could always go to a voting centre and vote.

With paper votes what happens if a bunch of them get destroyed, say in a vehicle crash, does that render the result of the vote invalid?

Because I was addressing different points..... Come on guy. You're better than that. Are you so out of ideas you need to try the old "but you didn't mention this one other specific point out of millions so you must be afraid of it" line? Weak sauce

Do I look like I'm out of ideas?!:rolleyes:
"this one specific point" thats a pretty massive gap in the current system yet Im being beaten to death by much smaller points?

On that note, I think we should all have to show ID when voting. I usually shove mine in their face. I never said the current system is perfect, but that doesn't mean we throw it away for one with more potential issues.

But does it have *more* issues? I think that's what we are discussing, I think there are benefits to a newer approach and I guess others do too, which is why its being used in some jurisdictions and there are a number of companies pursuing it.

Edit: AndrewJRenko posted this retort to taking a photo of your ballot that I had forgotten about. Reposting as I assume you're still blocking him:

Indeed I am.
You would probably have spoiled your vote if you start editing it. You would have to request another ballot.

AndrewJRenko

GreeBo wrote: »

"supposed to".
That's one of the benefits I stated earlier, removing humans from the chain.
I've *never* been asked and Im sure if we took a poll on here I wouldnt be alone.
Checking 1 in 5 doesnt really seem that useful, 80% of your votes could be fraudulent!

There is no intrinsic benefit from 'removing humans'. Yes, 1 in 5 has limited value, so they balance the need to validate with the speed of processing, to avoid queues building up that are common in other countries. They would also get a pretty good read from the 1 in 5 check as to the importance of these checks. My understanding from speaking to returning officers is that they get no problems in this area, apart from a tiny number of people who have been removed from the register unexpectedly. Usually, this is because the person validating the register who called to the door was given false or misleading information.



But this really a separate issue to eVoting.

GreeBo wrote: »

This is probably the most difficult bit to solve, but I think there are things you could do.

If you register your the device you are planning on using ahead of time and then once voting opens the details are pushed to you.
The device could be registered yearly or whatever using the same method as you register to vote today. If you change your device then you register another one, a bit like moving address.

You unlock your device using (say) biometrics and if the voting is open then you get an address pushed to you, otherwise you get nothing.
This would be susceptible to someone being with you when you vote, but I'm not sure the numbers here would be any worse than the 4 in 5 you could have above, or you could have with someone forcing you to vote a certain way and record your ballot paper.

Suggesting that four out of five people are not entitled to vote is absolutely ridiculous.



But back to your own suggestion. There are some obvious fatal flaws here.


Linking the vote to a particular device is very, very dangerous. First of all, anyone who loses their device or finds their device broken between the registration stage and voting loses their vote. That is completely unacceptable.


Relying on device biometrics is extremely dangerous. Many people don't use biometrics, so forcing them to give biometric information to a 3rd party like Google (for Android) or Apple (for IOS) would be completely unacceptable for many people. It would probably be a breach of GDPR consent requirements.


It would also put the security of the election in the hands of these technology companies. Companies like Google or Facebook could make a pretty good stab at what way you're going to vote, based on the information available to them. It wouldn't be a huge leap for some of these companies to directly intervene - they could, for example, generate a software flaw to kick in on selected devices on voting day, thus wiping out the ability of a segment of voters to vote.


And it still enables vote selling and vote coercion.

GreeBo wrote: »

As for them being generated, if you know the number you need (which would be the number of registered voters) then you can generate them in advance and randomly give them out.

Though the software that 'randomly' gives them out (and computers are NOT very good at being random) would have knowledge of who got what address. What happens to this essential information? How do we know that no record is kept of this information, which breaches the secret ballot on a national level?

GreeBo wrote: »

I'm not sure I'm following, but are you saying that if a vulnerability was found in the blockchain implementation then then entire vote would be compromised? If so I guess that's a thought experiment until there is an issue discovered with blockchain (which to my knowledge hasn't happened yet)?

It's not a question of the vulnerability of the blockchain. It is a question of the vulnerability of the software that writes the blockchain.

dulpit

GreeBo wrote: »

Checking 1 in 5 doesnt really seem that useful, 80% of your votes could be fraudulent!

If they were fraudulent, how would it work? Each person who comes in needs their name scratched off, and it's done in front of you. What if they are being dodgy and scratch off the wrong name, and then that person comes up later in the day?

GreeBo wrote: »

I'm not sure I'm following, but are you saying that if a vulnerability was found in the blockchain implementation then then entire vote would be compromised? If so I guess that's a thought experiment until there is an issue discovered with blockchain (which to my knowledge hasn't happened yet)?

What I'm saying is that if a issue was discovered it could allow the whole vote to be compromised. With the current system of voting, you have pointed out that a flaw is that only 20% of voters are supposed to be checked - how could you use this to exploit the entire vote? You can't really, you might be able to target a specific polling station maybe...


As far as I am concerned the only legitimate issues with the current system are to do with the length of time to sort and count votes. Everything else is as secure as you can make it.

GreeBo

dulpit wrote: »

If they were fraudulent, how would it work? Each person who comes in needs their name scratched off, and it's done in front of you. What if they are being dodgy and scratch off the wrong name, and then that person comes up later in the day?

I'm not saying the person behind the disk is fraudulent, its the person in front of the desk that is. I can come in 5 times throughout the day and pretend to be 5 different people, presenting at 5 different desks. I can say nothing and just hand over my ballot card, if they challenge me for ID I can just play dumb and explain that I must have picked up my father/mother/uncles card by accident. Whatever excuse and then give them my real one.
80% chance I get away with it based on the 1:5 check rate.

But you raise a good point. What If Im behind the desk and Im scratching names off on a piece of paper I printed out myself, what If Im scratching off gibberish and I have the real sheet somewhere else. Does that render the result invalid?

What I'm saying is that if a issue was discovered it could allow the whole vote to be compromised. With the current system of voting, you have pointed out that a flaw is that only 20% of voters are supposed to be checked - how could you use this to exploit the entire vote? You can't really, you might be able to target a specific polling station maybe...

Well you are talking about enough people to compromise blockchain or the network or coerce a large number of people into voting. Why cant this same number of people do the steps I outlined above in multiple polling stations?

As far as I am concerned the only legitimate issues with the current system are to do with the length of time to sort and count votes. Everything else is as secure as you can make it.

Its as secure as you can make it with the current process. I think there could be ways to make it more secure by using technology.
As others have pointed out, many facets of society now use technology to secure things that were "secured" by people and processes before. Things change as technology becomes available.

I think the length of time take to sort and count votes and the fact that only certain people have access to these votes is an issue.

GreeBo

AndrewJRenko wrote: »

T
It would also put the security of the election in the hands of these technology companies. Companies like Google or Facebook could make a pretty good stab at what way you're going to vote, based on the information available to them. It wouldn't be a huge leap for some of these companies to directly intervene - they could, for example, generate a software flaw to kick in on selected devices on voting day, thus wiping out the ability of a segment of voters to vote.

BTW In case anyone is wondering why I have this user on ignore, the above should clear it up.

AndrewJRenko

GreeBo wrote: »

Sorry, but why cant you have checks in balances in a digital medium?
If you wanted to, you could audit every single aspect of the vote, but that would link voters to votes, so you might not want to.

This is the nub of the issue - the conflict between ability to audit the results and protect the anonymity of the voter. It just doesn't work in a digital environment.

GreeBo wrote: »

You mean other than the 4 out of 5 people who could be impersonating someone else?
It doesnt just have to be manipulated after the vote, if the "wrong" vote is cast then the current system doesnt do squat to fix that.

The fact that 1 out of 5 voters is checked for identity does NOT mean that 4 out of 5 could be impersonating. Again, it seems that your ignorance of the current system is showing through.


For the remaining 4 out of 5, most of them will have a polling card, though this is not a mandatory requirement. If I were to get to the polling station early and attempt to impersonate you, this would be shown up when you get to the polling station later with all your ID and your polling card to cast your legitimate vote. This is one of many controls built into the current system.

GreeBo wrote: »

Its very hard to hack a network that is only up for under a day, I mentioned that already.
What social engineering can be used to hack a network that doesn't exist for 364 days a year?

How difficult is it really? How difficult is it to engineer a DDoS attack on the voting network for just 24 hours? Will it be possible to pull together the response to an attack on voting day?

GreeBo wrote: »

If you couldn't access the network you could always go to a voting centre and vote.

THis is yet another can of worms that you've opened. If you're going to allow both paper and electronic voting, how do you stop someone voting twice? You would need each polling station to have online access to the register to see who has already voted.



Schools, GAA clubs, community halls - some with limited broadband connections, and some with no connection - all needing immediate online access to allow voting to proceed.


Another huge expense and significant human resources required to make it happen.

GreeBo wrote: »

With paper votes what happens if a bunch of them get destroyed, say in a vehicle crash, does that render the result of the vote invalid?

I'm really glad you asked that question, as the best politicians say. It provides a great opportunity to demonstrate the superior error-detection of the paper system over a digital system.


First, it is very unlikely that this would happen. How often does a vehicle crash destroy the vehicle contents? It has never happened in living memory. With more and more electrical vehicles, the risk is reducing over time.


But it is a theoretical possibility. The big difference between the paper system and a digital system is that IF this ever happened with the paper system, the issue would be blindingly obvious to everyone involved.


On the other side, if a hack or an error corrupted a pile of votes before being written to the blockchain, no-one would know. It would be entirely invisible, and would probably be impossible to detect.


For the paper system, I don't know what exactly would happen in this scenario. Most likely the Courts would decide. I guess it might depend on whether the rest of the vote was a Michael D style landslide or a divorce referendum style knife edge. But either way, the scope of the problem would be obvious to everybody. This would not be the case in a digital environment.

GreeBo wrote: »

But does it have *more* issues? I think that's what we are discussing, I think there are benefits to a newer approach and I guess others do too, which is why its being used in some jurisdictions and there are a number of companies pursuing it.

The benefits to companies is simply commercial - they hope to be able to sell their solution to a problem that doesn't really exist. The benefits in other jurisdictions may not be the benefits that you have in mind. In particular, the benefit in other jurisdictions may well be the ability to steal an election.

GreeBo wrote: »

You would probably have spoiled your vote if you start editing it. You would have to request another ballot.

Again, your lack of knowledge of the current system is showing up here. If your voting intention is clear, your vote will be accepted by the returning officer. You don't have to request another ballot.


I'm not even sure if you CAN request another ballot, but I'd love to hear from others who know better about this.

Allinall

GreeBo wrote: »

BTW In case anyone is wondering why I have this user on ignore, the above should clear it up.

He makes a very valid point.

GreeBo

Despite my better judgement Im going to reply to you once and once only.

AndrewJRenko wrote: »

This is the nub of the issue - the conflict between ability to audit the results and protect the anonymity of the voter. It just doesn't work in a digital environment.

It does work. A digital environment isnt some magical place. You can chose to adit everything or nothing and everywhere in between. Its a computer, it does what you tell it to do.

The fact that 1 out of 5 voters is checked for identity does NOT mean that 4 out of 5 could be impersonating. Again, it seems that your ignorance of the current system is showing through.

It does actually. If 4 people are not checked then they could be impersonating someone else. All I need is some fake student ID and I wander up with no polling card and get a ballot.

For the remaining 4 out of 5, most of them will have a polling card, though this is not a mandatory requirement. If I were to get to the polling station early and attempt to impersonate you, this would be shown up when you get to the polling station later with all your ID and your polling card to cast your legitimate vote. This is one of many controls built into the current system.

Even easier. You are mad for talking about coercion with a new system, if someone coerces me or I sell them my vote, then I clearly wont be turning up with my ballot, the other person would have it. hows you control working out then?

How difficult is it really? How difficult is it to engineer a DDoS attack on the voting network for just 24 hours? Will it be possible to pull together the response to an attack on voting day?

We you wouldnt even have access to the network until it came live during the vote and you would only be able to register the app if you had a valid device, so really what you would be DDoSing would be the system that supplies the app, so it wouldnt really impact the vote.

THis is yet another can of worms that you've opened. If you're going to allow both paper and electronic voting, how do you stop someone voting twice? You would need each polling station to have online access to the register to see who has already voted.

The magical computer would keep track of who has voted and who hasnt. This thing called the network would allow people in polling stations to know who has voted and how hasnt.

Schools, GAA clubs, community halls - some with limited broadband connections, and some with no connection - all needing immediate online access to allow voting to proceed.

The numbers voting in these halls would be massively reduced from the current levels. You could do something mad like only have stations in a building that have internet access? You could be crazy and use mobile broadband. But no, all of these things would be far too difficult logistically, right?

Another huge expense and significant human resources required to make it happen.

Sorry, how much do we spend on voting day and on during the subsequent counts? how about the impact of not having to close schools?

First, it is very unlikely that this would happen. How often does a vehicle crash destroy the vehicle contents? It has never happened in living memory. With more and more electrical vehicles, the risk is reducing over time.

electrical vehicles dont go on fire or crash into water?
Better go Tesla!

But it is a theoretical possibility. The big difference between the paper system and a digital system is that IF this ever happened with the paper system, the issue would be blindingly obvious to everyone involved.

as would someone rewriting a blockchain.

On the other side, if a hack or an error corrupted a pile of votes before being written to the blockchain, no-one would know. It would be entirely invisible, and would probably be impossible to detect.

so a car crash is impossible, but Google hacking an Irish election is likely?

For the paper system, I don't know what exactly would happen in this scenario. Most likely the Courts would decide. I guess it might depend on whether the rest of the vote was a Michael D style landslide or a divorce referendum style knife edge. But either way, the scope of the problem would be obvious to everybody. This would not be the case in a digital environment.

Does it matter? The vote has been compromised.
What about my constitutional right to vote? :eek:

The benefits to companies is simply commercial - they hope to be able to sell their solution to a problem that doesn't really exist. The benefits in other jurisdictions may not be the benefits that you have in mind. In particular, the benefit in other jurisdictions may well be the ability to steal an election.

Companies dont typically spend money on something that doesnt work, its not really in their interest.

Again, your lack of knowledge of the current system is showing up here. If your voting intention is clear, your vote will be accepted by the returning officer. You don't have to request another ballot.

Someone should tell the journal!
"If you write anything else, you run the risk of your vote being deemed to be spoilt, and it won’t be counted.

If you make a mistake, inform a member of staff immediately and do not place it in the ballot box. If they are satisfied it is an honest mistake, you will be given a new voting slip."

I'm not even sure if you CAN request another ballot, but I'd love to hear from others who know better about this.

You can. Seems you are showing your ignorance here.

And just for fun, maybe have a quick read of this:
https://www.irishtimes.com/news/politics/ballot-papers-not-stamped-at-polling-stations-deemed-inadmissible-1.2552614

xckjoo

GreeBo wrote: »

Research my thought experiment that I came up with randomly a couple of days ago? Not extensively, no.

Or at all maybe? You weren't even aware of a similar system being trialled already. Lots of useful info on the Internet but you have to look for it.

The other posters seem to be addressing the issues already so I won't retread the same ground.

GreeBo wrote: »

I didnt say you said that, actually.
"I've explained numerous times how it is and given examples and the only reply is "oh thats against the law""

You said it in a reply directly aimed at me so it had all the appearance of being related to my words. Also factually incorrect as the ability to change the vote after taking a photo had already been mentioned.

GreeBo wrote: »

Thanks, but my bubble is intact.
Its very hard to hack a network that is only up for under a day, I mentioned that already.
What social engineering can be used to hack a network that doesn't exist for 364 days a year?

Because again these things don't spring into existence in an instance already perfectly formed. 10 years ago we would have thought a private computer network in a high security facility with no physical access to any external network could be infiltrated, but stuxnet changed that.

GreeBo wrote: »

If you couldn't access the network you could always go to a voting centre and vote.

So now you want both systems running in parallel? Now you're opening a whole new can of worms with interoperability and we're back to the only advantage of your system being ease-of-access, which apparently has been shown to be of negligible impact. Again we'll ignore the interoperability issues as I don't expect you to have a fully formed plan. But there's a pretty big potential for serious difficulties here.

GreeBo wrote: »

Do I look like I'm out of ideas?!:rolleyes:
"this one specific point" thats a pretty massive gap in the current system yet Im being beaten to death by much smaller points?

Yup. You've only had the one and you, by your own admission, haven't really thought through.
The points you're being 'beaten to death with " (diddums) are fundamental to the voting system. Not just features we might like. You're still not grasping that. There's a million and one other practical issues we haven't even touched on. You introduce new ones with every adjustment you make that I'm ignoring them as I don't expect you to have a complete system figured out.
Totally agree everyone should be ID at the polls. Andrew gave a few reasons the current system still holds together and aren't transferable to the digital domain. If you can see past his personal opinions on big corporations long enough to read his informative posts.

GreeBo wrote: »

Indeed I am.
You would probably have spoiled your vote if you start editing it. You would have to request another ballot.

Nope. All wrong from start to finish. Clear preference is the requirement. They really need to start teaching this stuff in school.

AndrewJRenko

GreeBo wrote: »

BTW In case anyone is wondering why I have this user on ignore, the above should clear it up.

That's a funny kind of ignoring!

I'm not sure if you've had much exposure to IT security professionals? The 'security mindset' is a fundamental attribute for a security professional. It involves looking for every possible threat to a system and where that might come from. It involves thinking about threats that may not be realistic today, but could be realistic tomorrow.

It is not a natural approach for many IT professionals, who are used to building things up, not breaking them down. Here's one of the industry gurus explaining the Security Mindset in more detail.

https://www.youtube.com/watch?v=eZNzMKS7zjo

So let's just establish a bit more about the environment that we're living in.
We're living in a world where elections have been stolen using technology. Trump's election was stolen as a result of the Wikileaks attacks on Clinton and DRC, and the Cambridge Analytics taking of unauthorised information via Facebook and using this to influence voters. Yes, that's a very different attack approach, but the principle of using technology to steal election results is well established.

We're also living in a world where tech companies have lied about what data they have taken and how they have used it. They have been caught red handed.

We're also living in a world where Irish corporate tax rates and data protection regulatory environment have huge impacts on these corporations. The impact of these tax rates and the associated regulatory environment run to billions of euros for these organisations. The Irish data protection environment has a huge impact on their costs and their reputation. So the ability to influence or control Irish government policy in these areas would be a very tempting option for these organisations.

To build a voting system that gave these organisations control over voting operations would be madness.

xckjoo

Not spending any more time on this so I'll be brief.

GreeBo wrote: »

It does actually. If 4 people are not checked then they could be impersonating someone else. All I need is some fake student ID and I wander up with no polling card and get a ballot.
Even easier. You are mad for talking about coercion with a new system, if someone coerces me or I sell them my vote, then I clearly wont be turning up with my ballot, the other person would have it. hows you control working out then?

Yes but they have to physically go there and vote and even without asking for ID, they'll notice the same person coming in 4 times with 4 different names. You'll need to employ 1000s of people willing to risk jail time to have an impact on the election.
I addressed the network stuff last post. I really hope you don't work with sensitive information.

GreeBo wrote: »

Sorry, how much do we spend on voting day and on during the subsequent counts? how about the impact of not having to close schools?

Don't open that door on yourself! How much do you think it would take to develop the system you're proposing? Remember the voting machines and HSE electronic accounting system? Lots of money and not even a final product.
Schools have an allotment of days off to take each year and the election days come out of that.

GreeBo wrote: »

Companies dont typically spend money on something that doesnt work, its not really in their interest.

They try not to but of course they do. Never seen a project at work get canned?

GreeBo wrote: »

Someone should tell the journal!
"If you write anything else, you run the risk of your vote being deemed to be spoilt, and it won’t be counted.

If you make a mistake, inform a member of staff immediately and do not place it in the ballot box. If they are satisfied it is an honest mistake, you will be given a new voting slip."


You can. Seems you are showing your ignorance here.

And just for fun, maybe have a quick read of this:
https://www.irishtimes.com/news/politics/ballot-papers-not-stamped-at-polling-stations-deemed-inadmissible-1.2552614

I'm not sure I'd take the journals word on things but maybe we can. How does that effect things though? There's presumably a procedure in place for such occurrences if this is possible. They can't just hand out extra ballots without accounting for them. Number out must equal the number of people that voted. Anybody able to shed some light on this?

I don't think the Irish Times article makes the point you think it does. The stamping happens before you're handed the ballot so you can check it yourself. People probably don't realise that but understanding of the voting system seems to be poor in this country. Clear preference is still the requirement for a vote being classified as spoilt or not. You can't just write in whatever you want. It's even mentioned in the article when it was argued that "MM1" should be a first preference for Michael Martin.

Capt'n Midnight

GreeBo wrote: »

You think they are going to track the address of everyone?


So in your first point I have to worry about a collisions but in your second point a collision is highly unlikely? That seems convenient?

The number of addresses is pretty much irrelevant, I'm not looking for a specific address, I'm looking for a specific value at any address, of which there are only 15 in your example. So I need to find 15 addresses that have the 15 values Im looking for. If its that or a bullet in the head, I'll probably spend the 30 mins to find the addresses.

I used the word address to address this post

GreeBo wrote: »

If someone forces you to show your details you can pick any address that satisfies what they are looking for and they cant prove that its not yours, so trying to coerce a vote would kinda be pointless.

My point still stands.

You can't use someone else's verification and pretend it's yours. Far too many combinations.



As an aside , there've been 87 punishment beatings in Northern Ireland so far this year. So no I don't think being able to verify you vote is a good thing.



Also the UK guberment has an Android app that can use NFC to read your passport so EU citizens can register to stay.

It won't work on older phones. Or Apple or Windows or Blackberry. So it's 50:50 it it will read your passport. Then again given the repeated cock-ups by the UK over residency rights passing the first hurdle doesn't mean the rest of the system works.

Voting is optional. If there's a hard Brexit getting residency rights isn't.

xckjoo

AndrewJRenko wrote: »

That's a funny kind of ignoring!

I'm not sure if you've had much exposure to IT security professionals? The 'security mindset' is a fundamental attribute for a security professional. It involves looking for every possible threat to a system and where that might come from. It involves thinking about threats that may not be realistic today, but could be realistic tomorrow.

It is not a natural approach for many IT professionals, who are used to building things up, not breaking them down. Here's one of the industry gurus explaining the Security Mindset in more detail.

https://www.youtube.com/watch?v=eZNzMKS7zjo

So let's just establish a bit more about the environment that we're living in.
We're living in a world where elections have been stolen using technology. Trump's election was stolen as a result of the Wikileaks attacks on Clinton and DRC, and the Cambridge Analytics taking of unauthorised information via Facebook and using this to influence voters. Yes, that's a very different attack approach, but the principle of using technology to steal election results is well established.

We're also living in a world where tech companies have lied about what data they have taken and how they have used it. They have been caught red handed.

We're also living in a world where Irish corporate tax rates and data protection regulatory environment have huge impacts on these corporations. The impact of these tax rates and the associated regulatory environment run to billions of euros for these organisations. The Irish data protection environment has a huge impact on their costs and their reputation. So the ability to influence or control Irish government policy in these areas would be a very tempting option for these organisations.

To build a voting system that gave these organisations control over voting operations would be madness.

The contract would go to the lowest bidder too so God knows who that would be. On the plus side it would probably just cost millions and never result in a finished product

Atoms for Peace

You can keep your E-voting, it would destroy democracy as we know it.

AndrewJRenko

GreeBo wrote: »

I'm not saying the person behind the disk is fraudulent, its the person in front of the desk that is. I can come in 5 times throughout the day and pretend to be 5 different people, presenting at 5 different desks. I can say nothing and just hand over my ballot card, if they challenge me for ID I can just play dumb and explain that I must have picked up my father/mother/uncles card by accident. Whatever excuse and then give them my real one.
80% chance I get away with it based on the 1:5 check rate.

They generally ask everyone for their name when as you hand over the ballot card. They also watch people. The Garda present will also watch for people. You also won't know what desks your names are going to be at until you first get into the polling station on the morning.
You're risking committing a criminal offence. Playing dumb doesn't generally get people off from criminal offences.

GreeBo wrote: »

But you raise a good point. What If Im behind the desk and Im scratching names off on a piece of paper I printed out myself, what If Im scratching off gibberish and I have the real sheet somewhere else. Does that render the result invalid?

You've noticed how they work in pairs on the table? And you won't know who your pair is going to be until the morning of the vote. And your pair will change after every break. And the polling station supervisor is going to be supervising to ensure staff are doing what they're supposed to be doing.

GreeBo wrote: »

Well you are talking about enough people to compromise blockchain or the network or coerce a large number of people into voting. Why cant this same number of people do the steps I outlined above in multiple polling stations?

Because the controls that have been explained repeatedly on this thread will prevent them from voting. And they would be risking conviction of a criminal offence. And when charged with a criminal offence, at least one of them will rat you out.
And for the record, it's not about 'compromising blockchain' - it is about compromising the system that is writing to the blockchain.

GreeBo wrote: »

Its as secure as you can make it with the current process. I think there could be ways to make it more secure by using technology.

From everything you've said so far, your technology solution will make it LESS secure, not more secure.

GreeBo wrote: »

As others have pointed out, many facets of society now use technology to secure things that were "secured" by people and processes before. Things change as technology becomes available.

There are no other facets of society that have conflicting requirements of anonymity and auditability.

GreeBo wrote: »

I think the length of time take to sort and count votes and the fact that only certain people have access to these votes is an issue.

Why exactly is the length of time an issue? I've heard this mentioned by others, but I'm not sure what the exact issue. What benefit arises from (for example) having results on Friday night instead of on Saturday night?
I'm also unclear as to why more people need access to votes? The system is transparent, and the security of the system relies on protecting ballot papers while in public view.

AndrewJRenko

xckjoo wrote: »

The contract would go to the lowest bidder too so God knows who that would be. On the plus side it would probably just cost millions and never result in a finished product ðŸ˜

The contract would go to the lowest bidder who meets the requirements of the tender.


It's not just a question of who gets the contract to build the voting system. If the software is going to run on local devices, it introduces a whole raft of other players into the equation.


If you're going to use your Android phone to vote, you are depending on the operating system (from Google), and every other piece of software running on your phone, the network connection (either your home wifi/broadband or your phone data connection).

xckjoo

AndrewJRenko wrote: »

The contract would go to the lowest bidder who meets the requirements of the tender.


It's not just a question of who gets the contract to build the voting system. If the software is going to run on local devices, it introduces a whole raft of other players into the equation.


If you're going to use your Android phone to vote, you are depending on the operating system (from Google), and every other piece of software running on your phone, the network connection (either your home wifi/broadband or your phone data connection).

I was making a joke about the gap between the theoretical commissioning of a system and the monstrosity they end up being. Don't ever change AndrewJRenko

AndrewJRenko

GreeBo wrote: »

It does work. A digital environment isnt some magical place. You can chose to adit everything or nothing and everywhere in between. Its a computer, it does what you tell it to do.

You cannot audit an anonymous transaction. If the transaction is anonymous, you have no way of auditing where it came from or how it got there. If the transaction is not anonymous, the ballot is no longer secret.

GreeBo wrote: »

It does actually. If 4 people are not checked then they could be impersonating someone else. All I need is some fake student ID and I wander up with no polling card and get a ballot.

No - first you're not going to know in advance whether your ID is going to be checked or not. If you wander up with a fake student ID, you're not going to know whether the actual student has voted before you, or will be coming after you to vote. Either of these scenarios will flag up the problem for the presiding officer.

GreeBo wrote: »

Even easier. You are mad for talking about coercion with a new system, if someone coerces me or I sell them my vote, then I clearly wont be turning up with my ballot, the other person would have it. hows you control working out then?

Do you know many people who will take a 1/5 shot at committing a criminal offence in a room with a Garda present? What is the coercing voter going to do when they are asked for ID?

GreeBo wrote: »

We you wouldnt even have access to the network until it came live during the vote and you would only be able to register the app if you had a valid device, so really what you would be DDoSing would be the system that supplies the app, so it wouldnt really impact the vote.

So once voting opens on voting day, I start off my DDoS attack using a distributed network of hacked, unsecured IoT devices across the continents on the network that is supporting the vote. How long is it going to take you to identify the sources of the attack and shut them down?

GreeBo wrote: »

The magical computer would keep track of who has voted and who hasnt. This thing called the network would allow people in polling stations to know who has voted and how hasnt.

Great, so in additional to an online voting system, we now need a new polling management system. And we need new hardware - client devices - in each of the thousands of polling stations. The cost of your proposal has just jumped by a further 100% - way to go on saving money there.

GreeBo wrote: »

The numbers voting in these halls would be massively reduced from the current levels. You could do something mad like only have stations in a building that have internet access? You could be crazy and use mobile broadband. But no, all of these things would be far too difficult logistically, right?

Interesting ideas - so you're going to reduce the number of polling stations. Again, if you had any actual experience of the voting system you would know that this is political dynamite. It has zero chance of ever getting passed by the political system. If Mrs Murphy has voted for me for 30 years and lives just 500m from the polling station, why would I vote for a change that will move her to a different station 3km away, beyond walking distance for her?
And you're going to use mobile broadband - so the reliability of voting will depend on technical services provided by foreign owned companies, all with their own agendas.

GreeBo wrote: »

Sorry, how much do we spend on voting day and on during the subsequent counts? how about the impact of not having to close schools?

Maybe you should have got the answer to the 'how much' question at the outset, as part of coming up with your alternative proposal?

GreeBo wrote: »

electrical vehicles dont go on fire or crash into water?
Better go Tesla!

They certainly don't have tanks of flammable liquid. But you may have noticed that I didn't say that it couldn't happen - I said that the risk is reducing over time.

GreeBo wrote: »

as would someone rewriting a blockchain.

The issue isn't around 'rewriting a blockchain'. The issue is around intercepting the software before it writes the blockchain, and writing something other than the vote cast to the blockchain.

GreeBo wrote: »

so a car crash is impossible, but Google hacking an Irish election is likely?

No, I didn't say it was impossible. In fact, I said it was a theoretical possibility.

GreeBo wrote: »

Does it matter? The vote has been compromised.
What about my constitutional right to vote? [IMG]file:///C:\Users\Admin\AppData\Local\Temp\msohtmlclip1\01\clip_image002.gif[/IMG]

The Courts will decide that, I would imagine. But again, maybe this should have been part of your research before coming up with proposals? There are some fairly straightforward mitigations available, should this risk be deemed significant - fireproof boxes, advanced driver training, garda escort and more.

GreeBo wrote: »

Companies dont typically spend money on something that doesnt work, its not really in their interest.

Companies will build whatever they can get away with selling. Experience in the USA with polling system vendors confirms this.

GreeBo wrote: »

Someone should tell the journal!
"If you write anything else, you run the risk of your vote being deemed to be spoilt, and it won’t be counted.

I wouldn't be taking the Journal as gospel on any legal issue, to be fair. What they are referring to here is any unique identifying mark on a voting paper, like the 'MM' initials in the Irish Times story you linked below. Anything that can uniquely identify a voting paper can invalidate the vote. Any simple marking of the vote preferences does not uniquely identify a paper. I've gone through the process of reviewing spoilt/disputed papers with the Returning Officer a few times, so I've pretty good experience on what works and what doesn't work.

GreeBo wrote: »

You can. Seems you are showing your ignorance here.

Yes, you're right on that one. I am literally showing my own ignorance here. I signalled that with my "I'm not even sure" prefix. Maybe that's the difference between you and me. I know what I don't know.

GreeBo wrote: »

And just for fun, maybe have a quick read of this:
https://www.irishtimes.com/news/politics/ballot-papers-not-stamped-at-polling-stations-deemed-inadmissible-1.2552614

Interesting article - isn't it great to see how these voting issues are picked up by the current system. Unlike any issues that might arise with a digital system.

prinzeugen

24 pages of finding a solution to a problem that does not exist.

Tech is not the answer to everything. (Except for lazy people).

I have gone back to pen and paper for record keeping in work. Quicker and easier.

AndrewJRenko

Here's a good summary of some of the problems that the USA have sleep-walked into


https://twitter.com/philipbstark/status/1058767582076063744?s=19

Capt'n Midnight

^^^^^


https://www.bbc.com/news/technology-45572871

A judge in the US state of Georgia has approved the use of electronic voting machines - despite being "gravely concerned" that they could be hacked.

There wasn't enough time before November's mid-term elections to switch to a secure paper-based alternative, said District Judge Amy Totenberg.

You can read the 46 page ruling here.
On the reality of best practice, state of the art in the world's richest country.
More like technology , people and processes you wouldn't trust for a Students Union election.
https://regmedia.co.uk/2018/09/18/georgiavotemachineruling.pdf

Dr. Halderman gave a live demonstration in Court with a
Diebold DRE using the same type of equipment and software as that used in
Georgia. The demonstration showed that although the same total number of votes
were cast, the contaminated memory card’s malware changed the actual votes cast
between candidates. There was no means of detection of this as the “malware
modified all of the vote records, audit logs, and protective counters stored by the
machine, so that even careful forensic examination of the files would find nothing
amiss.”

...
Viruses and malware have also been developed by
cyber specialists that can spread the “vote stealing malware automatically and
silently from machine to machine during normal pre- and post-election activities,”
as the cards are used to interface with the County and State GEMS servers

...
The DREs record individual ballot data in the order in which they are cast,
and they assign a unique serial number and timestamp to each ballot. This design
for recording ballots, according to Plaintiffs, makes it possible to match the ballots
to the electors who cast them. Additionally, the Georgia DREs use versions of
Windows and BallotStation (developed in 2005) software, both of which are out of
date – to the point that the makers of the software no longer support these versions
or provide security patches for them.

...
In August 2016, Logan Lamb, a professional cybersecurity expert in Georgia,
went to CES’s public website and discovered that he was able to access key election
system files, including multiple gigabytes of data and thousands of files with
private elector information. The information included electors’ driver’s license
numbers, birth dates, full home addresses, the last four digits of their Social
Security numbers, and more. Mr. Lamb was also able to access, for at least 15
counties, the election management databases from the GEMS central tabulator
used to create ballot definitions, program memory cards, and tally and store and
report all votes. He also was able to access passwords for polling place supervisors
to operate the DREs and make administrative corrections to the DREs.

...
on July 7, 2017, four days after
this lawsuit was originally filed in Fulton Superior Court, all data on the hard drives
of the University’s “elections.kennesaw.edu” server was destroyed. And on August
9, 2017, less than a day after this action was removed to this Court, all data on the
hard drives of a secondary server – which contained similar information to the
“elections.kennesaw.edu” server – was also destroyed.

...
Brian Blosser, “was prohibited from voting on April 18, 2017 . . . when his name did not
appear on the eligible voter rolls” for the Sixth Congressional District and “was
instead erroneously listed” as a resident of another district, an error that Fulton
County Board members blamed on a “software glitch”

...
Lamb noted that the files had been
publicly exposed for so long that Google had cached (i.e., saved digital backup
copies of) and published the pages containing many of them.”

xckjoo

Not to open this can of worms again, but Ars have an (opinion piece) article on blockchain voting today:
https://arstechnica.com/tech-policy/2018/11/blockchain-based-elections-would-be-a-disaster-for-democracy/


Spoiler: Not in favor.

GreeBo

ars wrote:

foreign governments could hack into the computer systems that governments use to generate and distribute cryptographic credentials to voters. They could bribe election officials to supply them with copies of voters' credentials

But they couldn't hack into the systems today to just register a bunch of fake votes or deregister a bunch of people?

They couldn't bribe officials today to destroy/substitute ballot boxes?

Myopic article.

xckjoo

GreeBo wrote: »

But they couldn't hack into the systems today to just register a bunch of fake votes or deregister a bunch of people?

They couldn't bribe officials today to destroy/substitute ballot boxes?

Myopic article.

Sigh. Again. Do some reading on what the current system is and how it works. Myopic poster....

GreeBo

xckjoo wrote: »

Sigh. Again. Do some reading on what the current system is and how it works. Myopic poster....

S I G H .
Current system relies on humans, premise of article is humans can be corrupted.

Graniteville

Amari Dead Songbird wrote: »

Not a hope in hell. They can't even guarantee the security of electronic voting machines at polling booths.

It's hardly a huge chore to vote as it is at present. But people want easier and easier options in everything nowadays.

There was no issue with electronic voting except that it would give accurate results in minute ths rendering days of political reporting obsolete, tally counters and vote counter jobless.

As it was something that would not suit the media, the media turned against it and put a massive amount of mis-information out there whish many people believed.

Remember these machines were all independent machines with no external connection, hence they could not be hacked unless someone was physically in charge of an individual machine.

But back then people were not as comfortable with technology and therefore believed the rubbish spouted by the media.

Put it this way, it would be far easier to walk out with a voting paper at 7am and get it printed up to look like the real thing before close of polling at 10pm.

AndrewJRenko

Here's the best response to today's NYT article pushing blockchain as the solution.

https://twitter.com/random_walker/status/1060165553149632512?s=19

AndrewJRenko

GreeBo wrote: »

xckjoo wrote: »

Sigh. Again. Do some reading on what the current system is and how it works. Myopic poster....

S I G H .
Current system relies on humans, premise of article is humans can be corrupted.

Nope - the current system relies on physical controls in public view, and you haven't identified a single point of failure in the current system. You have a solution looking for a problem.

AndrewJRenko

Graniteville wrote: »

Amari Dead Songbird wrote: »

Not a hope in hell. They can't even guarantee the security of electronic voting machines at polling booths.

It's hardly a huge chore to vote as it is at present. But people want easier and easier options in everything nowadays.

There was no issue with electronic voting except that it would give accurate results in minute ths rendering days of political reporting obsolete, tally counters and vote counter jobless.

As it was something that would not suit the media, the media turned against it and put a massive amount of mis-information out there whish many people believed.

Remember these machines were all independent machines with no external connection, hence they could not be hacked unless someone was physically in charge of an individual machine.

But back then people were not as comfortable with technology and therefore believed the rubbish spouted by the media.

Put it this way, it would be far easier to walk out with a voting paper at 7am and get it printed up to look like the real thing before close of polling at 10pm.

This is factually untrue. The eVoting system was held together with string and prayers. The vote recording database was MS Access - designed for personal use, not corporate databases. There was no way of verifying that the vote entered was the same vote recorded.

Opposition to the eVoting system was not led by the media. It was led by people who studied the technology and found it wanting - industry professionals, academics, even the Irish Computer Society came out against it.

And what exactly do you propose to do with your ballot papers at 10 pm? The number of votes in the box is matched to the number of votes cast at the tables.

dulpit

AndrewJRenko wrote: »

You have a solution looking for a problem.

Brilliant point.

xckjoo

GreeBo wrote: »

S I G H .
Current system relies on humans, premise of article is humans can be corrupted.

Nope. It relies on things like a systematic approach, physical controls, public oversight and redundancies. People are just the conduit.



Your critical thinking ability on this is appallingly poor. You keep insisting you want a discussion but haven't once take on board the counter-points to your proposal. Despite all evidence to the contrary you're still trying to fit the narrative to your idea. Have a read through the comments in the Ars article. It's a tech site with the vast majority of readers and posters being tech heads, yet the number of posters defending the idea is vanishingly small. Does that tell you nothing?

xckjoo

AndrewJRenko wrote: »

Here's the best response to today's NYT article pushing blockchain as the solution.

https://twitter.com/random_walker/status/1060165553149632512?s=19

He doesn't seem to be in favor of it. Colour me surprised. Sure what would he know about blockchain. Probably just hasn't thought it through

Capt'n Midnight

Yesterdays US elections.

https://www.rte.ie/news/us/2018/1107/1009163-us-midterms-voting-machines/

Broken voting machines were reported in at least 12 states, according to an "election protection" coalition of more than 100 groups that set up a national hotline for reporting irregularities.

...
A civil rights group has sued the county government in an effort to extend voting by two hours at polling locations that experienced delays.

Sciprio

Have you heard about some problems the U.S. is having with voting machines? I prefer the way we do it currently it may be slower but i'd trust it a lot more than voting machines. And as already said they aren't immune from being hacked.

AndrewJRenko

Sciprio wrote: »

Have you heard about some problems the U.S. is having with voting machines? I prefer the way we do it currently it may be slower but i'd trust it a lot more than voting machines. And as already said they aren't immune from being hacked.

Along with the problems with voting machines in the USA

https://www.newyorker.com/news/news-desk/how-voting-machine-errors-reflect-a-wider-crisis-for-american-democracy



they also have huge problems with voter suppression through deregistration of minority votes
https://www.newyorker.com/magazine/2018/10/29/voter-suppression-tactics-in-the-age-of-trump


and gerrymandering of constituencies to ensure the most favourable results.


https://www.newyorker.com/news/daily-comment/the-courts-take-aim-at-partisan-gerrymandering


It's the best democracy that money can buy.

Capt'n Midnight

GreeBo wrote: »

S I G H .
Current system relies on humans, premise of article is humans can be corrupted.

Current system relies on humans being naturally suspicious and being able to oversee the whole process.

evoting means either you hide the entire process from the suspicious humans OR you remove secrecy.

As a human you could oversee they whole process, I'm not sure how you could go about afixing your own holographed signed seal on a ballot box, but there are about seven billion people on the planet who could make a good stab at recognising if multiple ballots were filled in by the same person.


Back in 1984 KenThompson showed that you could put a virus into a compiler that could add a back door into any program used with it.

There is no such thing as "trusted computing" (the actual phrase means putting complete trust in multinationals)
http://wiki.c2.com/?TheKenThompsonHack

The only way you're going to get a clean compiler executable now is to build your computer yourself out of TTL logic you salvage from some museum somewhere, then code up a set of basic binary tools sufficient to assemble assembler. Then bootstrap from the source of all the modern tools.

This actually sounds like a worthy project until you realize that the only person who could possibly trust your clean compiler executable is you.

Pauliedragon

Australia tried to do the 2016 census online and it was seen as maybe a step towards online voting. It turned out to be one the biggest embarassments in any governents history.
https://www.businessinsider.com.au/disaster-australia-just-tried-to-take-its-census-online-and-the-site-crashed-2016-8

namloc1980

Graniteville wrote: »

Put it this way, it would be far easier to walk out with a voting paper at 7am and get it printed up to look like the real thing before close of polling at 10pm.

The number of voting papers given out of the book by the polling people is matched to the number of voting papers in the corresponding ballot box. If you stuffed it with your photocopied ballots that box would be immediately ringfenced in the count centre and investigated for fraud.