Electronic vote poses big security risk

daveirl

This post has been deleted.

MÓC

simple solution.

voting boot prints a reciept, voter puts reciept in ballot box,
the result can be calculated using the machine and verified using
the ballot box

daveirl

This post has been deleted.

Greenbean

I think it sounds good. It keeps things quick and it makes it much more transparent - the receipts don't have to be counted, just stored, unless there is a question of fraud, and then we have a hardcopy fallback to check with. Stops someone simply moving a slider bar on some computer somewhere and knowing they will get away with it.

bonkey

Ms Lillington does not fully understand the issue, or is being deliberately disingenuous.

First the issue of failure.

Yes computer systems fail. So what? This hasnt stopped us putting them in life support systems, letting them control the mechanisms of airplanes carrying hundreds of people, or indeed control driverless metro trains carrying thousands of people daily.

Failure can be worked around. This is a simple fact. The question is whether or not acceptable fail-safes can be built in at an acceptable cost.

Given the relative lack of complexity of electronic voting, I would be inclined to say yes.

Now the issue of auditability and accountability.

Ms. Lillington would have us believe that a piece of hardware and the programs that run on it are not sufficiently auditable. On the other hand, she completely fails to recognise the lack of auditability and accountability which exists in the paper-based system.

If someone "loses" or "adds" several ballot papers (or boxes of them) in a paper-based election, where is the auditability or accountability? How did graveyards have such high turnouts over the years in Ireland? How could "vote early and often" have arrived as a tongue-in-cheek catchphrase for a major political party's voting methodology if the paper-based system is so good?

The simple fact is that anonymity and auditability are incompatible. They are incompatible in paper-based, mecanical and electronic systems. Ms. Lillington points out the failings in one area, but neglects to show that the alternative (traditional paper) is any more secure.

Lillington is starting from a correct premise - that Internet voting is impractical from a security and surity point of view. However, her logic in extending this to electronic voting booths is flawed. Internet voting cannot be made secure, and this can be proven. On the other hand, it is possible to design electronic voting booths which are proveably as sage and secure as the current systems, and which have the same degree of reliability which we entrust our lives to in so many ways in this modern world (planes, trains, automobiles, hospitals, traffic signals, etc. etc. etc.).

Whether or not this is what has been done is not the question. What Lillington is saying is like saying that because its possible to design a car which will blow up after 10 miles of driving, that no car can safely be driven for more than 10 miles.

Ultimately, what Lillington is saying is that we cannot trust computer programs, because they are written by people and can therefore be subverted.

What she neglects to mention is that the alternative is to allow people to do the counting directly....as if this is somehow more reliable?

jc

<edited to correct incorrect gender usage, as pointed out by adam>

dahamsta

It's Ms Lillington bonkey, or possibly Miss. If Karlin Lillington is a Mr, I fear I may be forced to reevaulate my entire sexual philosophy.

adam

bonkey

Originally posted by dahamsta
It's Ms Lillington bonkey, or possibly Miss. If Karlin Lillington is a Mr, I fear I may be forced to reevaulate my entire sexual philosophy.

adam

Oops. My bad.

Ahem.....allow me to edit...

daveirl

This post has been deleted.

sceptre

I might agree with you if all votes were put through the transfer system. While they use the "bundle" system in general elections, any move towards true PR is a good thing. I hate to think that my vote's transfers would be ignored, all transfers merely based on the average bundle they use now.

Gelmir

Just make sure the whole thing is running on Linux.

seamus

Simple solution.

Person votes. Value is added to db. Db is backed up onto separate disc. Simple. If it fails during someone's vote, a copy of the state of the db is there.........Aren't most of you people programmers?...

Shazbat

I didn't like the e-voting. Mainly because every voting machine had only a couple of hundred voters on it (as far as I could see, in my polling station). And the voters that use each machine are all in the same area ie same street or road.

This should be randomised as it gives an opportunity to unscrupolous persons to see what way a certain street or estate is voting. Which is a definite infringement on anonymity. This information would be very useful for campaigning purposes (to name but one)

The ballot box system would have been the same (voters on the same street casting their vote into the same box) but I think that having it all computerised would make it alot easier to gather the information (if somebody wanted to of course).

I don't know enough about the system to really come to any real conclusions. Does anybody know if I have a valid point or am I just talking through my arse?

Secondly, if somebody had have walked in with a powerful magnet could they have fúcked up the voting machine?

MrPudding

Originally posted by Shazbat


Secondly, if somebody had have walked in with a powerful magnet could they have fúcked up the voting machine?

I also don't know if a powerful magnet would mess up the machine it is possible I suppose but I would hope the storage devices are shielded. If they aren't it shouldn't be too difficult to make them shielded. On a similar note does anyone know if someone squirted lighter fluid into one of the ballot boxes and then lit it would it mess up the ballot box?

leeroybrown

The biggest problem that I would have with Electronic voting is that I enjoy all the protracted counts, transfers, tallys, etc. that go with the current paper based counting system.

Otherwise, I'm perfectly happy to vote electronically.

A properly designed Electronic voting station saving the data on a reliable storage medium is not a problem.

meglome

Considering the whole dimpled ballot fiasco in Florida allowing Bush to get elected, you have to wonder could electronic voting be worse?

While saying that I'd like to see the spec's/security features of the Irish system.

MrPudding

Originally posted by leeroybrown
The biggest problem that I would have with Electronic voting is that I enjoy all the protracted counts, transfers, tallys, etc. that go with the current paper based counting system.

Otherwise, I'm perfectly happy to vote electronically.

A properly designed Electronic voting station saving the data on a reliable storage medium is not a problem.

I am the complete opposite, I want instant gratification and I want it now. I'm sure it would be possible to secure a stand alone electronic device to all but the most violent attempts to ruin it or the data it holds. When they were showing one of the machines off on the lata late show (I think) they showed the data cartridge, it was a fairly hefty looking beast.

Shazbat

Originally posted by MrPudding
... On a similar note does anyone know if someone squirted lighter fluid into one of the ballot boxes and then lit it would it mess up the ballot box?

Facetiousness is a very ugly thing.

Michael Collins

Originally posted by Shazbat
Facetiousness is a very ugly thing.

Actually I think MrPudding made a very valid point. People (not just here) seem to be trying to find flaws with the electronic voting system. Obivouly if someone wanted to destroy the machine they could, just like they could with the ballet box.

Electronic voting is the way of the future; the benefits clearly out-weigh the possible risks - which can be reduced to a neglibile risk when proper precautions are taken. There's little or no chance of there being uncounted votes, like we had in the general election, for example. The majority of security risks with electronic voting we had with paper ballets too.

bonkey

Originally posted by Michael Collins
There's little or no chance of there being uncounted votes, like we had in the general election, for example. The majority of security risks with electronic voting we had with paper ballets too.

Just like the majority of security risks with Visa payments over the internet exist on paper-based transactions as well, but in one case they're a big issue, and in the other they're simply ignored or accepted.


jc

gandalf

Well personally voting Electronically did not actually feel like voting at all. I've voted in every vote since I got the vote and that just seemed like a really dodgy pub game. It now changes the results from a knive edge event where politicans suffer (which imho is a good thing) into a episode of Banzai (VOTE NOW

---

If you choose candidate one then you BIG Looooser ).

Personally I think the idea of a receipt been printed is a good one in case there is a problem then there is a record of what way people voted.

Gandalf

(No Sir the Excel spreadsheet never lies.........hang on whats this formula =IF(VOTE1="FF",(VOTE1*2),-1))

MrPudding

Originally posted by Shazbat
Facetiousness is a very ugly thing.

Sorry if I offended you. I do get annoyed with the "old is best down with the new" attitude. Of course there will be problems with any new system, this does not mean that the old system is flawless. Further it does not mean that the problems with the new system, if need be, cannot be fixed.

Shinji

Given some fairly basic crypto systems, it should be possible to create an entirely secure, tamper-proof system which is nigh on impossible to defraud, hack or muck up. I had a chat with a fairly hardcore crypto guy about this quite recently and he outlined the general thinking among online crypto groups on this; while existing e-voting systems don't conform to these standards (because governments still prefer security through obscurity - they can't understand how an open source system can possibly be more secure than a secret one), it would be pathetically easy to build one that did.

The question is not if e-voting is perfect, it's whether it's better than paper voting in every way - and I certainly believe that given the right system in place, it could be more secure, faster and less prone to tampering than any paper voting system that has ever been created.

Of course the yanks in Florida aren't helping things - they just completely cocked up a vote there using e-voting and have eroded confidence in the system massively. Best bit of it? In typical "bloody stupid american company" fashion, the machines they're using GUARANTEE to be accurate and secure... As long as nobody takes them apart to find out what their security measures are. So if the state wanted to prove that the machines messed up, they'd have to take them apart, thus invalidating the warranty and allowing the company who made them to get off scot-free...

Fooger

Having worked on the elections for many years, and now feel I would know the whole process of counting well, I don’t understand how people can say this new system is tamper proof. The old system may have had its flaws but it was well ironed out and the count itself was completely transparent. I do not worry or care about whether or not the machine can be broken as it is a proverbial tank of a machine and weighs a ton I worry more about a government party being able to tamper with the count.

It just seems that no one can verify the system if it produces the wrong result. No I am not saying that I worry if the count could be miss-calculated or if the system can be hacked, Jesus why bother! If you wanted to be smart tamper with the display device or better yet if you are even smarter just go behind the door pretend you are doing something on the machine and come back with the result you want. (they are now talking about not having the public humiliation of the last election happen again so things may get even worse).

Now I am related to the county registrar so I do trust her and all involved but I don’t so why others should have to. Why swap a transparent system for a non- transparent one.


I agree whole heartily that it should produce a receipt or card of some kind ( I've been saying this since I first saw these things funnily enough I didn't think of the simple logic of both receipt and cartridge ,silly me)

Shazbat

Originally posted by MrPudding
Sorry if I offended you. I do get annoyed with the "old is best down with the new" attitude. Of course there will be problems with any new system, this does not mean that the old system is flawless. Further it does not mean that the problems with the new system, if need be, cannot be fixed.

Don't get me wrong I am 100% for e-voting. But I think the government should do an exercise in giving the electorate a bit of info on it. Just to ease any concerns people might have.

I agree the old system isn't flawless. Its a very time consuming task counting all the votes by hand. And the lengthy recounts in the last general election could have been avoided with the new system.

I think that the idea of a receipt being issued to every voter is a good one. As everybody who has worked with computers knows it does no harm to have a hard copy as a precaution against unforseen events.

Meh

Originally posted by Shazbat
I think that the idea of a receipt being issued to every voter is a good one.

But that would interfere with the secrecy of the ballot. People would sell their votes and use the receipt to prove they voted according to the sale.

Currently, Bertie could pay me €100 to vote for him. But he doesn't, because there's no way for him to be sure I've kept my side of the bargain. With receipts, he could verify whether I voted for him or not.

gandalf

Sorry Meh maybe it wasn't explained well enough. You put the receipt in a ballot box and if there was a problem with the electronic vote then the ballot box can be counted.

Gandalf.

bonkey

Originally posted by Fooger
I don’t understand how people can say this new system is tamper proof.

No-one has said the new system is tamper-proof. What they have said is that it is not actually that technically difficult to build a system which is tamper proof.

If I said that because paper-based elections in some African nations have been shown to be corrupt, it is impossible to build a tamper-proof paper-based system, would you consider it a solid argument?

If you wanted to be smart tamper with the display device or better yet if you are even smarter just go behind the door pretend you are doing something on the machine and come back with the result you want.

Oh - you mean like the way you could just write the wrong figures up on the board in a paper-based election, or take a ballot box behind a closed door to "check something" and come back with the result you want.

Yes - I'm being facetious. However, the analogy is still the same. If you design a procedure which allows an individual unauthorised or unsupervised access to the inner workings of a system which isnt black-box sealed, then you have singularly failed to build a tamper-proof system.

Anyone can design a system which can be tampered with. What we're saying is that a bit of careful thought, and a couple of procedures (analagous to procedures which exist for paper-based voting) and bobs your uncle.

Why swap a transparent system for a non- transparent one.

OK - you can keep calling electronic systems "non-transparent" all you like, but you havent shown why. No-one has. It is, and can be, as transparent as you like.

Tell you what - name one area where you claim paper-based systems offer more transparency, and I will show you that you are either mistaken, or simply choosing to believe that the word of one individual/group offers transparency, and that the word of a different individual/group doesnt.

I agree whole heartily that it should produce a receipt or card of some kind ( I've been saying this since I first saw these things funnily enough I didn't think of the simple logic of both receipt and cartridge ,silly me)

Show me the receipt you get from a paper-based vote, and how this offers you any degree of additional certainty, and I'll concede that the electronic system should have a similar concept.

Otherwise, explain what the paper-based system has which the electronic system doesnt, which invalidates the need for this.

jc

Fooger

What I mean by transparent is that the entire paper process is viewed by the public and the various parties involved. The votes are first sorted and counted to check that the numbers in each box cross-checks with the number of people who voted in that area. Then the votes are sorted and then counted. The votes never leave public view and if anyone were to tamper with this system they would simply be seen to do so. This simple anti-tamper system works perfectly and I don’t see how it can be recreated on any electronic system which is done on too small a scale to be seen, making it more insecure rather then less.

DeVore

Originally posted by Fooger
What I mean by transparent is that the entire paper process is viewed by the public and the various parties involved. The votes are first sorted and counted to check that the numbers in each box cross-checks with the number of people who voted in that area.

That can be done with e-voting. The number of votes cast should total with the sheets of people who turned up and signed in to vote.

Then the votes are sorted and then counted.

As they are with the e-voting system. In fact, they are counted ACCURATELY which you cant say about hand counting.

The votes never leave public view and if anyone were to tamper with this system they would simply be seen to do so.

they do leave the public view. They get put into a box for a start! That box gets put in a van (presumably under heavy guard... hey, those guards could be BRIBED to take a DIFFERENT BOX out of the van when they get there...) etc etc. The vote counting is public yes but the votes they are COUNTING could be from anywhere.

Its like a magicians trick... when he offers you the ropes to check or to count the cards... its always going to be ok. He's already done the trick and knows he's home free.

This simple anti-tamper system works perfectly and I don’t see how it can be recreated on any electronic system which is done on too small a scale to be seen, making it more insecure rather then less.

Dont trust you're eyes. Trust your brain.
The only way they are EVER going to have secure system is when they open the process up to peer review. Because, well , frankly we are smarter then they are. And there are more of us.

As Bonkey says, it comes down to trust on occasions. You trust the guards to transport the ballot boxes. You equally will have to trust someone the same amount in e-voting.

DeV.

Fooger

I think some people seem to be missing my point and seem to be arguing an e-vote verses paper-vote which is not my point at all. Neither e-vote nor paper-vote can be tamper-proof but the count in a paper-vote is still a transparent system and therefore has an inherent advantage. My point being that if the e-voting system is so tamper-proof why NOT use a receipt and cartridge. The e-vote system would then therefore have to be perfect which I doubt it is.

MrPudding

Originally posted by Fooger
Neither e-vote nor paper-vote can be tamper-proof but the count in a paper-vote is still a transparent system and therefore has an inherent advantage.

I seem to be missing something, perhaps it is because I love tech stuff, how is the paper system more transparent? Do you mean that people can see lots of bits of folded paper which may or may not be votes? (Be aware, I am not calling into question the honesty of anyone involved in the administration of elections etc)