Perl Programmers, America Needs Your Help! We Need Secure Voting Machines

[Walter Roberson]

:Ok, so you don't like SSN numbers, that was just off the top of head.

Yikes, that's exactly the problem: there are a *lot* of ways to do
this incorrectly, and most people don't think about the issues and just
assume it is easy and something that can be done over a weekend.

:Now you have a system which the voter can check his vote was properly
:recorded, by going to the online database, entering the sha2-hash, and
:get his vote record.

But you still have no proof that your vote was counted correctly.
Unless literally *every* vote was registered as being for a different
candidate so you *know* something is wrong, there is always the possibility
that your favorite candidate was really unpopular and you were one of the
few people who voted for him or her.

You don't want the primary counting system to be electronic. You want
the primary counting system to be based upon hard, recountable evidence,
and you want the counting system to be as foolproof as you can get --
mechanical if you can make it reliable. Counting systems that take
electronic talleys are susceptable to corruption in the counting logic.

There has been suggestion that something like that happened in a recent
California vote: see Craig DeForest's posting in Risks Digest 22.95
http://groups.google.ca/[email protected]

The link there to markcrispinmiller's blog makes for interesting reading;
even if the events claimed there did not occur, there are lessons to be
learned about what kind of events must be clearly impossible in a well-
run voting system.

lus paper recounts take too long, as we have
:seen in the Florida debacle.

Not true. Canada and the UK both work by counting paper ballots, and
the results are generally available within hours, not weeks. It is
true that Canada's population is only about 1/8th the population of
the USA, but the procedures used are parallelized.


:Another plus to this system is you can do it all with cheap PCs with
:touchscreens and expanded usb ports.

Sigh. It doesn't work that simply. It's when the "cheap PCs with
touchscreens" are introduced that the problems start becoming most
apparent.

 

[Walter Roberson]

:Oh well, that's about how I would do it. Like the subject asked, I
:gave my ideas....if they didn't want to do it on computers, why did they
:ask about how Perl could do it? The subject line presumes a computer
:method, not a "dead tree" method.

Excellent, I was hoping you would feel that way. You see, we have this
optimization problem we could use some help with. We have many thousand
of these... well, animals, really... all over the country, that need
to be eliminated, and we could use some help building a Perl-based
just-in-time delivery system to get the necessary chemicals there...

 

[Tad McClellan]

:Oh well, that's about how I would do it. Like the subject asked, I
:gave my ideas....if they didn't want to do it on computers, why did they
:ask about how Perl could do it? The subject line presumes a computer
:method, not a "dead tree" method.

Excellent, I was hoping you would feel that way. You see, we have this
optimization problem we could use some help with. We have many thousand
of these... well, animals, really... all over the country, that need
to be eliminated, and we could use some help building a Perl-based
just-in-time delivery system to get the necessary chemicals there...

Perhaps you could rework the payload on these:

"Perl and Nuclear Weapons Don't Mix"

http://www.thinkingsecure.com/docs/tpj/issues/vol2_1/tpj0201-0004.html

 

[Walter Roberson]

:Oh well, that's about how I would do it. Like the subject asked, I
:gave my ideas....if they didn't want to do it on computers, why did they
:ask about how Perl could do it? The subject line presumes a computer
:method, not a "dead tree" method.

http://www.nytimes.com/2004/01/23/o...f47cf7a6a658cc&ei=5062&partner=GOOGLE

The Perils of Online Voting

[...]
Four computer scientists brought in by the Pentagon to analyze a
plan for Internet voting by the military issued a blistering report
this week, concluding that the program should be halted.

[...]
The report makes it clear that the possibilities for compromising the
secrecy of the ballot, voting multiple times and carrying out vote
theft on a large scale are limited only by the imagination and skill of
would-be saboteurs. Viruses can be written that will lodge on voters'
computers and change their votes. Internet service providers, or even
foreign governments that control network access, can interfere with
votes before they reach their destination.

 

[Walter Roberson]

:The plan I suggested was not "internet voting", it was for using
:cheap computers for local precinct voting, with verification
:from the internet. That would be the first step to take.

And your plan was immune from the sorts of problems they mentioned?
Did your plan not call for the ability of voters to check their
votes by using their home PCs (which might have viruses/ trojans)
to check via the Internet (where their ISP might interfere) the
registry? Did your plan not call for the user having pre-initialized
their usb key ring? How was that to be done, on stand-alone kiosks
whereever lottery tickets are sold (and how do you know those
aren't compromised?), or on the user's computer (and how do you
know that a virus isn't lying about what's on the keyring)?

Any time you have a record which is primarily held in electronic
form, you need an intermediary process to interpret the record for
you, and that intermediary process is open to attack. If you
have instead a record in which the primary version is human-readable,
then humans can -directly- verify the record; then you just have to
worry about the counting procedures.


Besides... the big pushes from States towards electronic balloting
have to do with the perception that the reason for low voter turnouts
is that voting in person is too inconvenient. If you want to
successfully introduce a new voting system, then you had better be
prepared to handle Internet voting (or voting by phone) -- or to
be able to argue persuasively (using small words and short arguments)
that those are really bad ideas but that your implimentation does not
suffer from any of the same flaws.


:They have to get rid of Windows.

And replace it with which OS? Linux is not exactly respected for its
security. Besides, in context, you are talking about getting rid of
Windows at the consumer desktop level. The only way that is likely
to happen on a useful timescale would be by legislative fiat --
and I'm sure that Microsoft would be easily able to win the court
cases that ensued, on the basis that it would be totally unreasonable
to ban a product on the basis that it doesn't do something it wasn't
designed to do, never claimed to do, for which there are no standards
for, which is optional for any person to do, and which is only
done every couple of years by any one person.