Split Thread: Electronic voting

[psionl0]

Originally Posted by Mongrel

On a more thorough reading though, what's the proof of work? How are you going to be able to generate the robust key that is one of the lynchpins of blockchain while still being able to process people at a speedy rate?

How do you stop a 51% attack, and you may want to read up on botnet swarms before answering.
A search for 'Blockchain security' got this article from MIT Technology Review, from the article;

Good questions.

If blocks were added to the chain at the bitcoin rate of one every 10 minutes then depending on how many votes were stored in a block, we could be looking at years to build the complete chain and this would be totally unacceptable. If there were (say) one blockchain for each electoral district then that would solve the time problem.

A 51% attack would make it possible for votes to be prevented from being added to the block chain. I don't really have a satisfactory answer to this ATM (but see below). I guess that this is like the originating computer malware problem.

At the end of the day, if individuals examine the blockchain and find that their vote is missing or incorrect then they would need an avenue to complain and have action taken.

Originally Posted by Mongrel

I apologise, you gave an explaination for how one sort of blockchain^WP worked.

Yes, I described the "proof of work" model which can be considered a competitive model.

The other main method is known as "consensus" (as used in Ripple and Stellar). This can be considered a cooperative model. In this system, each node goes through several rounds of voting to decide which electoral votes get added to a block. If an electoral vote misses out then it gets considered for the next block.

Since it takes a matter of seconds to add a new block to the chain and there is no limit to how many electoral votes can be included (other than the time restraint) the time to complete the blockchain is considerably reduced.

I am not aware of any weaknesses in this system (but there are probably some).

[WilliamSeger]

Vote From Your Phone? West Virginia To Test Blockchain-Based Voting In 2018 Election

Originally Posted by International Business Times

In an era of increased anxiety over the possibility of election fraud, one state will allow certain residents to vote using their mobile phones for the first time. West Virginia is set to give mobile voting privileges to military personnel serving overseas through the use of a blockchain-based startup during the upcoming midterm elections, CNN reported.

*snip*
Anyone trying to vote with Voatz needs to go through a digital vetting process first to reduce the threat of voter fraud. They will need to provide a photo of their ID and then take a video of their face. The photo and the video will be matched up using facial recognition software, which will then allow the user to vote after approval.

One potential problem with this method is that facial recognition software has been criticized for its inconsistency. A study conducted by the Massachusetts Institute of Technology earlier this year found that facial recognition technology was far less accurate for people with dark skin, particularly women. The study found that 35 percent of women of color were misidentified, while men of color produced errors 12 percent of the time.

Both figures were significantly higher than that of their white counterparts.

There are also other general concerns with the security of voting via mobile phones. Multiple experts told CNN that mobile voting is a bad idea, one that could potentially open the democratic process up to digital meddling. These digital votes would leave no paper trail and would occur on devices and over networks that have not been properly secured, they said.

Multiple experts say it's a bad idea, but the Republican Secretary of State thinks it's great, so they're going to use it. The ridiculous "digital vetting process" alone should have disqualified this system.

[psionl0]

Originally Posted by WilliamSeger

Multiple experts say it's a bad idea, but the Republican Secretary of State thinks it's great, so they're going to use it. The ridiculous "digital vetting process" alone should have disqualified this system.

"Multiple experts" and "digital meddling" are so vague to be meaningless. Of course if the GOP is planning to use it they will stuff it up. If it is for military use then there should be a better system than "digital vetting".

Again, each voter will be able to see how their vote was recorded on the blockchain ("paper" trail or not) so it is up to the organizers to come up with a complaints procedure if a voter says that their vote was recorded incorrectly or not at all.

[Upchurch]

Originally Posted by psionl0

"Multiple experts" and "digital meddling" are so vague to be meaningless.

What an odd thing to say. We've spent most of the thread describing what could be called "digital meddling". Why would that be confusing to you now?

Also, "multiple experts"? You can deduce no meaning from that phrase based on the context?

Originally Posted by psionl0

Again, each voter will be able to see how their vote was recorded on the blockchain ("paper" trail or not) so it is up to the organizers to come up with a complaints procedure if a voter says that their vote was recorded incorrectly or not at all.

That would require a level of skill very few people have and, again, ignores the core problems entirely.

[psionl0]

Originally Posted by Upchurch

What an odd thing to say. We've spent most of the thread describing what could be called "digital meddling". Why would that be confusing to you now?

I can barely make out what you mean by "digital meddling". I have no idea what the article means when it uses the term.

Originally Posted by Upchurch

Also, "multiple experts"? You can deduce no meaning from that phrase based on the context?

Nope.

Originally Posted by Upchurch

That would require a level of skill very few people have and, again, ignores the core problems entirely.

If you mean that the GOP can't do it then I agree.

[Upchurch]

Originally Posted by psionl0

I can barely make out what you mean by "digital meddling". I have no idea what the article means when it uses the term.

Hacking. They're talking about hacking. "Digital meddling" in this context means hacking in any of its various forms and attack vectors. It is always about hacking.

tl;dr: Hacking

Originally Posted by psionl0

Nope.

"Multiple experts" means people who have knowledge and experience of a particular topic, specifically digital security and hacking in this context. Also, there are more than one of these people.

Originally Posted by psionl0

If you mean that the GOP can't do it then I agree.

I mean most of America can't do it without third-party help, which provides the vector needed for them to be fooled and negates the benefit of blockchain being transparent.


eta: Hacking

[psionl0]

Originally Posted by Upchurch

Hacking. They're talking about hacking.

Says you.

[acbytesla]

Originally Posted by psionl0

Says you.

Can you think of a different kind of 'digital meddling' ?

[paulhutch]

The hover text from https://xkcd.com/2030/: "There are lots of very smart people doing fascinating work on cryptographic voting protocols. We should be funding and encouraging them, and doing all our elections with paper ballots until everyone currently working in that field has retired."

[Upchurch]

Originally Posted by Upchurch

Hacking. They're talking about hacking.

Originally Posted by psionl0

Says you.

Originally Posted by acbytesla

Can you think of a different kind of 'digital meddling' ?

...uh, hrm. I can:

• Photoshopping an image.
• Rearranging the numbers on a keypad.
• Pick-pocketing using your fingers.
• Poking your toes in wet cement.

Of course, none of those make any sense in the context of an article referring to the security of voting via mobile phones.


eta: I'm still curious how "multiple experts" are vague and meaningless.
"experts" = people who are knowledgeable and experienced on a topic.
"multiple" = more than one of these ^

[beren]

Originally Posted by paulhutch

https://imgs.xkcd.com/comics/voting_software.png
The hover text from https://xkcd.com/2030/: "There are lots of very smart people doing fascinating work on cryptographic voting protocols. We should be funding and encouraging them, and doing all our elections with paper ballots until everyone currently working in that field has retired."

Daaaaaamit. Ninjad.

Sent from my moto x4 using Tapatalk

[Upchurch]

Originally Posted by paulhutch

https://xkcd.com/2030/

Timely.

eta: Fun side story: I've been googling various online voting systems the last few days and most of my first page has, indeed, been companies selling voting software.

*grabs gloves*

[Mongrel]

Originally Posted by WilliamSeger

Vote From Your Phone? West Virginia To Test Blockchain-Based Voting In 2018 Election



Multiple experts say it's a bad idea, but the Republican Secretary of State thinks it's great, so they're going to use it. The ridiculous "digital vetting process" alone should have disqualified this system.

A bit more info at The Register article, including

Quote:

Meanwhile, Unix systems administrator David Gerard has picked apart Voatz's use of a private blockchain, which is basically not much more than a single-user append-only database.

. There are a lot of links within the article which are worth reading.

[jimbob]

Originally Posted by psionl0

"Multiple experts" and "digital meddling" are so vague to be meaningless. Of course if the GOP is planning to use it they will stuff it up. If it is for military use then there should be a better system than "digital vetting".

Again, each voter will be able to see how their vote was recorded on the blockchain ("paper" trail or not) so it is up to the organizers to come up with a complaints procedure if a voter says that their vote was recorded incorrectly or not at all.

It still isn't transparent to most people, and is complex. Complex systems have more points of attack. With the system as used in the UK, the nature of any potential attack is understood and protected against, whilst it would only be limited in effect. Any attack has to involve lots of people at lots of polling stations and would rely on complete and secret control - which *is* practically impossible when the candidates have rights of inspection.

How many computer security issues have occurred due to an attack at the expected point? It's fairly easy to protect against a brute-force attack. But that's not the issue.

The term "meddling" is vague precisely because the nature of attacks on complex systems are often unpredictable, and often rely on social engineering or looking at the hardware via a Side-channel attack. By their very nature they are undetermined until discovered.

A state player would have a very strong incentive to try breaking any part of the system. Putting their candidates in power would obviously be great, but breaking the trust in the electoral system would also be good for a hostile power.

Entire elections could be compromised.

[The_Animus]

Quote:

Georgia defends voting system despite 243-percent turnout in one precinct

https://arstechnica.com/tech-policy/...-one-precinct/

Reminder that in Georgia when the results looked funny and information was requested they deleted the data and then deleted the backup data. There are also tons of cases of voters suddenly not being registered, having their votes not counted for unspecified reasons and who had polling places changed to across town in a building out of the way at the end of a dirt road.

Quote:

Russian operatives have "penetrated" some of Florida's election systems ahead of the 2018 midterms, Sen. Bill Nelson said Wednesday, adding new urgency about hacking.

https://www.tampabay.com/florida-pol...ction-systems/

I have very little hope for this country anymore

[PhantomWolf]

Originally Posted by paulhutch

https://imgs.xkcd.com/comics/voting_software.png
The hover text from https://xkcd.com/2030/: "There are lots of very smart people doing fascinating work on cryptographic voting protocols. We should be funding and encouraging them, and doing all our elections with paper ballots until everyone currently working in that field has retired."

It's not really that Software Engineers are bad at their jobs, but rather the fact that if there were a lot of people who were at least as as good as the aerospace engineers that build planes, and the lift engineers that make lifts, constantly working to develop ways to get around the flight protocols and crash those planes, or to cause the lifts fail safes to fail and allow the lifts to drop, then you'd see a lot more aerospace engineers and plane designers taking trains, and elevator engineers taking the stairs.

[psionl0]

Originally Posted by Upchurch

eta: I'm still curious how "multiple experts" are vague and meaningless.
"experts" = people who are knowledgeable and experienced on a topic.
"multiple" = more than one of these ^

It's in the same category as "studies have shown . . . . .".

Without a name, without an opportunity to examine their creds and without knowing exactly what they have said, I am justified in assuming that it is a LIE.

[Upchurch]

Originally Posted by psionl0

It's in the same category as "studies have shown . . . . .".

Without a name, without an opportunity to examine their creds and without knowing exactly what they have said, I am justified in assuming that it is a LIE.

I see.

You’ve admitted that online voting won’t work, at least not yet. Why would CNN lie about sources when security experts would confirm what they're reporting?

Anyway, it’s not a lie. A quick google easily finds a few articles where security experts tell CNN that online voting is a horrible idea, just like they said in the article:
https://money.cnn.com/2018/05/08/tec...tem/index.html
https://www.cnn.com/2011/11/08/tech/...ing/index.html

[paulhutch]

Originally Posted by PhantomWolf

It's not really that Software Engineers are bad at their jobs, but rather the fact that if there were a lot of people who were at least as as good as the aerospace engineers that build planes, and the lift engineers that make lifts, constantly working to develop ways to get around the flight protocols and crash those planes, or to cause the lifts fail safes to fail and allow the lifts to drop, then you'd see a lot more aerospace engineers and plane designers taking trains, and elevator engineers taking the stairs.

Very true.

However despite security failures being a continuously repeating problem in software systems for 4+ decades they are still a nearly daily occurrence. Of course then there's the backlash when a company improves security and the user base screams bloody murder because it's slightly less convenient. Frankly software engineers, myself included, are stuck between a rock and a hard place. Which is why although I agree on the over simplification of the comic strip I do believe strongly that electronic voting is still a very long way from being secure enough to rely on.

[Upchurch]

Originally Posted by paulhutch

Very true.

However despite security failures being a continuously repeating problem in software systems for 4+ decades they are still a nearly daily occurrence. Of course then there's the backlash when a company improves security and the user base screams bloody murder because it's slightly less convenient. Frankly software engineers, myself included, are stuck between a rock and a hard place. Which is why although I agree on the over simplification of the comic strip I do believe strongly that electronic voting is still a very long way from being secure enough to rely on.

I reiterate:

Originally Posted by Upchurch

There is a line from Harry Potter that I always thought summed up computer security perfectly:

Quote:

The Prime Minister gazed hopelessly at the pair of them for a moment, then the words he had fought to suppress all evening burst from him at last.
“But for heaven’s sake — you’re wizards! You can do magic! Surely you can sort out — well — anything!”
Scrimgeour turned slowly on the spot and exchanged an incredulous look with Fudge, who really did manage a smile this time as he said kindly, “The trouble is, the other side can do magic too, Prime Minister.”

From Harry Potter and the Half-Blood Prince, Chapter 1 - "The Other Minister"

No matter how many very smart, very talented people and money we throw at solving the problem of electronic voting. There will always be very smart, very talented people and money thrown at hacking that electronic voting system. They don't even have to own the whole system, just enough to get the desired outcome. The ROI is too high and the bar for success is very low.

[jimbob]

Originally Posted by psionl0

Good questions.

If blocks were added to the chain at the bitcoin rate of one every 10 minutes then depending on how many votes were stored in a block, we could be looking at years to build the complete chain and this would be totally unacceptable. If there were (say) one blockchain for each electoral district then that would solve the time problem.

A 51% attack would make it possible for votes to be prevented from being added to the block chain. I don't really have a satisfactory answer to this ATM (but see below). I guess that this is like the originating computer malware problem.

At the end of the day, if individuals examine the blockchain and find that their vote is missing or incorrect then they would need an avenue to complain and have action taken.


Yes, I described the "proof of work" model which can be considered a competitive model.

The other main method is known as "consensus" (as used in Ripple and Stellar). This can be considered a cooperative model. In this system, each node goes through several rounds of voting to decide which electoral votes get added to a block. If an electoral vote misses out then it gets considered for the next block.

Since it takes a matter of seconds to add a new block to the chain and there is no limit to how many electoral votes can be included (other than the time restraint) the time to complete the blockchain is considerably reduced.

I am not aware of any weaknesses in this system (but there are probably some).

If the electronic systems are subverted, what is to stop them adding a few votes from people who didn't bother to vote?

Such people are unlikely to check that their vote hadn't been cast. Adding say, 2% to one side across the nation would probably be quite effective and pretty hard to detect.

If you just wanted chaos, then you could be more overt. Spear phishing would also be viable.

The attacks would not be where the system is strong, they would be where it is weak.

[psionl0]

Originally Posted by jimbob

If the electronic systems are subverted, what is to stop them adding a few votes from people who didn't bother to vote?

It's the same reason why somebody can't spend money from somebody else's bitcoin wallet.

Each wallet or voting card holder had a private key and a public key. Whenever they do a transaction or a vote, they have to digitally "sign" the transaction/vote using their private key. Anybody who knows the public key may determine if the transaction/vote was signed with the correct private key (without knowing what the private key is). If a node finds that the private key is incorrect then the transaction/vote will not get onto the blockchain.

So any vote tampering has to be done on the source computer itself. This is the one that is storing the actual wallet/vote. It is true that if the computer is malware infected then it could do a vote without the human's input. Bitcoin users are constantly warned not to leave unsecured wallets stored on their computers for this reason.

[jimbob]

Originally Posted by psionl0

It's the same reason why somebody can't spend money from somebody else's bitcoin wallet.

Each wallet or voting card holder had a private key and a public key. Whenever they do a transaction or a vote, they have to digitally "sign" the transaction/vote using their private key. Anybody who knows the public key may determine if the transaction/vote was signed with the correct private key (without knowing what the private key is). If a node finds that the private key is incorrect then the transaction/vote will not get onto the blockchain.

So any vote tampering has to be done on the source computer itself. This is the one that is storing the actual wallet/vote. It is true that if the computer is malware infected then it could do a vote without the human's input. Bitcoin users are constantly warned not to leave unsecured wallets stored on their computers for this reason.

We are talking about state-level interference in an election. Malware would be used in such a situation.

The public signature only tells you that the private key agrees with the signature. What is to stop a compromised system from creating voters that only exist in their database, and all of whom have valid public keys?



Of course that might happen in ion the UK, but what happens in that system? You get a load of aliases, and go in person to vote. There are a few hundred voters for each polling station - say 2000 for a large polling station. By the time you have voted three or four times, the people in the polling station will be getting a bit suspicious. And you have only cast three or four votes.

[psionl0]

Originally Posted by jimbob

What is to stop a compromised system from creating voters that only exist in their database, and all of whom have valid public keys?

It's not like bitcoin where you can create a new wallet at the click of a button. Part of the validation process would include verifying that the public key is the same as that assigned to the voter by the electoral office (yes, I know that the electoral office is likely to cut corners).

The only thing that can be done is to steal a person's vote and that is only possible if the computer is infected or doesn't have enough security against spyware.

[Mongrel]

Originally Posted by psionl0

It's the same reason why somebody can't spend money from somebody else's bitcoin wallet.

Which would be fine if you didn't see so many stories about peoples wallets being compromised.
http://fortune.com/2018/02/14/bitcoi...-wallet-hack/#
http://www.itpro.co.uk/digital-curre...sh-15-year-old
https://www.digitaltrends.com/comput...mcafee-wallet/
https://cryptodaily.co.uk/2018/08/ha...-bitcoin-hack/

There are many more, that was just from the first page of a Google search but to say blockchain is totally secure is naive\optimistic\foolish (pick whichever apply)

From that last article;

Quote:

Bitcoin hacks are seemingly more and more sophisticated by the day. I see it like this, for every ‘level up’ the technology industry reaches, the criminal underworld seem to get a multiplier and level up twice as fast. Hackers are always two steps ahead of the game.

.

Originally Posted by psionl0

So any vote tampering has to be done on the source computer itself. This is the one that is storing the actual wallet/vote. It is true that if the computer is malware infected then it could do a vote without the human's input. Bitcoin users are constantly warned not to leave unsecured wallets stored on their computers for this reason.

Don't forget sometimes, no matter how much you've protected your system, you can get infected by Malware. As with most aspects of security all you can do is have a 'best practice' to reduce the chances of infection, the security companies are mostly reactive and have to wait for the more 'innovative' attacks before they can work out how to stop them.

https://www.theregister.co.uk/2018/0..._their_intent/
https://www.theregister.co.uk/2018/0...twork_malware/ (This is the scary one)

So people who have real reasons (money) to protect their wallets still have sub-optimal practices and lose control of their wallets. Handwaving away a $23.6 billion industry to make your idea feasible means your idea probably isn't feasible.
Some people on this forum have gone through a process of "How can I stop getting malware infections" and opted to go the Mac route rather than go through the hassle of protecting their PC.
Oh, I use my Mother as a metric for "User" and find the expected competence level for "Oh, you've just got to make sure X happens" is worryingly high.

[Upchurch]

Originally Posted by psionl0

Part of the validation process would include verifying that the public key is the same as that assigned to the voter by the electoral office (yes, I know that the electoral office is likely to cut corners).

Or it can be compromised. Or it can be spoofed. Or any other number of attack vectors.

Originally Posted by psionl0

The only thing that can be done is to steal a person's vote and that is only possible if the computer is infected or doesn't have enough security against spyware.

Or is phished. Or is tricked into a spoofed system. Or any other number of attack vectors.

[jimbob]

Originally Posted by psionl0

It's not like bitcoin where you can create a new wallet at the click of a button. Part of the validation process would include verifying that the public key is the same as that assigned to the voter by the electoral office (yes, I know that the electoral office is likely to cut corners).

The only thing that can be done is to steal a person's vote and that is only possible if the computer is infected or doesn't have enough security against spyware.

Yes and how does that prevent a compromised electoral office system creating phantom voters?

[WilliamSeger]

Originally Posted by psionl0

It's not like bitcoin where you can create a new wallet at the click of a button. Part of the validation process would include verifying that the public key is the same as that assigned to the voter by the electoral office (yes, I know that the electoral office is likely to cut corners).

The only thing that can be done is to steal a person's vote and that is only possible if the computer is infected or doesn't have enough security against spyware.

No, the easiest way to steal votes would be to trick voters into logging in to a bogus system to vote.

ETA: and even if that were the "only possible" way, it would be enough to disqualify such a system.

[Leftus]

Originally Posted by WilliamSeger

No, the easiest way to steal votes would be to trick voters into logging in to a bogus system to vote.

ETA: and even if that were the "only possible" way, it would be enough to disqualify such a system.

Steal their IDs, register to vote for them. Given the low turnout, most of them won't even notice. Most of that data is already out there. See the Equifax breach for an example.

[Upchurch]

Originally Posted by Leftus

Steal their IDs, register to vote for them. Given the low turnout, most of them won't even notice. Most of that data is already out there. See the Equifax breach for an example.

And, just to head off the obvious counter argument, yes, you could do this with paper voting as well. The problem is, you need far more people to pull it off. If one guy keeps getting back into line to vote over and over, poll workers are probably going to pick up on it.

Online, all you need is one person with a botnet to do the thing.

[WilliamSeger]

Originally Posted by Upchurch

And, just to head off the obvious counter argument, yes, you could do this with paper voting as well. The problem is, you need far more people to pull it off. If one guy keeps getting back into line to vote over and over, poll workers are probably going to pick up on it.

Online, all you need is one person with a botnet to do the thing.

… with virtually no chance of ever being arrested. There has to be a high risk from cheating or many will attempt it.

[psionl0]

Originally Posted by jimbob

Yes and how does that prevent a compromised electoral office system creating phantom voters?

Administrative weaknesses are a separate issue to the question of technical feasibility.

Originally Posted by WilliamSeger

No, the easiest way to steal votes would be to trick voters into logging in to a bogus system to vote.

You are clearly posting about a completely different system of electronic voting.

[jimbob]

Originally Posted by psionl0

Administrative weaknesses are a separate issue to the question of technical feasibility.


You are clearly posting about a completely different system of electronic voting.

No they are not a separate issue, when such a weakness would not be a significant problem with the alternative due to the massive manpower that would be needed on the day to significantly exploit such a compromised electoral register.

[Upchurch]

Originally Posted by psionl0

Administrative weaknesses are a separate issue to the question of technical feasibility.

Technical feasibility is trivial, if you don't care about technical weaknesses.

Originally Posted by psionl0

You are clearly posting about a completely different system of electronic voting.

Spoofing. WilliamSeger is talking about spoofing.

[jimbob]

Originally Posted by Upchurch

Technical feasibility is trivial, if you don't care about technical weaknesses.



Spoofing. WilliamSeger is talking about spoofing.

Yes, our systems are robust as long as bad actors avoid attacking their weak points.

[phunk]

Originally Posted by psionl0

You are clearly posting about a completely different system of electronic voting.

Not really. To use the system you propose, people need to get registered with the system to get their keys. Phishing attacks can steal votes at that time by getting people to register with a fake system, then using their stolen info to register with the real one.

[jimbob]

I am sure that blockchain is very elegant and with many useful applications. However it only addresses one aspect of the requirements for a suitable voting system.

[Upchurch]

Hell, if we don't care about security, Survey Monkey is a technically feasible method of national online voting. We could have it ready in an hour or so, depending on how you feel about typos.

[LSSBB]

Originally Posted by jimbob

I am sure that blockchain is very elegant and with many useful applications. However it only addresses one aspect of the requirements for a suitable voting system.

I can put a turbo on my lawn tractor.

It's still a lawn tractor.

[jimbob]

Originally Posted by Upchurch

Technical feasibility is trivial, if you don't care about technical weaknesses.



Spoofing. WilliamSeger is talking about spoofing.

Originally Posted by phunk

Not really. To use the system you propose, people need to get registered with the system to get their keys. Phishing attacks can steal votes at that time by getting people to register with a fake system, then using their stolen info to register with the real one.

And that is only one approach, albeit the one that requires almost zero technical knowledge of the system implementation.

If you have the resources, or are, say the people running the election, then a blockchain system is easy to set up to give the "desired" results with little chance of detection.

Paper elections can be monitored by independent observers.