Conversation

Notices

1. Embed this notice
   Matt Blaze (mattblaze@federate.social)'s status on Thursday, 30-Mar-2023 09:09:40 JST Matt Blaze

   • ✨Yael Grauer ✨

   Piece by @yaelwrites on how "Democracy Live", a peddler of discredited Internet voting systems, has attempted to buy credibility by laundering paid-for endorsements of its inherently untrustworthy products through universities.
   https://cyberscoop.com/democracy-live-research-online-voting/

   • Embed this notice
     Matt Blaze (mattblaze@federate.social)'s status on Thursday, 30-Mar-2023 09:09:35 JST Matt Blaze

     in reply to

     • Brian Honan

     @brianhonan

     1. I posted a very useful link that discusses online voting in depth.

     2. The fact that some country is doing something doesn't mean that it's possible to do it securely.

     clacke likes this.
   • Embed this notice
     Brian Honan (brianhonan@mastodon.social)'s status on Thursday, 30-Mar-2023 09:09:36 JST Brian Honan

     in reply to

     @mattblaze Is this a technical issue or concerns over the voting process? Estonia for example has been voting online for years

   • Embed this notice
     Matt Blaze (mattblaze@federate.social)'s status on Thursday, 30-Mar-2023 09:09:37 JST Matt Blaze

     in reply to

     It would be great if we could safely vote online. Not only would it be convenient, it would also mean that a whole bunch of longstanding, very important, extremely difficult computer science problems had been solved. which would make all sorts of useful-but-currently-impossible things beyond voting possible, too.

     But unfortunately, those problems haven't been solved (and may well never be). So we can't. Sorry.

   • Embed this notice
     Matt Blaze (mattblaze@federate.social)'s status on Thursday, 30-Mar-2023 09:09:38 JST Matt Blaze

     in reply to

     Just to be clear, experts (who disagree about all sorts of things) are virtually unanimous that online voting is inherently too risky and untrustworthy for use in US civil elections. It is well beyond possible with the state of the art, and would require several fundamental breakthroughs in computer science before we could even try it. See, for a good discussion, the National Academies "Securing the Vote" consensus study, which is unequivocal about this. https://nap.nationalacademies.org/catalog/25120/securing-the-vote-protecting-american-democracy

   • Embed this notice
     Matt Blaze (mattblaze@federate.social)'s status on Thursday, 30-Mar-2023 09:10:37 JST Matt Blaze

     in reply to

     • Mike, you know -that- Mike.
     • Brian Honan

     @brianhonan @mikeylikestech lotteries have different requirements and consequences than elections, and there is a rich history of fraud in lotteries in any case. Also, the essential aspect of state lotteries - the selection of the random numbers- is based on an in-person, physical process that doesn’t involve computers (which, because of other fundamental limitations, are inherently poor random number generators).

     clacke likes this.
   • Embed this notice
     Mike, you know -that- Mike. (mikeylikestech@infosec.exchange)'s status on Thursday, 30-Mar-2023 09:10:40 JST Mike, you know -that- Mike.

     in reply to

     • Brian Honan

     @mattblaze @brianhonan

     At least 40 states operate lotteries involving little trust worthy computers installed in every quickymart.

     It’s already rigged for scantron forms and barcodes. Update the scanner to read drivers licenses.

     I don’t trust lottomatoca, but they do have the foundation to turn every gas station into a polling place.

   • Embed this notice
     Brian Honan (brianhonan@mastodon.social)'s status on Thursday, 30-Mar-2023 09:10:41 JST Brian Honan

     in reply to

     @mattblaze Thanks,

     So my interpretation of that paper is the US electoral system being decentralised relying on states and counties to manage, and the lack of a digital IDs (as in Estonia) makes Internet voting a non-runner for the US.

     But I didn't see any major technical roadblocks

     So if the above issues were addressed then Internet voting could be an option

   • Embed this notice
     Matt Blaze (mattblaze@federate.social)'s status on Thursday, 30-Mar-2023 09:10:41 JST Matt Blaze

     in reply to

     • Brian Honan

     @brianhonan that’s one of the problems. Other problems include how do you know that the software on the voters’ devices is correctly reporting their vote to the server? How do you assure against malware running on the voters’ devices altering their votes? How do you do a convincing recount or audit in the event of an error or dispute? How do you know the person voting with someone’s credentials is actually the person assigned the credentials?

     Etc.

     All hard, unsolved problems.

   • Embed this notice
     PeoriaBummer (peoriabummer@infosec.exchange)'s status on Thursday, 30-Mar-2023 09:10:54 JST PeoriaBummer

     in reply to

     • Mike, you know -that- Mike.
     • Brian Honan

     @mattblaze @brianhonan @mikeylikestech Sure, you’ve worked on this professionally for years, but have you considered some guy on the internet doesn’t agree?

     clacke likes this.
   • Embed this notice
     Matt Blaze (mattblaze@federate.social)'s status on Thursday, 30-Mar-2023 09:10:55 JST Matt Blaze

     in reply to

     • Mike, you know -that- Mike.
     • Brian Honan

     @brianhonan @mikeylikestech I guess I just don’t understand elections, security, or large scale systems well enough for my imagination to see past all the problems and requirements.

   • Embed this notice
     Mike, you know -that- Mike. (mikeylikestech@infosec.exchange)'s status on Thursday, 30-Mar-2023 09:10:56 JST Mike, you know -that- Mike.

     in reply to

     • Brian Honan

     @mattblaze @brianhonan

     Wow, that ball picker just took your imagination away from looking at the infrastructure.

     Yes, the process is different - but all the audit controls are there.