Smart Voting

AndrewJRenko

GreeBo wrote: »

You would get randomly assigned an address, you dont have to share that with anyone any more than you have to share your pin code.
Better still is that you can give a false address and no one can prove thats not your address, with a pin code they can march you to an ATM to confirm.
BTW there is no link between your address and your real-life identify other than what you choose to store.

How would you be notified of your assigned address? Email or in an app or other? Whatever channel you choose, that channel ABSOLUTELY HAS a link between your address and your real life identity.


That facilitates a macro-level breach of ballot security - that Government or hackers or whoever can see the voting history of the entire country.


It also facilitates personal breaches of ballot security - forced voting or vote selling.

GreeBo wrote: »

I'm not crying foul at all, I'm merely pointing out that we are essentially discussing a thought experiment and some of you are dismissing it as impossible because I don't have a 500 page dossier on how it would all work. If you expect me to have answers of the quality that someone would pay millions of euro for, then I'm afraid you are going to have to agree to pay me the mlllions of Euro first.
In your own words you "Was being a bit of a dick "
I'm not here to answer your every question while you act the dick. If you are not willing to engage in an adult conversation about a topic, then either stop posting or I will just stop reading your posts.

It would be helpful if you built some basic knowledge about the current system before your 'thought experiment'. Without this basic knowledge, you have a solution looking for a problem.

xckjoo

GreeBo wrote: »

You would get randomly assigned an address, you dont have to share that with anyone any more than you have to share your pin code.
Better still is that you can give a false address and no one can prove thats not your address, with a pin code they can march you to an ATM to confirm.
BTW there is no link between your address and your real-life identify other than what you choose to store.

You must be provided your key in some form to verify your vote. Email, onscreen, fax, whatever. That key is therefore demonstrably tied to you. They don't have to take your word for it. In your ATM example its the same as them getting the card and pin. You are the card and the pin is the key.

GreeBo wrote: »

How is the man-in-the-middle accessing the system that gives out the keys?
They would want to be very sophisticated to launch an attack when the vote details would only be given out once voting starts. They would also have to somehow get access to the list of valid addresses in advance to give them to voters. This list would be generated just prior to the vote opening. Finally they would have to also hack into the network to somehow supply the key to the voters device.

Well you (understandably) haven't explained the network implementation so it's not really possible to debate the potential security of it. Suffice is to say that everything is secure until it isn't. Disagree if you want but it's better to work under the assumption that everything is breakable.

GreeBo wrote: »

I think its a flaw that you cant verify your own vote.

You might think that but it doesn't make it true. It's actually something that caused significant issues over the years and there's a very good reason you can't verify your own vote (hint: duress)

GreeBo wrote: »

Where have I insisted that I have a perfect solution??
People are arguing with me about the possibilities and I'm arguing back. Is that not what a discussion amounts to?
I'm not crying foul at all, I'm merely pointing out that we are essentially discussing a thought experiment and some of you are dismissing it as impossible because I don't have a 500 page dossier on how it would all work. If you expect me to have answers of the quality that someone would pay millions of euro for, then I'm afraid you are going to have to agree to pay me the mlllions of Euro first.
In your own words you "Was being a bit of a dick "I'm not here to answer your every question while you act the dick. If you are not willing to engage in an adult conversation about a topic, then either stop posting or I will just stop reading your posts.

You mean my "Reason for edit"? I took out the dickish language and kept it neutral. I'll try and tone it down a bit more if that'll help. If you can point me towards anything I said that crossed the line into dickishness I'll recant it.

Stop reading if it's upsetting you but a few lines above this you're commending yourself on arguing your corner but every time someone points out a flaw you get uber defensive and now you're trying to paint me as some jerk picking on you.

GreeBo wrote: »

I ignored that user months ago so haven't see anything he has posted in this thread.

That might explain some things you missed in this thread. Fair enough but you're only creating your own echo chamber. I disagree with Andrew a lot but just skip past those posts and let them go. I don't think I'll be meeting him for a pint anytime soon but he usually backs up his opinions, even if I disagree with them.




Anyway. Last time I post on this. I did 30s research and found this article on an existing trial. If I had more time I'd follow up a few of the names mentioned but I think I've sank enough into this.

GreeBo

xckjoo wrote: »

You must be provided your key in some form to verify your vote. Email, onscreen, fax, whatever. That key is therefore demonstrably tied to you. They don't have to take your word for it. In your ATM example its the same as them getting the card and pin. You are the card and the pin is the key.

Depends on how you defined "tied to you".
If I tell you a passphrase, is that tied to you? Can anyone else get that phrase from you and be sure they got the correct phrase?
They have to take your word as they have no way of confirming the data you give them, any more so in the passphrase example.

Well you (understandably) haven't explained the network implementation so it's not really possible to debate the potential security of it. Suffice is to say that everything is secure until it isn't. Disagree if you want but it's better to work under the assumption that everything is breakable.

When you say network, are you talking about he blockchain or the network that's supporting it/operating it?
We have secure networks at the moment, I dont think thats the issue. Short lived networks would be very difficult to hack, you just wouldn't have the time.

You might think that but it doesn't make it true. It's actually something that caused significant issues over the years and there's a very good reason you can't verify your own vote (hint: duress)

Which is only an issue if someone else can force you to identify your vote, which in "my system" wouldn't be an issue as it wouldn't be possible.
If you can't be forced to reveal your actual vote then giving every voter the ability to verify their own vote would massively increase the support and belief in the system.

Stop reading if it's upsetting you but a few lines above this you're commending yourself on arguing your corner but every time someone points out a flaw you get uber defensive and now you're trying to paint me as some jerk picking on you.

Its not "upsetting" me, I'm merely pointing out that you are forcing me to defend myself as if I'm asking you for 100K on Dragons Den when I'm clearly not and have never tried to represent myself as such. I've literally never thought about this until my first post on the thread.

I'm not getting "uber" defensive, I'm just replying to your comments with answers. If you expect me to just stop replying and "give in" even if I think I have answers then you are very mistaken.

That might explain some things you missed in this thread. Fair enough but you're only creating your own echo chamber. I disagree with Andrew a lot but just skip past those posts and let them go. I don't think I'll be meeting him for a pint anytime soon but he usually backs up his opinions, even if I disagree with them.

Its not an echo chamber, I'm specifically replying to the points you and others raise. I'd argue that I'm backing up my opinions but somehow when I do it Im being "uber defensive"?

Anyway. Last time I post on this. I did 30s research and found this article on an existing trial. If I had more time I'd follow up a few of the names mentioned but I think I've sank enough into this.

https://followmyvote.com/blockchain-voting-the-end-to-end-process/
Looks like I wont be running to the patent office anytime soon!

AndrewJRenko

GreeBo wrote: »

Which is only an issue if someone else can force you to identify your vote, which in "my system" wouldn't be an issue as it wouldn't be possible.
If you can't be forced to reveal your actual vote then giving every voter the ability to verify their own vote would massively increase the support and belief in the system.

So how exactly do you allow the user to identify their vote in a way that ensures that they can't be forced to reveal the vote to someone else?

xckjoo

GreeBo wrote: »

Depends on how you defined "tied to you".
If I tell you a passphrase, is that tied to you? Can anyone else get that phrase from you and be sure they got the correct phrase?
They have to take your word as they have no way of confirming the data you give them, any more so in the passphrase example.

In Andrews words (since you've blocked him)

So how exactly do you allow the user to identify their vote in a way that ensures that they can't be forced to reveal the vote to someone else?

GreeBo wrote: »

Its not "upsetting" me, I'm merely pointing out that you are forcing me to defend myself as if I'm asking you for 100K on Dragons Den when I'm clearly not and have never tried to represent myself as such. I've literally never thought about this until my first post on the thread.

That shows and it's not really an issue except you've steadfastly refused to accept and criticism of the idea or shown any desire to understand the minutiae of the electoral system. Maybe most of that was in Andrews posts that you aren't seeing. If it is then that makes more sense since he provided a lot of that side of things and I assumed you read it.

GreeBo wrote: »

I'm not getting "uber" defensive, I'm just replying to your comments with answers. If you expect me to just stop replying and "give in" even if I think I have answers then you are very mistaken.


Its not an echo chamber, I'm specifically replying to the points you and others raise. I'd argue that I'm backing up my opinions but somehow when I do it Im being "uber defensive"?



https://followmyvote.com/blockchain-voting-the-end-to-end-process/
Looks like I wont be running to the patent office anytime soon!

Well you said I was being a dick and that you'd probably block or stop reading my posts soon so hardly the mark of someone open to other ideas. Nor have you attempted to understand what the potential issues might be apart from that you don't think that they should be issues.
Did you read the article I posted a link to? It's only a news article but it looks at an actual test run of such a system and outlines some criticisms or potential pitfalls.

GreeBo

xckjoo wrote: »

In Andrews words (since you've blocked him)

I know my address so I can check my vote. No one else knows my address so no one else can check my vote.
No one can confirm my address as its not linked to me.

That shows and it's not really an issue except you've steadfastly refused to accept and criticism of the idea or shown any desire to understand the minutiae of the electoral system. Maybe most of that was in Andrews posts that you aren't seeing. If it is then that makes more sense since he provided a lot of that side of things and I assumed you read it.

I'll accept criticism, again this is something I have literally never thought of before this thread popped into my feed. Im not involved in this in any way, so frankly could care less, I'm purely here for discussing the idea and thrashing it out, devils advocate but on the side of supporting smart voting rather than against it.

The only minutiae that seems to keep coming up is protecting your vote, to which I have given the same answer over and over, so I dont really know what else I can say over and above what I put in the start of this reply...?

Well you said I was being a dick and that you'd probably block or stop reading my posts soon so hardly the mark of someone open to other ideas.

Im perfectly open to other ideas, but I'm not going to engage with someone who, in your own words remember, is being a dick. Why on earth would I/

Nor have you attempted to understand what the potential issues might be apart from that you don't think that they should be issues.

I have taken on board every potential issue, you seem to think that me giving an answer is me failing to understand. What issue(s) have I not given a response on? Im not saying "oh dont worry about that, its not an issue" I have said "thats not an issue because of X feature of smart voting".
Whats the point in asking me questions if you are going to have an issue with me answering them?

Its like unless I say "oh gosh, you guys are totally right, this idea is idiotic and has no merit" I'm somehow not listening to you?
If it was such an idea then there wouldnt be a number of companies offering it and it wouldnt be being used (at more than POC scale) today.

Did you read the article I posted a link to? It's only a news article but it looks at an actual test run of such a system and outlines some criticisms or potential pitfalls.

Yep I did, did you?
2 Counties in West Virginia used the system in the 2018 Primary Elections.

That has no expanded to 24 counties in West Virginia in the upcoming Mid Term elections. To me that would be an endorsement of the idea but you are taking it as a negative somehow?

AndrewJRenko

GreeBo wrote: »

I know my address so I can check my vote. No one else knows my address so no one else can check my vote.
No one can confirm my address as its not linked to me.

How exactly was your address communicate to you?

GreeBo wrote: »

but on the side of supporting smart voting rather than against it.

That's where I started out too, until I actually started looking into it.

GreeBo wrote: »

Yep I did, did you?
2 Counties in West Virginia used the system in the 2018 Primary Elections.

That has no expanded to 24 counties in West Virginia in the upcoming Mid Term elections. To me that would be an endorsement of the idea but you are taking it as a negative somehow?

Use of any kind of eVoting system in the USA is not an endorsement of the integrity of those systems. They've been using dodgy systems for a generation. Follow this journalist on Twitter to get a feel for the huge scope of problems with current systems.

https://twitter.com/jennycohn1

Capt'n Midnight

For evoting would you use a web page or an app ?
If a web page then you are exposed to browser vulnerabilities.
If an app then you need Android, IOS, Windows and various versions and lots of attach surface.

And phishing is a thing too, and fake apps.


Lets pretend for a minute that evoting from a phone isn't a really bad idea.

It's trivial to take someone's identity.
https://www.bbc.com/news/business-46047714

Undercover filming revealed that O2 and Vodafone employees are bypassing basic ID checks and handing over replacement Sim cards to potential criminals.

Thanks to megapixel cameras and selfies lots of fingerprints have been downloaded off the net. So fingerprints aren't a guarantee either.

For Forks Sake

Capt'n Midnight

GreeBo wrote: »

If someone forces you to show your details you can pick any address that satisfies what they are looking for and they cant prove that its not yours, so trying to coerce a vote would kinda be pointless.

You have to be sure you don't pick an address of someone else they are coercing .

In reality if there are 15 candidates then there are 1,307,674,368,000 different ways to vote. Good look finding a matching address.

GreeBo

Capt'n Midnight wrote: »

For evoting would you use a web page or an app ?
If a web page then you are exposed to browser vulnerabilities.
If an app then you need Android, IOS, Windows and various versions and lots of attach surface.

Personally I'd probably use an app, but you can make secure webpages too.

And phishing is a thing too, and fake apps.

Indeed, but they are but I dont see how they are relevant.
A fake app isnt going to be able to add a vote to the blockchain, so would be useless.
What would they phish? The app/page is up for the duration of the vote.

Lets pretend for a minute that evoting from a phone isn't a really bad idea.

How very generous of you, care to explain why or you just going to throw that out there?

It's trivial to take someone's identity.
https://www.bbc.com/news/business-46047714

Thanks to megapixel cameras and selfies lots of fingerprints have been downloaded off the net. So fingerprints aren't a guarantee either.

Again, I dont disagree, but you are still missing the point I have made over and over again. If someone, somehow steals your vote, you know about it and can do something about it. Unlike today where you wouldnt even know.

GreeBo

For Forks Sake wrote: »

Capt'n Midnight wrote: »

You have to be sure you don't pick an address of someone else they are coercing .

You think they are going to track the address of everyone?

In reality if there are 15 candidates then there are 1,307,674,368,000 different ways to vote. Good look finding a matching address.

So in your first point I have to worry about a collisions but in your second point a collision is highly unlikely? That seems convenient?

The number of addresses is pretty much irrelevant, I'm not looking for a specific address, I'm looking for a specific value at any address, of which there are only 15 in your example. So I need to find 15 addresses that have the 15 values Im looking for. If its that or a bullet in the head, I'll probably spend the 30 mins to find the addresses.

AndrewJRenko

GreeBo wrote: »

You think they are going to track the address of everyone?

Someone is tracking the address of everyone. Someone, or some system, has the list of people and addresses. That is a fatal flaw in your proposal, as it ties the person to their vote.

xckjoo

GreeBo wrote: »

Personally I'd probably use an app, but you can make secure webpages too.

Ok. Lets just focus on the app idea for a second, but it's equally as applicable to webpages. We'll even ignore the glaring risk of being forced to cast the vote in front of the coercer.

So you open the app and login in some way. First it needs to ensure that you are who you say you are. Lets keep things simple and say it's a biometric identification such as fingerprint. So you login and cast your vote. Now you need to be able to verify that vote was cast in the way you want it (for the right person or whatever). So either it 1) shows you the vote when you login or 2) gives you a key that you can then input into a website that'll pull up the vote. Is there a third I'm missing? With either of those approaches your vote is now intrinsically tied to your identity, which is a problem.

Now lets think about if you're being forced to vote in a certain way by bad men. Maybe they're threatening your family. Maybe they're just threatening you if you're not too worried about your family. If you don't give them your key as proof, they're going to do bad man stuff to you and yours. Do you think they'd just be happy with you telling them what the key is or scribbling it down on paper? They'd want to see it in original form. Either 1) you logging back into the app and showing them, or 2) you showing them the key as it was given to you in its original form. Even if it's just displayed onscreen after you cast the vote, they can insist you keep the app open on the screen until they see it. Even a screenshot would be enough. Don't provide it in its original form and it's bye-bye mammy and daddy Geebo. Now how do you fake it? And that's if you ignore all the glaring issues to get you that far.





Is the issue here that you don't think being coerced into voting is really a problem that needs to be considered?

AndrewJRenko

xckjoo wrote: »

Is the issue here that you don't think being coerced into voting is really a problem that needs to be considered?

I've heard the claim that coercion voting and vote selling isn't a problem in Ireland so we don't need to worry about preventing it.


That's a bit like saying that polio isn't a problem so we don't need to worry about vaccinating against it.


The reason why we don't have a problem with coercion voting and vote selling is because the current system with the individual polling booth prevents it.

GreeBo

xckjoo wrote: »

Ok. Lets just focus on the app idea for a second, but it's equally as applicable to webpages. We'll even ignore the glaring risk of being forced to cast the vote in front of the coercer.

So you open the app and login in some way. First it needs to ensure that you are who you say you are. Lets keep things simple and say it's a biometric identification such as fingerprint. So you login and cast your vote. Now you need to be able to verify that vote was cast in the way you want it (for the right person or whatever). So either it 1) shows you the vote when you login or 2) gives you a key that you can then input into a website that'll pull up the vote. Is there a third I'm missing? With either of those approaches your vote is now intrinsically tied to your identity, which is a problem.

So why do you *have* to be able to verify it?
If your whole issue is that you could, lets say you couldn't do it once you log/time out.
Does that address your issue?

If you happen to remember your address you can go view it and confirm it, if you dont you can't.

Now lets think about if you're being forced to vote in a certain way by bad men. Maybe they're threatening your family. Maybe they're just threatening you if you're not too worried about your family. If you don't give them your key as proof, they're going to do bad man stuff to you and yours. Do you think they'd just be happy with you telling them what the key is or scribbling it down on paper? They'd want to see it in original form. Either 1) you logging back into the app and showing them, or 2) you showing them the key as it was given to you in its original form. Even if it's just displayed onscreen after you cast the vote, they can insist you keep the app open on the screen until they see it. Even a screenshot would be enough. Don't provide it in its original form and it's bye-bye mammy and daddy Geebo. Now how do you fake it? And that's if you ignore all the glaring issues to get you that far.

So lets say your address is never shown to you and you cant verify after the act of voting completes.
You login, are assigned a random address and cast your vote. Your vote is added to the blockchain and is there forever more, but you cant verify it after your vote completes.

See below for the main point on this.

Is the issue here that you don't think being coerced into voting is really a problem that needs to be considered?

I guess the issue is that I dont see a marginal difference in the issues being faced today.
Someone can force me to take a photo of my ballot paper and its bye-bye mammy and daddy if I dont. How do I fake that?
Why is it suddenly different when its smart voting?

Saying "oh but the law says you cant take a photo" is nonsense. How about the law says you cant take a screenshot of your electronic vote too. Problem solved?

I'd argue that you could have as much influence on a vote today as you could with "smart voting", based on the issues you point out above.
e.g. how many votes can you change if you have to be standing in front of someone while they vote?
Its fewer than if you just force a number of people to record their completed ballot paper.

xckjoo

GreeBo wrote: »

So why do you *have* to be able to verify it?
If your whole issue is that you could, lets say you couldn't do it once you log/time out.
Does that address your issue?

If you happen to remember your address you can go view it and confirm it, if you dont you can't.

.....
But that's one of the main features you were touting as being an advantage in this system! And without it the system is completely un-auditable no? Off the top of my head I can't think of any way you'd be able to verify that there's no shady dealings going on. The outcome could literally have been preset and we'd have no way of knowing.

GreeBo wrote: »

So lets say your address is never shown to you and you cant verify after the act of voting completes.
You login, are assigned a random address and cast your vote. Your vote is added to the blockchain and is there forever more, but you cant verify it after your vote completes.

See below for the main point on this.


I guess the issue is that I dont see a marginal difference in the issues being faced today.
Someone can force me to take a photo of my ballot paper and its bye-bye mammy and daddy if I dont. How do I fake that?
Why is it suddenly different when its smart voting?

Saying "oh but the law says you cant take a photo" is nonsense. How about the law says you cant take a screenshot of your electronic vote too. Problem solved?

I'd argue that you could have as much influence on a vote today as you could with "smart voting", based on the issues you point out above.
e.g. how many votes can you change if you have to be standing in front of someone while they vote?
Its fewer than if you just force a number of people to record their completed ballot paper.

I know you don't understand the difference but it has been explained to you repeatedly and you don't seem to have made any attempt to understand it. Were they all in Andrews posts? I'm not going near explaining the current system to you again as it seems to be a waste of time. I'm starting to feel like I'm arguing colour with a blind person.

Try this angle. Take your argument about the current security as a given. But your system offers no improvement over it. But now you're in the digital domain instead of the analog and everything is faster and more efficient, including the corruption of it. If a huge chunk of the country is in the polling booth (never personally encountered a curtained booth or even separate room) is taking photos of their ballots, someone somewhere is going to flag it. Not if they're doing it from their phones though. Do you think all those people employed at the polling station are just there to smile and hand out paper?

GreeBo

xckjoo wrote: »

.....
But that's one of the main features you were touting as being an advantage in this system! And without it the system is completely un-auditable no? Off the top of my head I can't think of any way you'd be able to verify that there's no shady dealings going on. The outcome could literally have been preset and we'd have no way of knowing.

Well you would have a verification of your vote as it was cast and then it would be gone. No worse than watching your ballot disappear into a box?

I know you don't understand the difference but it has been explained to you repeatedly and you don't seem to have made any attempt to understand it.

No one is explaining it, they just keep telling me its different and I keep saying its not.

Were they all in Andrews posts? I'm not going near explaining the current system to you again as it seems to be a waste of time. I'm starting to feel like I'm arguing colour with a blind person.

I dont need you to current system to me, I need you to explain how the vulnerability you keep telling me is in "my system" isnt in the current one. I've explained numerous times how it is and given examples and the only reply is "oh thats against the law".We are talking about vote fixing, if "the law" is enough to stop it then we dont have a problem in either system.

Try this angle. Take your argument about the current security as a given. But your system offers no improvement over it. But now you're in the digital domain instead of the analog and everything is faster and more efficient, including the corruption of it.

You are ignoring the fact that with the blockchain system the votes cannot be changed once they are confirmed? Thats the main benefit that I would see.
How is the corruption faster and more efficient exactly?

If I threw out such a generic point as that I would like correctly lambasted for it. You are now basically saying "ah sure you can hack anything on a computer" which is a very ignorant, uninformed thing to say, which I dont believe you are.

If a huge chunk of the country is in the polling booth (never personally encountered a curtained booth or even separate room) is taking photos of their ballots, someone somewhere is going to flag it. Not if they're doing it from their phones though. Do you think all those people employed at the polling station are just there to smile and hand out paper?

Well they certainly arent there to confirm voters identities as I've never been asked, but despite another poster bringing that up, you just bypass that issue.
Why is that?

dulpit

GreeBo wrote: »

Well they certainly arent there to confirm voters identities as I've never been asked, but despite another poster bringing that up, you just bypass that issue.
Why is that?

They are, they're supposed to check about 1 in 5 (my mother was a presiding officer for years).

Two things you haven't answered that I can see:
1) The initial providing of details to the populace (address/whatever) - how is this generated, how is it sent?
2) If a flaw was found and targeted in the overall system (blockchain option) - then you can target that one area and the whole system is vulnerable. This is not replicated with the current process, where it strikes me as next to impossible to target the whole election...

AndrewJRenko

GreeBo wrote: »

So why do you *have* to be able to verify it?
If your whole issue is that you could, lets say you couldn't do it once you log/time out.
Does that address your issue?

If you happen to remember your address you can go view it and confirm it, if you dont you can't.

If you can't verify it, how do you know that the vote that you cast is the vote that was saved in the system. If you can verify it (by saving your original address, for example), you can sell your vote or be coerced to vote.

GreeBo wrote: »

I guess the issue is that I dont see a marginal difference in the issues being faced today.
Someone can force me to take a photo of my ballot paper and its bye-bye mammy and daddy if I dont. How do I fake that?
Why is it suddenly different when its smart voting?

Because IF someone did force you to take a photo of your paper vote, you could take a photo, and then change your vote with a bit of scribbling or rubbing out before putting it into the ballot box. It would not be a reliable method of coercion, unlike your proposed system.

GreeBo wrote: »

Saying "oh but the law says you cant take a photo" is nonsense. How about the law says you cant take a screenshot of your electronic vote too. Problem solved?

It's not so much the matter of the law. It is the that the photo is not a reliable record of the final vote that goes into the ballot box, so it would be an unreliable method of coercion.

GreeBo wrote: »

I'd argue that you could have as much influence on a vote today as you could with "smart voting", based on the issues you point out above.
e.g. how many votes can you change if you have to be standing in front of someone while they vote?
Its fewer than if you just force a number of people to record their completed ballot paper.

You can argue what you like, but there is no credible, realistic method to hack any significant number of votes in the current system.


With an electronic system, if the vote can be verified, then it can be sold or coerced. If it can't be verified, we have no way of knowing that the vote cast was the vote recorded.

GreeBo wrote: »

Well you would have a verification of your vote as it was cast and then it would be gone. No worse than watching your ballot disappear into a box?

It is an awful lot worse. The controls around the ballot box are visible, physical, easily understandable to a wide audience. There has never been an incident of significant vote hacking in Ireland.


The controls around a digital ballot box are invisible, ephemeral and depend on people following instructions. The digital vote is ephemeral, and can change without any record or audit.

GreeBo wrote: »

I dont need you to current system to me, I need you to explain how the vulnerability you keep telling me is in "my system" isnt in the current one. I've explained numerous times how it is and given examples and the only reply is "oh thats against the law".We are talking about vote fixing, if "the law" is enough to stop it then we dont have a problem in either system.

There is no method of changing large numbers of votes at the touch of a button in the current paper system.


There are many methods of changing large numbers of votes at the touch of a button in a digital system.

GreeBo wrote: »

You are ignoring the fact that with the blockchain system the votes cannot be changed once they are confirmed? Thats the main benefit that I would see.
How is the corruption faster and more efficient exactly?

How do we know that the vote cast is the vote confirmed? How do we know that the blockchain used to record the votes is the blockchain used to count the votes?



If the vote can't be verified, it can be changed. If the vote can be verified, it can be sold or coerced.

GreeBo wrote: »

If I threw out such a generic point as that I would like correctly lambasted for it. You are now basically saying "ah sure you can hack anything on a computer" which is a very ignorant, uninformed thing to say, which I dont believe you are.

It's not about whether you can hack a vote stored in a blockchain.


It's about how the voter knows that the vote cast IS the vote stored in the blockchain. If you can't verify it, the voter can't have confidence. If you can verify it, you can sell it.

xckjoo

GreeBo wrote: »

Well you would have a verification of your vote as it was cast and then it would be gone. No worse than watching your ballot disappear into a box?

Because there's checks and balances in place in a physical medium that isn't in the digital. I've listed a few before. Others have listed more. Do some reading maybe? Have you done any outside research beyond this thread?

GreeBo wrote: »

No one is explaining it, they just keep telling me its different and I keep saying its not.

I dont need you to current system to me, I need you to explain how the vulnerability you keep telling me is in "my system" isnt in the current one. I've explained numerous times how it is and given examples and the only reply is "oh thats against the law".We are talking about vote fixing, if "the law" is enough to stop it then we dont have a problem in either system.

How do you not see that that statement is a completely contradictory? As I said above, it has been explained, but you either don't accept it or comprehend it. I'm not a civics teacher.
And please show me where I gave the law as a barrier to vote fixing.

GreeBo wrote: »

You are ignoring the fact that with the blockchain system the votes cannot be changed once they are confirmed? Thats the main benefit that I would see.

I'm not ignoring it it's just not an argument. I understand that the blockchain cannot be retroactively changed. But I also hold that true of the current system. You seem to be under the impression that anything can go in the ballot box and anything can come out and there's no checks and balances. There is. Look into because I can't babystep you through it anymore.

GreeBo wrote: »

How is the corruption faster and more efficient exactly?
If I threw out such a generic point as that I would like correctly lambasted for it. You are now basically saying "ah sure you can hack anything on a computer" which is a very ignorant, uninformed thing to say, which I dont believe you are.

I hate to burst your bubble, but everything can be hacked with enough time and effort. Have a look at some cyber security related sites. It might not be the algorithm itself that's broken, but the system supply-chain or just social engineering to gain root access to systems. Doesn't even have to be hacked. Could be DDoSed to a halt. I'm not sure what it would mean to a country if the voting system failed on the day of the election. Or what happens if people claim they tried to vote but the network was down. Are you being denied your constitutional right to vote if you can't access the server(s)?

GreeBo wrote: »

Well they certainly arent there to confirm voters identities as I've never been asked, but despite another poster bringing that up, you just bypass that issue.
Why is that?

Because I was addressing different points..... Come on guy. You're better than that. Are you so out of ideas you need to try the old "but you didn't mention this one other specific point out of millions so you must be afraid of it" line? Weak sauce

On that note, I think we should all have to show ID when voting. I usually shove mine in their face. I never said the current system is perfect, but that doesn't mean we throw it away for one with more potential issues.



Edit: AndrewJRenko posted this retort to taking a photo of your ballot that I had forgotten about. Reposting as I assume you're still blocking him:

Because IF someone did force you to take a photo of your paper vote, you could take a photo, and then change your vote with a bit of scribbling or rubbing out before putting it into the ballot box. It would not be a reliable method of coercion, unlike your proposed system.

It's not so much the matter of the law. It is the that the photo is not a reliable record of the final vote that goes into the ballot box, so it would be an unreliable method of coercion.

GreeBo

dulpit wrote: »

They are, they're supposed to check about 1 in 5 (my mother was a presiding officer for years).

"supposed to".
That's one of the benefits I stated earlier, removing humans from the chain.
I've *never* been asked and Im sure if we took a poll on here I wouldnt be alone.
Checking 1 in 5 doesnt really seem that useful, 80% of your votes could be fraudulent!

Two things you haven't answered that I can see:
1) The initial providing of details to the populace (address/whatever) - how is this generated, how is it sent?

This is probably the most difficult bit to solve, but I think there are things you could do.

If you register your the device you are planning on using ahead of time and then once voting opens the details are pushed to you.
The device could be registered yearly or whatever using the same method as you register to vote today. If you change your device then you register another one, a bit like moving address.

You unlock your device using (say) biometrics and if the voting is open then you get an address pushed to you, otherwise you get nothing.
This would be susceptible to someone being with you when you vote, but I'm not sure the numbers here would be any worse than the 4 in 5 you could have above, or you could have with someone forcing you to vote a certain way and record your ballot paper.

As for them being generated, if you know the number you need (which would be the number of registered voters) then you can generate them in advance and randomly give them out.

2) If a flaw was found and targeted in the overall system (blockchain option) - then you can target that one area and the whole system is vulnerable. This is not replicated with the current process, where it strikes me as next to impossible to target the whole election...

I'm not sure I'm following, but are you saying that if a vulnerability was found in the blockchain implementation then then entire vote would be compromised? If so I guess that's a thought experiment until there is an issue discovered with blockchain (which to my knowledge hasn't happened yet)?

GreeBo

xckjoo wrote: »

Because there's checks and balances in place in a physical medium that isn't in the digital. I've listed a few before. Others have listed more. Do some reading maybe? Have you done any outside research beyond this thread?

Research my thought experiment that I came up with randomly a couple of days ago? Not extensively, no.

Sorry, but why cant you have checks in balances in a digital medium?
If you wanted to, you could audit every single aspect of the vote, but that would link voters to votes, so you might not want to.

How do you not see that that statement is a completely contradictory? As I said above, it has been explained, but you either don't accept it or comprehend it. I'm not a civics teacher.

Because its not. You cant say "your system wont work because of X" if the current system has the same X flaw, otherwise you are saying the current system doesn't work.

And please show me where I gave the law as a barrier to vote fixing.

I didnt say you said that, actually.
"I've explained numerous times how it is and given examples and the only reply is "oh thats against the law""

I'm not ignoring it it's just not an argument. I understand that the blockchain cannot be retroactively changed. But I also hold that true of the current system. You seem to be under the impression that anything can go in the ballot box and anything can come out and there's no checks and balances. There is. Look into because I can't babystep you through it anymore.

You mean other than the 4 out of 5 people who could be impersonating someone else?
It doesnt just have to be manipulated after the vote, if the "wrong" vote is cast then the current system doesnt do squat to fix that.

I hate to burst your bubble, but everything can be hacked with enough time and effort. Have a look at some cyber security related sites. It might not be the algorithm itself that's broken, but the system supply-chain or just social engineering to gain root access to systems. Doesn't even have to be hacked. Could be DDoSed to a halt. I'm not sure what it would mean to a country if the voting system failed on the day of the election. Or what happens if people claim they tried to vote but the network was down. Are you being denied your constitutional right to vote if you can't access the server(s)?

Thanks, but my bubble is intact.
Its very hard to hack a network that is only up for under a day, I mentioned that already.
What social engineering can be used to hack a network that doesn't exist for 364 days a year?

If you couldn't access the network you could always go to a voting centre and vote.

With paper votes what happens if a bunch of them get destroyed, say in a vehicle crash, does that render the result of the vote invalid?

Because I was addressing different points..... Come on guy. You're better than that. Are you so out of ideas you need to try the old "but you didn't mention this one other specific point out of millions so you must be afraid of it" line? Weak sauce

Do I look like I'm out of ideas?!:rolleyes:
"this one specific point" thats a pretty massive gap in the current system yet Im being beaten to death by much smaller points?

On that note, I think we should all have to show ID when voting. I usually shove mine in their face. I never said the current system is perfect, but that doesn't mean we throw it away for one with more potential issues.

But does it have *more* issues? I think that's what we are discussing, I think there are benefits to a newer approach and I guess others do too, which is why its being used in some jurisdictions and there are a number of companies pursuing it.

Edit: AndrewJRenko posted this retort to taking a photo of your ballot that I had forgotten about. Reposting as I assume you're still blocking him:

Indeed I am.
You would probably have spoiled your vote if you start editing it. You would have to request another ballot.

AndrewJRenko

GreeBo wrote: »

"supposed to".
That's one of the benefits I stated earlier, removing humans from the chain.
I've *never* been asked and Im sure if we took a poll on here I wouldnt be alone.
Checking 1 in 5 doesnt really seem that useful, 80% of your votes could be fraudulent!

There is no intrinsic benefit from 'removing humans'. Yes, 1 in 5 has limited value, so they balance the need to validate with the speed of processing, to avoid queues building up that are common in other countries. They would also get a pretty good read from the 1 in 5 check as to the importance of these checks. My understanding from speaking to returning officers is that they get no problems in this area, apart from a tiny number of people who have been removed from the register unexpectedly. Usually, this is because the person validating the register who called to the door was given false or misleading information.



But this really a separate issue to eVoting.

GreeBo wrote: »

This is probably the most difficult bit to solve, but I think there are things you could do.

If you register your the device you are planning on using ahead of time and then once voting opens the details are pushed to you.
The device could be registered yearly or whatever using the same method as you register to vote today. If you change your device then you register another one, a bit like moving address.

You unlock your device using (say) biometrics and if the voting is open then you get an address pushed to you, otherwise you get nothing.
This would be susceptible to someone being with you when you vote, but I'm not sure the numbers here would be any worse than the 4 in 5 you could have above, or you could have with someone forcing you to vote a certain way and record your ballot paper.

Suggesting that four out of five people are not entitled to vote is absolutely ridiculous.



But back to your own suggestion. There are some obvious fatal flaws here.


Linking the vote to a particular device is very, very dangerous. First of all, anyone who loses their device or finds their device broken between the registration stage and voting loses their vote. That is completely unacceptable.


Relying on device biometrics is extremely dangerous. Many people don't use biometrics, so forcing them to give biometric information to a 3rd party like Google (for Android) or Apple (for IOS) would be completely unacceptable for many people. It would probably be a breach of GDPR consent requirements.


It would also put the security of the election in the hands of these technology companies. Companies like Google or Facebook could make a pretty good stab at what way you're going to vote, based on the information available to them. It wouldn't be a huge leap for some of these companies to directly intervene - they could, for example, generate a software flaw to kick in on selected devices on voting day, thus wiping out the ability of a segment of voters to vote.


And it still enables vote selling and vote coercion.

GreeBo wrote: »

As for them being generated, if you know the number you need (which would be the number of registered voters) then you can generate them in advance and randomly give them out.

Though the software that 'randomly' gives them out (and computers are NOT very good at being random) would have knowledge of who got what address. What happens to this essential information? How do we know that no record is kept of this information, which breaches the secret ballot on a national level?

GreeBo wrote: »

I'm not sure I'm following, but are you saying that if a vulnerability was found in the blockchain implementation then then entire vote would be compromised? If so I guess that's a thought experiment until there is an issue discovered with blockchain (which to my knowledge hasn't happened yet)?

It's not a question of the vulnerability of the blockchain. It is a question of the vulnerability of the software that writes the blockchain.

dulpit

GreeBo wrote: »

Checking 1 in 5 doesnt really seem that useful, 80% of your votes could be fraudulent!

If they were fraudulent, how would it work? Each person who comes in needs their name scratched off, and it's done in front of you. What if they are being dodgy and scratch off the wrong name, and then that person comes up later in the day?

GreeBo wrote: »

I'm not sure I'm following, but are you saying that if a vulnerability was found in the blockchain implementation then then entire vote would be compromised? If so I guess that's a thought experiment until there is an issue discovered with blockchain (which to my knowledge hasn't happened yet)?

What I'm saying is that if a issue was discovered it could allow the whole vote to be compromised. With the current system of voting, you have pointed out that a flaw is that only 20% of voters are supposed to be checked - how could you use this to exploit the entire vote? You can't really, you might be able to target a specific polling station maybe...


As far as I am concerned the only legitimate issues with the current system are to do with the length of time to sort and count votes. Everything else is as secure as you can make it.

GreeBo

dulpit wrote: »

If they were fraudulent, how would it work? Each person who comes in needs their name scratched off, and it's done in front of you. What if they are being dodgy and scratch off the wrong name, and then that person comes up later in the day?

I'm not saying the person behind the disk is fraudulent, its the person in front of the desk that is. I can come in 5 times throughout the day and pretend to be 5 different people, presenting at 5 different desks. I can say nothing and just hand over my ballot card, if they challenge me for ID I can just play dumb and explain that I must have picked up my father/mother/uncles card by accident. Whatever excuse and then give them my real one.
80% chance I get away with it based on the 1:5 check rate.

But you raise a good point. What If Im behind the desk and Im scratching names off on a piece of paper I printed out myself, what If Im scratching off gibberish and I have the real sheet somewhere else. Does that render the result invalid?

What I'm saying is that if a issue was discovered it could allow the whole vote to be compromised. With the current system of voting, you have pointed out that a flaw is that only 20% of voters are supposed to be checked - how could you use this to exploit the entire vote? You can't really, you might be able to target a specific polling station maybe...

Well you are talking about enough people to compromise blockchain or the network or coerce a large number of people into voting. Why cant this same number of people do the steps I outlined above in multiple polling stations?

As far as I am concerned the only legitimate issues with the current system are to do with the length of time to sort and count votes. Everything else is as secure as you can make it.

Its as secure as you can make it with the current process. I think there could be ways to make it more secure by using technology.
As others have pointed out, many facets of society now use technology to secure things that were "secured" by people and processes before. Things change as technology becomes available.

I think the length of time take to sort and count votes and the fact that only certain people have access to these votes is an issue.

GreeBo

AndrewJRenko wrote: »

T
It would also put the security of the election in the hands of these technology companies. Companies like Google or Facebook could make a pretty good stab at what way you're going to vote, based on the information available to them. It wouldn't be a huge leap for some of these companies to directly intervene - they could, for example, generate a software flaw to kick in on selected devices on voting day, thus wiping out the ability of a segment of voters to vote.

BTW In case anyone is wondering why I have this user on ignore, the above should clear it up.

AndrewJRenko

GreeBo wrote: »

Sorry, but why cant you have checks in balances in a digital medium?
If you wanted to, you could audit every single aspect of the vote, but that would link voters to votes, so you might not want to.

This is the nub of the issue - the conflict between ability to audit the results and protect the anonymity of the voter. It just doesn't work in a digital environment.

GreeBo wrote: »

You mean other than the 4 out of 5 people who could be impersonating someone else?
It doesnt just have to be manipulated after the vote, if the "wrong" vote is cast then the current system doesnt do squat to fix that.

The fact that 1 out of 5 voters is checked for identity does NOT mean that 4 out of 5 could be impersonating. Again, it seems that your ignorance of the current system is showing through.


For the remaining 4 out of 5, most of them will have a polling card, though this is not a mandatory requirement. If I were to get to the polling station early and attempt to impersonate you, this would be shown up when you get to the polling station later with all your ID and your polling card to cast your legitimate vote. This is one of many controls built into the current system.

GreeBo wrote: »

Its very hard to hack a network that is only up for under a day, I mentioned that already.
What social engineering can be used to hack a network that doesn't exist for 364 days a year?

How difficult is it really? How difficult is it to engineer a DDoS attack on the voting network for just 24 hours? Will it be possible to pull together the response to an attack on voting day?

GreeBo wrote: »

If you couldn't access the network you could always go to a voting centre and vote.

THis is yet another can of worms that you've opened. If you're going to allow both paper and electronic voting, how do you stop someone voting twice? You would need each polling station to have online access to the register to see who has already voted.



Schools, GAA clubs, community halls - some with limited broadband connections, and some with no connection - all needing immediate online access to allow voting to proceed.


Another huge expense and significant human resources required to make it happen.

GreeBo wrote: »

With paper votes what happens if a bunch of them get destroyed, say in a vehicle crash, does that render the result of the vote invalid?

I'm really glad you asked that question, as the best politicians say. It provides a great opportunity to demonstrate the superior error-detection of the paper system over a digital system.


First, it is very unlikely that this would happen. How often does a vehicle crash destroy the vehicle contents? It has never happened in living memory. With more and more electrical vehicles, the risk is reducing over time.


But it is a theoretical possibility. The big difference between the paper system and a digital system is that IF this ever happened with the paper system, the issue would be blindingly obvious to everyone involved.


On the other side, if a hack or an error corrupted a pile of votes before being written to the blockchain, no-one would know. It would be entirely invisible, and would probably be impossible to detect.


For the paper system, I don't know what exactly would happen in this scenario. Most likely the Courts would decide. I guess it might depend on whether the rest of the vote was a Michael D style landslide or a divorce referendum style knife edge. But either way, the scope of the problem would be obvious to everybody. This would not be the case in a digital environment.

GreeBo wrote: »

But does it have *more* issues? I think that's what we are discussing, I think there are benefits to a newer approach and I guess others do too, which is why its being used in some jurisdictions and there are a number of companies pursuing it.

The benefits to companies is simply commercial - they hope to be able to sell their solution to a problem that doesn't really exist. The benefits in other jurisdictions may not be the benefits that you have in mind. In particular, the benefit in other jurisdictions may well be the ability to steal an election.

GreeBo wrote: »

You would probably have spoiled your vote if you start editing it. You would have to request another ballot.

Again, your lack of knowledge of the current system is showing up here. If your voting intention is clear, your vote will be accepted by the returning officer. You don't have to request another ballot.


I'm not even sure if you CAN request another ballot, but I'd love to hear from others who know better about this.

Allinall

GreeBo wrote: »

BTW In case anyone is wondering why I have this user on ignore, the above should clear it up.

He makes a very valid point.

GreeBo

Despite my better judgement Im going to reply to you once and once only.

AndrewJRenko wrote: »

This is the nub of the issue - the conflict between ability to audit the results and protect the anonymity of the voter. It just doesn't work in a digital environment.

It does work. A digital environment isnt some magical place. You can chose to adit everything or nothing and everywhere in between. Its a computer, it does what you tell it to do.

The fact that 1 out of 5 voters is checked for identity does NOT mean that 4 out of 5 could be impersonating. Again, it seems that your ignorance of the current system is showing through.

It does actually. If 4 people are not checked then they could be impersonating someone else. All I need is some fake student ID and I wander up with no polling card and get a ballot.

For the remaining 4 out of 5, most of them will have a polling card, though this is not a mandatory requirement. If I were to get to the polling station early and attempt to impersonate you, this would be shown up when you get to the polling station later with all your ID and your polling card to cast your legitimate vote. This is one of many controls built into the current system.

Even easier. You are mad for talking about coercion with a new system, if someone coerces me or I sell them my vote, then I clearly wont be turning up with my ballot, the other person would have it. hows you control working out then?

How difficult is it really? How difficult is it to engineer a DDoS attack on the voting network for just 24 hours? Will it be possible to pull together the response to an attack on voting day?

We you wouldnt even have access to the network until it came live during the vote and you would only be able to register the app if you had a valid device, so really what you would be DDoSing would be the system that supplies the app, so it wouldnt really impact the vote.

THis is yet another can of worms that you've opened. If you're going to allow both paper and electronic voting, how do you stop someone voting twice? You would need each polling station to have online access to the register to see who has already voted.

The magical computer would keep track of who has voted and who hasnt. This thing called the network would allow people in polling stations to know who has voted and how hasnt.

Schools, GAA clubs, community halls - some with limited broadband connections, and some with no connection - all needing immediate online access to allow voting to proceed.

The numbers voting in these halls would be massively reduced from the current levels. You could do something mad like only have stations in a building that have internet access? You could be crazy and use mobile broadband. But no, all of these things would be far too difficult logistically, right?

Another huge expense and significant human resources required to make it happen.

Sorry, how much do we spend on voting day and on during the subsequent counts? how about the impact of not having to close schools?

First, it is very unlikely that this would happen. How often does a vehicle crash destroy the vehicle contents? It has never happened in living memory. With more and more electrical vehicles, the risk is reducing over time.

electrical vehicles dont go on fire or crash into water?
Better go Tesla!

But it is a theoretical possibility. The big difference between the paper system and a digital system is that IF this ever happened with the paper system, the issue would be blindingly obvious to everyone involved.

as would someone rewriting a blockchain.

On the other side, if a hack or an error corrupted a pile of votes before being written to the blockchain, no-one would know. It would be entirely invisible, and would probably be impossible to detect.

so a car crash is impossible, but Google hacking an Irish election is likely?

For the paper system, I don't know what exactly would happen in this scenario. Most likely the Courts would decide. I guess it might depend on whether the rest of the vote was a Michael D style landslide or a divorce referendum style knife edge. But either way, the scope of the problem would be obvious to everybody. This would not be the case in a digital environment.

Does it matter? The vote has been compromised.
What about my constitutional right to vote? :eek:

The benefits to companies is simply commercial - they hope to be able to sell their solution to a problem that doesn't really exist. The benefits in other jurisdictions may not be the benefits that you have in mind. In particular, the benefit in other jurisdictions may well be the ability to steal an election.

Companies dont typically spend money on something that doesnt work, its not really in their interest.

Again, your lack of knowledge of the current system is showing up here. If your voting intention is clear, your vote will be accepted by the returning officer. You don't have to request another ballot.

Someone should tell the journal!
"If you write anything else, you run the risk of your vote being deemed to be spoilt, and it won’t be counted.

If you make a mistake, inform a member of staff immediately and do not place it in the ballot box. If they are satisfied it is an honest mistake, you will be given a new voting slip."

I'm not even sure if you CAN request another ballot, but I'd love to hear from others who know better about this.

You can. Seems you are showing your ignorance here.

And just for fun, maybe have a quick read of this:
https://www.irishtimes.com/news/politics/ballot-papers-not-stamped-at-polling-stations-deemed-inadmissible-1.2552614