Re: [liberationtech] E-Voting

[Rich Kulawiec]

On Sun, Dec 11, 2016 at 10:08:18PM +0300, Zacharia Gichiriri wrote:
> I still believe e-voting could substantially improve election outcomes [...]

You may, of course, believe whatever you wish.  But you are completely
wrong on this point: e-voting is a disaster for election outcomes.
I suggest that you study the issue in depth, with a focus on the
security issues, for a few years -- at which point I doubt I'll have
to convince you that you're wrong: you'll have convinced yourself.

Voting systems have certain requirements for privacy, security, integrity,
reliability, etc.   Unfortunately, the privacy, security, integrity,
reliability, etc. problems that are now pervasive throughout computing
and Internet operations are antithetical to those.  In other words, the
things that voting systems absolutely must have are just about exactly
the things that contemporary Internet computing environments are
terrible at.  And the situation is getting worse, not better [1] -- so at
this point in time there is no reason whatsoever to even put e-voting
on the table for discussion.  It's not just a bad idea, it's an insanely
bad idea.

A good place to begin learning about this topic in depth is this page:

Douglas W. Jones on Voting and Elections
http://homepage.divms.uiowa.edu/~jones/voting/

That page has a large number of links to articles, reports, essays, papers,
etc. on these topics -- and to many sites which contain still more.  It's
an excellent jumping-off point for enquiry into many aspects of this problem.  

---rsk

[1] It may get much worse over the next few years, if major governments
succeed in mandating hardware and software backdoors in devices and code.
If that happens, then some/many/most end-user devices will be pre-compromised
at the factory, which considerably lowers the bar for attackers: they don't
have to create a security hole, there's already (at least) one built-in.
All they have to do is figure out how to exploit it, which is usually
a much easier task.

And it WILL get much worse over the next few years, as myriad companies
eager for quick profits deploy IoT devices that have either (a) ludicrously
bad security or -- more likely -- (b) no security.  It's only a matter
of time, and a short time at that, until these devices are conscripted
into botnets and used to attack end-user networks from inside.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] E-Voting

[Zacharia Gichiriri]

Hi All,

Thank you very much your arguments. I agree with all your arguments.

I still believe e-voting could substantially improve election outcomes and
because existing e-voting systems like the one in Estonia do not meet
different expectations, it does not entirely disqualify the idea of
e-voting.

In parts of Uganda during last election, ballot papers arrived as late as
noon. What if they were voting via Mobile Phones? In Gambia, would the
president reject the election results if we could verify that all votes
were cast by legitimate people themselves and it was one man one vote?
Maybe, in your country elections are not a matter of life and death. In
some countries, elections are the only ray of hope for oppressed people.

Can e-voting solve that problem? It's not yet been proven. As for the
laziness of the electorate: Young people while a significant population in
most countries still do not vote probably due to lack of interest in an
otherwise long and boring process. Yet, most policies enacted end up
affecting them the most. If young people have time for Facebook, they would
definitely have time to cast an e-vote and go back to Facebook.

One thing I am very sure of is that mobile technology is revolutionizing
every aspect of the African continent and there's no reason why it
shouldn't produce better election outcomes for them.

Thanks,
Zacharia.





On Sun, Dec 11, 2016 at 8:32 PM, Patrick Kariuki 
wrote:

> Spot on Thomas.
>
> I find such disparaging remarks on Africa rather short-sighted and
> downright cynical.
>
> Au contraire, I would like to draw your attention to the just concluded
> KCPE examinations in Kenya, they were marked and results announced in
> record time - this proved that the use of OMR technology on a countrywide
> scale works. OMR technology has been used successfully in the Philippines
> elections (In 2015 a code review by De La Salle University refuted claims
> that the Chinese planned to sabotage the elections -
> http://cnnphilippines.com/news/2015/09/08/Comelec-
> source-code-review-PCOS-OMR-public-school-teachers-pay-hike.html).
>
> So, if we have our computer scientists focus more on building start-ups
> that can grow into the "Smartmatics" of Africa and less on blaming a
> failing political system, then we might have a more objective outlook to
> solve most of the underlying issues.
>
> On Sat, Dec 10, 2016 at 3:53 PM, Thomas Delrue 
> wrote:
>
>> On 12/10/2016 04:39 AM, Zacharia Gichiriri wrote:
>> > Hi All,
>>
>> Hiya, I'll start off with my POV on e-voting: e-voting, whether this is
>> Estonia-type to vote from home (which is what I think this thread is
>> really talking about) or USA-type where you use a computer in the voting
>> booth, is a dumb idea!
>>
>> Voting should be done with pen/crayon & paper so that I, and anyone else
>> who can count from 0 to 10, can look at the stack of ballots and recount
>> them without having to 'trust' a third party (closed) system that
>> imposes an additional requirement of having to have detailed
>> understanding of how said e-voting system works.
>>
>> > In Africa, only a few countries can claim to have conducted free and
>> > fair elections. Majority of elected representatives in Africa want
>> > to cling to power forever against the will of their citizens or some
>> > of their citizens. To add salt to the injury, all dictators in
>> > Africa have a poor record of development and human rights. A lot of
>> > African leaders point to China as a case in point where democracy is
>> > not necessarily a catalyst for development. But is that true?
>>
>> I don't think this is limited to African countries. Belarus comes to
>> mind and so do a couple of others in all parts of the world.
>>
>> > Back to elections, electronic voting in Africa would dramatically
>> > increase transparency in the electoral process. Unfortunately,
>> > Africa has weak systems from Judiciary to Police that cannot
>> > guarantee free and fair elections.
>>
>> These two sentences seem to contradict one another.
>>
>> > The Police, the Judiciary, Independent Electoral
>> > Commissions have been and can be easily influenced by current
>> > regimes mostly through intimidation and in young and vocal
>> > democracies such as Kenya or South Africa through bribes.
>>
>> How does e-voting address these issues? With e-voting, you leave even
>> more of a trace of your activities/votes, thus opening you up to
>> intimidation and/or coercion to a greater degree.
>>
>> > Security is of the utmost concern but democracy is more important.
>>
>> Definition of utmost: of the greatest or highest degree.
>> So is it security or democracy that is the number one thing? You have to
>> chose, you can't have both be your "primary focus".
>>
>> Ideologically, I would agree that democracy is more important because it
>> is more conducive to provide a way to guarantee security - the vice
>> versa is not true.
>> Practically speaking 

Re: [liberationtech] E-Voting

[Patrick Kariuki]

Spot on Thomas.

I find such disparaging remarks on Africa rather short-sighted and
downright cynical.

Au contraire, I would like to draw your attention to the just concluded
KCPE examinations in Kenya, they were marked and results announced in
record time - this proved that the use of OMR technology on a countrywide
scale works. OMR technology has been used successfully in the Philippines
elections (In 2015 a code review by De La Salle University refuted claims
that the Chinese planned to sabotage the elections -
http://cnnphilippines.com/news/2015/09/08/Comelec-source-code-review-PCOS-OMR-public-school-teachers-pay-hike.html
).

So, if we have our computer scientists focus more on building start-ups
that can grow into the "Smartmatics" of Africa and less on blaming a
failing political system, then we might have a more objective outlook to
solve most of the underlying issues.

On Sat, Dec 10, 2016 at 3:53 PM, Thomas Delrue  wrote:

> On 12/10/2016 04:39 AM, Zacharia Gichiriri wrote:
> > Hi All,
>
> Hiya, I'll start off with my POV on e-voting: e-voting, whether this is
> Estonia-type to vote from home (which is what I think this thread is
> really talking about) or USA-type where you use a computer in the voting
> booth, is a dumb idea!
>
> Voting should be done with pen/crayon & paper so that I, and anyone else
> who can count from 0 to 10, can look at the stack of ballots and recount
> them without having to 'trust' a third party (closed) system that
> imposes an additional requirement of having to have detailed
> understanding of how said e-voting system works.
>
> > In Africa, only a few countries can claim to have conducted free and
> > fair elections. Majority of elected representatives in Africa want
> > to cling to power forever against the will of their citizens or some
> > of their citizens. To add salt to the injury, all dictators in
> > Africa have a poor record of development and human rights. A lot of
> > African leaders point to China as a case in point where democracy is
> > not necessarily a catalyst for development. But is that true?
>
> I don't think this is limited to African countries. Belarus comes to
> mind and so do a couple of others in all parts of the world.
>
> > Back to elections, electronic voting in Africa would dramatically
> > increase transparency in the electoral process. Unfortunately,
> > Africa has weak systems from Judiciary to Police that cannot
> > guarantee free and fair elections.
>
> These two sentences seem to contradict one another.
>
> > The Police, the Judiciary, Independent Electoral
> > Commissions have been and can be easily influenced by current
> > regimes mostly through intimidation and in young and vocal
> > democracies such as Kenya or South Africa through bribes.
>
> How does e-voting address these issues? With e-voting, you leave even
> more of a trace of your activities/votes, thus opening you up to
> intimidation and/or coercion to a greater degree.
>
> > Security is of the utmost concern but democracy is more important.
>
> Definition of utmost: of the greatest or highest degree.
> So is it security or democracy that is the number one thing? You have to
> chose, you can't have both be your "primary focus".
>
> Ideologically, I would agree that democracy is more important because it
> is more conducive to provide a way to guarantee security - the vice
> versa is not true.
> Practically speaking though: would you care about [e-]voting if you're
> cold, hungry or on the run or in hiding from your regime? (especially if
> that e-voting allows your regime to track you, your location, your loved
> ones?)
>
> > In one way or another people will always find ways to fight for
> > their freedoms especially in the age of Internet where people can see
> > the benefits of a democratic society. But instead of having people go
> > to war or risk their lives, why can't we just use Technology to lay
> > bare the truth?
>
> Because that technology is commissioned by, made by or blessed by the
> powers-of-the-day. I'll just name-drop MITM here which is what you can
> do if you are the one providing the hardware or software that collects
> the votes which determine whether or not you stay in power.
> When you're in power, The Truth(tm) is malleable to what you need it to
> be to stay in power, especially when you're, errr, 'morally flexible'(*).
> Just because it's code (the 'e-' part) doesn't mean it's suddenly better
> than what you had before. Please, stop thinking like Silicon Valley,
> i.e. "I have a hammer and therefore this problem is now a nail".
>
> Technology is a tool and tools can & will be abused if the stakes are
> high enough, so elections most certainly fall under this. We've seen
> this time and time again. Switching to e-voting is not going to solve
> any problem related to voting itself or even its transparency. If the
> stakes are high enough, I can forge the data which I will make available
> for everyone to inspect, and 

Re: [liberationtech] E-Voting

[Rich Kulawiec]

On Sat, Dec 10, 2016 at 12:39:39PM +0300, Zacharia Gichiriri wrote:
> I think the subject of the discussion should be: How can we make e-voting
> more secure and credible?

Answer: don't use it.  Period, full stop, end of discussion.
Any suggestion that e-voting can be made secure is delusional.

Simple paper-based systems can be manipulated as well (study the colorful
history of elections in Chicago) but (a) it's much harder to pull off
with the kind of precision required to avoid making it obvious
(b) it doesn't scale nearly as well (c) it requires a relatively
large conspiracy (d) which means many people (e) which means a high
probability someone will screw up and (f) and even if they don't,
someone will probably talk about it.  Also (g) these attacks are very
well-known and well-understood, which means (h) so are the defenses
against them and (i) these attacks/defenses are relatively symmetrical,
which means defenders have a good chance -- unlike in e-voting, where
attackers have a many-orders-of-magnitude advantage.

You can have something vaguely resembling democracy [1] or you can
have e-voting.  Choose one.

---rsk

[1] I chose that phrase deliberately.  We're talking here about voting
systems, in the general sense of that term.  We're not talking about
the larger question of the overall electoral process, which of course
we all know is frequently manipulated from within (e.g., gerrymandering,
specious "voter ID" laws, polling locations, hours, equipment,
and staffing, etc.) and now we know is also manipulated from without
(e.g., Russian tampering with the recent US election).  These are not
technological problems per se, however, and neither are their solutions.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] E-Voting

[Thomas Delrue]

On 12/10/2016 04:39 AM, Zacharia Gichiriri wrote:
> Hi All,

Hiya, I'll start off with my POV on e-voting: e-voting, whether this is
Estonia-type to vote from home (which is what I think this thread is
really talking about) or USA-type where you use a computer in the voting
booth, is a dumb idea!

Voting should be done with pen/crayon & paper so that I, and anyone else
who can count from 0 to 10, can look at the stack of ballots and recount
them without having to 'trust' a third party (closed) system that
imposes an additional requirement of having to have detailed
understanding of how said e-voting system works.

> In Africa, only a few countries can claim to have conducted free and 
> fair elections. Majority of elected representatives in Africa want
> to cling to power forever against the will of their citizens or some
> of their citizens. To add salt to the injury, all dictators in
> Africa have a poor record of development and human rights. A lot of
> African leaders point to China as a case in point where democracy is
> not necessarily a catalyst for development. But is that true?

I don't think this is limited to African countries. Belarus comes to
mind and so do a couple of others in all parts of the world.

> Back to elections, electronic voting in Africa would dramatically 
> increase transparency in the electoral process. Unfortunately,
> Africa has weak systems from Judiciary to Police that cannot
> guarantee free and fair elections.

These two sentences seem to contradict one another.

> The Police, the Judiciary, Independent Electoral
> Commissions have been and can be easily influenced by current
> regimes mostly through intimidation and in young and vocal
> democracies such as Kenya or South Africa through bribes.

How does e-voting address these issues? With e-voting, you leave even
more of a trace of your activities/votes, thus opening you up to
intimidation and/or coercion to a greater degree.

> Security is of the utmost concern but democracy is more important.

Definition of utmost: of the greatest or highest degree.
So is it security or democracy that is the number one thing? You have to
chose, you can't have both be your "primary focus".

Ideologically, I would agree that democracy is more important because it
is more conducive to provide a way to guarantee security - the vice
versa is not true.
Practically speaking though: would you care about [e-]voting if you're
cold, hungry or on the run or in hiding from your regime? (especially if
that e-voting allows your regime to track you, your location, your loved
ones?)

> In one way or another people will always find ways to fight for
> their freedoms especially in the age of Internet where people can see
> the benefits of a democratic society. But instead of having people go
> to war or risk their lives, why can't we just use Technology to lay
> bare the truth?

Because that technology is commissioned by, made by or blessed by the
powers-of-the-day. I'll just name-drop MITM here which is what you can
do if you are the one providing the hardware or software that collects
the votes which determine whether or not you stay in power.
When you're in power, The Truth(tm) is malleable to what you need it to
be to stay in power, especially when you're, errr, 'morally flexible'(*).
Just because it's code (the 'e-' part) doesn't mean it's suddenly better
than what you had before. Please, stop thinking like Silicon Valley,
i.e. "I have a hammer and therefore this problem is now a nail".

Technology is a tool and tools can & will be abused if the stakes are
high enough, so elections most certainly fall under this. We've seen
this time and time again. Switching to e-voting is not going to solve
any problem related to voting itself or even its transparency. If the
stakes are high enough, I can forge the data which I will make available
for everyone to inspect, and thus prove that I should remain your leader.

This problem is true with pen-and-paper voting as well, if you're gonna
cheat, you're gonna cheat (albeit a bit harder because now you're moving
physical ballots around instead of bits) but we're talking about
e-voting here and how it is a panacea that will fix all these issues,
amirite? My point is that e-voting doesn't solve any of the issues you
(and others) raise, and therefore it is not a better solution than the
analog form of voting (pen+paper).

The *only* thing that e-voting addresses is the laziness of the
electorate that doesn't want to get up in the morning to go & vote and
wants to vote from home (Estonia-style e-voting). (Or isn't /allowed/ to
take the day/some time off in order to vote without repercussions
because they live in a feudal society. I'm looking at you over there, USA)
There is nothing else that e-voting solves -without creating bigger
problems in the process, like making coercion to vote a certain way,
easier- that cannot be addressed through 'analog' means.

I also fail to see how using technology will prevent people 

Re: [liberationtech] E-Voting

[Zacharia Gichiriri]

Hi All,

In Africa, only a few countries can claim to have conducted free and fair
elections. Majority of elected representatives in Africa want to cling to
power forever against the will of their citizens or some of their citizens.
To add salt to the injury, all dictators in Africa have a poor record of
development and human rights. A lot of African leaders point to China as a
case in point where democracy is not necessarily a catalyst for
development. But is that true?

Back to elections, electronic voting in Africa would dramatically increase
transparency in the electoral process. Unfortunately, Africa has weak
systems from Judiciary to Police that cannot guarantee free and fair
elections. The Police, the Judiciary, Independent Electoral Commissions
have been and can be easily influenced by current regimes mostly through
intimidation and in young and vocal democracies such as Kenya or South
Africa through bribes.

Security is of the utmost concern but democracy is more important. In one
way or another people will always find ways to fight for their freedoms
especially in the age of Internet where people can see the benefits of a
democratic society. But instead of having people go to war or risk their
lives, why can't we just use Technology to lay bare the truth?

I think the subject of the discussion should be: How can we make e-voting
more secure and credible?
On implementing an e-voting system, we can look for inspiration from
M-Pesa. M-Pesa handled $52.6 billion worth of transactions in the past
financial year equivalent to 85% of Kenya's GDP. M-Pesa doesn't use HTTPS,
it's a service embedded in your mobile sim card. It is built on a
decentralized system where thousands of agents operate across Kenya. Users
deposit and withdraw from the agents. From their mobile phones they can
view their balance, send to other M-Pesa users etc etc..

Best,
-- 
Zacharia Mwangi,
Computer Science,Bsc., Strathmore  '17

-- 


*Note: *All emails sent from Strathmore University are subject to 
Strathmore’s Email Terms & Conditions. Please click here 
 to read the policy.

"Visit our Facebook Page and 
Twitter 
Account".
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] E-Voting

[Richard Brooks]

With all these discussions too often vote selling
is overlooked. If I can vote from an insecure location,
I can vote in front of someone paying me $100 to
vote as they want.

On 12/07/2016 09:24 AM, Rich Kulawiec wrote:
> On Fri, Dec 02, 2016 at 02:26:49PM -0500, Andres wrote:
>> Rich, the article you link to talks about the risk of one individual voting 
>> machine being tampered with.
> 
> I think you missed the point Schneier was making.  It's NOT about one
> individual voting machine, it's about attacker budgets.  Look at the
> big picture, not the small one he used to illustrate the point.
> 
> An attacker with a $100M budget (a conservative estimate in 2004, now
> clearly only a fraction of that available) isn't going to use it to
> attack just one voting machine: that'd be a poor return on investment.
> A 2016 attacker, who could have a budget an order of magnitude larger,
> would likely attack in a systemic, distributed -- and subtle -- fashion.
> 
>> When voting online you can use any hardware (PC, Mac, Linux, iPhone
>> or Android phone, public or private) to vote and later verify your vote.
> 
> That last part ("...later verify your vote") disqualifies the system
> from use.  This is a well-known problem with election systems (electronic
> of otherwise): if you can verify your vote at some later point, then
> so can someone else.  And if someone else can verify your vote, then
> you can be induced (willingly or otherwise) to vote as directed.
> 
> And even if that's addressed, there's a massive problem with this approach,
> or ANY approach that allows voters to use their own computing systems.
> End-user systems are compromised in enormous numbers.  This is a well-known
> problem that's been discussed at length for much of this century, e.g.:
> 
>   Vint Cerf: one quarter of all computers part of a botnet
>   
> https://urldefense.proofpoint.com/v2/url?u=http-3A__arstechnica.com_news.ars_post_20070125-2D8707.html=CwICAg=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4=V-iMGiA8Z-z_leHLkLSzXQ=qMImdh9SPdSh0J1lYvW6lT4Efp8_E0PG25r-1X0yqnY=uc0iCxMO3Cofo8KoWjuvBByD54w0bAmxBXLjanHMkII=
>  
> 
> When Cerf made that estimate, I thought -- based on my own research and
> consultation with others doing similar work -- that it was too high by
> perhaps 25% to 50%.  With the benefit of hindsight, I think he was right
> and I was wrong.  Given the passage of time since then, the numbers are
> undoubtedly far higher.  (Doubly so since nothing truly effective has
> been done to reduce them or even slow down the growth rate, and many
> things have happened to make the situation much, much worse.)  I suspect
> that the number of compromised systems is probably ten times what it was
> ten years ago and no doubt the mass deployment of IoT devices with horrible
> (or no) security will make this even worse.  And if various governments
> are successful in forcing vendors to build in backdoors, it will get
> MUCH worse in a big hurry.
> 
> Why does this matter?  Because (as I've said ad nauseum) if someone else
> can run arbitrary code on your computer, it's not YOUR computer any more.
> 
> If your phone is compromised, and you use it to vote, and you later
> use that phone to verify that your vote was cast as you think it was,
> how do you know that what you're seeing on the screen is correct?
> Why couldn't the same malware that redirected your vote from candidate
> A to candidate B also show you that you voted for candidate A?  (That isn't
> a particularly challenging software problem given that the former has
> been solved.)
> 
> Remember: it's not your phone any more.  It's theirs.  You may walk
> around with it, you may use it, but you don't own it.  Not any more.
> So why would you expect someone else's phone to behave as you think
> or believe or want it to?
> 
> Does that malware exist?  I don't know.  But I do know that if a
> sizable enough population starts using their phones to vote, it WILL
> exist, because it will become worth someone's effort.  (And by the way:
> this will require far less than even the small $100M budget from 2004.)
> 
> Substitute "tablet" or "laptop" or "smart home IoT device" or "desktop"
> or whatever without loss of generality for "phone". 
> 
> Any voting system which allows voters to use their own computing devices
> is fatally flawed and must be dismissed, with prejudice, immediately.
> 
> ---rsk
> 


-- 
===
R. R. Brooks

Professor
Holcombe Department of Electrical and Computer Engineering
Clemson University

313-C Riggs Hall
PO Box 340915
Clemson, SC 29634-0915
USA

Tel.   864-656-0920
Fax.   864-656-5910
Voicemail: 864-986-0813
email: r...@acm.org
web:   http://www.clemson.edu/~rrb
PGP:   48EC1E30
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by 

Re: [liberationtech] E-Voting

[Rich Kulawiec]

On Fri, Dec 02, 2016 at 02:26:49PM -0500, Andres wrote:
> Rich, the article you link to talks about the risk of one individual voting 
> machine being tampered with.

I think you missed the point Schneier was making.  It's NOT about one
individual voting machine, it's about attacker budgets.  Look at the
big picture, not the small one he used to illustrate the point.

An attacker with a $100M budget (a conservative estimate in 2004, now
clearly only a fraction of that available) isn't going to use it to
attack just one voting machine: that'd be a poor return on investment.
A 2016 attacker, who could have a budget an order of magnitude larger,
would likely attack in a systemic, distributed -- and subtle -- fashion.

> When voting online you can use any hardware (PC, Mac, Linux, iPhone
> or Android phone, public or private) to vote and later verify your vote.

That last part ("...later verify your vote") disqualifies the system
from use.  This is a well-known problem with election systems (electronic
of otherwise): if you can verify your vote at some later point, then
so can someone else.  And if someone else can verify your vote, then
you can be induced (willingly or otherwise) to vote as directed.

And even if that's addressed, there's a massive problem with this approach,
or ANY approach that allows voters to use their own computing systems.
End-user systems are compromised in enormous numbers.  This is a well-known
problem that's been discussed at length for much of this century, e.g.:

Vint Cerf: one quarter of all computers part of a botnet
http://arstechnica.com/news.ars/post/20070125-8707.html

When Cerf made that estimate, I thought -- based on my own research and
consultation with others doing similar work -- that it was too high by
perhaps 25% to 50%.  With the benefit of hindsight, I think he was right
and I was wrong.  Given the passage of time since then, the numbers are
undoubtedly far higher.  (Doubly so since nothing truly effective has
been done to reduce them or even slow down the growth rate, and many
things have happened to make the situation much, much worse.)  I suspect
that the number of compromised systems is probably ten times what it was
ten years ago and no doubt the mass deployment of IoT devices with horrible
(or no) security will make this even worse.  And if various governments
are successful in forcing vendors to build in backdoors, it will get
MUCH worse in a big hurry.

Why does this matter?  Because (as I've said ad nauseum) if someone else
can run arbitrary code on your computer, it's not YOUR computer any more.

If your phone is compromised, and you use it to vote, and you later
use that phone to verify that your vote was cast as you think it was,
how do you know that what you're seeing on the screen is correct?
Why couldn't the same malware that redirected your vote from candidate
A to candidate B also show you that you voted for candidate A?  (That isn't
a particularly challenging software problem given that the former has
been solved.)

Remember: it's not your phone any more.  It's theirs.  You may walk
around with it, you may use it, but you don't own it.  Not any more.
So why would you expect someone else's phone to behave as you think
or believe or want it to?

Does that malware exist?  I don't know.  But I do know that if a
sizable enough population starts using their phones to vote, it WILL
exist, because it will become worth someone's effort.  (And by the way:
this will require far less than even the small $100M budget from 2004.)

Substitute "tablet" or "laptop" or "smart home IoT device" or "desktop"
or whatever without loss of generality for "phone". 

Any voting system which allows voters to use their own computing devices
is fatally flawed and must be dismissed, with prejudice, immediately.

---rsk
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] E-Voting

[Andres]

Rich, the article you link to talks about the risk of one individual voting 
machine being tampered with. That's not a concern with the Estonian system. The 
polling stations still run on ink and paper. When voting online you can use any 
hardware (PC, Mac, Linux, iPhone or Android phone, public or private) to vote 
and later verify your vote.

One device being tampered with will affect only a single (or perhaps a few more 
if shared) voter. It would also be uncovered if the voter verifies the vote on 
any other device.

Andres

> On 1 Dec 2016, at 19:43, Rich Kulawiec  wrote:
> 
> On Thu, Nov 17, 2016 at 06:02:36PM +0200, Andres wrote:
>> Could Intel and AMD team up and hide a backdoor on the vote counting
>> server's CPU? It certainly is in the realm of possibilities. However,
>> it's extremely cost prohibitive, risky and as a result unlikely.
> 
> It's not cost-prohibitive for someone (not necessarily Intel or AMD)
> to do this.  Not any more.
> 
> Read this:
> 
>   Stealing an Election (Schneier on Security)
>   https://www.schneier.com/crypto-gram/archives/2004/0415.html#4
> 
> A lot of articles and papers and reports been written about the problems
> of e-voting.  That little essay might be the most important one.  If you've
> gotten to this point and haven't read it: read it.  Bookmark it.  Read it
> again later.  And again.
> 
> Now consider that it was written in 2004.  Scale the number up to account
> for 12 years of dramatically increased campaign expenditures and the usual
> inflation.  Factor in that there are no longer merely individuals or
> parties/groups trying to sway the outcome of elections, but nations.
> 
> It is not unreasonable, at this point, to presume an attacker budget in
> the billion-dollar range.
> 
> Which means that lots of things we might once have ruled out as absurdly
> cost-prohibitive...aren't.
> 
> ---rsk
> -- 
> Liberationtech is public & archives are searchable on Google. Violations of 
> list guidelines will get you moderated: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
> change to digest, or change password by emailing moderator at 
> compa...@stanford.edu.

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] E-Voting

[Rich Kulawiec]

On Thu, Nov 17, 2016 at 06:02:36PM +0200, Andres wrote:
> Could Intel and AMD team up and hide a backdoor on the vote counting
> server's CPU? It certainly is in the realm of possibilities. However,
> it's extremely cost prohibitive, risky and as a result unlikely.

It's not cost-prohibitive for someone (not necessarily Intel or AMD)
to do this.  Not any more.

Read this:
 
Stealing an Election (Schneier on Security)
https://www.schneier.com/crypto-gram/archives/2004/0415.html#4

A lot of articles and papers and reports been written about the problems
of e-voting.  That little essay might be the most important one.  If you've
gotten to this point and haven't read it: read it.  Bookmark it.  Read it
again later.  And again.

Now consider that it was written in 2004.  Scale the number up to account
for 12 years of dramatically increased campaign expenditures and the usual
inflation.  Factor in that there are no longer merely individuals or
parties/groups trying to sway the outcome of elections, but nations.

It is not unreasonable, at this point, to presume an attacker budget in
the billion-dollar range.

Which means that lots of things we might once have ruled out as absurdly
cost-prohibitive...aren't.

---rsk
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] E-Voting

[Brian Behlendorf]

That's similar to what some people are saying about blockchain 
applications to voting.  Don't use it for the voting itself, even in a 
zero-knowlege way, as votes need to be both auditable and understandable 
to lay people to be trusted.  But, you could use it for voter registration 
and for summing up the totals from each polling location as the system of 
record for recording and measuring the total vote.  Giving the 
polling-place totals builds confidence that one's vote counted at the 
polling place (you might even argue the names of who voted is public 
record) and that particular location's totals were counted in the totals.


Brian

On Thu, 17 Nov 2016, Richard Brooks wrote:

I would agree. Also consider the numerous cases of
intentional network disruptions on the continent during voting
over the past year. It is predictable that this would become
a tool of voter suppression.

Oddly, though, mobile devices have been essential tools
in monitoring voting and mobilizing voters in recent years
in the same region.

It makes me wonder what the essential differences are between
these two applications that make the difference.

On 11/17/2016 08:11 AM, Patrick Kariuki wrote:

Mobile voting in Africa is impractical. Even as an option, If people
would start to lose their phones around the election period, the
recovery effort involved in ensuring the service is available and the
consequences thereafter, would be a potential legal and customer service
nightmare.


On Mon, Nov 14, 2016 at 4:57 PM, Zacharia Gichiriri
> wrote:

Hi,

Are there any countries that have implemented a form of mobile
voting? Is there any research on the potential, challenges and
applicability of mobile voting?
Considering the explosive growth of mobile phones across Africa,
would the use of mobile phones for elections (citizens voting
through mobile phones) improve election outcomes and transparency?

Best,
--
Zack.


*Note: *All emails sent from Strathmore University are subject to
Strathmore’s Email Terms & Conditions. Please click here


to read the policy.
*
*

"Visit our Facebook

Page
and Twitter

Account".


--
Liberationtech is public & archives are searchable on Google.
Violations of list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech

.
Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu .









--
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change 
to digest, or change password by emailing moderator at compa...@stanford.edu.

Re: [liberationtech] E-Voting

[Andres]

>> Transparency is certainly improved. You can check and change your vote
>> after casting it. Estonian government even provides an iOS and Android
>> mobile application for this.
> 
> Oh ho, within your own world it looks like you gave your vote. That does
> not prove a single thing. Even just pointing to that as something that
> convinces you shows how dangerous technology is.
A mathematical proof is not possible for any voting system except that which 
exists only on paper. Ballots can be compromised, votes bought, software hacked 
and hardware tampered with. The question is how costly and hard it is to do so. 
Could Intel and AMD team up and hide a backdoor on the vote counting server's 
CPU? It certainly is in the realm of possibilities. However, it's extremely 
cost prohibitive, risky and as a result unlikely. Could a handful of people 
manning a polling station stuff in extra ballots or take some out? A tad bit 
more likely.

In most countries digital ballot counting machines are used anyway and that 
opens up the same attack vectors as outlined above.

Making votes verifiable and mutable from any platform is the best possible 
approach to such conspirational scenarios. 

> Also, the situation in Estonia is quite different than in most other
> countries, and most of these differences can be attributed to their
> size. Just as a reminder, there are ~500 cities with a population larger
> than Estonia.
Sure, Estonia is relatively small, but scaling the infrastructure is, and never 
has been, an issue. Open to any arguments suggesting the contrary.

> The bigger the system, the larger the influence, especially in countries
> that do have an existing and well-oiled lobbying apparatus. I cannot see
> any larger country introducing any system that has similar security
> properties, and the ability to reliably set aside the maintenance costs.
> Anyone can see too well how broken maintenance of public infrastructure is.
The latter is a fallacy.

> So, on many levels, maybe nobody bothered to mess with the Estonian
> platform because it just doesn't matter from a global perspective.
Given Russia's past cyberattacks on Estonia 
(https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia 
) and Estonia's 
political stance it would be safe to say that Russia would certainly be 
motivated to investigate the matter. By anecdotal evidence, the ruling 
coalition has not seen a pro-Russia party for the last 11 years so I think it's 
safe to assume Russia is unable to put their foot on the scale.

Andres-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] E-Voting

[Richard Brooks]

I would agree. Also consider the numerous cases of
intentional network disruptions on the continent during voting
over the past year. It is predictable that this would become
a tool of voter suppression.

Oddly, though, mobile devices have been essential tools
in monitoring voting and mobilizing voters in recent years
in the same region.

It makes me wonder what the essential differences are between
these two applications that make the difference.

On 11/17/2016 08:11 AM, Patrick Kariuki wrote:
> Mobile voting in Africa is impractical. Even as an option, If people
> would start to lose their phones around the election period, the
> recovery effort involved in ensuring the service is available and the
> consequences thereafter, would be a potential legal and customer service
> nightmare.
> 
> 
> On Mon, Nov 14, 2016 at 4:57 PM, Zacharia Gichiriri
>  > wrote:
> 
> Hi, 
> 
> Are there any countries that have implemented a form of mobile
> voting? Is there any research on the potential, challenges and
> applicability of mobile voting? 
> Considering the explosive growth of mobile phones across Africa,
> would the use of mobile phones for elections (citizens voting
> through mobile phones) improve election outcomes and transparency? 
> 
> Best,
> -- 
> Zack. 
> 
> 
> *Note: *All emails sent from Strathmore University are subject to
> Strathmore’s Email Terms & Conditions. Please click here
> 
> 
> to read the policy.
> *
> *
> 
> "Visit our Facebook
> 
> Page
> and Twitter
> 
> Account".
> 
> 
> --
> Liberationtech is public & archives are searchable on Google.
> Violations of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> .
> Unsubscribe, change to digest, or change password by emailing
> moderator at compa...@stanford.edu .
> 
> 
> 
> 


-- 
===
R. R. Brooks

Professor
Holcombe Department of Electrical and Computer Engineering
Clemson University

313-C Riggs Hall
PO Box 340915
Clemson, SC 29634-0915
USA

Tel.   864-656-0920
Fax.   864-656-5910
Voicemail: 864-986-0813
email: r...@acm.org
web:   http://www.clemson.edu/~rrb
PGP:   48EC1E30
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] E-Voting

[Patrick Kariuki]

Mobile voting in Africa is impractical. Even as an option, If people would
start to lose their phones around the election period, the recovery effort
involved in ensuring the service is available and the consequences
thereafter, would be a potential legal and customer service nightmare.


On Mon, Nov 14, 2016 at 4:57 PM, Zacharia Gichiriri <
zacharia.gichir...@strathmore.edu> wrote:

> Hi,
>
> Are there any countries that have implemented a form of mobile voting? Is
> there any research on the potential, challenges and applicability of mobile
> voting?
> Considering the explosive growth of mobile phones across Africa, would the
> use of mobile phones for elections (citizens voting through mobile phones)
> improve election outcomes and transparency?
>
> Best,
> --
> Zack.
>
>
> *Note: *All emails sent from Strathmore University are subject to
> Strathmore’s Email Terms & Conditions. Please click here
>  to read the policy.
>
> "Visit our Facebook Page
> and Twitter Account".
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated: https://mailman.stanford.edu/
> mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change
> password by emailing moderator at compa...@stanford.edu.
>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] E-Voting

[Moritz Bartl]

Hi Andres,

On 11/17/2016 09:01 AM, Andres wrote:
> Transparency is certainly improved. You can check and change your vote
> after casting it. Estonian government even provides an iOS and Android
> mobile application for this.

Oh ho, within your own world it looks like you gave your vote. That does
not prove a single thing. Even just pointing to that as something that
convinces you shows how dangerous technology is.

Also, the situation in Estonia is quite different than in most other
countries, and most of these differences can be attributed to their
size. Just as a reminder, there are ~500 cities with a population larger
than Estonia.

The bigger the system, the larger the influence, especially in countries
that do have an existing and well-oiled lobbying apparatus. I cannot see
any larger country introducing any system that has similar security
properties, and the ability to reliably set aside the maintenance costs.
Anyone can see too well how broken maintenance of public infrastructure is.

So, on many levels, maybe nobody bothered to mess with the Estonian
platform because it just doesn't matter from a global perspective.

Moritz
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] E-Voting

[Andres]

Hi Zack,

Estonia has been using e-voting since 2005 (and since 2007 for government 
elections). You can identify using the national id card 
(https://en.wikipedia.org/wiki/Estonian_ID_card 
) or mobile-id 
(https://eid.eesti.ee/index.php/A_Short_Introduction_to_eID 
).

Transparency is certainly improved. You can check and change your vote after 
casting it. Estonian government even provides an iOS and Android mobile 
application for this. Most of the criticism comes down to voter devices 
potentially being phished and infected and multi-platform access aims to combat 
that.

IDABC country report gives a quick overview: 
http://ec.europa.eu/idabc/servlets/Doc7bd5.pdf?id=32323 


The challenges are certainly real but so is the potential.

Andres

> On 14 Nov 2016, at 15:57, Zacharia Gichiriri 
>  wrote:
> 
> Hi, 
> 
> Are there any countries that have implemented a form of mobile voting? Is 
> there any research on the potential, challenges and applicability of mobile 
> voting? 
> Considering the explosive growth of mobile phones across Africa, would the 
> use of mobile phones for elections (citizens voting through mobile phones) 
> improve election outcomes and transparency? 
> 
> Best,
> -- 
> Zack. 
> 
> 
> 
> Note: All emails sent from Strathmore University are subject to Strathmore’s 
> Email Terms & Conditions. Please click here 
>  to read the policy.
> 
> 
> "Visit our Facebook  Page and 
> Twitter  Account".
> 
> -- 
> Liberationtech is public & archives are searchable on Google. Violations of 
> list guidelines will get you moderated: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
> change to digest, or change password by emailing moderator at 
> compa...@stanford.edu.

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] E-Voting

[carlo von lynX]

On Thu, Nov 17, 2016 at 04:18:59PM +1300, Eleanor Saitta wrote:
> Yes, there has been research done.  The summary is "if you do this,
> forget about any chance of having a free and fair election, because it's
> hard not to end up accidentally hacking the election, let alone stopping
> anyone who might want to actively hack it".
> 
> There's a decade or so of research on how bad just electronic voting is,
> and another decade of research on how bad mobile phone security is.  The
> combination is geometrically worse.

Full ack. It is already a bad idea to elect people instead of making
choices on issues, it is a lot worse if you expect technology to
maintain secrecy.

But if you are interested in having people debate and decide over
issues rather than people, and they understand this can only work
in full transparency, then you can look into LiquidFeedback and
suitable apps to go with it. You should not go for anything less
since direct democracy has shown time and time again that it is
a platform for demagoguery. Liquid democracy combined with proper
methods and a legal structure can bring out the collective
intelligence of the participants instead, empowering them to take
fact-based and properly reasoned policy decisions. The technology
is like the use of paper in a virtual parliament of the people. 
Any participant should have the ability to confirm the accuracy of
the procedures, something the software does not perfectly provide,
but that is just work to be done.


-- 
  E-mail is public! Talk to me in private using encryption:
 http://loupsycedyglgamf.onion/LynX/
  irc://loupsycedyglgamf.onion:67/lynX
 https://psyced.org:34443/LynX/
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] E-Voting

[Eleanor Saitta]

On 2016.11.15 02.57, Zacharia Gichiriri wrote:
> Hi, 
> 
> Are there any countries that have implemented a form of mobile voting?
> Is there any research on the potential, challenges and applicability of
> mobile voting? 
> Considering the explosive growth of mobile phones across Africa, would
> the use of mobile phones for elections (citizens voting through mobile
> phones) improve election outcomes and transparency? 

Yes, there has been research done.  The summary is "if you do this,
forget about any chance of having a free and fair election, because it's
hard not to end up accidentally hacking the election, let alone stopping
anyone who might want to actively hack it".

There's a decade or so of research on how bad just electronic voting is,
and another decade of research on how bad mobile phone security is.  The
combination is geometrically worse.

Paper is good.  People watching other people use paper has a pretty well
understood set of failure models.  The problems of electoral integrity
and transparency are social and political ones, not technical ones, and
if you add more technology without solving the social and political
issues, all you're going to do is make a much more convenient crisis.

E.

-- 
Ideas are my favorite toys.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] E-Voting

[Zacharia Gichiriri]

Hi,

Are there any countries that have implemented a form of mobile voting? Is
there any research on the potential, challenges and applicability of mobile
voting?
Considering the explosive growth of mobile phones across Africa, would the
use of mobile phones for elections (citizens voting through mobile phones)
improve election outcomes and transparency?

Best,
-- 
Zack.

-- 


*Note: *All emails sent from Strathmore University are subject to 
Strathmore’s Email Terms & Conditions. Please click here 
 to read the policy.

"Visit our Facebook Page and 
Twitter 
Account".
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.