Online voting is impossible to verify or audit. You can see the consequence of that if you look southward*.
It's full of hard to confirm attack vectors. Updating a database discreetly is way easier than stuffing voting boxes.
Also, I'm a "Critics", apparently. Their description does match: I want people to say what they want clearly, and I want it to be really obvious who fucked up at the next election.
*Whatever you do, don't look southward. It's profoundly terrifying.
Nah, it can be made verifiable. You just have to ship a key (ECC because of length) and signature to each voter, probably via a QR code. You'd need probably about ~70 bytes of information
Start by generating a master keypair
Then, for each voter: generate a keypair, sequence number and sign the public key + sequence number and private key + sequence number with the master key. Record the public keys, sequence number and public key signature in the database. Each signature can be verified by the master public key
Throw away the master private key, publish the master public key. No new ballots can be generated after this
Send the private key/signature to voters. To maintain anonymity, don't record which key goes to which voter
To vote, create a blob of plaintext recording the vote, sign it with the private key and send it to the server
The entire database could be public the entire time. You could load up the database and locate your vote. Votes cannot be changed without the private key, even with write access. In principle votes could be deleted, but can be pretty easily be restored from backups
The main worries are: extra ballots being created by the authority running the vote (in principle this is a risk for mail-in voting too), voting authority creates copies of private keys, a front-end web server compromise which can get access to the private keys client-side and alter ballots
If you still have in-person voting available as a backup then you can clamp down hard on the number of generated ballots = number of registered voters = number of ballots the post office received to mail, which should eliminate that vector
I immediately question what the user has to do on their side to get this to work. Most people don't have any conception of public/private keys.
What if the user's device is compromised and auto-votes for them?
This all would still require a complementary system of offline voting, for people who don't have web access, so you have to unify the two systems somehow.
Visit a website and scan a QR code most likely. Or type a long hex string I guess. The webpage can verify the data locally If the client is compromised then you've lost. However, it would have to hijack and replace the incoming webpage text, or modify the JS engine in order to not be incredibly obvious
Turn in your online ballot card when you vote offline, then use the embedded data to cancel the online vote
Pretty sure you could just hijack the HTTP request and modify the info sent by the user to a certain set of domain names/IP addresses. Don't need to show anything different to the user.
Though honestly, that alternative probably wouldn't be that much more difficult. Hijack the incoming HTML, and do a simple swap of candidate names. Probably just swap around the names of the parties you don't like, so that the vote gets diluted between them, and your party could emerge from the morass.
Filling out that survey made me feel good about something government related at the tail end of this year, so imma call that a win.
EDIT: I'm such an INNOVATOR. Yes to online voting, fuck all y'all haters, yes to lower age, yes to mandatory voting, yes to proportional systems.
Will furrow my brow and compromise if online voting somehow proves to be a contentious issues rather than what I suspect is going to be a blow-out NOPE vote.
Am dubious that the results of this poll will favor INNOVATORS at all.
The Ender on
With Love and Courage
0
Options
AegisFear My DanceOvershot Toronto, Landed in OttawaRegistered Userregular
edited December 2016
I'm a Challenger, apparently? I guess because I agreed with the questions on MP prioritizing constituencies over party, even though I agreed with MPs deciding what's best for their constituencies rathet than being mouthpieces. Although from the shared views graphic, i was a hair's breath from being a Pragmatist, and equally as far away from Innovators as I was from Guardians. Hah!
Incidentally the questions of MP roles were very well done. They covered all, if not most of the 5 or 6 understood ways that MPs function in our government, which leads me to believe someone designing this had some legitimate policy background.
Edit: Oh God, Challengers are most likely to view voting as a choice? The hell with that shit.
I'll have to go through the quiz again, I didn't really take the time to answer properly (Innovator BTW, but feel that I didn't give the quiz 100%)
....but I was surprised that there was no option for "online voting if we can guarantee security." Only "online voting if you are OK with less security". Or did I miss it? One I would be OK with. The other I would not.
I'll have to go through the quiz again, I didn't really take the time to answer properly (Innovator BTW, but feel that I didn't give the quiz 100%)
....but I was surprised that there was no option for "online voting if we can guarantee security." Only "online voting if you are OK with less security". Or did I miss it? One I would be OK with. The other I would not.
I got Innovator, but jesus christ big fat NO to online voting. No no no no. Paper only. Like yeah it will increase participation but the security risk is absolutely not worth it, just set up more polling stations and give everyone the day off.
I got Innovator, but jesus christ big fat NO to online voting. No no no no. Paper only. Like yeah it will increase participation but the security risk is absolutely not worth it, just set up more polling stations and give everyone the day off.
I dont think the day off is that helpful, just make it a voting week instead of a voting day.
I'll have to go through the quiz again, I didn't really take the time to answer properly (Innovator BTW, but feel that I didn't give the quiz 100%)
....but I was surprised that there was no option for "online voting if we can guarantee security." Only "online voting if you are OK with less security". Or did I miss it? One I would be OK with. The other I would not.
There was no option for "if we can guarantee security". Online systems are inherently vulnerable; no matter what security measures were put in place, we could never guarantee it was invulnerable to hacking.
I got Innovator, but jesus christ big fat NO to online voting. No no no no. Paper only. Like yeah it will increase participation but the security risk is absolutely not worth it, just set up more polling stations and give everyone the day off.
I dont think the day off is that helpful, just make it a voting week instead of a voting day.
Do both: voting week, and one day off during that week.
I got Innovator, but jesus christ big fat NO to online voting. No no no no. Paper only. Like yeah it will increase participation but the security risk is absolutely not worth it, just set up more polling stations and give everyone the day off.
I dont think the day off is that helpful, just make it a voting week instead of a voting day.
Do both: voting week, and one day off during that week.
Well last election we had a few days of early voting, at least in my riding. That was a huge help.
The only issue I can see is getting enough volunteers to staff all polling stations for a full week.
I got Innovator, but jesus christ big fat NO to online voting. No no no no. Paper only. Like yeah it will increase participation but the security risk is absolutely not worth it, just set up more polling stations and give everyone the day off.
I dont think the day off is that helpful, just make it a voting week instead of a voting day.
Do both: voting week, and one day off during that week.
Well last election we had a few days of early voting, at least in my riding. That was a huge help.
The only issue I can see is getting enough volunteers to staff all polling stations for a full week.
They aren't volunteers, they get paid (not a lot, but they do get paid). I think having the early voting (especially on a weekend) is a good compromise that isn't too expensive.
Want to find me on a gaming service? I'm SwashbucklerXX everywhere.
It is roughly equivalent in security to mail voting if you can keep a simple web server secure
The correct assumption to start on is that you cannot keep a simple web server secure and stick to physical ballots.
(Especially these days, when everyone and their dog will be going out of their way to attack any kind of vulnerability on something like that.)
Actually, beyond that, we'd need to keep the entire Canadian Internet backbone secure too, because DDOS attacks are a thing. Would be harder to use to steal an election, but to disrupt one, certainly.
You guys realize it is extremely trivial to defraud physical paper ballots, right?
But nobody does it anyway, so we pretend it is secure when in fact it isn't.
It's not actually that trivial. And requires people who are involved in the election process itself. Multiple ones usually to make it not caught instantly.
Plus, it opens up the can of worms that is internet infrastructure in Canada not actually being accessible (if you measure accessibility by even a non-56K modem let alone high speed and no bandwidth caps) to all Canadians. And then there is the 3 major ISPs, I wouldn't want them anywhere near elections anymore than we can help it, they'd probably charge an arm and leg to vote!
You guys realize it is extremely trivial to defraud physical paper ballots, right?
But nobody does it anyway, so we pretend it is secure when in fact it isn't.
It's not actually that trivial. And requires people who are involved in the election process itself. Multiple ones usually to make it not caught instantly.
Yeah, you'd have to have a pretty big conspiracy going down to defraud paper ballots in any meaningful way (I say this as somebody who works the polls on the regular). It's a lot more work with a lot less reach than doing it digitally.
SwashbucklerXX on
Want to find me on a gaming service? I'm SwashbucklerXX everywhere.
You also must have a really significant operation to run a massive DDOS attack against a target.
If someone wanted to, they could walk into a polling place with a bucket of water, dump it onto a ballot box and destroy a significant number of the ballots. Nobody does that because they'd probably go to jail & there's little benefit to them commensurate to the risk.
Back in the day, paper ballots were very regularly defrauded during the counting process (see: Tammany Hall. I have no idea what the equivalent of that would have been in Canada, but I'd bet we had such an equivalent).
There are also plenty of non-malicious counting errors that occur all of the time with physical ballots.
Oh noes let's all be scared of hackers & base our policy decisions around this fear strikes me as being about as reasonable as basing policy decisions around fear of terrorists / foreigners / whatever. Online voting would almost certainly increase significantly the amount of voter participation; that trumps my interest in cowering under my bed where the voter fraud bogeymen allegedly can't get me.
You also must have a really significant operation to run a massive DDOS attack against a target.
If someone wanted to, they could walk into a polling place with a bucket of water, dump it onto a ballot box and destroy a significant number of the ballots. Nobody does that because they'd probably go to jail & there's little benefit to them commensurate to the risk.
Back in the day, paper ballots were very regularly defrauded during the counting process (see: Tammany Hall. I have no idea what the equivalent of that would have been in Canada, but I'd bet we had such an equivalent).
There are also plenty of non-malicious counting errors that occur all of the time with physical ballots.
Oh noes let's all be scared of hackers & base our policy decisions around this fear strikes me as being about as reasonable as basing policy decisions around fear of terrorists / foreigners / whatever. Online voting would almost certainly increase significantly the amount of voter participation; that trumps my interest in cowering under my bed where the voter fraud bogeymen allegedly can't get me.
You also must have a really significant operation to run a massive DDOS attack against a target.
If someone wanted to, they could walk into a polling place with a bucket of water, dump it onto a ballot box and destroy a significant number of the ballots. Nobody does that because they'd probably go to jail & there's little benefit to them commensurate to the risk.
Back in the day, paper ballots were very regularly defrauded during the counting process (see: Tammany Hall. I have no idea what the equivalent of that would have been in Canada, but I'd bet we had such an equivalent).
There are also plenty of non-malicious counting errors that occur all of the time with physical ballots.
Oh noes let's all be scared of hackers & base our policy decisions around this fear strikes me as being about as reasonable as basing policy decisions around fear of terrorists / foreigners / whatever. Online voting would almost certainly increase significantly the amount of voter participation; that trumps my interest in cowering under my bed where the voter fraud bogeymen allegedly can't get me.
No. This simply isn't true any more. A small group of 5-10 hackers can easily perpetrate a massive DDOS of the sort that took down Dyn, especially if they have four years to cycle up to it. Hell, one hacker might even be able to do it and all from their bedroom in some unknown part of the world.
Which is the exact problem. While it is technically just as easy to foul a real paper ballot, that's one paper ballot, fouled by one person, who has to be in the same physical location as the ballot. To swing an election will, except in edge cases, require hundreds maybe thousands of people, all of them in physical proximity to their crime and all of them leaving behind trails of physical evidence.
It's the scalability problem, backwards. We don't want this system to be easily scalable. We want this system to be as manual and as un-automated as possible, because it means that hacking it also because manual and un-automated.
A DDOS attack that lasts just 2 hours. 120 minutes. Heck, time it right when you think the greatest number of people will be voting. How long do you think people will last getting a "That webpage is currently unavailable" message before going "Well fuck this then" and give up entirely and not vote?
And virtually anybody on the planet can do it with relative ease.
"The sausage of Green Earth explodes with flavor like the cannon of culinary delight."
How about we get the door to door salesmen and Jehovah's witnesses to just bring everyone a ballot, they already knocking on my door and annoying my ass anyway, do something useful
You also must have a really significant operation to run a massive DDOS attack against a target.
If someone wanted to, they could walk into a polling place with a bucket of water, dump it onto a ballot box and destroy a significant number of the ballots. Nobody does that because they'd probably go to jail & there's little benefit to them commensurate to the risk.
Back in the day, paper ballots were very regularly defrauded during the counting process (see: Tammany Hall. I have no idea what the equivalent of that would have been in Canada, but I'd bet we had such an equivalent).
There are also plenty of non-malicious counting errors that occur all of the time with physical ballots.
Oh noes let's all be scared of hackers & base our policy decisions around this fear strikes me as being about as reasonable as basing policy decisions around fear of terrorists / foreigners / whatever. Online voting would almost certainly increase significantly the amount of voter participation; that trumps my interest in cowering under my bed where the voter fraud bogeymen allegedly can't get me.
Yes, but you'd have to get past the polling workers with the bucket of water, and even then it likely wouldn't render them "unreadable" and you'd get maybe a few hundred? In the modern era, it's really hard to defraud paper ballots given reasonable attention to election controls, which most areas have. You have a set number of ballots sent out, you have to verify that they were received by the recipients, verify the count of blanks, run the election, verify the total vs. blanks+trash ballots - all while multiple officials are present in every precinct, with the option for party officials to also watch the process.
Is it possible? Yes. Is it probable on any large scale - very hard without a large scale effort across a state or region.
Just a note about that mydemocracy.ca survey, apparently in the fine print it states if you don't provide your full demographic information at the end of the survey, your responses will not be counted in the study. Michael Geist had a post up about it sometime in the past 24.
You also must have a really significant operation to run a massive DDOS attack against a target.
If someone wanted to, they could walk into a polling place with a bucket of water, dump it onto a ballot box and destroy a significant number of the ballots. Nobody does that because they'd probably go to jail & there's little benefit to them commensurate to the risk.
Back in the day, paper ballots were very regularly defrauded during the counting process (see: Tammany Hall. I have no idea what the equivalent of that would have been in Canada, but I'd bet we had such an equivalent).
There are also plenty of non-malicious counting errors that occur all of the time with physical ballots.
Oh noes let's all be scared of hackers & base our policy decisions around this fear strikes me as being about as reasonable as basing policy decisions around fear of terrorists / foreigners / whatever. Online voting would almost certainly increase significantly the amount of voter participation; that trumps my interest in cowering under my bed where the voter fraud bogeymen allegedly can't get me.
Yes, but you'd have to get past the polling workers with the bucket of water, and even then it likely wouldn't render them "unreadable" and you'd get maybe a few hundred? In the modern era, it's really hard to defraud paper ballots given reasonable attention to election controls, which most areas have. You have a set number of ballots sent out, you have to verify that they were received by the recipients, verify the count of blanks, run the election, verify the total vs. blanks+trash ballots - all while multiple officials are present in every precinct, with the option for party officials to also watch the process.
Is it possible? Yes. Is it probable on any large scale - very hard without a large scale effort across a state or region.
Also, if physical paper ballots are vulnerable to physical tampering, then so is any server that hosts an online voting database vulnerable to physical tampering.
I'm going to reiterate an earlier comment of mine, about how at this point, Leitch statements fall under the New Yorker rule, where every single one can be captioned with, "Christ, what an asshole".
Posts
Boooooooooooo!
Pretty sure you could just hijack the HTTP request and modify the info sent by the user to a certain set of domain names/IP addresses. Don't need to show anything different to the user.
Though honestly, that alternative probably wouldn't be that much more difficult. Hijack the incoming HTML, and do a simple swap of candidate names. Probably just swap around the names of the parties you don't like, so that the vote gets diluted between them, and your party could emerge from the morass.
Filling out that survey made me feel good about something government related at the tail end of this year, so imma call that a win.
EDIT: I'm such an INNOVATOR. Yes to online voting, fuck all y'all haters, yes to lower age, yes to mandatory voting, yes to proportional systems.
Will furrow my brow and compromise if online voting somehow proves to be a contentious issues rather than what I suspect is going to be a blow-out NOPE vote.
Am dubious that the results of this poll will favor INNOVATORS at all.
Incidentally the questions of MP roles were very well done. They covered all, if not most of the 5 or 6 understood ways that MPs function in our government, which leads me to believe someone designing this had some legitimate policy background.
Edit: Oh God, Challengers are most likely to view voting as a choice? The hell with that shit.
Currently DMing: None
Characters
[5e] Dural Melairkyn - AC 18 | HP 40 | Melee +5/1d8+3 | Spell +4/DC 12
Hi-5, fellow guardian! Let's teach these Innovator kids a lesson!
....but I was surprised that there was no option for "online voting if we can guarantee security." Only "online voting if you are OK with less security". Or did I miss it? One I would be OK with. The other I would not.
We can't guarantee security.
Do... Re... Mi... So... Fa.... Do... Re.... Do...
Forget it...
I dont think the day off is that helpful, just make it a voting week instead of a voting day.
MWO: Adamski
There was no option for "if we can guarantee security". Online systems are inherently vulnerable; no matter what security measures were put in place, we could never guarantee it was invulnerable to hacking.
EDIT: Beat by Richy.
Do both: voting week, and one day off during that week.
Well last election we had a few days of early voting, at least in my riding. That was a huge help.
The only issue I can see is getting enough volunteers to staff all polling stations for a full week.
I'm not sure how useful 'number of people who want online voting who know nothing about online security' would be.
I'm such an innovator.
For real though, that survey is very strangely worded.
They aren't volunteers, they get paid (not a lot, but they do get paid). I think having the early voting (especially on a weekend) is a good compromise that isn't too expensive.
Also on Steam and PSN: twobadcats
It’s not a very important country most of the time
http://steamcommunity.com/id/mortious
The correct assumption to start on is that you cannot keep a simple web server secure and stick to physical ballots.
(Especially these days, when everyone and their dog will be going out of their way to attack any kind of vulnerability on something like that.)
Actually, beyond that, we'd need to keep the entire Canadian Internet backbone secure too, because DDOS attacks are a thing. Would be harder to use to steal an election, but to disrupt one, certainly.
But nobody does it anyway, so we pretend it is secure when in fact it isn't.
It's not actually that trivial. And requires people who are involved in the election process itself. Multiple ones usually to make it not caught instantly.
Yeah, you'd have to have a pretty big conspiracy going down to defraud paper ballots in any meaningful way (I say this as somebody who works the polls on the regular). It's a lot more work with a lot less reach than doing it digitally.
If someone wanted to, they could walk into a polling place with a bucket of water, dump it onto a ballot box and destroy a significant number of the ballots. Nobody does that because they'd probably go to jail & there's little benefit to them commensurate to the risk.
Back in the day, paper ballots were very regularly defrauded during the counting process (see: Tammany Hall. I have no idea what the equivalent of that would have been in Canada, but I'd bet we had such an equivalent).
There are also plenty of non-malicious counting errors that occur all of the time with physical ballots.
Oh noes let's all be scared of hackers & base our policy decisions around this fear strikes me as being about as reasonable as basing policy decisions around fear of terrorists / foreigners / whatever. Online voting would almost certainly increase significantly the amount of voter participation; that trumps my interest in cowering under my bed where the voter fraud bogeymen allegedly can't get me.
https://en.wikipedia.org/wiki/Mirai_(malware)
Altering physical ballots takes longer and is harder than altering ballots on a compromised server.
No. This simply isn't true any more. A small group of 5-10 hackers can easily perpetrate a massive DDOS of the sort that took down Dyn, especially if they have four years to cycle up to it. Hell, one hacker might even be able to do it and all from their bedroom in some unknown part of the world.
Which is the exact problem. While it is technically just as easy to foul a real paper ballot, that's one paper ballot, fouled by one person, who has to be in the same physical location as the ballot. To swing an election will, except in edge cases, require hundreds maybe thousands of people, all of them in physical proximity to their crime and all of them leaving behind trails of physical evidence.
It's the scalability problem, backwards. We don't want this system to be easily scalable. We want this system to be as manual and as un-automated as possible, because it means that hacking it also because manual and un-automated.
And virtually anybody on the planet can do it with relative ease.
Yes, but you'd have to get past the polling workers with the bucket of water, and even then it likely wouldn't render them "unreadable" and you'd get maybe a few hundred? In the modern era, it's really hard to defraud paper ballots given reasonable attention to election controls, which most areas have. You have a set number of ballots sent out, you have to verify that they were received by the recipients, verify the count of blanks, run the election, verify the total vs. blanks+trash ballots - all while multiple officials are present in every precinct, with the option for party officials to also watch the process.
Is it possible? Yes. Is it probable on any large scale - very hard without a large scale effort across a state or region.
Also, if physical paper ballots are vulnerable to physical tampering, then so is any server that hosts an online voting database vulnerable to physical tampering.
MWO: Adamski
I'm going to reiterate an earlier comment of mine, about how at this point, Leitch statements fall under the New Yorker rule, where every single one can be captioned with, "Christ, what an asshole".