March 29th, 2004

My Hat!

Time for a dream post...

I don't often remember my dreams upon awakening, and when I do, they're usually not terribly interesting. So when I remember a dream _and_ it's an interesting one, it's a red letter day.

Collapse )

Neet, huh? Seriously, when I post a dream, it's a winner.
run the fuck away

My Solution to the E-Voting Problem

Wired runs an interesting piece of E-voting, which gets me thinking about the wealth of problems that it poses.

My solution is simple- if you're determined to do electronic voting (which I feel is unneccesary), let's approach the issue democratically. Turn to the Open Source community, and let them develop it. Suddenly, when there's a claim that there's a security problem, you're going to have an entire community of tech saavy people hunting it down, and fixing it. And seriously- tabulating votes _should_ be an easy task. This isn't a "big" application, and requires no ground breaking innovation.

My model would work like so-
Each machine will present a touch screen interface, and walk voters through each campaign in a wizard-style format. After each page of the wizard, the resulting vote is cached in memory, so that the last screen presents a summary, and offers to either "confirm" "discard" or "edit".

Once the results are confirmed, the machine stores the results in a _flat text file_. Mind you, the machines are locked boxes with no wired or wireless connections. They're stored in a locked cabinet, in plain view of the precinct administators. Access can only be achieved via the _back_ panel, so a voter behind a curtain could not get access to the system without physically damaging the cabinet.

So yes, I use a _flat text file_, no database. It could even be encrypted. In addition to storing the results, it prints out a set of reciepts, one for the voter, and several copies for different audit trails.

At the end of the election, the machine enters tabulation mode. It tabulates the results, and displays them on screen, prints a hard copy. After the results are printed (and checked to see that they match), a network connection is _then_ added to the machine, where it can report to a central server. All of this communication should be done on a network that has _no connection to the outside world_, even so, all communication should be strongly encrpyted, signed, and verified. Each submission of voting data should be able to be tracked back to a specific machine.

At each precinct, the administrators should manually tabulate the results of each machine. *gasp* Yes, people should double check things on the precinct level. It's not hard people, and not that much work. Use a fucking calculator. Someone at the central server should randomly spot check the precincts by phone (in person perhaps?) and compare the results.

Now, part of this process creates a multiple level audit trail. An election could be auditted on the precinct level (and this process could be abstracted to allow city-level, county-level, and state-level audits), down to a voter-level audit. Based on the contention over the election results and the closeness of the election, an audit will be conducted.

For example, in elections decided by 15% of the votes, an audit could be performed by county. For 10% of votes, it could be done by precinct, and for 5% a full voter-level audit should be performed.

So, in close elections, there _is an audit_. Period. This is in addition to any mandated random audits.

No, this isn't a fool proof election, But it's a start. And this is one person, talking off the top of their head, with only a vague understanding of security principles. I _hate_ security. But it's important, especially for something like elections.

Other voting notes...

Any evoting system must:
  • Be implemented in 100% ANSI code- no Java, .NET, etc. (caveat: these could be acceptable, but would require a custom, open source VM/runtime-environment). It seems more desireable to implement in C++ however.
  • Provide human verifiable trails at _every step_
  • Provide strong encryption
  • Be physically, as well as logically, secure.

I'm trolling around on Sourceforge, looking at some of the voting related offerings, and seeing alot of Java/.NET ones. This is unnacceptable, because you are importing security holes from your VM/runtime vendor. There are open source implementations of both Java and .NET, but most are in pre-alpha states, or at best, beta. Any software leveraged by the voting system must be mature. For example, running a C++ voting system on embedded linux, using X to provide GUI is acceptable, provided a mature version of embedded linux is used. This software has already been tested extensively, and most major security holes have been fixed.

The back-end O/S must be OS, which excludes using Windows or Mac on the PC- every step of the functioning must be verifiable, testable, and modifiable, including the basic communication with the hardware.
run the fuck away

More Voting

The Open Voting Consortium which is going public with version 1.0 of their software has a solution.

It's decent, but doesn't offer any signifigant advantages over pen-and-paper. It's smoother, to be sure, but when stacked up against Diebold, and when you ignore little things like security, it doesn't measure up for convience.

I do like the system though. In short, it works like this:
Start with an on-screen display, walk the user through the ballot.
Generate a printed reciept (and do not tabulate the votes- the EVM doesn't store any information)- the printed reciept is folded in such a way as to hide the human readable information, and shows instead, a bar code, which can be scanned by the voter and read on screen, or audibly, by a machine in the precinct for verification.
At the end of the election, the votes are scanned with hand-held devices, and that is how the results are tabulated.

I like the barcode idea. It's smooth.

Unfortunately, when stacked up against auto-counting systems like Diebold, it doesn't measure up. It's a better choice, but it relys on people _thinking_ about the system they're choosing in terms of reliability, security, etc, not just plain features.
run the fuck away


There seems to be a theme today, but this one's just... odd... The World Votes. I'm still trying to make sense of this one, and just keep having these visions of the news announcing that Mao is now president of the US.

Now, when Little Condi Rice says that she doesn't know how "we could have done more" to stop the World Trade Center incident, what she's really saying is that the administration is incompetant.

If you are not able to look at a failure of any scale, recognize it as a failure, and explain to other why it happened, and how you can prevent it in the future, you have demonstrated a failure in basic life skills.

If the administration had really done everything possible to prevent it, then it _wouldn't have happened_. This isn't an opening for a philosophical debate. There's no action that can't be prevented- at least in hindsight. This administration has apparently plucked out the hind-sight eyes, and is incapable of examining their own fuck ups.

Let me say this one last time: when confronted with a failure that you are responsible for, it is your responsibility to examine that failure, and find out how, and why it happened, and take measures to see that it _doesn't happen again_.