PDA

View Full Version : Verified Voting Foundation



sarongsong
2005-Nov-27, 07:05 PM
...electronic miscounts of votes is no longer a theory - it's a fact.
What if the miscounts we know of are only the tip of an undetected iceberg of electronic miscounts? They might be. We have no way of knowing...
http://www.verifiedvotingfoundation.org/

genebujold
2005-Nov-27, 07:29 PM
A secure, accurate electronic vote is one of the most basic computing paradigms in existance today. You do the same thing every time you remove money from an ATM, swipe your credit card for gas, or buy something online.

You are YOU because your number (credit card), your information (first, mi, last) and verification (SSID, on the back), all match.

DUH!!!

Clue in, folks - it's this easy:

1. Register. We've all done that, and have our social security numbers.

2. Verify. Give the government a fingerprint and a PIN using your SSN card, birth certificate, and a picture ID. They'll check several facts concerning your background (location and date of birth, etc.) just to be sure you're you and that someone else isn't registering in your place.

3. Vote/Validate. Choose your candidate, enter your SSN, press your finger to the $19.95 fingerprint reader, and enter your PIN.

This is FAR more secure than any current manual system of voting in place today, and can even be done through the Internet via SSL if you're willing to purchase the $19.95 fingerprint reader.

I could just SHOOT the idiots who're trying to convince America that we need to reinvent the wheel!

AAARRRGGHHH!!!!!!

Electronic voting isn't "next generation," it's 1999....

zebo-the-fat
2005-Nov-27, 07:42 PM
You mean there is something better than putting a cross on a pice of paper? :surprised

turbo-1
2005-Nov-27, 08:01 PM
You mean there is something better than putting a cross on a pice of paper? :surprisedOr hanging some guy named Chad?

Gillianren
2005-Nov-28, 01:21 AM
Or hanging some guy named Chad?

My brother-in-law's name is Chad. Hang away.

Wolverine
2005-Nov-28, 02:01 AM
On a pre-emptive note: participate cautiously here or the thread will be locked.

aurora
2005-Nov-28, 02:27 AM
For those that have never read comp.risks,

http://catless.ncl.ac.uk/Risks

read or search a few back issues, and in between all the other problems we software engineers cause there are a number of reported problems with digital voting machines.

I would posit that no, we haven't figured out how to do it correctly yet. And the existing commercial systems do not work properly.

sarongsong
2005-Nov-28, 03:51 AM
Great resource, aurora; typed in 'voting machine' into their Search function, and came up with 21 pages (http://catless.ncl.ac.uk/php/risks/search.php?query=voting+machine) of references!
Here (http://catless.ncl.ac.uk/Risks/23.27.html#subj8.1) is just one of them from one of those pages, of particular interest to Californians:
In the 2 March 2004 California in Alameda and San Diego Counties, some
voters were...turned way...in at least 25 polling places...in the 17 counties in which Diebold systems were used, none of the versions of those systems actually used was the version that had been certified...I think you get the idea from what we have included here that there are vastly too many problems that could influence the results of close elections, often with no recourse to find out what was really intended...

LurchGS
2005-Nov-28, 04:00 AM
A secure, accurate electronic vote is one of the most basic computing paradigms in existance today. You do the same thing every time you remove money from an ATM, swipe your credit card for gas, or buy something online.

You are YOU because your number (credit card), your information (first, mi, last) and verification (SSID, on the back), all match.

DUH!!!

Clue in, folks - it's this easy:

1. Register. We've all done that, and have our social security numbers.

2. Verify. Give the government a fingerprint and a PIN using your SSN card, birth certificate, and a picture ID. They'll check several facts concerning your background (location and date of birth, etc.) just to be sure you're you and that someone else isn't registering in your place.

3. Vote/Validate. Choose your candidate, enter your SSN, press your finger to the $19.95 fingerprint reader, and enter your PIN.

This is FAR more secure than any current manual system of voting in place today, and can even be done through the Internet via SSL if you're willing to purchase the $19.95 fingerprint reader.

I could just SHOOT the idiots who're trying to convince America that we need to reinvent the wheel!

AAARRRGGHHH!!!!!!

Electronic voting isn't "next generation," it's 1999....



Gene - much as I like the idea, as a merchant, and a reseller of merchant services (well, Internet gateway for merchants), I can attest that the current system is woefully inadequate even for banking. Not even close for anything that requires REAL security.

Now, rather than use a fingerprint scanner (the reader needs to be cleaned fairly often), use a retinal scanner, or, better yet, there's at least one photo-biometric scanner that's not fooled by twins.

that's just the one aspect, and it's not accepted yet as being accurate or secure enough.

genebujold
2005-Nov-28, 06:12 PM
Gene - much as I like the idea, as a merchant, and a reseller of merchant services (well, Internet gateway for merchants), I can attest that the current system is woefully inadequate even for banking. Not even close for anything that requires REAL security.

Now, rather than use a fingerprint scanner (the reader needs to be cleaned fairly often), use a retinal scanner, or, better yet, there's at least one photo-biometric scanner that's not fooled by twins.

that's just the one aspect, and it's not accepted yet as being accurate or secure enough.

You're kidding! Twins can't fool it? I'm interested in the link, if you have it.

One of the problems with having something that accurate, however, is that it's almost too accurate, as people's faces do change over time. The difference between my 2005 self and my 2000 self is greater than the difference between most twins. Thus, a biometric scanner of that sensitivity would need to be periodically calibrated.

By the way, banks use SSL to clear literally billions of dollars of daily transactions through the various clearinghouses each and every night. It was hacked once, back in the 90s, in it's earliest form (through Visa, I believe).

Since then it's proven incredibly secure, and there are encryption methods out there that are far more secure.

The basics of ensuring a secure transaction (such as voting) are actually quite simple, and involve the following items: encryption, authentication, and validation.

First, you want to encrypt the vote. This ensures that no one knows your vote except you. Again, SSL is perfectly adequate for the task.

Second, you want to authenticate the vote. This means the voting system ensures that you are who you say you are. A national ID card, coupled with a PIN only you know and a simple (cheap) fingerprint biometric provides more than reasonable protection against someone else stealing your vote.

Third, you and the voting agencies require validation, that your vote was actually counted. A simple printout, coupled with summary statistics at various levels of aggregation provide reasonable assurance that your vote did indeed count.

Done properly, adhering to these principles, electronic voting is both secure and untamperable, primarily because direct and summary data would be generated to ensure third-party agencies could verify the authenticity of the vote. It's the accounting trail which makes the difference between "voodoo voting" and a vote people can trust.

And we've had 100% of the technology available since 1996.

genebujold
2005-Nov-28, 06:17 PM
Forgot to mention - I perused the RISKS articles and noted that all of the "voting errors" involve known incorrect implementations of digital transaction systems.

If you've never been to one of the DEFCONs in Las Vegas, go. It's an eye-opener, both into the world of computer hacking, as well as a reminder of what really does work with respect to security (although the latter gets far less play...)

Our biggest problem during the move to digital or online voting will be phishing, where websites purporting to be valid redirect your attention, let you "vote" your credentials, then recast your vote as they see fit.

The best way to overcome this is through education, and perhaps a mailed "passkey" which wouldn't let you into the site until you entered it, and the website URL would be simple and plastered all over the "passkey" mailing. After that, simply enter the requisite information, and vote, the same as we do online banking and stock trading.

Moose
2005-Nov-28, 06:32 PM
... or you can use a paper ballot and mark an X in the large circle next to the desired candidate.

It's the "high tech" system we've used without incident in Canada for the past century-and-a-half.

By all means, track your voters electronically (with paper backups). But collect and count the votes by hand. If there's a power failure, provide flashlights. If there's a mechanical failure, you simply resharpen the pencil.

Sometimes the simple solution is the best. And that sometimes is often more often than one thinks.

genebujold
2005-Nov-29, 12:14 AM
Moose, there's definately something to be said for your approach...

However, with the proper implementation, the electronic approach will save megabucks.

With the improper implementation, or one designed by Congress, it will cost far more than we currently spend.

sarongsong
2005-Nov-29, 12:38 AM
Whatever form it takes---I like Canada's way, which seems to be mighty fast at totalling them up, too---shouldn't it be like a National Celebratory Holiday solely dedicated to voting, instead of its current (US) work-day second-Tuesday in November? And how about invoking the penalties for treason to anyone found guilty of intentional vote-tampering?