> Kiniy said Galois will design two basic voting machine types. The first will be a ballot-marking device that uses a touch-screen for voters to make their selections. That system won’t tabulate votes. Instead it will print out a paper ballot marked with the voter’s choices, so voters can review them before depositing them into an optical-scan machine that tabulates the votes. Galois will bring this system to Def Con this year.<p>This sounds great: paper trail, no chance of "hanging chads" or bad handwriting, verifiable by the voter at the moment before scanning and hand-countable if necessary.
>The systems Galois designs won’t be available for sale. But the prototypes it creates will be available for existing voting machine vendors or others to freely adopt and customize without costly licensing fees or the millions of dollars it would take to research and develop a secure system from scratch.<p>I guess the devil is always in the details. "freely adopt and customize" to me says that the code will not be verifiable or open source anymore? Or that the implementation could be flawed. Open sourcing the code, and then letting commercial entities change it, cut corners, make money, etc seems to be a good way to ensure that all the hard work that went into designing the system is rapidly compromised.
Galois has a reputation for being one of the most visible and well-known shops associated with Haskell. I'm curious to see what they can accomplish. A little bit of poking showed this[0] coming up -- I definitely wonder if that's around the same direction they'll be taking.<p>[0]<a href="https://galois.com/project/csfv-crowd-sourced-formal-verification/" rel="nofollow">https://galois.com/project/csfv-crowd-sourced-formal-verific...</a>
Why does this keep coming up? What is the compelling argument against paper ballots? There is no need for results to be known immediately, so how does making voting an exercise done by computers make anything better, particularly when computers are much more vulnerable to remote interference?
Title is misleading. This is 3rd party contractor that won an RFP bid yo push out hard copy verification of ballot and voter's choice with some "DARPA techniques". Not quite the secure confidential system with data integrity I was hoping for.<p>> We will show a methodology that could be used by others to build a voting system that is completely secure.<p>This really feels like a Proof-of-concept or reference architecture, at best.
I don't believe that putting a price tag on a piece of software legitimizes it for a given use case.<p>I get this same feeling from posts that say "Product X written in language Y". While I agree that there exists a right programming language for a given task, it is not in itself a reason to use product X.
More information about the idea: <a href="https://en.wikipedia.org/wiki/End-to-end_auditable_voting_systems" rel="nofollow">https://en.wikipedia.org/wiki/End-to-end_auditable_voting_sy...</a>
I use this premise as one of my architectural interview questions- design a voting system.<p>Having asked it dozens of times, I’ve come to the conclusion that I don’t trust anyone to build a voting system. I like it as a question tho, since it’s open ended enough to really let the candidate focus on the domains interesting to them; scalability, security, data modeling, whatever they want really.
Thought experiment: Have, like in aviation, units built of two separate, but parallel architectures designed and built by unrelated, independent manufacturers with software written by independent teams in different languages and deploy them redundantly. (E.g., Airbus does this.) Now you have cranked up the cost for any manipulations to the requirements of successfully attacking two separate architectures in the same realtime timeframe, maybe at several redundant units at once. Leaving the message path. So you're still screwed. (Simply, because the win to cost ratio may be near to infinity. If we have concerns regarding personal messages, how could we possibly guarantee for this one?) Enter the paper trail and printers. – However, does anyone remember the Xerox scanner debacle of misarranged and falsely duplicated data by the compression algorithm, or the debates about Obama's birth certificate (due to image portions duplicated by the compression algorithm)? Things like these went unnoticed for years.<p>What we may learn from this, a) there's no perfect system involving software, b) if we do not want to invest as much in democracy as we do in shuffling around a few people by aviation, how may we be worth it? Anyway, voting methods shouldn't be about cost reduction.
Sounds good. But in practice it's complicated.. In Brazil we have been using electronic voting systems for 20 years. Since then, there's been absolutely NO EVIDENCE of fraud. Specialists are regularly invited to know the code and try to find vulnerabilities (the code wasn't open-sourced, and personally I don't think it should).<p>And, even so, the losing parties ALWAYS claim there's been some fraud, and a significant part of their respective voters buy such discourse.<p>There's been turnover of power pretty regularly in most parts, and even this doesn't stop folks of accusing electoral fraud.<p>Last year, thanks Whatsapp, the debate's gained special contours. Lots of malicious people shared videos showing fake frauds, which were dismissed after some hours.<p>There's been also lots of stupid people mistyping into the ballot and screaming around with a camera accusing a fraud.<p>It was a bit of a mess and things tend to get serious in very tight scores, since there won't be a safe, auditable way of recounting the votes without having to fully believe in the government agency responsible for operating the system.<p>The system makes the process extremely efficient. We are 100 million voters, voting is mandatory, and we always know the winners within a couple of hours past the end of the voting process. But..
My ideal voting system would allow me to have a real time feed of votes as they come in, so that at the end of the night I can check my records vs the "official" records. Names can be detached, all I need is a Ballot id. BallotId can be something as simple as the hash of RegisteredVoterId + password + Salt + ElectionId.<p>As long as the voter remembers their password, they can look up their record, and the record can be a fully public record with anominity.
Anyone building or designing voting systems should first be familiar with the concept of _software independence_.<p><a href="https://en.wikipedia.org/wiki/Software_independence" rel="nofollow">https://en.wikipedia.org/wiki/Software_independence</a><p>It's an extremely important and useful concept, and should form the basis of the first question (or one of the first) asked of any voting system provider.
Max Kaye from the Flux party has been building a blockchain based one here <a href="https://github.com/voteflux/THE-APP" rel="nofollow">https://github.com/voteflux/THE-APP</a><p>It's open source and it's actually got a sound philosophy behind it. It's near completion and hopefully it'll change the way we vote globally (not just in Aus)
Maybe they'll succeed were Switzerland has just recently failed: <a href="https://www.technologyreview.com/the-download/613107/a-major-flaw-has-been-found-in-switzerlands-online-voting-system/" rel="nofollow">https://www.technologyreview.com/the-download/613107/a-major...</a>
<a href="https://www.youtube.com/watch?v=HVmHruNg6m0" rel="nofollow">https://www.youtube.com/watch?v=HVmHruNg6m0</a><p>This amazing talk by Ben Adida is really relevant. He has worked on solving voting for a long time now and does a great job here of breaking down some of the salient parts of the problem.
Surely it doesn't cost $10m to build a secure ballot form. Existing solutions have had so many obvious flaws that it seemed like e-voting companies weren't actually interested in accurately counting votes. They really need 50+ people to make a checkbox form and print the result?
Secure hardware sounds like the wrong idea, I think. I think the correct idea will be something more similar to block chains. A system where the security of the system lies in the ability for anyone to make a copy of the voting data at any point in time. So there will be multiple copies of the voting data, owned both by the authorities and by ordinary people.<p>If the authorities try to tamper with the central copy of the voting data, it will be checked by the multiple copies owned by the general public.<p>I think that's the general idea one should pursue. Not "secure hardware".
Have there been any competitions to make an open source, highly scalable and verifiable anti-tampering voting system? Maybe even a competition to see how few resources can be allocated to facilitate millions of simultaneous voters? i.e. "did it in 50 lines of python!" like the javascript 1k competitions. [1]<p>[1] - <a href="https://js1k.com/" rel="nofollow">https://js1k.com/</a>
Not to sound overly cynical but open source isn't a panacea. Yes, it adds transparency. That's a positive. But that doesn't ensure it'll work.<p>As for secure, if it's connected to the internet, then it's always going to be a target.<p>It seems to me, that - if voting integrity is priority #1 - a return to traditional analogue voting should be given strong consideration.
Now if only they would introduce something like Single Transferable Vote (entertaining CGPGrey video: <a href="https://www.youtube.com/watch?v=l8XOZJkozfI" rel="nofollow">https://www.youtube.com/watch?v=l8XOZJkozfI</a>), or another more effective voting system.<p>Probably won't happen though, as it would seriously shake up politics as we know it.
> Members of the public will also be able to use the cryptographic values to independently tally the votes to verify the election results so that tabulating the votes isn't a closed process solely in the hands of election officials.<p>This sounds like they are using homomorphic encryption?
> allow voters to verify that their votes were recorded accurately<p>This sounds like it means it's no longer a secret vote and voters can be bribed or blackmailed to vote a particular way.
Allowing everyone to verify that their vote was counted as they intend is a start, but....I'm not saying it has to use block chain, but for its veracity to actually be openly verifiable, the voting ledger has to be publicly visible.
Open source, open hardware? What a joke. Neither are resistant to chip/compiler level attacks such as <a href="https://www.schneier.com/blog/archives/2018/03/adding_backdoor.html" rel="nofollow">https://www.schneier.com/blog/archives/2018/03/adding_backdo...</a> and <a href="https://www.win.tue.nl/~aeb/linux/hh/thompson/trust.html" rel="nofollow">https://www.win.tue.nl/~aeb/linux/hh/thompson/trust.html</a><p>That's all assuming the voting machine is actually running the software/hardware they tell you - how would a voter check?<p>The article briefly mentions "That receipt does not permit you to prove anything about how you voted, but does permit you to prove that the system accurately captured your intent and your vote is in the final tally,". But if that receipt doesn't let you prove anything about how you voted, how can you tell from it that your vote was captured 'correctly'? The machine can print <i>anything</i> on the receipt!<p>Then there is the question - what problem is e-voting trying to solve? Hand-counting scales perfectly and is <i>extremely</i> difficult to covertly tamper with. So the only 'problem' e-voting solves is that of being unable to covertly and fully subvert elections.
My design uses paper and pen.<p>Deployment requires mailing ballots out and having places where people can come in to fill them out.<p>10 million dollars please.
I doubt it can fix <a href="https://en.m.wikipedia.org/wiki/Electoral_fraud" rel="nofollow">https://en.m.wikipedia.org/wiki/Electoral_fraud</a>