DARPA Is Building a $10M, Open-Source, Secure Voting System

649 点作者 shpat大约 6 年前

48 条评论

> Kiniy said Galois will design two basic voting machine types. The first will be a ballot-marking device that uses a touch-screen for voters to make their selections. That system won’t tabulate votes. Instead it will print out a paper ballot marked with the voter’s choices, so voters can review them before depositing them into an optical-scan machine that tabulates the votes. Galois will bring this system to Def Con this year.This sounds great: paper trail, no chance of "hanging chads" or bad handwriting, verifiable by the voter at the moment before scanning and hand-countable if necessary.

评论 #19392961 未加载

评论 #19393421 未加载

评论 #19393102 未加载

评论 #19394443 未加载

评论 #19394840 未加载

评论 #19396343 未加载

评论 #19394050 未加载

abakker大约 6 年前

>The systems Galois designs won’t be available for sale. But the prototypes it creates will be available for existing voting machine vendors or others to freely adopt and customize without costly licensing fees or the millions of dollars it would take to research and develop a secure system from scratch.I guess the devil is always in the details. "freely adopt and customize" to me says that the code will not be verifiable or open source anymore? Or that the implementation could be flawed. Open sourcing the code, and then letting commercial entities change it, cut corners, make money, etc seems to be a good way to ensure that all the hard work that went into designing the system is rapidly compromised.

评论 #19392920 未加载

评论 #19393246 未加载

评论 #19393140 未加载

rabi_penguin大约 6 年前

Galois has a reputation for being one of the most visible and well-known shops associated with Haskell. I'm curious to see what they can accomplish. A little bit of poking showed this[0] coming up -- I definitely wonder if that's around the same direction they'll be taking.[0]<a href="https://galois.com/project/csfv-crowd-sourced-formal-verification/" rel="nofollow">https://galois.com/project/csfv-crowd-sourced-formal-verific...</a>

sverige大约 6 年前

Why does this keep coming up? What is the compelling argument against paper ballots? There is no need for results to be known immediately, so how does making voting an exercise done by computers make anything better, particularly when computers are much more vulnerable to remote interference?

评论 #19394286 未加载

评论 #19393474 未加载

评论 #19396974 未加载

评论 #19395910 未加载

评论 #19395084 未加载

评论 #19395723 未加载

评论 #19394510 未加载

评论 #19395329 未加载

评论 #19394425 未加载

评论 #19394393 未加载

weej大约 6 年前

Title is misleading. This is 3rd party contractor that won an RFP bid yo push out hard copy verification of ballot and voter's choice with some "DARPA techniques". Not quite the secure confidential system with data integrity I was hoping for.> We will show a methodology that could be used by others to build a voting system that is completely secure.This really feels like a Proof-of-concept or reference architecture, at best.

评论 #19394687 未加载

评论 #19394797 未加载

sagitariusrex大约 6 年前

I don't believe that putting a price tag on a piece of software legitimizes it for a given use case.I get this same feeling from posts that say "Product X written in language Y". While I agree that there exists a right programming language for a given task, it is not in itself a reason to use product X.

tdcbfdct3大约 6 年前

More information about the idea: <a href="https://en.wikipedia.org/wiki/End-to-end_auditable_voting_systems" rel="nofollow">https://en.wikipedia.org/wiki/End-to-end_auditable_voting_sy...</a>

thanatos_dem大约 6 年前

I use this premise as one of my architectural interview questions- design a voting system.Having asked it dozens of times, I’ve come to the conclusion that I don’t trust anyone to build a voting system. I like it as a question tho, since it’s open ended enough to really let the candidate focus on the domains interesting to them; scalability, security, data modeling, whatever they want really.

评论 #19415348 未加载

equalunique大约 6 年前

I'm a fan of Galois, so I'll keep tabs on this project.

评论 #19393305 未加载

masswerk大约 6 年前

Thought experiment: Have, like in aviation, units built of two separate, but parallel architectures designed and built by unrelated, independent manufacturers with software written by independent teams in different languages and deploy them redundantly. (E.g., Airbus does this.) Now you have cranked up the cost for any manipulations to the requirements of successfully attacking two separate architectures in the same realtime timeframe, maybe at several redundant units at once. Leaving the message path. So you're still screwed. (Simply, because the win to cost ratio may be near to infinity. If we have concerns regarding personal messages, how could we possibly guarantee for this one?) Enter the paper trail and printers. – However, does anyone remember the Xerox scanner debacle of misarranged and falsely duplicated data by the compression algorithm, or the debates about Obama's birth certificate (due to image portions duplicated by the compression algorithm)? Things like these went unnoticed for years.What we may learn from this, a) there's no perfect system involving software, b) if we do not want to invest as much in democracy as we do in shuffling around a few people by aviation, how may we be worth it? Anyway, voting methods shouldn't be about cost reduction.

评论 #19394827 未加载

myth2018大约 6 年前

Sounds good. But in practice it's complicated.. In Brazil we have been using electronic voting systems for 20 years. Since then, there's been absolutely NO EVIDENCE of fraud. Specialists are regularly invited to know the code and try to find vulnerabilities (the code wasn't open-sourced, and personally I don't think it should).And, even so, the losing parties ALWAYS claim there's been some fraud, and a significant part of their respective voters buy such discourse.There's been turnover of power pretty regularly in most parts, and even this doesn't stop folks of accusing electoral fraud.Last year, thanks Whatsapp, the debate's gained special contours. Lots of malicious people shared videos showing fake frauds, which were dismissed after some hours.There's been also lots of stupid people mistyping into the ballot and screaming around with a camera accusing a fraud.It was a bit of a mess and things tend to get serious in very tight scores, since there won't be a safe, auditable way of recounting the votes without having to fully believe in the government agency responsible for operating the system.The system makes the process extremely efficient. We are 100 million voters, voting is mandatory, and we always know the winners within a couple of hours past the end of the voting process. But..

swalsh大约 6 年前

My ideal voting system would allow me to have a real time feed of votes as they come in, so that at the end of the night I can check my records vs the "official" records. Names can be detached, all I need is a Ballot id. BallotId can be something as simple as the hash of RegisteredVoterId + password + Salt + ElectionId.As long as the voter remembers their password, they can look up their record, and the record can be a fully public record with anominity.

评论 #19392718 未加载

评论 #19393422 未加载

评论 #19392692 未加载

评论 #19393953 未加载

评论 #19393339 未加载

评论 #19393634 未加载

zestyping大约 6 年前

Anyone building or designing voting systems should first be familiar with the concept of _software independence_.<a href="https://en.wikipedia.org/wiki/Software_independence" rel="nofollow">https://en.wikipedia.org/wiki/Software_independence</a>It's an extremely important and useful concept, and should form the basis of the first question (or one of the first) asked of any voting system provider.

jpgfunk大约 6 年前

Max Kaye from the Flux party has been building a blockchain based one here <a href="https://github.com/voteflux/THE-APP" rel="nofollow">https://github.com/voteflux/THE-APP</a>It's open source and it's actually got a sound philosophy behind it. It's near completion and hopefully it'll change the way we vote globally (not just in Aus)

folli大约 6 年前

Maybe they'll succeed were Switzerland has just recently failed: <a href="https://www.technologyreview.com/the-download/613107/a-major-flaw-has-been-found-in-switzerlands-online-voting-system/" rel="nofollow">https://www.technologyreview.com/the-download/613107/a-major...</a>

kajecounterhack大约 6 年前

<a href="https://www.youtube.com/watch?v=HVmHruNg6m0" rel="nofollow">https://www.youtube.com/watch?v=HVmHruNg6m0</a>This amazing talk by Ben Adida is really relevant. He has worked on solving voting for a long time now and does a great job here of breaking down some of the salient parts of the problem.

评论 #19400251 未加载

tomc1985大约 6 年前

Surely it doesn't cost $10m to build a secure ballot form. Existing solutions have had so many obvious flaws that it seemed like e-voting companies weren't actually interested in accurately counting votes. They really need 50+ people to make a checkbox form and print the result?

ebj73大约 6 年前

Secure hardware sounds like the wrong idea, I think. I think the correct idea will be something more similar to block chains. A system where the security of the system lies in the ability for anyone to make a copy of the voting data at any point in time. So there will be multiple copies of the voting data, owned both by the authorities and by ordinary people.If the authorities try to tamper with the central copy of the voting data, it will be checked by the multiple copies owned by the general public.I think that's the general idea one should pursue. Not "secure hardware".

andrewstuart大约 6 年前

DARPA Is Building a $10M, Open-Source, Secure Voting Systemfact:DARPA Is Building a $10M, Open-Source Voting Systemambition:secure

LinuxBender大约 6 年前

Have there been any competitions to make an open source, highly scalable and verifiable anti-tampering voting system? Maybe even a competition to see how few resources can be allocated to facilitate millions of simultaneous voters? i.e. "did it in 50 lines of python!" like the javascript 1k competitions. [1][1] - <a href="https://js1k.com/" rel="nofollow">https://js1k.com/</a>

评论 #19393512 未加载

chiefalchemist大约 6 年前

Not to sound overly cynical but open source isn't a panacea. Yes, it adds transparency. That's a positive. But that doesn't ensure it'll work.As for secure, if it's connected to the internet, then it's always going to be a target.It seems to me, that - if voting integrity is priority #1 - a return to traditional analogue voting should be given strong consideration.

lpolzer大约 6 年前

Now if only they would introduce something like Single Transferable Vote (entertaining CGPGrey video: <a href="https://www.youtube.com/watch?v=l8XOZJkozfI" rel="nofollow">https://www.youtube.com/watch?v=l8XOZJkozfI</a>), or another more effective voting system.Probably won't happen though, as it would seriously shake up politics as we know it.

bluedino大约 6 年前

Could this be a useful application of blockchain?

评论 #19393311 未加载

评论 #19393922 未加载

评论 #19394333 未加载

IshKebab大约 6 年前

> Members of the public will also be able to use the cryptographic values to independently tally the votes to verify the election results so that tabulating the votes isn't a closed process solely in the hands of election officials.This sounds like they are using homomorphic encryption?

hello_tyler大约 6 年前

Thank god. Now this is a good investment. They should be getting 10x that budget though.

systematical大约 6 年前

Finally. I've been saying this for years, as I'm sure others have.

stankypickle大约 6 年前

Secure voting system... right... I wonder how this will unfold... =/

cabalamat大约 6 年前

> allow voters to verify that their votes were recorded accuratelyThis sounds like it means it's no longer a secret vote and voters can be bribed or blackmailed to vote a particular way.

评论 #19395217 未加载

NicoN00b大约 6 年前

Ironic that an Oregon-based company is fixing voting machines, when Oregon has a paper-based vote-by-mail system that has encountered few problems.

Entangled大约 6 年前

Software is perfectible, skinware is not. As long as corruptible human beings are in charge, there will be room for fraud.

评论 #19393123 未加载

评论 #19392853 未加载

评论 #19393699 未加载

评论 #19393212 未加载

crb002大约 6 年前

Bad DARPA. Any centralized control is corrupting. You need analog and decentralized to make cheating costly to pull off.

l00sed大约 6 年前

Can anyone attest to this new system's engagement or possible effects on blockchain technology?

MrXOR大约 6 年前

Good news. An Agora voting system's fork powered by SGX/TrustZone and verified by Cryptol?

评论 #19393225 未加载

jacques_chester大约 6 年前

You know what has the best paper trail?Paper ballots.

fergie大约 6 年前

Every now and again you realize that US government actually does a lot of stuff right.

oldpond大约 6 年前

For a good chuckle, search Youtube for Diebold voting machines. LOL.

pmoriarty大约 6 年前

Say goodbye to democracy wherever electronic voting is rolled out.

评论 #19395353 未加载

评论 #19393281 未加载

评论 #19394386 未加载

teawrecks大约 6 年前

Allowing everyone to verify that their vote was counted as they intend is a start, but....I'm not saying it has to use block chain, but for its veracity to actually be openly verifiable, the voting ledger has to be publicly visible.

评论 #19397004 未加载

bkmeneguello大约 6 年前

Everyday someone trying to "fix democracy"

keymone大约 6 年前

$10M sounds like spare change for DARPA?

gsich大约 6 年前

Nothing beats paper.

评论 #19394518 未加载

magwa101大约 6 年前

Finally

asdf333大约 6 年前

so awesome

deogeo大约 6 年前

Open source, open hardware? What a joke. Neither are resistant to chip/compiler level attacks such as <a href="https://www.schneier.com/blog/archives/2018/03/adding_backdoor.html" rel="nofollow">https://www.schneier.com/blog/archives/2018/03/adding_backdo...</a> and <a href="https://www.win.tue.nl/~aeb/linux/hh/thompson/trust.html" rel="nofollow">https://www.win.tue.nl/~aeb/linux/hh/thompson/trust.html</a>That's all assuming the voting machine is actually running the software/hardware they tell you - how would a voter check?The article briefly mentions "That receipt does not permit you to prove anything about how you voted, but does permit you to prove that the system accurately captured your intent and your vote is in the final tally,". But if that receipt doesn't let you prove anything about how you voted, how can you tell from it that your vote was captured 'correctly'? The machine can print anything on the receipt!Then there is the question - what problem is e-voting trying to solve? Hand-counting scales perfectly and is extremely difficult to covertly tamper with. So the only 'problem' e-voting solves is that of being unable to covertly and fully subvert elections.

评论 #19392671 未加载

评论 #19392814 未加载

评论 #19392917 未加载

anth_anm大约 6 年前

My design uses paper and pen.Deployment requires mailing ballots out and having places where people can come in to fill them out.10 million dollars please.

评论 #19393369 未加载

评论 #19393206 未加载

评论 #19393027 未加载

评论 #19394368 未加载

known大约 6 年前

I doubt it can fix <a href="https://en.m.wikipedia.org/wiki/Electoral_fraud" rel="nofollow">https://en.m.wikipedia.org/wiki/Electoral_fraud</a>

LifeLiverTransp大约 6 年前

Relephant xkcd in the room : <a href="https://xkcd.com/927/" rel="nofollow">https://xkcd.com/927/</a>

Beefin大约 6 年前

What I truly don’t understand is why we can’t vote with our phones in this age

评论 #19396219 未加载

评论 #19396545 未加载