Transparency in electronic voting machines

5 pointsMarkHarmon13y ago6 comments

Is there a way to make a vote counting machine be fraud proof? Saying that it uses open source is not enough because there needs to be proof that the executing code is the same as the open source code. It doesn't have to use a computer at all if there is a way to mechanically engineer this or other solution then that would work too. I was thinking that something like bitcoin's system might work, but not sure. Btw, I'm not making this system, just curious.

5 pointsMarkHarmon13y ago6 comments

6 comments

6 comments · 2 top-level

thrush13y ago· 2 in thread

If you haven't already, you should read these two papers on this topic by Professor Alex J. Halderman of University of Michigan.

Security Analysis of India’s Electronic Voting Machines -https://jhalderm.com/pub/papers/evm-ccs10.pdf

Attacking the Washington, D.C. Internet Voting System-https://jhalderm.com/pub/papers/dcvoting-fc12.pdf

source: https://jhalderm.com

MarkHarmonOP13y ago

In both cases it sounds like the designer/developers were not qualified to make the decisions they did about their systems. Not to sound like a snob or anything, but using Rails plugins? Really? That just sounds sloppy.

thrush13y ago

I believe the Paperclip Rails plugin was only used in the Washington DC situation. I wouldn't call it sloppy to use a 3rd party plugin, in many cases, that is actually much better than a "roll your own" solution. Rather, I think the sloppiness here stems from the fact that the exploit in Paperclip had actually been documented previously so the developers should have performed filtering which would have prevented shell injection in file uploads. It does seem that overall the developers could have done a much better job, but it's also very difficult to build such a piece of software without a massive team and constant testing with realistic deployment (mostly due to the security requirement, any unaccounted for vulnerability could lead to the downfall of an entire election).

To quickly comment on the other paper, it seems that it is just as much a political commentary as a case study on EVMs (electronic voting machines). It appears likely that a corrupt government may have intentionally made the voting system "hackable" so that elections could be manipulated.

mschuster9113y ago· 2 in thread

You can never "look" into the machine, all you can do is to put the machines under tamper-evident seals and trust the authority which distributes these.

MarkHarmonOP13y ago

I'm trying to think of a way that the machine could be designed where it's veracity is verified and viewable by all as it works. In other words there is some kind of mechanism that prevents falsifying the count. Something equivalent to being able to watch over people's shoulders as they count votes. A website that anyone can go to and monitor each machine and its code as it is working but with read-only ability.

LarryMade213y ago

Mechanical.... but still if one was crafty enough it still could be made to give a false impression....

j / k navigate · click thread line to collapse

6 comments

6 comments · 2 top-level

thrush13y ago· 2 in thread

If you haven't already, you should read these two papers on this topic by Professor Alex J. Halderman of University of Michigan.

Security Analysis of India’s Electronic Voting Machines -https://jhalderm.com/pub/papers/evm-ccs10.pdf

Attacking the Washington, D.C. Internet Voting System-https://jhalderm.com/pub/papers/dcvoting-fc12.pdf

source: https://jhalderm.com

MarkHarmonOP13y ago

thrush13y ago

mschuster9113y ago· 2 in thread

You can never "look" into the machine, all you can do is to put the machines under tamper-evident seals and trust the authority which distributes these.

MarkHarmonOP13y ago

LarryMade213y ago

Mechanical.... but still if one was crafty enough it still could be made to give a false impression....

j / k navigate · click thread line to collapse