Matt BlazeNov 21, 2022

Those who follow me on The Bad Place have heard me repeat this a thousand times, but once more won't hurt.

Election security is incredibly complex, full of seemingly impossible tradeoffs. But disinformation about supposed "rigged" elections is perhaps the most serious threat to election integrity today.

The best defense is to learn how elections actualy work! Becoming a poll worker is a great way to do that

Also, this National Academies study is a terrific resource:

https://nap.nationalacademies.org/catalog/25120/securing-the-vote-protecting-american-democracy

Securing the Vote: Protecting American Democracy

Read online, download a free PDF, or order a copy in print or as an eBook.

The National Academies Press
Show threadMatt Blaze

Also, any serious discussion of election security has to grapple with two simultaneous realities:

- there's no evidence that any US election outcome has ever been altered by hacking

- there are real, exploitable vulnerabilities in many parts of our election infrastructure

I've written a bit on what these vulnerabilities are and how to fix them, See, e.g., this brief article:
https://georgetownlawtechreview.org/wp-content/uploads/2020/07/4.2-p505-522-Blaze.pdf

Nov 21, 2022 at 4:06pmWeb
Show threadCoach Pāṇini ®Nov 21, 2022
@mattblaze “brief” 😉
Show threadMatt BlazeNov 21, 2022
@paninid I'm a professor. Being wordy is what I *do*.
Show threadSteven BodzinNov 21, 2022
@mattblaze I find it pretty funny how much money and energy goes into worrying about the phantom menace of election hacking while nobody does anything about the obvious, well documented problem of election manipulation by big dark money (including undisclosed foreign donors). Sealing up every tiny draft around the windows while the front door is wide open.
Show threadMatt BlazeNov 21, 2022

@guacamayan They're different problems, with different kinds of solutions. We can address both. It's like asking why we worry about aviation safety when car crashes cost more lives.

Making voting more secure has important benefits. Aside from preventing and deterring actual fraud (which has been so far, fortunately, rare), it also makes it more difficult for losers to falsely claim elections were stolen from them (currently a big problem).

Show threadSteven BodzinJan 13, 2023
@mattblaze i don't think that's ever been a major problem before. It's a problem now because people have developed a catastrophic approach to everything, as if every little thing were high-stakes. I suspect this is from OD'ing on news, as we in the business need to create drama out of mundane situations.
Show threadApicultor 🐝Nov 21, 2022
@guacamayan @mattblaze Start closer to home: gerrymandering.
Show threadSebastian CergăNov 21, 2022
@mattblaze ..but wasn't there evidence mentioned in the Mueller report that there were actors in a position to do so if they had wished to?
Show threadElda KingNov 21, 2022

@mattblaze I think people focus too hard on theoretical impossibilities and not enough on actual threat models.

Paper ballots in Brazil had a habit of disappearing, teleporting, being damaged on route... In the US voter suppression and gerrymandering are so bad that frankly you don't need to hack anything to control what votes are counted.

I would guess that sometimes the security gains of a simpler, faster, more accessible process can be more important than using paper slips in an insecure process that is effectively impossible to be audited in practice.

Show threadMatt BlazeNov 21, 2022

@eldaking Believe it or not, people working in this area are actually quite concerned with practical solutions that address real threat models.

In fact, I posted a couple links to things that discuss the both the theory and practice of election security.

Show threadElda KingNov 21, 2022

@mattblaze Oh yeah, obviously the people working on it know their shit.

I didn't mean the people involved in the design and research, but the "general public", often influenced more by fearmongering and ill-meaning politicians than by nuanced analysis. I am sick of arguments that boil down to "don't use computers for elections, paper is safer", especially in Brazil where Bolsonaro kept spreading misinformation.

Didn't read the book, but quite enjoyed your article. The point about attacks to legitimacy, in particular, hit hard.

Show threadMatt BlazeNov 21, 2022
@eldaking indeed. Though in addition to bad faith, the messaging is really confusing. There are vulnerabilities. But things are improving. But there are still real problems. But no evidence of actual rigged elections. Etc. All are true. How can a voter sort all this out?
Show threadElda KingNov 21, 2022
@mattblaze I'd say Brazil has an edge in this both due to the centralized, unified process, and due to poll work being compulsory (similar to, say, jury duty - you are selected and must go and do it). But the problem on "how to inform everyone, in depth, about political issues" is always a hard one.
Show threadvxoApr 12
@eldaking @mattblaze this description of the voter suppression attacks on US elections is aging extremely, sadly well
Show threadHak Foo Nov 22, 2022

@mattblaze The thing I never got is why elections authorities are so drawn to touchscreen machines. Of all the imperfect solutions, it seems the most imperfect. What government agency willingly says "Please dump a convoluted IT hassle on me!"

Paper ballots have issues, but they do have the value of people understanding how the system works intuitively, which makes it a bit harder to sell a conspiracy.

Show threadJohn PanzerApr 27, 2023
@hakfoo @mattblaze Elections in the US are going to be a complicated logistical and IT hassle no matter what. Consider that you have to march up every voter with the right ballot races they are allowed to vote in, which can vary by precinct. And voter checkins have to be done securely — either by hand, by volunteers or temp workers, or by same assisted by computer… it’s not just a vendor sales job, there are real problems solved.
Show threadJohn PanzerApr 27, 2023
@hakfoo @mattblaze (But if you mean DRE with no printed ballot, yes, that’s an anti feature, I don’t think those are a growth category now. Almost touchscreens are printing a paper ballot now.)
Show threadHak Foo Apr 27, 2023
@jpanzer @mattblaze The difficulty is evaluating the tradeoff-- a check-in computer or a printing touchscreen kiosk might improve throughput over a traditional signature log book and scantron style ballots, but they have more complex failure modes to deal with-- and it's harder to reassure people it's not a crisis when they happen. (i. e. the printer issues in the last Maricopa County election cycle)
Show threadJohn PanzerApr 27, 2023
@hakfoo @mattblaze True. I worked the 2018 election in my area, the last one with precinct based paper checkin books, and then several elections with vote centers + electronic PollPads for checkins. (They go together — you can’t do larger vote centers with their additional voter covenience with paper hand-signed rolls, not with good security.)
Show threadJohn PanzerApr 27, 2023
@hakfoo @mattblaze … But the fact that somewhat mundane printer issues were spun into a conspiracy theory in Maricopa also shows that _any_ system’s quirks can be misused for propaganda. It’s a hard problem, I think.
Show threadYetAnotherGeekGuy Apr 7, 2024
@hakfoo @mattblaze @jpanzer
Also, there is no way to audit the vote with them. It’s trivial to have them show one thing to the voter and something else when reporting votes. How would you know? How would you ever prove it?
Show threadJohn PanzerApr 7, 2024

@YetAnotherGeekGuy @hakfoo @mattblaze So here we are taking only about the _checkin_ process. The _voting_ process is separate (and you can choose different combinations).

I am a fan of having hand marked paper ballots as an option for voters, as they eliminate the specific concern you mention.

Show threadCykonotJul 12, 2024
@jpanzer @YetAnotherGeekGuy @hakfoo @mattblaze they do not eliminate the concern wrt elections if they are merely a (non-default) option. They may make you more confident in your own vote being correctly recorded, but that does not eliminate the inherent issue.
Show threadJohn PanzerJul 12, 2024
@cykonot @YetAnotherGeekGuy @hakfoo @mattblaze You cannot eliminate ballot marking devices without disenfranchising people who are blind (to start a lengthy list, but that is an obvious one). What’s your proposal?
Show threadCykonotJul 12, 2024
@jpanzer @YetAnotherGeekGuy @hakfoo @mattblaze have an assistant?
India has implemented a much more secure electronic voting solution than ANY of our private options.
https://en.m.wikipedia.org/wiki/Electronic_voting_in_India
Electronic voting in India - Wikipedia

Show threadJohn PanzerJul 12, 2024
@cykonot @YetAnotherGeekGuy @hakfoo @mattblaze Requiring an assistant is of course a barrier, unless one is provided by the State, and either way you have just violated their right to a secret ballot.
Show threadCykonotJul 12, 2024
@jpanzer@mastodon.social @YetAnotherGeekGuy @hakfoo @mattblaze okay there's an electronic solution right there?
In my vote by mail state, there are fields you can use to indicate having helped prepare the document.
Show threadRussell 🏴󠁧󠁢󠁳󠁣󠁴󠁿🇺🇦🍉Nov 28, 2022
@mattblaze Your first statement seems to fly in the face of evidence and reality!
Show threadMyrNov 30, 2022
@mattblaze I scanned the article and don’t see this covered. Is there a difference beteeen voting machines companies’ equipment and systems vs types of voting machines? Ergo does one company introduce a greater risk than another?
Show threadMatt BlazeNov 30, 2022

@MirrorMirror Pretty much no. Almost all the major US vendors provide a range of election products, including bad ones (DREs that preclude effective election audits) and good ones (paper scanners, which allow it).

Focusing on the brand is misguided. All precinct equipment is vulnerable to malware and tampering. The question is whether it can be detected and mitigated, which is a function of architecture, not code.

Show threadSpaceLifeFormNov 30, 2022

@mattblaze @MirrorMirror

There must be hand marked paper ballots for safe voting. Human readable. No QR codes.

Show threadMyrDec 1, 2022
@SpaceLifeForm @mattblaze I agree that would stop this “rigged” nonsense better than the cyber ninja solution. 🤨
Show threadSpaceLifeFormDec 1, 2022

@MirrorMirror @mattblaze
@marcelias

You have to be able to do a random audit and verify the counting machines worked as designed.

Of course, how random is the random?

Do you only audit one polling place in a given county? Is that sufficient? No.

Should every county have to undergo the random audit? Yes.

Should the audits require at least 10% of polls in a given county to be audited? Yes.

Who controls the random?

Show threadMyrDec 1, 2022
@mattblaze Thank you. It always occurred to me that if some party paid enough money, they might be able to turn a couple of key elections by a few points *at the source,* with the assistance of a voting machine company. Maybe that’s a stretch.
Show threadPa An 🌍⚔️🛡️🛰️Nov 30, 2022

@mattblaze @maxeddy I am afraid the biggest issue about election security isn’t technology, it’s the voter…

#reflexivecontrol #cognitivelayer

Show threadLeft In MissouriDec 17, 2022
@mattblaze Sad that we Americans have so much trouble holding two true things in our heads at the same time.
Show threadJ Λ M Ξ SJan 13, 2023

@mattblaze do you have any opinions on the blockchain system DARPA built for election security? They call it SIEVE. It is based on ZKPs too.

Disclaimer: I am not a crypto or blockchain person. And yet, I found their thinking quite interesting.

https://www.darpa.mil/program/securing-information-for-encrypted-verification-and-evaluation

Show threadByakuganJan 28, 2023
@mattblaze how about Brazil? seems like a script kiddie hacked their system and gave some ideas to the right-winger paranoids...
Show threadTim KelloggAug 25, 2023
@mattblaze the engineer in me reads those statements and concludes, “there have definitely been election outcomes altered by hacking, we just have poor ability to observe that happening”. Is anyone else thinking along those lines?
Show threadMatt BlazeAug 25, 2023

@kellogh No. that’s not a logical (or responsible) conclusion at all. There’s some uncertainty, and elections aren’t adequately protected. But that doesn’t mean the worst case scenario has happened or that elections are meaningless.

This is not a topic to be too-clever-by-half about. There was literally a deadly riot because of frivolous claims about election fraud a couple years ago.

Show threadTim KelloggAug 25, 2023
@mattblaze “definitely” was a poor choice. As an engineer, I generally only see software systems when they’re failing, so I’m primed in that direction. I’m mainly pointing this out to explain why those two points aren’t the slam dunk you seem to think they are. Lack of evidence is not evidence
Show threadMatt BlazeAug 25, 2023

@kellogh no one said they were a slam dunk. Quite the opposite. There’s uncertainty, and we need to improve elections. But there’s also no evidence any elections have actually been compromised. That’s not clean or satisfying, but it’s the reality we live in, and that was the point.

If you want to place rhetorical games, pick another topic.

Show threadCykonotJul 12, 2024
@mattblaze @kellogh evidence ≠ proof
Show threadFirewalls Don't Stop DragonsNov 27, 2023
@mattblaze I was at DEF CON when you presented this concept. I just interviewed Ben Adida (VotingWorks) about it and asked his thoughts about this exact statement. (It hasn't "aired" yet - soon, though.) It's quite the conundrum.
Show threadD WilsonJul 8, 2024

@mattblaze Diebold?

https://www.motherjones.com/politics/2004/03/diebolds-political-machine/

https://www.wired.com/2009/09/diebold-sells/

https://blackboxvoting.org/

Diebold’s Political Machine

Political insiders suggest Ohio could become as decisive this year as Florida was four years ago. Which is why the state's plan to use paperless touch-screen voting machines has so many up in arms.

Mother Jones
Show threadCykonotJul 11, 2024

@mattblaze i feel like karl rove's reaction to ohio is (circumstantial) evidence, and some election infrastructure investments and trends related to the placement of machines without papertrails is suspect.

But, there has yet to be an election overturned in court on that basis. Scotus DID intervene for Bush, ofc, but that was over hanging chads, not hacking.

When you compare the way Indian election machines are controlled to ours, the difference is stark and disturbing.