Fox having to pay a substantial damages settlement to Dominion is a just outcome; their amplification of lies about malicious backdoors and rigged elections was contemptible and dangerous.
But we shouldn't conclude from this that US voting systems are perfectly or even adequately protected against attack. While great progress has been made, there's still a great deal of work left to do to make our elections truly secure and robust.
Fox has paid a price, in both cash and reputational harm. The case didn’t give us the dramatic public trial that might have been, but at least there was a great deal of deposition testimony and other discovery material put on the record. That’s ultimately a win for society, even if it was less dramatic and satisfying than we might have hoped.
And more cases are still in process.
Also, while the settlement amount was about half of the $1.6B that Dominion asked for, it was by no means assured that that's what a jury would have actually awarded, or that a large award wouldn't be reduced by the judge or on appeal.
The damages aspects of the case were complicated, and would likely have involved fairly involved expert testimony by economists, with reasonable arguments for both large and small numbers.
Taking the $787 million was probably a very rational decision.
@DR_murf @mattblaze Fox has not stated to date that they were wrong. They have not admitted to anything, and they probably won't have to. They acknowledged the judge's ruling, but acknowledging it doesn't mean anything. On the other hand, it looks like the settlement itself may end up being public, rather than the normal NDA that happens around these things.
Damage awards are generally limited to single-digit multipliers (State Farm v. Campbell, 2004). Dominion was facing an uphill battle to get even tens of millions in damages, and that's *if* they won, and it probably would have been dragged out in court for years. Legal bills could have consumed most or even all of any eventual award. They took the rational decision.
The next case against Fox is perhaps Smartmatic. They have even less damages That will probably go away in a settlement, too, and an even smaller one.
@mattblaze hand marked scantron is the only realistic solution. Allows quick results and a verifiable paper ballot for recounts.
Any *private* non-public source code counting our votes is absolutely undemocratic.
@apenguininspace @mattblaze that's the problem. We don't know.
A paper trail is better than nothing but there's just precious little benefit to having a software program do the voting part.
If they open source their code so it's reviewable, that would be ok...but still overkill for what's needed, simple scan n read.
Next up is the blatant security failure of these *private* machines. Sure they've been improved, but why incorporate the risk if you don't have to?
@pixelpusher220 @apenguininspace Here’s the problem: today’s elections in the US are incredibly complex compared with the rest of the world. We vote on a ton of different races, and it’s simply not feasible in most of the US to tally ballots without automation. But automation is inherently unreliable and insecure.
Risk limiting audits are an efficient way to get the benefits of automation while also assuring against errors or compromises of the tally system.
@mattblaze @apenguininspace yes, scantron is automation.
My issue is unaudited, untested machines running unaudited code. The examples of bad (or basically no) security are legion as any private actor will only do the minimum.
I still posit that the software voting machines provide no significant benefit, let alone when weighed against the increased risks.
Edit: *publicly audited
Agreed it adds layers of risk...that are almost entirely avoided by scantron counting.
Risk limiting audits can be done regardless of the counting method.
What measurable increase in reporting does software voting provide?
@mattblaze @apenguininspace you'd mentioned them in the context of software systems so I mistook which you were applying it too.
So yes both can be RLAd (and should be).
Still don't see any sizable benefit to software voting systems. Voter hand marked scantron seems the best of both worlds while limiting the risks.
But I guess we'll disagree on that.
Thx
Cool. To summarize
Both have *software*. (Won't argue soft vs firmware)
Both are RLA capable.
Both produce fast results.
One has VOTER HAND MARKED BALLOTS.
I'm going with that one, thx.
Scantron is a generic term at this point. We used them 40 years ago in school.
Scantron *generic* vs a voting system that uses a computer to allow people to vote and then prints out something afterwards. (Like an unreadable barcode...do we require a phone to vote now?)
The scantron system, IMO, is better.
@sjuvonen @sxpert @mattblaze @apenguininspace @pixelpusher220 voting on the smaller issues at the same time as the major ones increases turnout.
If the presidency was won based on popular vote it would be a huge benefit to turnout for all elections.
@sxpert @mattblaze @apenguininspace @sjuvonen @pixelpusher220
Multiple elections would be too expensive. It isn't cheap to run an election. I manage a couple of precincts for Ohio. I'm required to take a 3 hour training class. It takes an hour or two of setup the night before the election. Election day starts at 0500 and finally ends at about 2200 when everything is broken down and turned in to the Board of Elections. It is becoming harder and harder to find people to do this work.
@sxpert @pixelpusher220 @mattblaze @apenguininspace ditto here in Australia. Most races are decided within a few hours of polls closing.
But US ballots are... different. They vote on *heaps* of things at once, on the same piece of paper. For example, how long would it take to hand count all the races on this sucker? It's not even the most complicated I've seen, just the first one I found in a quick image search.
Xerox scanners/photocopiers randomly alter numbers in scanned documents Please see the „condensed time line“ section (the next one) for a time line of how the Xerox saga unfolded. It for example depicts that I did not push the thing to the public right away, but gave Xerox a lot of time before I did so. <iframe width="700" height="394" src="https://www.youtube.com/embed/c0O6UXrOZJo" frameborder="0" allowfullscreen></iframe>
@Orca @mattblaze @apenguininspace sure. Audits would catch that because you have a voter hand marked ballot before any software gets involved.
No different than the CEO of Diebold voting systems stating he would *deliver* Ohio to Bush o6n 2004 😬
@mattblaze @apenguininspace @pixelpusher220 I was really bothered when I took a look at the ballots printed by our Dominion ballot printers here in Santa Cruz.
It had both human (and probably machine readable) vote choices, but also had a QR code that was damnably difficult to read using standard QR reading software and all one got was a binary blob that had to be interpreted via a Dominion proprietary decoding table. And to add butter to the popcorn the QR code was used by the ballot readers as the primary representation of voter choices.
It seems to me that a ballot to be scanned should have exactly one - not multiple - representation of the voter's choices, and that representation should be comprehensible by people using normal human senses.
@SteveBellovin @karlauerbach @mattblaze @apenguininspace @pixelpusher220
It is a statistical issue. Not everyone has to check their marked ballots to make sure the choices printed on the marker are correct. What counts are that *enough* people do so for some statistically meaningful value of enough to be sure that all ballots are being marked correctly.
@SteveBellovin @mattblaze @apenguininspace @pixelpusher220
I’ve seen it. Clever code. He did a second version that was even shorter. It led to some interesting and positive changes in thinking at both NSA and DOE.
A major takeaway is that if you know something about your adversary’s assumptions you can get away with lots of things. Of course, that is also true in stage illusion and confidence games.
And no audit of code of any reasonable size is likely to be 100% certain.
@SteveBellovin @mattblaze @apenguininspace @pixelpusher220
It is not available for public viewing.
@mattblaze @apenguininspace @pixelpusher220
I agree with this sentiment. I've worked for years on both commercial and open source security software systems. I like open source and have supported it ($$$). And I know that you will find fundamental security issues in both open source and closed source commercial systems. And graduating from MIT doesn't mean you produce more secure software (don't mean to pick on MIT particularly). Developers need to assume they will make mistakes, program defensively, and incorporate RLA mechanisms. Those of us who program also often suffer from hubris about our skills.
@mattblaze @pixelpusher220 @apenguininspace the massive number of systems and databases that make up our voting system adds an indirect layer of security. It’s impossible to manipulate the databases in more than maybe a couple locations.
There are a lot of audits and they keep showing the counts are accurate. We should feel really good about that.
@qjurecic
I don't know that it would ever happen, but they should make a sizeable donation to:
https://www.democracydocket.com/
Matt Blaze
DR_murf
Jarrod Frates
Mary Ann Horn
William D. Jones
Pusher Of Pixels (old account)
Jess (short for Jessica)
sxpert
Sami Juvonen
Zone Left
cmeier
Matt Palmer
Orca 🌻 | 🎀 | 🪁 | 🏴🏳️⚧️
Karl Auerbach
Steve Bellovin
cohomology is FUN!
spaf
Eliot Lear
Norman Wilson
Serion
Normal Guy