Mastodawn

HcInfosec Aug 20, 2023

@jeroen @mattblaze In general voting by going to a specific place inside the town where you live is cumbersome. If we can get a good system to mostly get rid of that that will likely increase voting turnout. Having elections with 40% turnup is much more dangerous to #democracy than it security risks, of course unless these lasts once are huge (which is possible)

Matt Blaze Aug 20, 2023

@HcInfosec @jeroen Yes, and every technical expert who has seriously studied online voting as come to the same conclusion about the risks, because there are fundamental problems and requirements that preclude building an Internet voting system sufficient for civil elections.

It's not that scientists don't think Internet voting would be nice. Just as physicists don't think perpetual motion machines wouldn't be terrific. It's just that they understand fundamental reasons we can't make them.

Matt Blaze Aug 20, 2023

@HcInfosec @jeroen You want an Internet voting system? You have two choices. One is to relax some of the basic requirements and civil rights associated with voting (at least in the US), such as the secret ballot. The other option is to have elections where we can never be sure who actually won, and that are vulnerable to disruption by anyone connected to the Internet.

Neither option seems great.

@HcInfosec @jeroen And these are because of FUNDAMENTAL properties of software-based systems and the requirements of voting, These are not things we can engineer our way out of with better technology or by working harder. We'd have to either change the requirements for democratic elections or accept potentially unbounded uncertainty in election outcomes, no matter what technical advances happen.

Kalle Kniivilä Aug 20, 2023

@mattblaze @HcInfosec @jeroen So what, exactly, is fundamentally wrong with, say, the Estonian voting system?
🤔
#Estonia #voting #elections

Alexander The 1st Aug 20, 2023

@kallekn @mattblaze @HcInfosec @jeroen Scale, primarily (In the most recent election, more than 50% voted electronically, and that meant 312,181 ballots electronically.).

That said, look at the two 2019 maps of Estonia voting breakdown on Wikipedia ( https://en.m.wikipedia.org/wiki/Electronic_voting_in_Estonia ) - those two images seem to indicate that voting electronically seems to heavily favour one party more than if the votes were done with paper ballots.

Electronic voting in Estonia - Wikipedia

HcInfosec Aug 20, 2023

@AT1ST @kallekn @mattblaze @jeroen No not scale, is it?
If I would state what most it people state as reasons for not wanting #evoting it's probably:
1- how to make sure every vote is counted correctly. For that you need some kind of proof where you can after counting re-count and be sure all votes are counted correctly. In analog voting you have the paper trail: meaning you can count ballots by hand or machine and re-count also.
2- and you need to do this without knowledge who voted what (privacy)
3- and you need to verify everyone who votes is entitled to and only votes once

Voting electronically has the risk of:
A- software making mistakes or of course being manipulated
B- so you need a system with proof that counting was done right
C- and apparantly in the papers all others will send us this is explained😎

I hope they can have the decency to explain in a few lines.

Alexander The 1st Aug 20, 2023

@HcInfosec @kallekn @mattblaze @jeroen I mean, there's also the possibility of random candidates suddenly getting 4096 more votes electronics than they actually got [ https://youtu.be/AaZ_RSt0KP8 ].

...And that's the best case scenario for why something went wrong with the count.

The Universe is Hostile to Computers

YouTube

HcInfosec Aug 20, 2023

@AT1ST @kallekn @mattblaze @jeroen My first answer to all this was: you need to compare two systems. Analog voting systems have problems too, like we can see in the USA where they try to make it hard for people to vote.

My conclusion for now, not having red all papers of course, it that mail-in voting seems more secure in practice than #evoting

But of course I don't accept that #evoting can't be secure. I have posted a solution that might work.
I would say have an open-source challenge with a pretty big bounty between universities to design a system. (God I hope they didn't do that yet)

HcInfosec Aug 20, 2023

@AT1ST @kallekn @jeroen By the way, why can we have bank accounts we trust without paper trails, but not voting by using computers?
Don't bank account computers have the fundamental problems voting computers have?

Alexander The 1st Aug 20, 2023

@HcInfosec @kallekn @jeroen If banking goes awry, you mess with the people who had accounts with that bank.

If voting goes awry, you mess with the group of people who can prioritize whether to help the bank or the people who had accounts with that bank (See: FTX, SVB, the 2008 recession, etc.).

Märt Põder Aug 21, 2023

@AT1ST @kallekn @mattblaze @HcInfosec @jeroen I calculated 2023 parliament election results according to e-votes and paper ballots in #Estonia and it appears that they are as from different worlds. At the same time Estonian scientists contend that choice of voting method doesn't give preference to any of the political parties. I claim that this is not true and that Estonian #evoting is at least partly motivated by sort of "digital #gerrymandering". https://gafgaf.infoaed.ee/en/posts/great-divide-in-evoting/#two-separate-worlds

Digital divide in Estonian election results · 🐕 Üks Tartu krants

Despite near equal usage of e-voting and paper ballots in 2023, the results for different voting methods were as from different worlds. There is a huge popular demand to fix the problems with Internet voting, but very little agreement on what do they consist of.

HcInfosec Aug 21, 2023

@tramm @AT1ST @kallekn @mattblaze @jeroen That analysis does call for an explanation..
Is it known what agegroups voted in what way? #hypothesis

Alexander The 1st Aug 21, 2023

@HcInfosec @tramm @kallekn @mattblaze @jeroen I mean, that would start to get into trouble with the whole "Anonymous vote casting" - if we could identify the demographics of e-voting (Beyond "Probably Millenial/Gen X/Zoomers because of a technical bias"), we'd be pretty much breaking the anonymity of how they voted by that disparity.

Märt Põder Aug 21, 2023

@HcInfosec @AT1ST @kallekn @mattblaze @jeroen The data about voting method, age group, geographical location, voting time, even IP-addresses and basically everything which does not include the voter choice is available for research in anonymised form and AFAIK is provided to academic institutions on case by case basis. I have never tried to get my hands on it, but you can find some basic statistics and summaries from NEC page. https://www.valimised.ee/en/archive/statistics

Statistics | Elections in Estonia

Participation in voting (%) Election year Riigikogu (parliamentary) elections (RK) Local government councils elections (KOV) European Parliament elections (EP) Referendums (RH) 2019 63,7 37,6 2017 53,3 2015 64,2 2014

Alexander The 1st Aug 21, 2023

@tramm @kallekn @mattblaze @HcInfosec @jeroen It's possible it's intentional gerrymandering - especially as the reform party presumably is more technically inclined -, but it's worth remembering that mail-in ballots also encourage voter turnout among Democrats in the U.S.

Though I do feel like the disparity in the Estonia paper/electronic voting setup is confusing to see given the % vote that is going e-voting. It just seems like it should be starting to normalize by now.

Michael A. Specter Aug 20, 2023

@kallekn @mattblaze @HcInfosec @jeroen I mean…https://jhalderm.com/pub/papers/ivoting-ccs14.pdf

HcInfosec Aug 20, 2023

@specter @kallekn @mattblaze @jeroen Thanks, that actually helps.

Kalle Kniivilä Aug 20, 2023

@specter @mattblaze @HcInfosec @jeroen Thank you.

mav Aug 20, 2023

@specter @kallekn @mattblaze @HcInfosec @jeroen

and in addition, there's the minor detail that the US doesn't need one voting system, it needs at least... what, 51 systems, plus overseas territories? ... and they'd all be provided by different vendors with different requirements and security models and then there's the problem of voter ID, which is its own social policy issue...

Why don't we just use mail. Works, well-known, effective, built-in paper trail, leverages existing systems.

Dan Veditz Aug 20, 2023

@kallekn @mattblaze @HcInfosec @jeroen

There was a bunch wrong when it was analyzed a decade ago. Given the defensive response from the Estonian gov't at the time I don't know how much has been addressed since
https://estoniaevoting.org/

Independent Report on E-voting in Estonia | A security analysis of Estonia's Internet voting system by international e-voting experts.

Stanislav Ochotnický Aug 20, 2023

@kallekn @mattblaze @HcInfosec @jeroen I don't think anything is wrong with it, but if wikipedia is right, voting is done using Estonian ID card. Which I think "breaks" the assumption in US voting that nobody can tell who you voted for. So that would be a difference in the voting requirements between Estonia and US.

HcInfosec Aug 20, 2023

@drizzy @kallekn @mattblaze @jeroen In the USA mail voting system you mail in your ballot and it contains your vote and your signature. So they also know what you voted.
The analog procedures must guarantee this information is not leaked. In theory the voting counting machine could fill a nice database with who voted what.

HcInfosec Aug 20, 2023

@drizzy @kallekn @mattblaze @jeroen I was wrong here since the signature is on the outside of the envelope apparently. Thay makes a difference

Norman Wilson Aug 21, 2023

@HcInfosec @drizzy @kallekn @mattblaze @jeroen Yep. Typical system:
You fill out ballot.
Seal in special envelope,with tear-off tab on outside, with place for your name and signature.
Special envelope then goes in another envelope for mailing.
When ballot arrives at voting office, tab is torn off and filed as (a) proof that they received your ballot; (b) means to tell if the same voter votes twice.
Ballot itself, still sealed in envelope, goes in a box without tab, opened only for counting.

Norman Wilson Aug 21, 2023

@HcInfosec @drizzy @kallekn @mattblaze @jeroen I know this stuff because I've been a US overseas voter for >30 years.
More recently I have had the option to send my completed ballot to the election office by FAX or (scanned) by e-mail. When I do this there is a separate sheet where I must sign twice: once in place of the envelope tab; the other as an acknowledgement that by sending my ballot that way, I am waiving my right to a secret ballot.

Norman Wilson Aug 21, 2023

@HcInfosec @drizzy @kallekn @mattblaze @jeroen So I have the option of sending the ballot electronically but with privacy risk, or sending it more slowly but with better guarantee of privacy. Reasonable balance.

Oh, and if I send electronically, I must also mail the original, but it's then OK if it arrives some specified time after election day. I believe that is used if a recount is required--original paper still needed for that.

Norman Wilson Aug 21, 2023

@HcInfosec @drizzy @kallekn @mattblaze @jeroen Details probably vary by state. Overseas US voters are guaranteed by federal law the right to vote for federal offices in the state and district where they were last eligible to vote (even if they never registered there), but the voting procedures are still handled by the state. Up to the state whether you're allowed to vote for state offices. Mine didn't but recently changed their mind and now allow it.

Märt Põder Aug 21, 2023

@kallekn @mattblaze @HcInfosec @jeroen I have elaborated on that very question in my preliminary observer report of 2023 elections in #Estonia and I contend that Estonian #evoting is not observable in any meaningful sense and because of that also the procedural aspect has substantially degraded in ~18 years of its existence. https://gafgaf.infoaed.ee/en/posts/perils-of-electronic-voting/

What's (still) wrong with Estonian e-voting? · 🐕 Üks Tartu krants

Estonia spouts official and binding electronic elections since 2005 and it has been a controversial yet an interesting journey. The building blocks of initial system have been replaced, but the lure of trusting operational security instead of democratic oversight is still very much there.

@mattblaze @HcInfosec @jeroen

The only possible way to have secure voting over the internet is when we develop the ability to transport people over IP, let them vote, and transport them back home again.

#transporter #StarTrek #impossible

HcInfosec Aug 21, 2023

@cazabon @mattblaze @jeroen As long as I get my own tcp session 🖖

Norman Wilson Aug 21, 2023

@cazabon @mattblaze @HcInfosec @jeroen And I never understood why the Star Trek transporters can't have their transmissions recorded and duplicated or even modified. (See certain of George O Smith's Venus Equilateral stories for a fun take on that, though he decided not to allow living beings to be transmitted/duplicated.)