Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Tale of Election Intrigue Wins Bruce Schneier's 8th Movie-Plot Contest

Posted by timothy on from the 3d-parties-are-all-terrorists-anyhow dept.

On April 1, Bruce Schneier announced his eighth Movie-Plot Threat Contest; this time around, he asked for a story that showed the evils of encryption, and found a winner in a story that describes an untraceably encrypted U.S. election in the year 2020 -- the first American election to allow on-line voting -- which results in victory for an unexpected third-party candidate.

6 of 57 comments (clear)

  1. That's The Ticket by mentil · · Score: 2

    Why no, Agent... Dontneedtoknow, is it? I have this document titled "Audacious plan to overthrow the evil plutocracy" on my computer because I'm writing it for a contest held by a security researcher, not because I'm a terrorist who has the knowhow to do all the illegal things outlined in this step-by-step document.

    *gets blackbagged and dragged to Gitmo*

    --
    Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
  2. Re:More like a bad design for voting system by luvirini · · Score: 2

    Well, they have to invent something silly like that as they cannot tell the truth.

    As example:
    The current electronic voting systems are basically really bad in security. A lot of it being the lack of encryption and checks making alterations of the data too easy.

    A good voting system would include elements like encryption with a verifying element that is encrypted with a private key that only the voter has. Basically when you vote you would get a vote number and you would use your private key to encrypt your vote and your identity and likely some encrypted verifying value from the voting system. then your encrypted thing and the public vote would be checksummed and you would get the total checksum too. Thus the vote would not hold any information that allows anyone else to identify what you voted unless they have your private key. After the election you could then check that the vote is correct by retrieving the vote by the number and verifying that the checksum and the hidden info is correct and is the same a the public vote and if there is a problem you could prove that you actually cast the vote by the hidden information, thus just a single wrongly tallied vote would cause an investigation to what happened if that vote was cast by someone who is interested.

    There are many other possible ways to do things too, but that is just an example of a way to have encryption help the voting system too..

  3. Re:More like a bad design for voting system by luvirini · · Score: 2

    Ok trying to explain again:

    I bring with me: My key and my "computer". The computer can be any device with a voting software, where the client end is open specification so the computer can be a cell phone, table, laptop, SDC based thing or whatever. The idea being that there will be many implementations and anyone who cares enough can code their own.

    The officials verify who I am and direct me to the voting booth

    I connect my computer via some standard cable to the voting machine.

    The voting machine sends me a plain text random number "serial number" and the same number along with some other information encrypted with their key(or actually one of really many keys).

    My program takes that plain text number and stores it.

    My program will then take my vote, encrypt it along with some other data. And then combine my plain text vote, my encrypted vote(+identifying info) and their encrypted serial number(+identifying info) and then calculate check sum on the whole thing, storing the checksum.

    It will then transmit my vote to the voting machine.
    The voting machine will then show what I voted(the public part), the "serial number" and the checksum they calculated(and likely somewhere on the whole thing if I want to see it) and I should then verify that the vote and the checksum are the same as on my own screen.

    After I press of the vote is then sent away.

    All such votes are then collected and you can connect to a web server where all such are displayed and you can either get the whole list or just a single vote based on the serial number.

    The information there that is thus available for everyone is serial number+vote+encrypted gibberish+checksum

    Thus anyone can count the public votes and you can check your own vote by checking the public vote based on the number you have stored and then comparing the gibberish and checksum to your gibberish and checksum and if need be unencrypt your hidden vote and compare.

    If there is then later a question of tampering, then I can verify my own vote and if I there is need to show that it was indeed the vote then as example a court appointed panel/person can then with me do the following:
    I will give them my key and they will give me the key that corresponds to that serial number.

    Thus both can then decrypt first my vote to see that the vote outside was the same as inside and then use the other key to decrypt the other blob inside that should contain the serial number.

    And that idea might well still have some holes, but if you do your flip of 50% probability of me being republican as in your example I then have 50% chance of noticing your algorithm and if while a single case of such might become a "he says she says thing" like "there is a bug at your end" or whatever the skin doctors come up with, a pattern like that will be readily apparent even if only a fairly low number of people check their votes(and because of the fanaticism of some people when it comes to politics and the paranoia bout technology quite many non geek people will check I think, some using several programs..)

    And yes I know the practical problems of making all that actually work are not trivial because of people...

    But my point above is not to suggest that exactly that system has to be used, but a system where both parties keys are used to encrypt the thing and both parties can thus only decrypt one layer and then putting it all in public with the otherwise anonymously but with a reference you have along with the public vote and checksum allows for checking.

    Will something like that be implemented? likely not.. as people like the current machines where cheating on the system side is easy it seems...

  4. Re:Wouldn't have been the first time by The+Grim+Reefer · · Score: 2

    When will the People rise up and take back their Government?

    Sorry, the people are too concerned with more important things. Things like whether or not Kim Kardashian's ass was Photoshoped or if the dress is blue or gold.

  5. my plot by Kishin · · Score: 2

    So, how did you all like mine [1]? The goal was to show the danger of their double standard: they get ironclad security; we get backdoors. They argue that anonymity, encryption, and security can be the end of the country. I argue that, if true, then it's also a confession on their part. ;)

    [1] https://www.schneier.com/blog/...

  6. Bogus plot -- didn't the 2000 election teach us? by intnsred · · Score: 2

    I don't like the winning plot at all; it ignores reality and the Constitution.

    Forget about encryption or electronic voting -- didn't the 2000 election teach us anything when Al Gore got more of the votes from the American people across the country but George W. Bush took the White House? Does this plot presume we had a constitutional amendment to do away with the undemocratic Electoral College?

    The US Constitution clearly says that the president is elected by the Electoral College. There are only 535 members of the electoral college. We could call them via phone calls in a couple of hours to see how they voted.

    But don't let me get in the way of a good fairy tale... :-)