To all the people waving their hands and saying, "just count them thar ballots like we did back in granddaddy's time, dab gummit", I say please for the love of all that is sacred, volunteer to help run an election in your home town. NO ONE is going to count the millions of ballots cast in a major US election by hand unless they absolutely are forced to do so. All paper ballots are initially counted by machines. It is only when the totals are within a small margin (it's 1% in my state of Virginia) that a recount is even permitted, and only by an even smaller margin when it is paid for by the taxpayers (1/2 of 1% in Virginia.)
People absolutely stink at repetitive tasks. Can you imagine counting 62 MILLION individual pieces of paper -- by hand?! Well, right out of the box you'd have to double that number just to be sure you didn't make any mistakes. Not happening.
No, man made machines to take humans OUT of repetitive processes. Given a perfectly-filled in ballot, the error rate for a scanned ballot would be the same as the error rate of bar code scanning: 1 error out of 400,000 scans. In the state of Virginia, that error rate would mean that only 10 ballots cast in the entire state in 2016 would have been mis-counted.
But we don't have perfectly-marked ballots, again because we ask humans to fill in the paper. The error rate of just mis-marked ballots is 10x the error rate of scanning, and the error rate of hand-counting is 100x larger than that.
No, machines are good. You need to black-box test them and prove that they have not been tampered with, but that is a small, small price to pay for such an enormous gain in accuracy and speed.
The purpose of a paper ballot is to have a voter-verifiable record.
The purpose of scanning is to reduce the enormous error rate of hand-counted ballots down as far as possible. As a freebie, you also get a second contemporaneous record in the form of the scan image.
What makes this imperfect is that human beings still have to mark the paper, and the error rate on that is thousands of times greater than the error rate of scanning.
In a perfect world, the humans would be using computers to perfectly mark a ballot, which then gets scanned by a second machine. Then the error rate would be the error rate of bar codes: 1 in 400,000. In Virginia, that would have meant that 10 ballots would have been possibly miscounted IN THE ENTIRE STATE in 2016.
"But you're mistaken about election security. You don't need to hack the entire thing, only a relatively small number of key precincts... "
But WHICH precincts are "key"? You mean the ones in Florida, Pennsylvania, Wisconsin, and Michigan? The Blue Wall that was supposed to protect Clinton in 2016?
If throwing an election were as easy as you say, then President Trump would not be President Trump today.
As I commented in another thread on election security, unless you have run an actual election, you probably don't appreciate the sheer scale of what's involved in securing an election. I am an election officer in Virginia. Let me shed some light on the subject.
An election is a massively live event involving hundreds of millions of individuals spread out over 7 time zones (don't forget Guam) and an entire continent-sized geographic area.
51 independent elections are held, each with their own rules of procedure, equipment, and personnel, with the exception of some common rules for federal elections.
Within these 51 elections there are thousands of individual voting precincts where the actual votes are counted. Each one of those 51 x 000s precincts are under the complete supervision and control of volunteers. No politician or government worker ever administers the casting of a vote. This is done by your neighbors, a veritable small army of people.
A voter can only vote in the same physical place where they are a resident. You cannot vote remotely.
Before you can cast your vote, in most states you must prove your identity and residency. In all states, this process is entirely disconnected from the actual casting of a ballot.
Except in two states that allow mail-in voting (shame on them), your vote is completely private. No one can force you to vote against your conscience. No one can force you to prove how you voted.
The threat surface of such an undertaking is massive. There is the possibility of fraud in registering voters. There is possible fraud in selecting and configuring equipment. There is possible fraud in authentication. There is possible fraud in training (or lack thereof). There is possible fraud in counting. There is possible fraud in administration and reporting. And on and on.
There is no "this one thing" that can defeat an election. To successfully throw an election is a non-trivial task of monumental proportions. Of course that doesn't stop people from trying.
The gold standard preventative tools we use to secure a vote are:
- Contemporaneous, independent protocols recording the votes, such as scanned paper ballots, hourly running call logs of the number of voters voting, and duplicate end-of-day reports placed under court custody - 100% Chain-of-custody controls of equipment - Black-box testing - Training, training, training - Aggressive de-duplication and data cleansing.
Anyone who tells you that some 11 year-old can "throw" an election with a hack on some copy of a reporting web site is just trying to sell you something or gain some internet fame.
Unless you've spent time running an election, it's hard to appreciate just how distributed the process is. Virginia, where I am an officer, has 2,400+ separate voting precincts.
None of our voting equipment is networked, not even locally within the precinct. None of the equipment even have the hardware necessary to be networked.
Nearly 4 million people voted in the last Presidential race. The recount margin is 1%, so the winner and the loser must be within 1% of each other for a recount to be called.
Thus for a hack to be effective and not be scrutinized by a recount, you'd have to win 1% of 4 million, or 40,000 votes.
How likely is it that you will be able to hack your way into enough precincts, defeat the chain of custody, get your hands on the machines to do your dirty work -- UNDETECTED -- for EACH and every election (each election has a different ballot, and the order is chosen randomly), and change 40,000 votes? Otherwise, what would be the point of the attack?
Local elections are secure, disconnected facilities. Anytime I see some hacker "fair" where they've got the covers off and people are probing the equipment, I just laugh. As if. We run a tight ship, and in 238 years of doing this job, we've learned a thing or two about how people try to cheat.
It's not VOTING you have to worry about, it's REGISTRATION. Registration has many times more attack vectors.
Spot on, except that the rules for getting a copy of the voter roll varies from state to state, and not all of them allow just anyone to have a copy. My state, Virginia, only permits people with a legitimate electoral purpose to get a copy, for example.
This is mental. Do you realize just how many people voted in the 2016 Presidential election? 135 MILLION.
Now, I want to just sit back and watch you manually count 135,180,362 individual pieces of paper, without error (oh, I guess that means we need to do a DOUBLE count just to make sure, right?). And oh, by the way, the entire country is awaiting the results, so you'd better complete that massive counting project as fast as possible, no pressure, just the entire fate of the federal government is awaiting your results.
Man made machines for a reason. And one of those reasons is so humans would not be tasked with doing repetitive jobs that require extremely small tolerance for error.
Why is this modded Troll? Moderators, you are supposed to moderate on the quality of a comment, regardless of whether you personally agree with it or not. The parent's comment is absolutely on par with the vast majority of comments in this thread.
No, it can't. Voting fraud is a huge topic. It covers everything from voter registration, to selecting candidates, to running an election, to validating the results, to resolving disputes, to controlling equipment, processes, and people. It is an enormous undertaking, and it can't be fixed with a silver bullet.
And furthermore, a blockchain is not private, it is the opposite of private, it has a technical dependency on not being private, in fact. But votes HAVE to be private. That's why we have physical elections where people go into privacy booths and mark their ballots where no one can see them.
I urge all software engineers to volunteer as a poll worker, at least once. They need your expertise and your disciplined approach to work.
And what is the point of your comment? To pat yourself on the back for being smarter than the rest of all mankind? To shake your fist at the sky while you breathe your last?
Seriously, this is not a personal jab. If you TRULY didn't care then you wouldn't be here commenting. So, why are you here?
...including this one. The NY Times never complained when FB "manipulated" the election of Barak Obama in 2012 by letting the DNC volunteers send their friend graph to a vote analysis service which then recommended get-out-the-Democrat-vote messages back. Back then FB was hailed to high heaven as this digital force of nature and Republicans were clueless against the onslaught of the hip, digital natives.
And look where we are now. The hypocrisy just abounds.
...but it's fading. Not because MoviePass doesn't work or is even difficult to use -- it isn't -- but because once I started going to the movies more often, I realized that movies themselves are uniformly poor. In the past when I'd see a bad movie, I'd just chalk it up to bad chance. But now I see that pretty much the whole lot of them are just not that great, almost immediately forgettable. And rare indeed is a Hollywood-produced movie that is any good, in my experience. Independent film has a far better hit to loss ratio.
The mission of MoviePass is to get people to new movies, and that was achieved very well in my case. I did watch a whole lot of new movies. Even with the upgraded price would still be a good deal, if the product was worth my time.
It's hyperbole because all the mall has to do is slap a sticker on the directory display that reads, "Your use of this directory is aggregated anonymously to help us make your shopping experience better" or something to that effect, and *poof* the "issue" goes away. It goes away so easily because it's a non-issue. Everyone who walks into a mall already understands that they are being monitored.
Society long ago accepted that any public space is under surveillance. They've had video cameras in shopping malls since there WERE shopping malls. I don't see how this is any different. In fact, even less invasive than the video cameras, since they don't save any personally-recognizable data.
Except that in this case, the hardware keys they are using generate one-time passwords. So yeah, their success IS a result of what they are doing, not just that they're doing "anything".
But [web programming languages] can't stop you from making a crap Web Application, and they all have a feature where people may misuse or abuse to create utter garbage.
There is a higher-order thread running through this argument that has to do with good programming practices regardless of language. Modular code and UI components are Good Ideas, for example. Containers are a Good Idea. Git is a Very Good Idea. Typing is a Good Idea if you generate code. Templating is a Good Idea. Observer Pattern is a Good Idea. Eventing is a Good Idea.
What I do is listen to our industry, study their good ideas, and incorporate them in my next project, fitting them to the language and framework the customer is using. Language is primarily a *business* decision, it has to do with what kinds of IT resources the company is willing to commit to.
That shouldn't stop good development. As John Lennon famously said, "I'm an artist. Give me a tuba and I can get you something out of it."
Now go code. Make beautiful, good code with whatever tools they give you. Be the artist.
And, how does pattern-matching on 72 known products not just give you all the products that are similar to the known set? How is that testing "all possible" combinations?
The USPS is not a guaranteed delivery system. A mailed-in ballot cannot be guaranteed to have been filled out by the voter, nor delivered on time, nor delivered without having been manipulated on transit. It's a terrible way to cast a vote.
Slashdot Mirror
To all the people waving their hands and saying, "just count them thar ballots like we did back in granddaddy's time, dab gummit", I say please for the love of all that is sacred, volunteer to help run an election in your home town. NO ONE is going to count the millions of ballots cast in a major US election by hand unless they absolutely are forced to do so. All paper ballots are initially counted by machines. It is only when the totals are within a small margin (it's 1% in my state of Virginia) that a recount is even permitted, and only by an even smaller margin when it is paid for by the taxpayers (1/2 of 1% in Virginia.)
People absolutely stink at repetitive tasks. Can you imagine counting 62 MILLION individual pieces of paper -- by hand?! Well, right out of the box you'd have to double that number just to be sure you didn't make any mistakes. Not happening.
No, man made machines to take humans OUT of repetitive processes. Given a perfectly-filled in ballot, the error rate for a scanned ballot would be the same as the error rate of bar code scanning: 1 error out of 400,000 scans. In the state of Virginia, that error rate would mean that only 10 ballots cast in the entire state in 2016 would have been mis-counted.
But we don't have perfectly-marked ballots, again because we ask humans to fill in the paper. The error rate of just mis-marked ballots is 10x the error rate of scanning, and the error rate of hand-counting is 100x larger than that.
No, machines are good. You need to black-box test them and prove that they have not been tampered with, but that is a small, small price to pay for such an enormous gain in accuracy and speed.
The purpose of a paper ballot is to have a voter-verifiable record.
The purpose of scanning is to reduce the enormous error rate of hand-counted ballots down as far as possible. As a freebie, you also get a second contemporaneous record in the form of the scan image.
What makes this imperfect is that human beings still have to mark the paper, and the error rate on that is thousands of times greater than the error rate of scanning.
In a perfect world, the humans would be using computers to perfectly mark a ballot, which then gets scanned by a second machine. Then the error rate would be the error rate of bar codes: 1 in 400,000. In Virginia, that would have meant that 10 ballots would have been possibly miscounted IN THE ENTIRE STATE in 2016.
"But you're mistaken about election security. You don't need to hack the entire thing, only a relatively small number of key precincts... "
But WHICH precincts are "key"? You mean the ones in Florida, Pennsylvania, Wisconsin, and Michigan? The Blue Wall that was supposed to protect Clinton in 2016?
If throwing an election were as easy as you say, then President Trump would not be President Trump today.
As I commented in another thread on election security, unless you have run an actual election, you probably don't appreciate the sheer scale of what's involved in securing an election. I am an election officer in Virginia. Let me shed some light on the subject.
An election is a massively live event involving hundreds of millions of individuals spread out over 7 time zones (don't forget Guam) and an entire continent-sized geographic area.
51 independent elections are held, each with their own rules of procedure, equipment, and personnel, with the exception of some common rules for federal elections.
Within these 51 elections there are thousands of individual voting precincts where the actual votes are counted. Each one of those 51 x 000s precincts are under the complete supervision and control of volunteers. No politician or government worker ever administers the casting of a vote. This is done by your neighbors, a veritable small army of people.
A voter can only vote in the same physical place where they are a resident. You cannot vote remotely.
Before you can cast your vote, in most states you must prove your identity and residency. In all states, this process is entirely disconnected from the actual casting of a ballot.
Except in two states that allow mail-in voting (shame on them), your vote is completely private. No one can force you to vote against your conscience. No one can force you to prove how you voted.
The threat surface of such an undertaking is massive. There is the possibility of fraud in registering voters. There is possible fraud in selecting and configuring equipment. There is possible fraud in authentication. There is possible fraud in training (or lack thereof). There is possible fraud in counting. There is possible fraud in administration and reporting. And on and on.
There is no "this one thing" that can defeat an election. To successfully throw an election is a non-trivial task of monumental proportions. Of course that doesn't stop people from trying.
The gold standard preventative tools we use to secure a vote are:
- Contemporaneous, independent protocols recording the votes, such as scanned paper ballots, hourly running call logs of the number of voters voting, and duplicate end-of-day reports placed under court custody
- 100% Chain-of-custody controls of equipment
- Black-box testing
- Training, training, training
- Aggressive de-duplication and data cleansing.
Anyone who tells you that some 11 year-old can "throw" an election with a hack on some copy of a reporting web site is just trying to sell you something or gain some internet fame.
Unless you've spent time running an election, it's hard to appreciate just how distributed the process is. Virginia, where I am an officer, has 2,400+ separate voting precincts.
None of our voting equipment is networked, not even locally within the precinct. None of the equipment even have the hardware necessary to be networked.
Nearly 4 million people voted in the last Presidential race. The recount margin is 1%, so the winner and the loser must be within 1% of each other for a recount to be called.
Thus for a hack to be effective and not be scrutinized by a recount, you'd have to win 1% of 4 million, or 40,000 votes.
How likely is it that you will be able to hack your way into enough precincts, defeat the chain of custody, get your hands on the machines to do your dirty work -- UNDETECTED -- for EACH and every election (each election has a different ballot, and the order is chosen randomly), and change 40,000 votes? Otherwise, what would be the point of the attack?
Local elections are secure, disconnected facilities. Anytime I see some hacker "fair" where they've got the covers off and people are probing the equipment, I just laugh. As if. We run a tight ship, and in 238 years of doing this job, we've learned a thing or two about how people try to cheat.
It's not VOTING you have to worry about, it's REGISTRATION. Registration has many times more attack vectors.
Spot on, except that the rules for getting a copy of the voter roll varies from state to state, and not all of them allow just anyone to have a copy. My state, Virginia, only permits people with a legitimate electoral purpose to get a copy, for example.
This is mental. Do you realize just how many people voted in the 2016 Presidential election? 135 MILLION.
Now, I want to just sit back and watch you manually count 135,180,362 individual pieces of paper, without error (oh, I guess that means we need to do a DOUBLE count just to make sure, right?). And oh, by the way, the entire country is awaiting the results, so you'd better complete that massive counting project as fast as possible, no pressure, just the entire fate of the federal government is awaiting your results.
Man made machines for a reason. And one of those reasons is so humans would not be tasked with doing repetitive jobs that require extremely small tolerance for error.
Why is this modded Troll? Moderators, you are supposed to moderate on the quality of a comment, regardless of whether you personally agree with it or not. The parent's comment is absolutely on par with the vast majority of comments in this thread.
No, it can't. Voting fraud is a huge topic. It covers everything from voter registration, to selecting candidates, to running an election, to validating the results, to resolving disputes, to controlling equipment, processes, and people. It is an enormous undertaking, and it can't be fixed with a silver bullet.
And furthermore, a blockchain is not private, it is the opposite of private, it has a technical dependency on not being private, in fact. But votes HAVE to be private. That's why we have physical elections where people go into privacy booths and mark their ballots where no one can see them.
I urge all software engineers to volunteer as a poll worker, at least once. They need your expertise and your disciplined approach to work.
And, as a bonus, it would let you trace an individual face to a specific vote! Wow! What a great idea.
Oh, wait.
And what is the point of your comment? To pat yourself on the back for being smarter than the rest of all mankind? To shake your fist at the sky while you breathe your last?
Seriously, this is not a personal jab. If you TRULY didn't care then you wouldn't be here commenting. So, why are you here?
...including this one. The NY Times never complained when FB "manipulated" the election of Barak Obama in 2012 by letting the DNC volunteers send their friend graph to a vote analysis service which then recommended get-out-the-Democrat-vote messages back. Back then FB was hailed to high heaven as this digital force of nature and Republicans were clueless against the onslaught of the hip, digital natives.
And look where we are now. The hypocrisy just abounds.
Exactly. The federal government can't be in charge of securing the election for itself. Classic conflict of interest.
Federalism works.
...but it's fading. Not because MoviePass doesn't work or is even difficult to use -- it isn't -- but because once I started going to the movies more often, I realized that movies themselves are uniformly poor. In the past when I'd see a bad movie, I'd just chalk it up to bad chance. But now I see that pretty much the whole lot of them are just not that great, almost immediately forgettable. And rare indeed is a Hollywood-produced movie that is any good, in my experience. Independent film has a far better hit to loss ratio.
The mission of MoviePass is to get people to new movies, and that was achieved very well in my case. I did watch a whole lot of new movies. Even with the upgraded price would still be a good deal, if the product was worth my time.
Huh?
It's hyperbole because all the mall has to do is slap a sticker on the directory display that reads, "Your use of this directory is aggregated anonymously to help us make your shopping experience better" or something to that effect, and *poof* the "issue" goes away. It goes away so easily because it's a non-issue. Everyone who walks into a mall already understands that they are being monitored.
THIS WEBSITE TRACKS YOUR PERSONAL DATA!!!!
Even if you post "anonymously".
Are you worried yet? Worried enough to not post?
Society long ago accepted that any public space is under surveillance. They've had video cameras in shopping malls since there WERE shopping malls. I don't see how this is any different. In fact, even less invasive than the video cameras, since they don't save any personally-recognizable data.
Except that in this case, the hardware keys they are using generate one-time passwords. So yeah, their success IS a result of what they are doing, not just that they're doing "anything".
You use more than one 2FA method, of course. I have a smartphone app as a backup, SMS as a backup, and a printed copy of backup keys.
There is NO reason not to implement 2FA. You don't even need the hardware key. Just stop relying on a password alone.
There is a higher-order thread running through this argument that has to do with good programming practices regardless of language. Modular code and UI components are Good Ideas, for example. Containers are a Good Idea. Git is a Very Good Idea. Typing is a Good Idea if you generate code. Templating is a Good Idea. Observer Pattern is a Good Idea. Eventing is a Good Idea.
What I do is listen to our industry, study their good ideas, and incorporate them in my next project, fitting them to the language and framework the customer is using. Language is primarily a *business* decision, it has to do with what kinds of IT resources the company is willing to commit to.
That shouldn't stop good development. As John Lennon famously said, "I'm an artist. Give me a tuba and I can get you something out of it."
Now go code. Make beautiful, good code with whatever tools they give you. Be the artist.
And, how does pattern-matching on 72 known products not just give you all the
products that are similar to the known set? How is that testing "all possible" combinations?
The USPS is not a guaranteed delivery system. A mailed-in ballot cannot be guaranteed to have been filled out by the voter, nor delivered on time, nor delivered without having been manipulated on transit. It's a terrible way to cast a vote.
https://www.dailydot.com/layer...
... again. Call me crazy, but git is right up there with Linux itself in terms of advancing the art.
Forget this article, ask yourself the question why some would even CARE if your skin color differs from that of your co-worker.
Go far enough left around the circle, and you eventually end up on the right.