The building itself might be worth only $200 million as real estate (it's a big building, dude); as an operations headquarters, it's worth much more to Apple but not to anyone else. Its property valuation is pointedly not its strategic valuation.
It's more like have a bunch of people bid on it and see where they stop. It'll probably be less than Apple is willing to take or else Apple would sell the building and move somewhere else.
Yeah I tend to be a bit blunt. Smart people are often more-vulnerable to confidence tricks because they think they can finesse their way around the plot and get reeled in; of course, you can always learn to deal with those little details with all the finesse of a brick instead of trying to show off how very smart you are.
This is a dispute between two parties who each have a conflict of interest; get the brick.
Also: I'm working on elections security as a side hobby these days. Do you know why I've designed an integrity model that opens up any and all tampering to discovery by literally anyone in the world, at any time, even long after the election has ended?
Tax assessors are local government officials. The local government makes revenue from taxes. This is an obvious conflict of interest. Do you trust the government, or do you demand transparency?
You can have deflation problems with fiat currencies too, of course, as Japan well knows.
Yes, and you create loose monetary policy and take other action to drive up wages and create inflation as a response.
Sure, except for one key thing: if there actually were savings accounts and mortgages in BTC, there would be inflation as the money supply grew directly with the value of said mortgages. It's a self-solving problem. Doesn't matter how many BTC there are in the blockchain, any more than it matters how many $20 bills there are.
I'm thinking about all money being BTC. I'm thinking your savings account is BTC and your mortgage is BTC. That IS the problem I described.
Let's try this again. I'm going to show you that you're wrong about the "self-solving problem" and that it matters how many BTC there are, so don't come back and say "oh that only happens if your mortgage is dollars and savings account is BTC" again.
There are, for example, twenty million bitcoins in the world. At this point, it takes an enormous amount of time to generate an additional bitcoin, so the number of bitcoins expands slowly. Technical progress is faster: the capacity to produce more goods in the same time increases, and so the labor force expands.
This means that at some time in the future, there may be 1% more BTC in the world and 10% more income earners. In this example, then, there is enough BTC for each worker to earn 100 BTC per year today, and then in the future there is enough BTC for each worker to earn 91.8 BTC.
Do you see it?
Your mortgage was 30BTC/year, 30% of your income. Ten years into your 30-year mortgage, your mortgage is still 30BTC/year; however, only enough BTC exist to pay everyone 91.8BTC/year. That means, on average, your mortgage is now 33% of your income.
That's if wages are BTC, mortgages are BTC, savings accounts are BTC, and the world has never even considered another alternate currency because it was created as a seed colony on a planet where we didn't tell anybody about fiat or gold standard, and so they believe BTC was given to them by God at the Creation.
If the only money in existence is BTC, a mortgage payment becomes a larger percentage of the average income every year. It's either increasing relative to the payer's income or the payer's income is increasing while somebody else is getting poorer.
There was not a deflation problem in 2008, there was a problem with bad loans, and "creative" finance instruments backed by bad loans.
A credit crunch. The money supply effectively sank. Inflation has been kind of stagnant since.
Why aren't those for cryptographically secure electronic voting? Last I looked the competent cryptographers were going rounds and rounds of shooting down each others ideas for strong crypto, secret secure ballot systems that worked.
Well of course. You don't use cryptography to secure elections; it's about non-repudiation.
You can't observe everything, neither can you code all the machines
Wanna bet?
You post the EVM image online months ahead of the election. Any corrections are posted as well, with difference summary. This allows anyone and everyone to examine the image, do logic and analysis testing, and so forth. The general public can acquire hardware and build a mock election (this costs about $500 based around my prototyping, but something like $20,000 with current systems).
So here's the first point: the software to be used on the machines is now known. It's known forever. It can be tested by random people on Twitter 20 years from now. You can't hide it.
You do the same weeks before the election with the candidate data.
You put the code on an SD card. This card has an eFuse on the WR line leading into the write array. Flip a write protect switch and apply power and it is physically-impossible to write to the array ever again. It's read-only now.
You demonstrate this. Your election judge puts the SD cards into a Lexan case with multiple lock-outs, and locks it. Cables lead out of this case with an SD connector: you can plug this into an SD slot. Judge plugs it into the EVM, demonstrates imaging, demonstrates loading of the software. This copies the SD card to the voting machine's memory; for the Ballot Box (later), the judge inserts an SD card (when prompted) which the machine erases, images, and configures to store votes.
Then: the election judge locks the transparent software box to a desk and calls for a volunteer, preferably a member of the press.
Anyone, at any time, can come up to this box, verify the non-writability of the SD card, and copy the data to their system. They can upload it. They can hash it. They can do whatever. We know THIS is the software on the EVMs; we know THIS is the candidate data. Does it match the published image?
That's also non-repudiated.
At this point, you have programmed every voting machine with known software, and this can be proven forever. They don't go into a warehouse 30 days later and have their tampered image replaced with a "Certified" one. The image is online; the image that was actually used is also online; and everyone who wants it has a copy. We the people inspected these things during polling.
No cryptography so far.
The EVMs stick your votes onto a Smart Card, which you carry to a Ballot Box--an EVM that reads the Smart Card, displays the votes to be cast, then wipes the card and records the votes and your voter ID.
At poll close, the Ballot Box displays statistics. For plurality ballots, the total number of ballots cast and the count of votes represents exactly one unique set of ballots. For ranked ballots, a ranked ballot is mathematically-equivalent to an exact set of pairwise plurality ballots: you generate statistics for pairwise races. The public observers record these.
Each polling place's ballots, reported online, must calculate to the same numbers. If they don't, the ballots have been tampered. That's not cryptographic, but it is mathematical.
The ballot sets are non-repudiated.
That means you have non-repudiation of the actual logic the machines use to record and tally votes and non-repudiation of the ballots as recorded and tallied by the machine. You can never hide this information away. You can never alter it. You can never remove the capability for the public to mess with these votes.
No cryptography involved.
Have you ever shipped commercial code or hardware? I'm guess
Deflation, due to having not physically enough money to go around to compensate all the labor.
Bitcoin was designed to produce fewer bitcoins over time due to exponentially-increasing work required to mine each coin, like a gold mine. It eventually falls behind the inflation curve, which is why bitcoins are mostly traded in fractions now instead of in whole parts.
If your mortgage was in BTC, you'd owe 10 BTC but this year there are 1BTC per person, next year there are 0.95BTC per person, the year after 0.9BTC, and so forth. Productivity is increasing, purchasing power in total is increasing, but the amount of BTC is not increasing as fast. The capacity for population is increasing because the demand for labor is increasing as people can buy more, and salaries are decreasing because cost-of-living is going down in terms of number of BTC.
Your mortgage payment isn't going down, so you owe 1/3 of 1BTC per year, and ten years in you make 0.7 BTC per year instead of 0.1BTC.
Alternately, everybody could rent. Everybody could save and buy a house in cash, too, which means the number of BTC moving around would shrink dramatically--you'd have fewer BTC available to spend--and you'd suffer severe deflation. This happened in 2008 with money in what is called a "credit crunch"; the effect would be the same, except it would happen constantly, until your civilization became a smoking crater and a few adventurous refugees from poverty-stricken developing nations showed up on a boat with rocks and pointy sticks and took over your lands, then created a real central bank with fiat currency and raised a great nation over the remnants of your corpses.
I'm leaning toward simply being wrong and away from being outright-evil, aside from a few specific cases of pathological psychopaths who probably also believe themselves to be the great visionaries who are doing what is necessary.
Economics sounds like bullshit when it's correct. Microeconomics shows you can escape poverty by going out, working hard, and starting a business. Macroeconomics shows jobs come from consumer demand, and opening a business in a poverty area either won't work or will take jobs away from other people in that area and cause no net-gain of jobs. Macroeconomics also shows bringing jobs back to America by closing off trade results in huge losses of American jobs as you open a factory for 50,000 workers making a good at a higher price than the 150,000,000 American workers were paying, ultimately losing shipping and retail jobs, resulting in poorer Americans overall and 90,000 jobs lost, a net 40,000 loss in American jobs.
When you work out the economics, you find that social welfare programs make the economy overall more-productive, stabilizing the consumer base and increasing revenue streams. Those higher taxes on the rich end up making the rich richer, and giving money to poor and unemployed people causes them to get jobs. If you don't work out the whole economic machine, it all looks obviously wrong.
I assume that conservatives are in general just wrong about things, not pretending they believe in bullshit economics about tax cuts and eliminating welfare.
Unlike gold, BTC is easily divisible into smaller pieces still useful as currency.
That is the problem.
Oh, we divided the currency, so your $10,000/year is now $8,000/year.
By the by, if the bank had kept that $25,000 you borrowed instead of loaning it to you, it would be worth more today. Oh, the interest rate is low, sure; but here's the thing: we're not going to discount you and end with less money. It's still $275/month.
What? You're not happy your mortgage moved from 33% of your monthly income to 41%? It's harder to make payments every year? Your wage keeps going down but your debts are still there? Boo hoo. Find a way to pay it or we take your house, dork.
The problem is the conservatives are operating on bad science and bad economics, creating huge risks for themselves and others, reducing the profit prospects for the rich, and so forth. The current crop of liberal progressives needs to take some time to think and architect things; they've got the right ideals, but no concept on how to approach them.
The United States had $18 trillion of gross national income in 2016. Do you know how that happens? A bunch of people do work (not necessarily useful work: traders may put in the effort of decision-making to move your money to their pockets, which is work, but produces nothing except the outcome of your money going into their pockets) and they derive income (are paid) for that work.
That's all the corporate profits, all the wages, all the capital gains. Every time someone performed some labor and derived some form of income thereof, that income was accounted in the GNI. (There are some complex considerations there, such as how revenue meets laborers through organizations and supply chains and so corporate profit after expenses are income, wages are income, but corporate revenue that passes on to another hand is not income. Savings covering losses shifts income over time, too, so you kind of spread some of this across time; and losses by producing things not useful or saleable are a cost of producing, and are still represented in the whole of "we paid this much for all the stuff we consumed".)
That's what the US Dollar is: $18 trillion in 2016 of US dollars is just a funny number. It could be $2 trillion, or $5,000 trillion. That income would have been earned, in any case, by purchasing these same goods and services--by the same labor, its results, and the cost borne by the activity of the economy to purchase it.
There might be additional US dollars sitting around somewhere unspent. Those are effectively "unprinted"--they're removed from the economy--and the people who own them essentially have the power to "print" new money at a later date. The Fed issues $1 and $12 show up because of fractional reserve; the idle cash in bank accounts is still part of the monetary basis, and spending it doesn't allow the banks to issue additional, so the spending of what was $1 of idle cash is only introducing $1 and not $12 of newly-available money supply. Same concept, though.
A fiat currency can't be anything else. What is spent is what is bought. Oil, on the other hand, is a basic material resource (a fuel or a plastic stock), and so carries its own marginal utility.
Currencies need to have some form of stability. When population expands, you need more currency. When productivity increases, you need more currency (imagine your dollar income falling as prices fall, but your bank loan doesn't get any smaller, and your house becomes worth less, so now you're underwater and your mortgage payment is a larger percentage of your income).
This is why we have things like fiat currencies, which always represent the amount of goods and services produced and sold (income). Currency doesn't become scarce (like bitcoin or gold) or suddenly flood (like gold); it's managed to stabilize inflation as market changes create demands on currency supply.
The military is a jobs program among its other purposes.
If they want to create jobs, they can build a military twice as large for the same cost. They could also spend the money on schools, public transportation, roads, environmental cleanup, research, the like.
Winston Churchill once demolished a Conservative defense budget, tearing it down to 1/10 its original size. He described his own budget, trimming the number of warships and other such provisions to a fraction of that for which the Conservatives had called.
Churchill's defense budget and his program funded thereby was sufficient to lose two-thirds of its ships and still destroy all of the European naval power, and then land troops and demolish their militaries. He called for a military which could demolish Europe three times over.
The United States wastes a lot of money in performing its functions, producing $2 of results for $5 of spending. Our military could provide greater defense with better technology at lower costs were the entirety of its programs not run by disorganized incompetents. The people doing the work are not specialized in managing the overall picture and, besides, are quite busy enough; and the people running the overall picture are bureaucrats who care little for fiscals, as it is Congress's problem to obtain the money.
We can make election machines verifiable; it requires some strict integrity protocols. You have no integrity if you don't have public observers and known-good ballot boxes.
Today, we have black-box EVMs and poor public understanding of elections security, which has lead to people rushing back to paper ballots without even fully protecting paper ballot integrity. If you had proper handling procedures, you would start with known-good software images for EVMs (yes, that means those images are public, published ahead of time, and verified by public observers at poll open), and provable ballot sets coming off the EVMs.
The public at large could look at the elections Web site and validate each set of ballots to ensure that they match with a real ballot set from each polling center. None dropped, none added. You'd still have the questionable paper mail-in ballots; however, practical integrity concerns are marginal, and the amount of tampering in mail-in paper ballots is acceptable compared to the impact of disenfranchising absentee voters.
For certain types of absentee voting--such as deployed military voting, voting on-site at assisted living centers, and prison voting--we can carry out absentee elections, with video recording and all present personnel as public observers, obtaining the same integrity guarantees despite not being able to bring people to domestic polling centers. Essentially, we can make mobile polling centers; we just need too many people around to conduct any funny business.
Even if you can make an electronic system secure. You can't demonstrate that to 99% of the population. Hence it won't happen.
You _can_ secure physical ballot boxes in ways that everybody can understand.
It's doable, but only because it's a different problem than you're examining here.
Securing physical ballot boxes requires complex handling considerations that the general public can't understand without a little study. You should know that: you've argued we don't follow the right handling considerations, which indicates the public doesn't understand the need.
In a similar sense, securing ballot boxes requires demonstrating to the public that they can trust they are secure, not that they are secure. There are only a handful of public observers at each polling place: each member of the public cannot be at all polling places to observe all ballots 100% of the time. That means they trust that other people have observed the process, and they believe the protection measures are sufficient.
People believe physical ballots are tamper-proof, for example, when they're clearly not. Although most people will accept the risk of tampering (stuffing, editing, coercion, and deletion) in mail-in ballots when you explain why we have absentee ballots, they often think the process is secure.
As a politician, I've been sent surveys with questions that opened up explaining that the US Postal Service is well-known as the most-secure thing in existence, thus all voters should be allowed to vote by mail in every election if they so wish--a pitch that says "vote by mail is tamper-proof, so we should increase voter turn-out by letting everybody vote from home!" Internet-based voting is slightly more-secure (you can make it impossible to prove you have voted, so coercion and vote-buying go away), but does not resolve the integrity issue (you can't prove the total vote counts at all, or that anyone in particular has or has not voted, to the general public); nobody is buying into Internet-based voting.
So what do we do about securing EVMs in a way the public can understand?
Well, first of all, we need to educate the public on election integrity--just like with paper ballot boxes. Currently, as you've observed, we haven't educated them on certain integrity deficits our elections carry, and they believe the elections are secure. The same is true of EVMs: we need to explain the integrity model.
We also need to educate the public on how to exercise the integrity model--every election. We don't go out and remind everyone to engage in this part of the election process now, and you'll notice polling places usually contain two election staff, an election judge, and whoever is voting. The press shows up during vote counting for big races and recounts, but stays out of it for things about which nobody much cares. People are out there in polling places counting votes with basically two pre-selected volunteers and two party observers who may all be colluding: a small set of possibly-compromised people are opening paper ballot boxes and handling ballots. Even my EVM procedures can't protect against that (the best I can do is install a live streaming camera to watch and record certain critical things).
For EVMs themselves, the software and hardware must be accessible. I'm designing EVM software to run on a Raspberry Pi. Seriously. The EVM itself might be a modified Pi with 8 displays, or a Pi Zero, or a Pi 3 B+ ordered in a batch without the Wifi/Bluetooth chip soldered on (it's not part of the SOC); it will run the same SOC, same bootloader fused into the SOC. The whole EVM will cost around $120; if you want to configure it with EVM and "Ballot Box" using a smart card, you're looking at $300 of off-the-shelf hardware--or you can order the core systems (about $25 each), bring your own displays (7-inch touch screen, or KVM if you want), and use a 50 cent smart card and a $10 smart card reader to set up a test rig.
We count votes immediately in the public. We also recount votes for 30 days thereafter. There's error in normal human counts, and colluding volunteer vote counters can manipulate the apparent human error (which can swing close races readily; nobody's fooled when you muck about with a wide victory margin).
With the ballot boxes taken out of public view, how do you know parties aren't trading a delegate for a senator, or manipulating the primaries? In my locale, the Democrats don't like the more-progressive candidates--and one of those beat another candidate by 9 or 27 votes in the recent primary (depending on whether you believe the original count or the recount). The candidate he beat has endorsed the Republican governor and was more-favored by the Democratic Central Committee.
So you tell me: with a 9-vote margin of victory, what would you think of a recount finding that the second-place winner is actually the first-place winner? You only have to flip 5 votes (-1 +1, that's a span of two), and you can do that by "accidentally" misreading a ballot after a string of the same vote (25 votes for candidate A, the next vote for candidate B but you announce for A and everybody is just nodding along at this point, then the next for candidate B and you announce that correctly). The Republicans like the candidate the Democratic party would have preferred. They're in agreement. Would the Republicans scrutinize this too hard?
securing the voting boxes with seals (during the vote and after) and clear voting boxes (to prevent the box starting the day half full).
An EVM image published ahead of time can be inspected by third-parties and tested to ensure proper logical behavior. It can be reverse-engineered. It can be taken apart and put back together again.
That image, installed at poll open from read-only media which is then distributed so public observers can make copies and validate that it is untampered, represents a ballot box which starts empty, which has seals on it, which is untampered. You don't plug these things into a network.
Each vote cast increments a visible public counter, so you know how many people voted (clear ballot box: you can't screw with it by stuffing votes mid-day). Just like ballots, you may get different ballot counts per race: there are 20 races on the same paper ballot, and many people don't vote at all in down-ballot races, or may skip a congressional race, or whatever else they fancy. You have 100 voters voting but 93, 97, 82, and 14 ballots cast in various races. You get a lot of "no votes cast" when counting.
At poll closed, you collect the votes on the EVMs, displaying tallying statistics. You have ballot sets--identifiable to the local polling place--which will only generate the exact same tallies if they are the same sets. You know X ballots were cast and the particular results of a tally of X ballots; no modification with X ballots will produce the same results.
The public observers watch this happen. They now have something you don't get with paper ballots: non-human-intervention in a known-good ballot tally process, and the power to audit the published ballots to validate them as being the ballots cast.
You don't have a State recount for this. Every security firm and local news agency does their own recount. Richard Stallman publishes a recount 15 minutes after the election is over. Someone on Twitch is live-streaming the ballots and photos on Twitter of the election counts, and computing the election results in real-time.
You might notice I work out ways to attack things, and ways to prevent those attacks. It's not like our elections aren't highly-resistant to ballot box attacks (they're exceedingly-vulnerable to all other attacks); the weaknesses are minor, but do exist. The same goes for the integrity procedures I keep describing: I'm not looking for ways to attack and alter the votes, but for the possibility that you could do such a thing. I'
That way you don't need to worry about making in hackable voting machines, which is hard.
Voting machines don't have radio and aren't attached to a network.
Voting machines don't allow authentication without a hardware token.
Your attack surface is a sliver. In a technical sense, it's feasible to make that unhackable; in this case, "feasible" is an interesting word because this requires a lot of discrete mathematics and graphing of program logic, and it's "feasible" if the program logic over which you cannot prove the scope of inputs is sufficiently small that you can perform that exercise.
Achieving that guarantee is not in scope. There's a simpler method: you demonstrate the logically-valid inputs and how the inputs are validated, showing that no manipulation is possible by program logic rather than by rendered mathematical model of machine instructions. That's also rarely done, but significantly easier and is considered a critical coding practice nobody follows.
To put this simply: you have a touch screen with some buttons which list candidates. You can mark a candidate or put the candidates in order. The write-in field is limited to alphanumeric characters. Hacking this interface requires triggering undesired behavior via checking boxes, dragging candidates into an ordering, or entering an alphanumeric string into a text box. You'd have to jump through some hoops to make code that allows that (assuming you length-limit the write-in box and filter out any non-alphanumeric characters).
Authentication of the election judge via a FIDO U2F credential blocks access to other functions, notably collecting ballot counts. Functions which can manipulate votes are simply not in the program code (separate assemblies, removed from the machine). You of course need to prevent attack on the U2F protocol code by people who jam random USB devices into the machine; and you can have the machine alert (loudly) when somebody inserts a USB device prior to doing anything with it, so you can't covertly attack the machine (you're going to get arrested). The USB ports can also be behind a locked panel (can't physically reach them).
So those additional routes of attack are only available when under public observation.
A paper ballot box is an unhackable voting machine--allegedly.
As for your link:
A linkage between ballot and ballot image should exist, in the form of a serial number. Not a fancy QR code which can contain hidden identifiers leading back to the voter ID of who cast the ballot. Just a simple unique number, like 10548626. This number appears on both ballot and ballot image. If you want to check whether ballot images are real, you simply examine the actual ballots using your Freedom of Information rights, comparing to make sure the image matches the original.
Print another ballot with a duplicate serial number. Who do you think the attackers are here? Where do you think the paper ballots reside? How do you know the paper ballots weren't untampered? The recount period is 30 days; they have a month to produce false ballots and re-image them. For that matter, why can't you use extra ballots? Linear serial numbers will trace back to ballot casting order and machine, allowing identification of unique individual voters and linking of identity to ballot.
By contrast, a non-tampered EVM can produce information which absolutely proves a set of ballots is the same set cast on that EVM--before the ballots are exposed to any opportunity for manipulation. The ballot sets must be published, and the public can independently verify the entire election. This data is a mathematical fact, not a paper ballot and an image that should match up to the ballot. You can't prepare false images and false ballots ahead of time and distribute them on request--more sleight-of-hand ballot stuffing using paper ballot audit trails as avenues of attack that themselves provide credibility
Keeping the paper ballots is essential. There's no other way to verify that the correct vote was cast.
The EVM image is public. It's put online by the Board of Elections months ahead of the election. Any defects are logged and updates have a change description, all published.
The EVM hardware is public, and easily-accessible by everyone. The ones I'm designing will cost around $150 for the prototype and $120 in mass production.
The EVM software source code is open, although that matters less than you'd think (how do you know the software in the image isn't tampered? You have to test the actual software).
The EVM has no media when the polling center opens. You put a read-only media in to install, and it asks you to insert system media (e.g SD card). It wipes and installs. You distribute the read-only media to public observers afterwards, who make copies and validate that it matches the published image.
So maybe the pens used in the elections are actually of a particular chemistry erasable by some manner, and colluding elections officials tamper with the ballots, and you'll never know. That seams about as likely as the software somehow magically gaining the ability to misrecord votes when it's been validated.
Johnny O won county executive by 9 votes. Recounting the same ballots, he won by 27. Human counters, natural error. Do you think a few election judges could manage to miscount 15 or so votes in the district and make Jim Brochin the winner? Brochin has endorsed our governor for re-election; I'm sure we could find some... favorable volunteers.
Now imagine what happens when you're counting ranked ballots--which are complex. How much sleight-of-hand do you think a human counter can pull off "misreading" the votes?
Paper ballots aren't essential; they're theater. At the moment, they only matter as a security blanket to make voters feel safe. People are still complaining that the elections were hacked even with paper ballots. One of the methods endorsed by Bruce Schneier--Voter Verified Paper Audit Trails--protects the voter by letting them check their ballot matches the paper ballot produced...except the machine can print additional paper ballots when there are no voters observing, and can add those votes to the database, stuffing the ballot box. Basically, we can cancel your vote by computing a nullifying ballot, and the paper trail says the votes are all legit.
Paper audit trails are also generally printed in order, which means I can sit in a polling place, note which people vote at which machines, and then identify who cast what vote during vote counting. Your votes aren't secret anymore; they're public knowledge.
You can only verify your voting system through independent software certification, logic and accuracy testing, and clear-box voting (the EVM must be something anyone in the world can dissect and examine). Even humans and paper trails are manipulable black boxes--unless you can read minds.
UN best election practices indeed have been tested well; this doesn't mean anything except that they work. Handling of the ballots makes more difference than of what the ballots are made.
Tampering with an election is quite difficult when you have even the most minimal protections in place; I'm targeting integrity, not resistance, however, which means I need a handling chain that demonstrates tampering cannot occur or is sufficiently-unlikely to occur. Many election procedures allow for paper ballot recounts by hand days later; how do you know there was no collusion to alter the ballot counts? The ballot box hasn't been under public observation and you cannot prove its contents.
You don't switch 40% of the votes around. You switch a handful around. The county executive race here was such that changing 15 votes would make the second-place runner-up the winner; changing 400 would make the third-place runner-up the winner. With 40 polling places, you only need to miscount ten votes during the recount--and you can engineer a miscount.
With EVMs, you can demonstrate the integrity of the EVM and then emit data that can later prove the same ballots published by the Board of Elections are the ballots cast on the EVM. This requires strict handling procedures; it's more resistant to the kind of sleight-of-hand you can pull off in a hand-counted election, and doesn't leave questions about what really happened overnight when you begin a recount 2 days later. The public at large can also count and compute the election independently.
We have satellites which stay up there for decades at a time and a tiny research center that's ungodly-expensive to run as a joint international process.
A space force isn't just a program; it's soldiers, ships, and tactical base encampments. We need space vessels, space combat training, space bases, the lot. They're discussing space warfighters and tactical operations in space, not just consolidating DOD spy satellite programs under one branch.
In this case the ballot sheet is an electronic concept. I don't envision starting with or scanning in paper ballots; and keeping paper ballots doesn't offer additional integrity.
Slashdot Mirror
The building itself might be worth only $200 million as real estate (it's a big building, dude); as an operations headquarters, it's worth much more to Apple but not to anyone else. Its property valuation is pointedly not its strategic valuation.
It's more like have a bunch of people bid on it and see where they stop. It'll probably be less than Apple is willing to take or else Apple would sell the building and move somewhere else.
Yeah I tend to be a bit blunt. Smart people are often more-vulnerable to confidence tricks because they think they can finesse their way around the plot and get reeled in; of course, you can always learn to deal with those little details with all the finesse of a brick instead of trying to show off how very smart you are.
This is a dispute between two parties who each have a conflict of interest; get the brick.
You're obviously not a lawyer.
Also: I'm working on elections security as a side hobby these days. Do you know why I've designed an integrity model that opens up any and all tampering to discovery by literally anyone in the world, at any time, even long after the election has ended?
Tax assessors are local government officials. The local government makes revenue from taxes. This is an obvious conflict of interest. Do you trust the government, or do you demand transparency?
To be fair, I don't trust either side. Show me the valuation. Why is it worth $1Bn, or $200?
You can have deflation problems with fiat currencies too, of course, as Japan well knows.
Yes, and you create loose monetary policy and take other action to drive up wages and create inflation as a response.
Sure, except for one key thing: if there actually were savings accounts and mortgages in BTC, there would be inflation as the money supply grew directly with the value of said mortgages. It's a self-solving problem. Doesn't matter how many BTC there are in the blockchain, any more than it matters how many $20 bills there are.
I'm thinking about all money being BTC. I'm thinking your savings account is BTC and your mortgage is BTC. That IS the problem I described.
Let's try this again. I'm going to show you that you're wrong about the "self-solving problem" and that it matters how many BTC there are, so don't come back and say "oh that only happens if your mortgage is dollars and savings account is BTC" again.
There are, for example, twenty million bitcoins in the world. At this point, it takes an enormous amount of time to generate an additional bitcoin, so the number of bitcoins expands slowly. Technical progress is faster: the capacity to produce more goods in the same time increases, and so the labor force expands.
This means that at some time in the future, there may be 1% more BTC in the world and 10% more income earners. In this example, then, there is enough BTC for each worker to earn 100 BTC per year today, and then in the future there is enough BTC for each worker to earn 91.8 BTC.
Do you see it?
Your mortgage was 30BTC/year, 30% of your income. Ten years into your 30-year mortgage, your mortgage is still 30BTC/year; however, only enough BTC exist to pay everyone 91.8BTC/year. That means, on average, your mortgage is now 33% of your income.
That's if wages are BTC, mortgages are BTC, savings accounts are BTC, and the world has never even considered another alternate currency because it was created as a seed colony on a planet where we didn't tell anybody about fiat or gold standard, and so they believe BTC was given to them by God at the Creation.
If the only money in existence is BTC, a mortgage payment becomes a larger percentage of the average income every year. It's either increasing relative to the payer's income or the payer's income is increasing while somebody else is getting poorer.
There was not a deflation problem in 2008, there was a problem with bad loans, and "creative" finance instruments backed by bad loans.
A credit crunch. The money supply effectively sank. Inflation has been kind of stagnant since.
Why aren't those for cryptographically secure electronic voting? Last I looked the competent cryptographers were going rounds and rounds of shooting down each others ideas for strong crypto, secret secure ballot systems that worked.
Well of course. You don't use cryptography to secure elections; it's about non-repudiation.
You can't observe everything, neither can you code all the machines
Wanna bet?
You post the EVM image online months ahead of the election. Any corrections are posted as well, with difference summary. This allows anyone and everyone to examine the image, do logic and analysis testing, and so forth. The general public can acquire hardware and build a mock election (this costs about $500 based around my prototyping, but something like $20,000 with current systems).
So here's the first point: the software to be used on the machines is now known. It's known forever. It can be tested by random people on Twitter 20 years from now. You can't hide it.
You do the same weeks before the election with the candidate data.
You put the code on an SD card. This card has an eFuse on the WR line leading into the write array. Flip a write protect switch and apply power and it is physically-impossible to write to the array ever again. It's read-only now.
You demonstrate this. Your election judge puts the SD cards into a Lexan case with multiple lock-outs, and locks it. Cables lead out of this case with an SD connector: you can plug this into an SD slot. Judge plugs it into the EVM, demonstrates imaging, demonstrates loading of the software. This copies the SD card to the voting machine's memory; for the Ballot Box (later), the judge inserts an SD card (when prompted) which the machine erases, images, and configures to store votes.
Then: the election judge locks the transparent software box to a desk and calls for a volunteer, preferably a member of the press.
Anyone, at any time, can come up to this box, verify the non-writability of the SD card, and copy the data to their system. They can upload it. They can hash it. They can do whatever. We know THIS is the software on the EVMs; we know THIS is the candidate data. Does it match the published image?
That's also non-repudiated.
At this point, you have programmed every voting machine with known software, and this can be proven forever. They don't go into a warehouse 30 days later and have their tampered image replaced with a "Certified" one. The image is online; the image that was actually used is also online; and everyone who wants it has a copy. We the people inspected these things during polling.
No cryptography so far.
The EVMs stick your votes onto a Smart Card, which you carry to a Ballot Box--an EVM that reads the Smart Card, displays the votes to be cast, then wipes the card and records the votes and your voter ID.
At poll close, the Ballot Box displays statistics. For plurality ballots, the total number of ballots cast and the count of votes represents exactly one unique set of ballots. For ranked ballots, a ranked ballot is mathematically-equivalent to an exact set of pairwise plurality ballots: you generate statistics for pairwise races. The public observers record these.
Each polling place's ballots, reported online, must calculate to the same numbers. If they don't, the ballots have been tampered. That's not cryptographic, but it is mathematical.
The ballot sets are non-repudiated.
That means you have non-repudiation of the actual logic the machines use to record and tally votes and non-repudiation of the ballots as recorded and tallied by the machine. You can never hide this information away. You can never alter it. You can never remove the capability for the public to mess with these votes.
No cryptography involved.
Have you ever shipped commercial code or hardware? I'm guess
Deflation, due to having not physically enough money to go around to compensate all the labor.
Bitcoin was designed to produce fewer bitcoins over time due to exponentially-increasing work required to mine each coin, like a gold mine. It eventually falls behind the inflation curve, which is why bitcoins are mostly traded in fractions now instead of in whole parts.
If your mortgage was in BTC, you'd owe 10 BTC but this year there are 1BTC per person, next year there are 0.95BTC per person, the year after 0.9BTC, and so forth. Productivity is increasing, purchasing power in total is increasing, but the amount of BTC is not increasing as fast. The capacity for population is increasing because the demand for labor is increasing as people can buy more, and salaries are decreasing because cost-of-living is going down in terms of number of BTC.
Your mortgage payment isn't going down, so you owe 1/3 of 1BTC per year, and ten years in you make 0.7 BTC per year instead of 0.1BTC.
Alternately, everybody could rent. Everybody could save and buy a house in cash, too, which means the number of BTC moving around would shrink dramatically--you'd have fewer BTC available to spend--and you'd suffer severe deflation. This happened in 2008 with money in what is called a "credit crunch"; the effect would be the same, except it would happen constantly, until your civilization became a smoking crater and a few adventurous refugees from poverty-stricken developing nations showed up on a boat with rocks and pointy sticks and took over your lands, then created a real central bank with fiat currency and raised a great nation over the remnants of your corpses.
I'm leaning toward simply being wrong and away from being outright-evil, aside from a few specific cases of pathological psychopaths who probably also believe themselves to be the great visionaries who are doing what is necessary.
Economics sounds like bullshit when it's correct. Microeconomics shows you can escape poverty by going out, working hard, and starting a business. Macroeconomics shows jobs come from consumer demand, and opening a business in a poverty area either won't work or will take jobs away from other people in that area and cause no net-gain of jobs. Macroeconomics also shows bringing jobs back to America by closing off trade results in huge losses of American jobs as you open a factory for 50,000 workers making a good at a higher price than the 150,000,000 American workers were paying, ultimately losing shipping and retail jobs, resulting in poorer Americans overall and 90,000 jobs lost, a net 40,000 loss in American jobs.
When you work out the economics, you find that social welfare programs make the economy overall more-productive, stabilizing the consumer base and increasing revenue streams. Those higher taxes on the rich end up making the rich richer, and giving money to poor and unemployed people causes them to get jobs. If you don't work out the whole economic machine, it all looks obviously wrong.
I assume that conservatives are in general just wrong about things, not pretending they believe in bullshit economics about tax cuts and eliminating welfare.
Unlike gold, BTC is easily divisible into smaller pieces still useful as currency.
That is the problem.
Oh, we divided the currency, so your $10,000/year is now $8,000/year.
By the by, if the bank had kept that $25,000 you borrowed instead of loaning it to you, it would be worth more today. Oh, the interest rate is low, sure; but here's the thing: we're not going to discount you and end with less money. It's still $275/month.
What? You're not happy your mortgage moved from 33% of your monthly income to 41%? It's harder to make payments every year? Your wage keeps going down but your debts are still there? Boo hoo. Find a way to pay it or we take your house, dork.
The problem is the conservatives are operating on bad science and bad economics, creating huge risks for themselves and others, reducing the profit prospects for the rich, and so forth. The current crop of liberal progressives needs to take some time to think and architect things; they've got the right ideals, but no concept on how to approach them.
No, that's a commodity-based currency or such.
The United States had $18 trillion of gross national income in 2016. Do you know how that happens? A bunch of people do work (not necessarily useful work: traders may put in the effort of decision-making to move your money to their pockets, which is work, but produces nothing except the outcome of your money going into their pockets) and they derive income (are paid) for that work.
That's all the corporate profits, all the wages, all the capital gains. Every time someone performed some labor and derived some form of income thereof, that income was accounted in the GNI. (There are some complex considerations there, such as how revenue meets laborers through organizations and supply chains and so corporate profit after expenses are income, wages are income, but corporate revenue that passes on to another hand is not income. Savings covering losses shifts income over time, too, so you kind of spread some of this across time; and losses by producing things not useful or saleable are a cost of producing, and are still represented in the whole of "we paid this much for all the stuff we consumed".)
That's what the US Dollar is: $18 trillion in 2016 of US dollars is just a funny number. It could be $2 trillion, or $5,000 trillion. That income would have been earned, in any case, by purchasing these same goods and services--by the same labor, its results, and the cost borne by the activity of the economy to purchase it.
There might be additional US dollars sitting around somewhere unspent. Those are effectively "unprinted"--they're removed from the economy--and the people who own them essentially have the power to "print" new money at a later date. The Fed issues $1 and $12 show up because of fractional reserve; the idle cash in bank accounts is still part of the monetary basis, and spending it doesn't allow the banks to issue additional, so the spending of what was $1 of idle cash is only introducing $1 and not $12 of newly-available money supply. Same concept, though.
A fiat currency can't be anything else. What is spent is what is bought. Oil, on the other hand, is a basic material resource (a fuel or a plastic stock), and so carries its own marginal utility.
Don't tell him that. How is anyone going to make any money if there aren't fools from which to part it?
Currencies need to have some form of stability. When population expands, you need more currency. When productivity increases, you need more currency (imagine your dollar income falling as prices fall, but your bank loan doesn't get any smaller, and your house becomes worth less, so now you're underwater and your mortgage payment is a larger percentage of your income).
This is why we have things like fiat currencies, which always represent the amount of goods and services produced and sold (income). Currency doesn't become scarce (like bitcoin or gold) or suddenly flood (like gold); it's managed to stabilize inflation as market changes create demands on currency supply.
The military is a jobs program among its other purposes.
If they want to create jobs, they can build a military twice as large for the same cost. They could also spend the money on schools, public transportation, roads, environmental cleanup, research, the like.
Winston Churchill once demolished a Conservative defense budget, tearing it down to 1/10 its original size. He described his own budget, trimming the number of warships and other such provisions to a fraction of that for which the Conservatives had called.
Churchill's defense budget and his program funded thereby was sufficient to lose two-thirds of its ships and still destroy all of the European naval power, and then land troops and demolish their militaries. He called for a military which could demolish Europe three times over.
The United States wastes a lot of money in performing its functions, producing $2 of results for $5 of spending. Our military could provide greater defense with better technology at lower costs were the entirety of its programs not run by disorganized incompetents. The people doing the work are not specialized in managing the overall picture and, besides, are quite busy enough; and the people running the overall picture are bureaucrats who care little for fiscals, as it is Congress's problem to obtain the money.
By the by, do you know why we moved to mechanical voting machines in the first place?
We can make election machines verifiable; it requires some strict integrity protocols. You have no integrity if you don't have public observers and known-good ballot boxes.
Today, we have black-box EVMs and poor public understanding of elections security, which has lead to people rushing back to paper ballots without even fully protecting paper ballot integrity. If you had proper handling procedures, you would start with known-good software images for EVMs (yes, that means those images are public, published ahead of time, and verified by public observers at poll open), and provable ballot sets coming off the EVMs.
The public at large could look at the elections Web site and validate each set of ballots to ensure that they match with a real ballot set from each polling center. None dropped, none added. You'd still have the questionable paper mail-in ballots; however, practical integrity concerns are marginal, and the amount of tampering in mail-in paper ballots is acceptable compared to the impact of disenfranchising absentee voters.
For certain types of absentee voting--such as deployed military voting, voting on-site at assisted living centers, and prison voting--we can carry out absentee elections, with video recording and all present personnel as public observers, obtaining the same integrity guarantees despite not being able to bring people to domestic polling centers. Essentially, we can make mobile polling centers; we just need too many people around to conduct any funny business.
Even if you can make an electronic system secure. You can't demonstrate that to 99% of the population. Hence it won't happen.
You _can_ secure physical ballot boxes in ways that everybody can understand.
It's doable, but only because it's a different problem than you're examining here.
Securing physical ballot boxes requires complex handling considerations that the general public can't understand without a little study. You should know that: you've argued we don't follow the right handling considerations, which indicates the public doesn't understand the need.
In a similar sense, securing ballot boxes requires demonstrating to the public that they can trust they are secure, not that they are secure. There are only a handful of public observers at each polling place: each member of the public cannot be at all polling places to observe all ballots 100% of the time. That means they trust that other people have observed the process, and they believe the protection measures are sufficient.
People believe physical ballots are tamper-proof, for example, when they're clearly not. Although most people will accept the risk of tampering (stuffing, editing, coercion, and deletion) in mail-in ballots when you explain why we have absentee ballots, they often think the process is secure.
As a politician, I've been sent surveys with questions that opened up explaining that the US Postal Service is well-known as the most-secure thing in existence, thus all voters should be allowed to vote by mail in every election if they so wish--a pitch that says "vote by mail is tamper-proof, so we should increase voter turn-out by letting everybody vote from home!" Internet-based voting is slightly more-secure (you can make it impossible to prove you have voted, so coercion and vote-buying go away), but does not resolve the integrity issue (you can't prove the total vote counts at all, or that anyone in particular has or has not voted, to the general public); nobody is buying into Internet-based voting.
So what do we do about securing EVMs in a way the public can understand?
Well, first of all, we need to educate the public on election integrity--just like with paper ballot boxes. Currently, as you've observed, we haven't educated them on certain integrity deficits our elections carry, and they believe the elections are secure. The same is true of EVMs: we need to explain the integrity model.
We also need to educate the public on how to exercise the integrity model--every election. We don't go out and remind everyone to engage in this part of the election process now, and you'll notice polling places usually contain two election staff, an election judge, and whoever is voting. The press shows up during vote counting for big races and recounts, but stays out of it for things about which nobody much cares. People are out there in polling places counting votes with basically two pre-selected volunteers and two party observers who may all be colluding: a small set of possibly-compromised people are opening paper ballot boxes and handling ballots. Even my EVM procedures can't protect against that (the best I can do is install a live streaming camera to watch and record certain critical things).
For EVMs themselves, the software and hardware must be accessible. I'm designing EVM software to run on a Raspberry Pi. Seriously. The EVM itself might be a modified Pi with 8 displays, or a Pi Zero, or a Pi 3 B+ ordered in a batch without the Wifi/Bluetooth chip soldered on (it's not part of the SOC); it will run the same SOC, same bootloader fused into the SOC. The whole EVM will cost around $120; if you want to configure it with EVM and "Ballot Box" using a smart card, you're looking at $300 of off-the-shelf hardware--or you can order the core systems (about $25 each), bring your own displays (7-inch touch screen, or KVM if you want), and use a 50 cent smart card and a $10 smart card reader to set up a test rig.
We count votes immediately in the public. We also recount votes for 30 days thereafter. There's error in normal human counts, and colluding volunteer vote counters can manipulate the apparent human error (which can swing close races readily; nobody's fooled when you muck about with a wide victory margin).
With the ballot boxes taken out of public view, how do you know parties aren't trading a delegate for a senator, or manipulating the primaries? In my locale, the Democrats don't like the more-progressive candidates--and one of those beat another candidate by 9 or 27 votes in the recent primary (depending on whether you believe the original count or the recount). The candidate he beat has endorsed the Republican governor and was more-favored by the Democratic Central Committee.
So you tell me: with a 9-vote margin of victory, what would you think of a recount finding that the second-place winner is actually the first-place winner? You only have to flip 5 votes (-1 +1, that's a span of two), and you can do that by "accidentally" misreading a ballot after a string of the same vote (25 votes for candidate A, the next vote for candidate B but you announce for A and everybody is just nodding along at this point, then the next for candidate B and you announce that correctly). The Republicans like the candidate the Democratic party would have preferred. They're in agreement. Would the Republicans scrutinize this too hard?
securing the voting boxes with seals (during the vote and after) and clear voting boxes (to prevent the box starting the day half full).
An EVM image published ahead of time can be inspected by third-parties and tested to ensure proper logical behavior. It can be reverse-engineered. It can be taken apart and put back together again.
That image, installed at poll open from read-only media which is then distributed so public observers can make copies and validate that it is untampered, represents a ballot box which starts empty, which has seals on it, which is untampered. You don't plug these things into a network.
Each vote cast increments a visible public counter, so you know how many people voted (clear ballot box: you can't screw with it by stuffing votes mid-day). Just like ballots, you may get different ballot counts per race: there are 20 races on the same paper ballot, and many people don't vote at all in down-ballot races, or may skip a congressional race, or whatever else they fancy. You have 100 voters voting but 93, 97, 82, and 14 ballots cast in various races. You get a lot of "no votes cast" when counting.
At poll closed, you collect the votes on the EVMs, displaying tallying statistics. You have ballot sets--identifiable to the local polling place--which will only generate the exact same tallies if they are the same sets. You know X ballots were cast and the particular results of a tally of X ballots; no modification with X ballots will produce the same results.
The public observers watch this happen. They now have something you don't get with paper ballots: non-human-intervention in a known-good ballot tally process, and the power to audit the published ballots to validate them as being the ballots cast.
You don't have a State recount for this. Every security firm and local news agency does their own recount. Richard Stallman publishes a recount 15 minutes after the election is over. Someone on Twitch is live-streaming the ballots and photos on Twitter of the election counts, and computing the election results in real-time.
You might notice I work out ways to attack things, and ways to prevent those attacks. It's not like our elections aren't highly-resistant to ballot box attacks (they're exceedingly-vulnerable to all other attacks); the weaknesses are minor, but do exist. The same goes for the integrity procedures I keep describing: I'm not looking for ways to attack and alter the votes, but for the possibility that you could do such a thing. I'
That way you don't need to worry about making in hackable voting machines, which is hard.
Voting machines don't have radio and aren't attached to a network.
Voting machines don't allow authentication without a hardware token.
Your attack surface is a sliver. In a technical sense, it's feasible to make that unhackable; in this case, "feasible" is an interesting word because this requires a lot of discrete mathematics and graphing of program logic, and it's "feasible" if the program logic over which you cannot prove the scope of inputs is sufficiently small that you can perform that exercise.
Achieving that guarantee is not in scope. There's a simpler method: you demonstrate the logically-valid inputs and how the inputs are validated, showing that no manipulation is possible by program logic rather than by rendered mathematical model of machine instructions. That's also rarely done, but significantly easier and is considered a critical coding practice nobody follows.
To put this simply: you have a touch screen with some buttons which list candidates. You can mark a candidate or put the candidates in order. The write-in field is limited to alphanumeric characters. Hacking this interface requires triggering undesired behavior via checking boxes, dragging candidates into an ordering, or entering an alphanumeric string into a text box. You'd have to jump through some hoops to make code that allows that (assuming you length-limit the write-in box and filter out any non-alphanumeric characters).
Authentication of the election judge via a FIDO U2F credential blocks access to other functions, notably collecting ballot counts. Functions which can manipulate votes are simply not in the program code (separate assemblies, removed from the machine). You of course need to prevent attack on the U2F protocol code by people who jam random USB devices into the machine; and you can have the machine alert (loudly) when somebody inserts a USB device prior to doing anything with it, so you can't covertly attack the machine (you're going to get arrested). The USB ports can also be behind a locked panel (can't physically reach them).
So those additional routes of attack are only available when under public observation.
A paper ballot box is an unhackable voting machine--allegedly.
As for your link:
A linkage between ballot and ballot image should exist, in the form of a serial number. Not a fancy QR code which can contain hidden identifiers leading back to the voter ID of who cast the ballot. Just a simple unique number, like 10548626. This number appears on both ballot and ballot image. If you want to check whether ballot images are real, you simply examine the actual ballots using your Freedom of Information rights, comparing to make sure the image matches the original.
Print another ballot with a duplicate serial number. Who do you think the attackers are here? Where do you think the paper ballots reside? How do you know the paper ballots weren't untampered? The recount period is 30 days; they have a month to produce false ballots and re-image them. For that matter, why can't you use extra ballots? Linear serial numbers will trace back to ballot casting order and machine, allowing identification of unique individual voters and linking of identity to ballot.
By contrast, a non-tampered EVM can produce information which absolutely proves a set of ballots is the same set cast on that EVM--before the ballots are exposed to any opportunity for manipulation. The ballot sets must be published, and the public can independently verify the entire election. This data is a mathematical fact, not a paper ballot and an image that should match up to the ballot. You can't prepare false images and false ballots ahead of time and distribute them on request--more sleight-of-hand ballot stuffing using paper ballot audit trails as avenues of attack that themselves provide credibility
Keeping the paper ballots is essential. There's no other way to verify that the correct vote was cast.
The EVM image is public. It's put online by the Board of Elections months ahead of the election. Any defects are logged and updates have a change description, all published.
The EVM hardware is public, and easily-accessible by everyone. The ones I'm designing will cost around $150 for the prototype and $120 in mass production.
The EVM software source code is open, although that matters less than you'd think (how do you know the software in the image isn't tampered? You have to test the actual software).
The EVM has no media when the polling center opens. You put a read-only media in to install, and it asks you to insert system media (e.g SD card). It wipes and installs. You distribute the read-only media to public observers afterwards, who make copies and validate that it matches the published image.
So maybe the pens used in the elections are actually of a particular chemistry erasable by some manner, and colluding elections officials tamper with the ballots, and you'll never know. That seams about as likely as the software somehow magically gaining the ability to misrecord votes when it's been validated.
Johnny O won county executive by 9 votes. Recounting the same ballots, he won by 27. Human counters, natural error. Do you think a few election judges could manage to miscount 15 or so votes in the district and make Jim Brochin the winner? Brochin has endorsed our governor for re-election; I'm sure we could find some... favorable volunteers.
Now imagine what happens when you're counting ranked ballots--which are complex. How much sleight-of-hand do you think a human counter can pull off "misreading" the votes?
Paper ballots aren't essential; they're theater. At the moment, they only matter as a security blanket to make voters feel safe. People are still complaining that the elections were hacked even with paper ballots. One of the methods endorsed by Bruce Schneier--Voter Verified Paper Audit Trails--protects the voter by letting them check their ballot matches the paper ballot produced...except the machine can print additional paper ballots when there are no voters observing, and can add those votes to the database, stuffing the ballot box. Basically, we can cancel your vote by computing a nullifying ballot, and the paper trail says the votes are all legit.
Paper audit trails are also generally printed in order, which means I can sit in a polling place, note which people vote at which machines, and then identify who cast what vote during vote counting. Your votes aren't secret anymore; they're public knowledge.
You can only verify your voting system through independent software certification, logic and accuracy testing, and clear-box voting (the EVM must be something anyone in the world can dissect and examine). Even humans and paper trails are manipulable black boxes--unless you can read minds.
UN best election practices indeed have been tested well; this doesn't mean anything except that they work. Handling of the ballots makes more difference than of what the ballots are made.
Tampering with an election is quite difficult when you have even the most minimal protections in place; I'm targeting integrity, not resistance, however, which means I need a handling chain that demonstrates tampering cannot occur or is sufficiently-unlikely to occur. Many election procedures allow for paper ballot recounts by hand days later; how do you know there was no collusion to alter the ballot counts? The ballot box hasn't been under public observation and you cannot prove its contents.
You don't switch 40% of the votes around. You switch a handful around. The county executive race here was such that changing 15 votes would make the second-place runner-up the winner; changing 400 would make the third-place runner-up the winner. With 40 polling places, you only need to miscount ten votes during the recount--and you can engineer a miscount.
With EVMs, you can demonstrate the integrity of the EVM and then emit data that can later prove the same ballots published by the Board of Elections are the ballots cast on the EVM. This requires strict handling procedures; it's more resistant to the kind of sleight-of-hand you can pull off in a hand-counted election, and doesn't leave questions about what really happened overnight when you begin a recount 2 days later. The public at large can also count and compute the election independently.
We have satellites which stay up there for decades at a time and a tiny research center that's ungodly-expensive to run as a joint international process.
A space force isn't just a program; it's soldiers, ships, and tactical base encampments. We need space vessels, space combat training, space bases, the lot. They're discussing space warfighters and tactical operations in space, not just consolidating DOD spy satellite programs under one branch.
The headline reads "vision" instead of "fantasy".
In this case the ballot sheet is an electronic concept. I don't envision starting with or scanning in paper ballots; and keeping paper ballots doesn't offer additional integrity.