Governments have realized that they can collect vast amounts of data about their citizens using smartphone apps that passively monitor the citizens as they go about their daily business. A prototype for opponents is planned to be tested out soon on Long Island. The Tia trial will look at behavior patterns (tracking movement, sleep, and conversations) and correlate them with data gathered from past opponents; researchers hope the data will reveal the "signature" of a citizen who is about fall off the one true path and therefore needs help.
Comcast will have to keep this data despite the fact that it not only won't make them money, but will cost them money since they will have to have people to search it for the legal requests.
There's a ton of things that cost Comcast money. They're all called the cost of doing business. Also note that Comcast already has to do this logging for any of their customer who does not have a fixed IP address and I have not heard that they're not doing that part of their job.
Plus, I can generate thousands of connections per second and Comcast will have to log them all.
You do that. Of course since Comcast does not have to log failed connection attempts you'll have to use your own credentials. This will most likely break some Comcast's terms of service and ensure you get their attention. They can then simply suspend your account, probably including your cable Internet access, and even sue you if you really irked them. Sounds like a great plan you have there!
There's probably a separate entry for every single element of every single page you visit.
Of course not. All comcast needs to log are the authentication events of which there are under one per day per customer on average. Once logged in that IP is yours to use until it is handed to someone else in another authentication event (obviously there's no explicit disconnection).
Unless each login is given a unique public IP (unlikely), they will be behind some form of NAT.
Yes, it's called Carrier Grade NAT and is what Free has been doing in France for years for its community WiFi.
To reliably point to a specific user, it would require a ridiculous amount of logging. I doubt that Comcast will do that.
If you consider an IP address, a port number, a timestamp and an account number to be insanely detailed then I can't wait to see what you're going to say when you discover all the information Facebook, Google and others keep about you!
Even better, as now all the WiFi users appear to come from a single IP as far as the MPAA/RIAA is concerned,
Which totally protects the home owner where the cable box actually is.
which means the only way they can get more info is if Comcast keeps insanely detailed records about every one of these connections.
If you consider an IP address, a port number, a timestamp and an account number to be insanely detailed then I can't wait to see what you're going to say when you discover all the information Facebook, Google and others keep about you!
You're right its totally reasonable to charge individuals for the right to access a network with specified bandwidth limitations and then set the router up to broadcast that connection to any fool walking down the street or other person in your apartment complex that now gets the benefit of your internet connection without paying anything for it.
This is not an open WiFi hotspot. Only other paying Comcast customers can use it. What you get in exchange is that you too can use any other Comcast WiFi connection. Free actually makes it a tip-for-tat thing: if you allow your FreeBox to act as a hotspot you can connect to the FreeWiFi hotspot of other customers. If you disable your hotspot you cannot use the other customers hotspots.
The my personal bandwidth and signal quality to the the network would have be totally distinct from the public portion of the router.
Easy to do by giving a lower priority to the HotSpot traffic. I know Free is doing it, I don't know if Comcast does.
If my signal quality, bandwidth, etc is totally unchanged and all this thing is doing is stealing some of my electricity... then I'm okay with that.
The change in electricity consumption is going to be so low I don't think you'd even be able to mesure it.
Unless Comcast assigns a unique IP address to each wireless user (which I suspect they won't on IPV4) sorting out which, of possibly many, wireless users connected at the time of the download may require more tracking -- which I suspect Comcast will do.
Comcast most likely uses Carrier Grade NAT for the hotspot clients, just like Free has been doing in France for years for its community WiFi. That means hotspot users get a totally different IP address than the router 'owner' and that the NAT already tracks which customer is using a given IPv4 at any given time.
This is about making some congressman or senator happy.
So funny. ISPs abroad (Netherlands, France) have been doing this for years. But yes, Comcast couldn't possibly have recognised that as a truly good idea and decided to implement it. It has to be some conspiracy instead, no matter how nonsensical.
If that is the case does that mean I just have to change my mac address and connect to the public wifi rather than my normal ssid, and I can torrent everything I want and not worry about getting hit by a copyright infringement law suite.
To use the Comcast hotspot you have to provide your Comcast credentials on the gateway web page. So no, that won't work.
I'm assuming that Comcast doesn't have 50,000 spare routable IP addresses, but that's not a bad assumption.
Yes, it's a ridiculous assumption. It's essentially the same as saying Comcast will never be able to gain 50000 new customers because they don't have enough routable IP addresses. Besides it further assumes that they are not using Carrier Grade NAT which is exactly how Free, a French ISP that has been doing the same thing for years, is handling this.
The Free French ISP has provided a similar service for years and while it's true that range can make things tricky, it still works well enough to be quite handy. It works particularly well if you visit someone who's with this ISP: no need to ask for the key to their private network. Same if it's an appartment building and one of the neighbors is a Free customer. And with over 4 million hotspots, in dense locations you can quite easily find one that's in range.
How long before someone releases a tool that would have a Linux-running computer or device with a WiFi card masquerading as an official Comcast WiFi hotspot an collecting the usernames & passwords of the users trying to connect ?
That was possible before and it's still possible now. And not just with Comcast but also with Boingo, AT&T Portal, etc. Only solution: ban all WiFi hotspots!
It's a broadcast device. EVERYONE around you is effected. This will just add to the electronic clutter of your neighborhood. If it doesn't annoy you directly, it might annoy the guy next door and interfere with his network.
99.9% of the users would have had the WiFi on anyway so it does not make any difference.
There's really not many people obsering the ballot box while it's being moved around. So you'd need only a few bad apples to have no witness. I'm not even convinced there's bipartisan control during that step. That makes it totally different from counting and announcing the polling station results immediately in public. After that if you tamper with the tallying everyone can call you on it. So even if you manage to win at least everyone knows you cheated.
Recounts can be done automatically for close elections, which means that the paper is authoritative.
A system is no more secure than its weakest link. Here we have two links where there used to be only one. So tamper with the paper ballots, force a recount and you win. Yeah this will cause a discrepancy with the electronic records but you said it yourself, the paper is authoritative so it does not matter.
In the 2008 Minnesota Senate election, one precinct's ballots were lost, and the authorities decided to go with the machine count for that precinct.
Yay! So you're saying attacking the other link works too: hack the machine count, lose the paper ballots.
It's hard to modify the contents of a sealed ballot box that has a chain of custody and bipartisan observers; most such fraud involves "losing" ballots, which is more difficult with the machine counts.
I guess that one difference of opinion we have is that I regard anything less than direct citizen oversight as useless. That includes 'chains of custody'. Even with supposedly bipartisan control. By the way bipartisan control makes it too easy for the two parties to make secret deals. I certainly hope there are in fact observers from at least three or four parties (and that car moving the ballot box around is going to get crowded).
Tampering with sealed boxes in a few precincts is going to cause serious discrepancies, which will trigger further investigation.
I also have very little faith in 'investigations'. We should all remember that the ones with the most to lose in an election are the incumbents who are also in the best position to steer the investigation away from embarassing finds. Furthermore we live in a world where investigations conclude that a satisfactory explanation for 4096 overvotes is "the spontaneous creation of a bit at the position 13 in the memory of the computer" and don't cause the election to be canceled.
Or you can have paper ballots that are machine-tabulated with random on-the-scene counts to be on the safe side.
That could work if:
* the manual count is really on the scene, that is in the polling station, no moving of the ballot boxes involved;
* truly random, and making sure something is random is pretty hard;
* unexpected, that is the decision to do a manual count in at a given polling station should not be decided in the morning otherwise it's easy for an attacker to only tamper with the ballots in the other polling stations;
* and concerns a large enough sample to actually detect fraud, and if I remember correctly there was a study that found it's necessary to recount more ballots than one would expect, obviously particularly so in close races.
I'm unconvinced that all these (necessary but maybe not sufficient) conditions are actually met. Frankly it seems much simpler to just discard the machines, count everything by hand and be done with it.
No you have a system where the vote must be hacked both electronically and on the paper side, if you only hack one method then the results wouldnt match and the election could be declared void and thoroughly investigated.
How many years are you willing to wait for the investigation to publish its conclusions before you hold the new elections? If you're not willing to wait then all an attacker has to do is make it look like his main opponent cheated to discredit him. As long as the new election happens before the investigators figure out what happened (if ever), the attacker wins.
And that's even assuming that the powers that be actually wants a 'thorough investigation' more than for the whole episode to be forgotten as quickly as possible (further assuming they're not the ones rigging the election).
Yeap, because closed source software and hardware cannot be "upgraded" by NSA, right?
You missed the important part:
A voter will never be allowed to verify that the software actually running on the voting computer is your 'demonstrably provable software' software. (or in your case the audited open-source software)
Successfully cast ballots drop from the scanner into a sealed container, so all counted ballots are securely stored for recounts and audits. Every step of the process is observed and signed off by multiple poll workers, with seals, etc.. And the USB sticks, ballots, etc., have a chain of custody.
Observers can stare at a computer writing data to a USB key all they want. That won't tell them anything about what was written to it. In effect, whenever computers are involved there are no observers. So all you have is a custody chain where none of the participants can verify the integrity of the data they signed off on.
And, of course, a random sample of ballot boxes should be audited to confirm that they match the digital records.
Bam! 'Should' is useless. Only 'is systematically audited' is of any use. And even so, only if there is no chance of data being tampered which means the recount must happen right away at the polling station. But that will never happen because in everyone's mind the result is already known so there is no reason to waste time and money redoing it. Furthermore when recounts actually happen it's only days after the election which leaves tons of opportunity for fraud, custody chain or not.
If you 'hacked' the digital record, you go back to the sealed paper ballots and re-scan them, and achieve nothing.
As an attacker, if you know there are never any recounts then you attack the digital record, nobody notices and you win. If there are recounts or you are unable to hack the digital record, then you attack the paper ballots and find a pretext to force a recount. If the paper ballots are taken to be the autoritative record then you win. If discrepancies cause the election to be done all over again, which is unlikely for national elections, you hack the result so it's in favor of your main opponent. With your opponent now being discredited you win again. In effect this system lets the attacker choose which side to attack.
If you 'hacked' the paper ballots, you committed election fraud (a felony)
The fact it's a felony never stopped anyone before.
The day may come in our lifetime when computers can write better novels than Stephen King, but until then our intellectual capacity is king. Computers beating us at chess and in Jeopardy are one thing. A computer writing Romeo and Juliet, or composing Beethoven's Ninth is not around the corner.
The real question is: is driving more like composing a symphony or like playing chess? Twenty years ago I would have bet on the former and it felt that driving actually required sentience in order to be able to handle all the shape recognition issues and more. But I think that Google's autonomous cars have proven that to be largely wrong. I'm saying largely because they're still experimental and may yet hit technical roadblocks.
If creativity and sentience are irrelevant, then our superior 'intellectual capacity' essentially brings us no advantage. So then I'd rather have 'grand master' computers at the wheel.
At the end of the day, I don't want a computer driving my car, because I enjoy driving my car. I like to keep it in third gear and hear the engine roar for a bit when I'm driving on the highway before I put in fourth. I just don't think I would get the same pleasure if a computer was driving my car.
The pleasure some people derive from driving their car is precisely the reason why they should be barred from doing so. I'm not saying that for you, staying in third gear to revv the engine is harmless enough. But some people seem to only derive enjoyment from racing around, whether on highways or in cities, or doing wheelies (on motorbikes though, which is a bit off-topic here), or other dangerous stunts. Taking them out of the driver seat would be much better for everyone (even themselves, their passengers, their spouse, their kids, etc).
In the elections I vote in, we have a paper ballot. We then put that ballot through a machine, which either accepts it or rejects it as invalid.
We have the advantages of a paper trail, and the advantages of extremely quick counting.
As long as there is no systematic immediate manual recount in the polling place you have none of the advantages of paper. All you have is a system that can be hacked electronically, and hacked on the paper side while the ballots are being moved around or in storage waiting for a possible recount. Attackers get their choice of method so in the end this is twice as insecure.
This is the kind of project you could do in a weekend on a Raspberry Pi. Off-the-shelf , disposable hardware; demonstrably provable software.
A voter will never be allowed to verify that the software actually running on the voting computer is your 'demonstrably provable software' software. If he were allowed to do so, not only would it cause a huge backup in the line, but it would also require completely compromising the security of the system. Then that voter would also have to check that the hardware is really an unmodified Raspberry Pi board rather than one that was 'upgraded' by the NSA (or someone else).
Open-source (or provable software) and open-hardware change strictly nothing to the electronic voting opacity.
Do I have to provide links to all the election workers that find paper ballots in their trunk right after they know just how many votes they need? Cite LBJ?
Sure, one can make a paper based voting system that can be hacked. The easiest way is to require that all ballots be moved around to a central location before they are counted. That provides plenty enough of opportunities for fraud during transport. To maximize fraud-opportunities, cost and slowness you can even claim you cannot start counting the ballots until the next day so all the ballot boxes have time to arrive and so you don't have to pay the people you hired extra for night work.
Or you can pick volunteers among the voters to count the ballots as soon as the election closes, right in the polling station. With tables of four volunteers working together and checking each other's work (in addition to the usual party representatives), you get the results within 2 hours and have a really fraud-proof system. It also scales nicely with both the number of polling stations and the population, and needs only 1% to volunteer.
Slashdot Mirror
Governments have realized that they can collect vast amounts of data about their citizens using smartphone apps that passively monitor the citizens as they go about their daily business. A prototype for opponents is planned to be tested out soon on Long Island. The Tia trial will look at behavior patterns (tracking movement, sleep, and conversations) and correlate them with data gathered from past opponents; researchers hope the data will reveal the "signature" of a citizen who is about fall off the one true path and therefore needs help.
Comcast will have to keep this data despite the fact that it not only won't make them money, but will cost them money since they will have to have people to search it for the legal requests.
There's a ton of things that cost Comcast money. They're all called the cost of doing business. Also note that Comcast already has to do this logging for any of their customer who does not have a fixed IP address and I have not heard that they're not doing that part of their job.
Plus, I can generate thousands of connections per second and Comcast will have to log them all.
You do that. Of course since Comcast does not have to log failed connection attempts you'll have to use your own credentials. This will most likely break some Comcast's terms of service and ensure you get their attention. They can then simply suspend your account, probably including your cable Internet access, and even sue you if you really irked them. Sounds like a great plan you have there!
There's probably a separate entry for every single element of every single page you visit.
Of course not. All comcast needs to log are the authentication events of which there are under one per day per customer on average. Once logged in that IP is yours to use until it is handed to someone else in another authentication event (obviously there's no explicit disconnection).
Unless each login is given a unique public IP (unlikely), they will be behind some form of NAT.
Yes, it's called Carrier Grade NAT and is what Free has been doing in France for years for its community WiFi.
To reliably point to a specific user, it would require a ridiculous amount of logging. I doubt that Comcast will do that.
If you consider an IP address, a port number, a timestamp and an account number to be insanely detailed then I can't wait to see what you're going to say when you discover all the information Facebook, Google and others keep about you!
Even better, as now all the WiFi users appear to come from a single IP as far as the MPAA/RIAA is concerned,
Which totally protects the home owner where the cable box actually is.
which means the only way they can get more info is if Comcast keeps insanely detailed records about every one of these connections.
If you consider an IP address, a port number, a timestamp and an account number to be insanely detailed then I can't wait to see what you're going to say when you discover all the information Facebook, Google and others keep about you!
You're right its totally reasonable to charge individuals for the right to access a network with specified bandwidth limitations and then set the router up to broadcast that connection to any fool walking down the street or other person in your apartment complex that now gets the benefit of your internet connection without paying anything for it.
This is not an open WiFi hotspot. Only other paying Comcast customers can use it. What you get in exchange is that you too can use any other Comcast WiFi connection. Free actually makes it a tip-for-tat thing: if you allow your FreeBox to act as a hotspot you can connect to the FreeWiFi hotspot of other customers. If you disable your hotspot you cannot use the other customers hotspots.
The my personal bandwidth and signal quality to the the network would have be totally distinct from the public portion of the router.
Easy to do by giving a lower priority to the HotSpot traffic. I know Free is doing it, I don't know if Comcast does.
If my signal quality, bandwidth, etc is totally unchanged and all this thing is doing is stealing some of my electricity... then I'm okay with that.
The change in electricity consumption is going to be so low I don't think you'd even be able to mesure it.
If they require a Comcast customer login, then it's not a public wi-fi hotspot at all.
They do require Comcast credentials. It is indeed not a public / open / free WiFi hotspot.
Unless Comcast assigns a unique IP address to each wireless user (which I suspect they won't on IPV4) sorting out which, of possibly many, wireless users connected at the time of the download may require more tracking -- which I suspect Comcast will do.
Comcast most likely uses Carrier Grade NAT for the hotspot clients, just like Free has been doing in France for years for its community WiFi. That means hotspot users get a totally different IP address than the router 'owner' and that the NAT already tracks which customer is using a given IPv4 at any given time.
This is about making some congressman or senator happy.
So funny. ISPs abroad (Netherlands, France) have been doing this for years. But yes, Comcast couldn't possibly have recognised that as a truly good idea and decided to implement it. It has to be some conspiracy instead, no matter how nonsensical.
If that is the case does that mean I just have to change my mac address and connect to the public wifi rather than my normal ssid, and I can torrent everything I want and not worry about getting hit by a copyright infringement law suite.
To use the Comcast hotspot you have to provide your Comcast credentials on the gateway web page. So no, that won't work.
I'm assuming that Comcast doesn't have 50,000 spare routable IP addresses, but that's not a bad assumption.
Yes, it's a ridiculous assumption. It's essentially the same as saying Comcast will never be able to gain 50000 new customers because they don't have enough routable IP addresses. Besides it further assumes that they are not using Carrier Grade NAT which is exactly how Free, a French ISP that has been doing the same thing for years, is handling this.
The Free French ISP has provided a similar service for years and while it's true that range can make things tricky, it still works well enough to be quite handy. It works particularly well if you visit someone who's with this ISP: no need to ask for the key to their private network. Same if it's an appartment building and one of the neighbors is a Free customer. And with over 4 million hotspots, in dense locations you can quite easily find one that's in range.
How long before someone releases a tool that would have a Linux-running computer or device with a WiFi card masquerading as an official Comcast WiFi hotspot an collecting the usernames & passwords of the users trying to connect ?
That was possible before and it's still possible now. And not just with Comcast but also with Boingo, AT&T Portal, etc. Only solution: ban all WiFi hotspots!
It's a broadcast device. EVERYONE around you is effected. This will just add to the electronic clutter of your neighborhood. If it doesn't annoy you directly, it might annoy the guy next door and interfere with his network.
99.9% of the users would have had the WiFi on anyway so it does not make any difference.
There's really not many people obsering the ballot box while it's being moved around. So you'd need only a few bad apples to have no witness. I'm not even convinced there's bipartisan control during that step. That makes it totally different from counting and announcing the polling station results immediately in public. After that if you tamper with the tallying everyone can call you on it. So even if you manage to win at least everyone knows you cheated.
Recounts can be done automatically for close elections, which means that the paper is authoritative.
A system is no more secure than its weakest link. Here we have two links where there used to be only one. So tamper with the paper ballots, force a recount and you win. Yeah this will cause a discrepancy with the electronic records but you said it yourself, the paper is authoritative so it does not matter.
In the 2008 Minnesota Senate election, one precinct's ballots were lost, and the authorities decided to go with the machine count for that precinct.
Yay! So you're saying attacking the other link works too: hack the machine count, lose the paper ballots.
It's hard to modify the contents of a sealed ballot box that has a chain of custody and bipartisan observers; most such fraud involves "losing" ballots, which is more difficult with the machine counts.
I guess that one difference of opinion we have is that I regard anything less than direct citizen oversight as useless. That includes 'chains of custody'. Even with supposedly bipartisan control. By the way bipartisan control makes it too easy for the two parties to make secret deals. I certainly hope there are in fact observers from at least three or four parties (and that car moving the ballot box around is going to get crowded).
Tampering with sealed boxes in a few precincts is going to cause serious discrepancies, which will trigger further investigation.
I also have very little faith in 'investigations'. We should all remember that the ones with the most to lose in an election are the incumbents who are also in the best position to steer the investigation away from embarassing finds. Furthermore we live in a world where investigations conclude that a satisfactory explanation for 4096 overvotes is "the spontaneous creation of a bit at the position 13 in the memory of the computer" and don't cause the election to be canceled.
Or you can have paper ballots that are machine-tabulated with random on-the-scene counts to be on the safe side.
That could work if:
I'm unconvinced that all these (necessary but maybe not sufficient) conditions are actually met. Frankly it seems much simpler to just discard the machines, count everything by hand and be done with it.
No you have a system where the vote must be hacked both electronically and on the paper side, if you only hack one method then the results wouldnt match and the election could be declared void and thoroughly investigated.
How many years are you willing to wait for the investigation to publish its conclusions before you hold the new elections? If you're not willing to wait then all an attacker has to do is make it look like his main opponent cheated to discredit him. As long as the new election happens before the investigators figure out what happened (if ever), the attacker wins.
And that's even assuming that the powers that be actually wants a 'thorough investigation' more than for the whole episode to be forgotten as quickly as possible (further assuming they're not the ones rigging the election).
Yeap, because closed source software and hardware cannot be "upgraded" by NSA, right?
You missed the important part:
A voter will never be allowed to verify that the software actually running on the voting computer is your 'demonstrably provable software' software. (or in your case the audited open-source software)
Successfully cast ballots drop from the scanner into a sealed container, so all counted ballots are securely stored for recounts and audits. Every step of the process is observed and signed off by multiple poll workers, with seals, etc.. And the USB sticks, ballots, etc., have a chain of custody.
Observers can stare at a computer writing data to a USB key all they want. That won't tell them anything about what was written to it. In effect, whenever computers are involved there are no observers. So all you have is a custody chain where none of the participants can verify the integrity of the data they signed off on.
And, of course, a random sample of ballot boxes should be audited to confirm that they match the digital records.
Bam! 'Should' is useless. Only 'is systematically audited' is of any use. And even so, only if there is no chance of data being tampered which means the recount must happen right away at the polling station. But that will never happen because in everyone's mind the result is already known so there is no reason to waste time and money redoing it. Furthermore when recounts actually happen it's only days after the election which leaves tons of opportunity for fraud, custody chain or not.
If you 'hacked' the digital record, you go back to the sealed paper ballots and re-scan them, and achieve nothing.
As an attacker, if you know there are never any recounts then you attack the digital record, nobody notices and you win. If there are recounts or you are unable to hack the digital record, then you attack the paper ballots and find a pretext to force a recount. If the paper ballots are taken to be the autoritative record then you win. If discrepancies cause the election to be done all over again, which is unlikely for national elections, you hack the result so it's in favor of your main opponent. With your opponent now being discredited you win again. In effect this system lets the attacker choose which side to attack.
If you 'hacked' the paper ballots, you committed election fraud (a felony)
The fact it's a felony never stopped anyone before.
The day may come in our lifetime when computers can write better novels than Stephen King, but until then our intellectual capacity is king. Computers beating us at chess and in Jeopardy are one thing. A computer writing Romeo and Juliet, or composing Beethoven's Ninth is not around the corner.
The real question is: is driving more like composing a symphony or like playing chess? Twenty years ago I would have bet on the former and it felt that driving actually required sentience in order to be able to handle all the shape recognition issues and more. But I think that Google's autonomous cars have proven that to be largely wrong. I'm saying largely because they're still experimental and may yet hit technical roadblocks.
If creativity and sentience are irrelevant, then our superior 'intellectual capacity' essentially brings us no advantage. So then I'd rather have 'grand master' computers at the wheel.
At the end of the day, I don't want a computer driving my car, because I enjoy driving my car. I like to keep it in third gear and hear the engine roar for a bit when I'm driving on the highway before I put in fourth. I just don't think I would get the same pleasure if a computer was driving my car.
The pleasure some people derive from driving their car is precisely the reason why they should be barred from doing so. I'm not saying that for you, staying in third gear to revv the engine is harmless enough. But some people seem to only derive enjoyment from racing around, whether on highways or in cities, or doing wheelies (on motorbikes though, which is a bit off-topic here), or other dangerous stunts. Taking them out of the driver seat would be much better for everyone (even themselves, their passengers, their spouse, their kids, etc).
In the elections I vote in, we have a paper ballot. We then put that ballot through a machine, which either accepts it or rejects it as invalid.
We have the advantages of a paper trail, and the advantages of extremely quick counting.
As long as there is no systematic immediate manual recount in the polling place you have none of the advantages of paper. All you have is a system that can be hacked electronically, and hacked on the paper side while the ballots are being moved around or in storage waiting for a possible recount. Attackers get their choice of method so in the end this is twice as insecure.
This is the kind of project you could do in a weekend on a Raspberry Pi. Off-the-shelf , disposable hardware; demonstrably provable software.
A voter will never be allowed to verify that the software actually running on the voting computer is your 'demonstrably provable software' software. If he were allowed to do so, not only would it cause a huge backup in the line, but it would also require completely compromising the security of the system. Then that voter would also have to check that the hardware is really an unmodified Raspberry Pi board rather than one that was 'upgraded' by the NSA (or someone else).
Open-source (or provable software) and open-hardware change strictly nothing to the electronic voting opacity.
Do I have to provide links to all the election workers that find paper ballots in their trunk right after they know just how many votes they need? Cite LBJ?
Sure, one can make a paper based voting system that can be hacked. The easiest way is to require that all ballots be moved around to a central location before they are counted. That provides plenty enough of opportunities for fraud during transport. To maximize fraud-opportunities, cost and slowness you can even claim you cannot start counting the ballots until the next day so all the ballot boxes have time to arrive and so you don't have to pay the people you hired extra for night work.
Or you can pick volunteers among the voters to count the ballots as soon as the election closes, right in the polling station. With tables of four volunteers working together and checking each other's work (in addition to the usual party representatives), you get the results within 2 hours and have a really fraud-proof system. It also scales nicely with both the number of polling stations and the population, and needs only 1% to volunteer.
Fuck all this Prius hippie shit. I'm buying a Hummer.
Ah! Hummers are only good for little kids. Real men drive a Marauder.