Storage as you describe would allow the order and time of votes to be reconstructed, destroying anonymity.
I did think of that, but couldn't come up with a solution on that one right away. Reintroduce the curtains, and disallow outsiders to record who uses which machine, and you might get around that with sufficient randomness to protect the voters from being tied to a specific vote. Maybe removing the timestamp as well. But I can't see us getting around the order without risking compromising the integrity of the votes, unless there are an intermediate memory, battery backed in case of power failure, that tallies votes in batches of for instance 25 votes, and streams that intermediate result to the memory card.
2) Ballots could end up being tremendously huge in size--when I voted in the 2006 general elections in November 2006 the paper ballot size--even with having to fill out both sides of the ballot--was huge.
Define "huge".
The one I used in the recent Danish election was close to 15x100 cm, if not more. (It was folded 3 times on it's long axis, and folded it was roughly 15x30 cm).
The keys used for signing must be a combination between the memory card, the hardware and the software keys. Add a timestamp to the vote, and raise hell if there are a timestamp mismatch (new vote is stamped before the previous vote).
The use-once WORM memory card I mentioned previously could be nice here as well, it could have an interface that simply disallowed accessing a specific address in it, you write to it by sending it a byte stream, and you read it by asking for data which would return a character stream from address 0 to the end of data.
All data should be stored in plain text, and signed with multiple hashes, keys and/or ciphers.
# All communications protocols are authenticated, encrypted and signed.
Only to the extend tat no one can say that for instance booth #5 voted on candidate X.
You don't want to shroud the data in mystery or obscurity, merely make them tamper-proof (resistant).
# There are multiple, redundant backups of all data, including a hard copy paper trail that can be authenticated by a unique signature printed on each ballot
Partially. Use memory cards. The cards should be one-time use WORM memory. They contain the voting setup, in for instance XML. When the voting machine is initialized, the card is tagged with machine ID, timestamp, election official and authorization information, along with machine and software version keys. This should render the WORM card unreadable in any other machine. A crash and/or power outage should be recorded to the memory card if possible, and the machine should be reset using a new memory card, or the machine detects that the card is indeed it's own, and insert a new initialization header, preserving the original data.
During voting, each vote is written to the card, tagged with some sort of security and padded to a fixed length.
At the end of the day, this card is bundled with the paper trail, printed throughout the day like the internal tape in a cash register, and finalized with totals and signatures from election officials.
After the election, the card content must be dumped to an official and freely accessible server along with a scanned version of the paper tape.
Man, as first posts go, I'd rather have that just said "First Post!".
If it's that easy to break into, I guess the machines used some form of snake-oil and build it's security on the assumption of obscurity. Bad choice any day.
1: Do like the rest of the world, and use a HB #2 pencil.
2: EFF and the rest of the American White hats get together and develop an Open Voting system, that are freely implementable by any state, that can withstand public scrutiny and peer review.
Why wait. Even if they are downgraded now, the members are unable to upgrade to P status before February 2008...
But if I read the summary for the three votes correctly, just about all but a handful of members can be downgraded, unless they have a very good explanation, reducing the P group to about half it's original size.
It seems to me that we get the "The internet is on the verge of impending collapse" every other year, and so far the ISP's have managed to keep up with demand. Now, if we could just get rid of all that spam, we'd have enough bandwidth to last the rest of the decade...
Cant we have a Cached atime for those who really want the feature? Cache the atimes in memory, probably even dump them to the journal along with the next journal write and commit/write them to disk when there are some idle time on the drive.
Goodbye to our old and dear friend, Free speech, it was nice knowing you and you left us before it was your time. But at least you did have a good long run. May you rest in peace.
Yes, and yet, not exactly. I was thinking about an OLPC like approach, in that is would be simple and cheap but where some of the security is in the hardware and where the machine refuse to load up the firmware/voting data if it detects unauthorized software/data.
Of course such a machine may cost a bit more than $100, and probably shouldn't be made out of plastic.
Btw. Is it possible to have a transparent layer on top of a screen that reacts to electrical input by changing size, in order for the screen itself to create for instance Braille text? Obviously, combining this with a touch screen in a way that does not permit the Braille layer to make screen selections may be impossible...
Not a bad idea. I know they do that in for instance South Africa.
But it seems to me that what really need changing is the whole 'registered voter' thing, it needs to be abolished. Simply allow anyone with a social security number to go in anywhere in their precinct, and vote.
Why don't the Open Source communities in America try to join forces and develop an open voting systems specification (software, hardware and communications protocols), one that is completely open and free to use and implement, and which the individual states can produce themselves (or at least have local companies do it) if they so choose?
Basic demands for any electronic voting system is that it is open, safe and that the results are verifiable. That means that the voting set-up/definitions as well as the machine output and logs must be in plain text (signed to prevent/detect tampering of course) and be made publicly available for all to verify. Not to forget the paper trail. Ultimately, any voter should be able to plug in a USB drive, and get a complete dump/snapshot of the voting machines software - source and binaries, logs and it's latest hardware certificates.
You obviously can't expect all your newly saved files to automatically revert to the old format. But here the gripe were with Outlook, which had converted his old database to the new one, with no option to convert it back, once the trial period had expired.
In this case I won't hesitate to claim that Microsoft's practice is deceptive, and bordering on blackmail.
I have no idea why they sound the same, I'm not a linguist. However I'm pretty certain that that is why MS chose that name. "See Linux have a Colonel too", the msFanboy said...
Slashdot Mirror
I did think of that, but couldn't come up with a solution on that one right away.
Reintroduce the curtains, and disallow outsiders to record who uses which machine, and you might get around that with sufficient randomness to protect the voters from being tied to a specific vote.
Maybe removing the timestamp as well. But I can't see us getting around the order without risking compromising the integrity of the votes, unless there are an intermediate memory, battery backed in case of power failure, that tallies votes in batches of for instance 25 votes, and streams that intermediate result to the memory card.
What about the second one? (My Antivirus software won't let me load that page).
On THAT note.
Elections should be run by competent people, so politicians should really just stay away from the process.
How can you accurately differentiate this from the voter accidentally filling in the wrong box and erasing it themselves?
The easy answer, and incidentally the correct one, is: You don't.
If you put your X on the wrong candidate, you exit the booth and get a new ballot, while the old one is ripped in half.
2) Ballots could end up being tremendously huge in size--when I voted in the 2006 general elections in November 2006 the paper ballot size--even with having to fill out both sides of the ballot--was huge.
Define "huge".
The one I used in the recent Danish election was close to 15x100 cm, if not more. (It was folded 3 times on it's long axis, and folded it was roughly 15x30 cm).
That IS an interesting problem.
The keys used for signing must be a combination between the memory card, the hardware and the software keys. Add a timestamp to the vote, and raise hell if there are a timestamp mismatch (new vote is stamped before the previous vote).
The use-once WORM memory card I mentioned previously could be nice here as well, it could have an interface that simply disallowed accessing a specific address in it, you write to it by sending it a byte stream, and you read it by asking for data which would return a character stream from address 0 to the end of data.
# All data is stored encrypted and signed.
All data should be stored in plain text, and signed with multiple hashes, keys and/or ciphers.
# All communications protocols are authenticated, encrypted and signed.
Only to the extend tat no one can say that for instance booth #5 voted on candidate X.
You don't want to shroud the data in mystery or obscurity, merely make them tamper-proof (resistant).
# There are multiple, redundant backups of all data, including a hard copy paper trail that can be authenticated by a unique signature printed on each ballot
Partially.
Use memory cards. The cards should be one-time use WORM memory. They contain the voting setup, in for instance XML. When the voting machine is initialized, the card is tagged with machine ID, timestamp, election official and authorization information, along with machine and software version keys. This should render the WORM card unreadable in any other machine. A crash and/or power outage should be recorded to the memory card if possible, and the machine should be reset using a new memory card, or the machine detects that the card is indeed it's own, and insert a new initialization header, preserving the original data.
During voting, each vote is written to the card, tagged with some sort of security and padded to a fixed length.
At the end of the day, this card is bundled with the paper trail, printed throughout the day like the internal tape in a cash register, and finalized with totals and signatures from election officials.
After the election, the card content must be dumped to an official and freely accessible server along with a scanned version of the paper tape.
Till they iron out the kinks?
How many more republican presidents do the US have to endure before that happens?
Now, that begs the question, Are the ATM's good enough for your money? They are after all made by the same companies that can't make voting machines.
And I distinctly recall a past story about a DIEBOLD ATM playing music at some campus...
I just hope DIEBOLD live up their name, and die boldly...
Man, as first posts go, I'd rather have that just said "First Post!".
If it's that easy to break into, I guess the machines used some form of snake-oil and build it's security on the assumption of obscurity. Bad choice any day.
I haven't seen which OS they use.
I have 2 solutions to all these problems.
1: Do like the rest of the world, and use a HB #2 pencil.
2: EFF and the rest of the American White hats get together and develop an Open Voting system, that are freely implementable by any state, that can withstand public scrutiny and peer review.
This is just in; Outahere, a small suburb between Middle and Nowhere, have mysteriously vanished from the face of the Earth...
The one in the article is broken
http://www.wired.com/techbiz/media/news/2007/11/doubleclick
Why wait. Even if they are downgraded now, the members are unable to upgrade to P status before February 2008...
But if I read the summary for the three votes correctly, just about all but a handful of members can be downgraded, unless they have a very good explanation, reducing the P group to about half it's original size.
It seems to me that we get the "The internet is on the verge of impending collapse" every other year, and so far the ISP's have managed to keep up with demand.
Now, if we could just get rid of all that spam, we'd have enough bandwidth to last the rest of the decade...
Thou shalt not pepper thy huntingpartner in his face with thy shootgun.
Cant we have a Cached atime for those who really want the feature?
Cache the atimes in memory, probably even dump them to the journal along with the next journal write and commit/write them to disk when there are some idle time on the drive.
"Huh? I thought the whole point of Parliament was to be ridiculed and denigrated"
he he, you got that right, sadly some people take satire and satirical cartoons way too seriously.
Goodbye to our old and dear friend, Free speech, it was nice knowing you and you left us before it was your time.
But at least you did have a good long run.
May you rest in peace.
Yes, and yet, not exactly. I was thinking about an OLPC like approach, in that is would be simple and cheap but where some of the security is in the hardware and where the machine refuse to load up the firmware/voting data if it detects unauthorized software/data.
Of course such a machine may cost a bit more than $100, and probably shouldn't be made out of plastic.
Btw. Is it possible to have a transparent layer on top of a screen that reacts to electrical input by changing size, in order for the screen itself to create for instance Braille text?
Obviously, combining this with a touch screen in a way that does not permit the Braille layer to make screen selections may be impossible...
Not a bad idea. I know they do that in for instance South Africa.
But it seems to me that what really need changing is the whole 'registered voter' thing, it needs to be abolished. Simply allow anyone with a social security number to go in anywhere in their precinct, and vote.
Whatever happened to just using a good old #2 pencil or if you are really adventurous, a ballpoint pen?
Why don't the Open Source communities in America try to join forces and develop an open voting systems specification (software, hardware and communications protocols), one that is completely open and free to use and implement, and which the individual states can produce themselves (or at least have local companies do it) if they so choose?
Basic demands for any electronic voting system is that it is open, safe and that the results are verifiable. That means that the voting set-up/definitions as well as the machine output and logs must be in plain text (signed to prevent/detect tampering of course) and be made publicly available for all to verify. Not to forget the paper trail.
Ultimately, any voter should be able to plug in a USB drive, and get a complete dump/snapshot of the voting machines software - source and binaries, logs and it's latest hardware certificates.
You obviously can't expect all your newly saved files to automatically revert to the old format. But here the gripe were with Outlook, which had converted his old database to the new one, with no option to convert it back, once the trial period had expired.
In this case I won't hesitate to claim that Microsoft's practice is deceptive, and bordering on blackmail.
I have no idea why they sound the same, I'm not a linguist.
However I'm pretty certain that that is why MS chose that name. "See Linux have a Colonel too", the msFanboy said...