35 votes

DARPA Is Building a $10 Million, Open Source, Secure Voting System

10 comments

  1. [4]
    Weldawadyathink (edited ) Link
    I haven't read the article yet, but I think this is a relevant video about electronic voting. https://youtu.be/w3_0x6oaDmI Edit: I have read the article and it has some really interesting ideas. I...

    I haven't read the article yet, but I think this is a relevant video about electronic voting. https://youtu.be/w3_0x6oaDmI

    Edit: I have read the article and it has some really interesting ideas. I really like the idea of a cpu architecture designed from the ground up to question commands and be more secure. Also I really like the paper separation of voting and tabulating the votes. But I don't understand why we need a machine to fill out our ballots for us. I have never had an issue with voting or understanding my (California) ballot. It seems to me that issues such as hanging chads and butterfly ballots are just a result of trying to overcomplicate issues that should be quite simple. We don't need technology in every subset of our existence. Tabulating votes is a place where technology can legitimately improve a lengthy counting process. But I don't see any problem with a paper ballot and simple boxes to fill in.

    6 votes
    1. 45930 Link Parent
      This video is is so overused, as if in 2014, some youtuber had the last say about innovation in voting methods. I am looking forward to the day when a suitable cryptographic voting solution is...

      This video is is so overused, as if in 2014, some youtuber had the last say about innovation in voting methods.

      I am looking forward to the day when a suitable cryptographic voting solution is built and I'm glad people are still researching it, even after watching the video.

      4 votes
    2. [2]
      InherentlyGloomy Link Parent
      I had a feeling it would be the Tom Scott video :) I am cautiously optimistic about this because, while not perfect, DARPA seems to have considered many of the issues presented in that video....

      I had a feeling it would be the Tom Scott video :)

      I am cautiously optimistic about this because, while not perfect, DARPA seems to have considered many of the issues presented in that video. Namely...

      1. Both hardware and software are open source. That means we don't have to "just trust" the given devices, they can be verified by anyone with the know-how to do so. Apparently they're looking at security experts and university-level researchers to do just that.

      2. Additionally, one of Tom's main points is that the vote counting machine is a black box, but this project is also designing an "optical-scan machine that tabulates the votes", meaning that too will be open source. They're already planning on bringing these devices to DEFCON to be prodded and tested by security experts.

      3. They are focusing on making "secure hardware" in addition to secure software, so there won't be the issue of people plugging random USB sticks into it to infect machines.

      The one point Tom makes I'm still unsure of is how they'll gather all of the votes together. Apparently votes can be verified online via their "cryptographic values", but that leaves the issue of a central database of votes existing which is... not good to say the least. Even if no bad actors can modify votes to their advantage, they could still destroy or otherwise invalidate votes, and that's just as bad. They wouldn't even have to mess with the actual votes, just tampering with the post-election website meant for voter verification would erode public trust in the system and that would cripple the voting process as much as any direct attack.

      Assuming things like this can be worked out, I would much prefer these machines to the ones currently in use that have already been shown to be insecure. Neither is as secure as paper ballots of course, and if I had to pick I would want paper every time, but progress is nice.

      3 votes
      1. Ixa Link Parent
        I'm gonna go full corporate buzzword for a moment: Wouldn't this be one of the places where a blockchain could help? I'll admit, I don't know much about it, but from my understanding of...

        I'm gonna go full corporate buzzword for a moment:

        Wouldn't this be one of the places where a blockchain could help?

        I'll admit, I don't know much about it, but from my understanding of blockchains, they're constructed by every additional block being required to verify the entire previous chain of events before being added, meaning the entire voting record would be public and verifiable. Not who voted for what, just in what order the votes were added. Tampering with the votes on one machine would invalidate that machine automatically, since its records wouldn't match with the rest.

        I'll expect someone to now call me out on why this is a terrible idea.

  2. [6]
    meghan Link
    if we had a national registry, or even state level online registry we could vote online and then there wouldnt be any issues (other than some human ones)

    if we had a national registry, or even state level online registry we could vote online and then there wouldnt be any issues (other than some human ones)

    1. [5]
      Greg (edited ) Link Parent
      Voting is a fairly unique problem in that it needs to simultaneously be anonymous, independently verifiable, and unique to an individual; I can't think of a system that currently exists & manages...

      Voting is a fairly unique problem in that it needs to simultaneously be anonymous, independently verifiable, and unique to an individual; I can't think of a system that currently exists & manages more than two of these. Fulfilling all three simultaneously with a technical system is remarkably hard, especially given that the stakes are more than high enough that everything from sophisticated technical attacks, to bribery of key people, to rubber-hose cryptanalysis is a viable and realistic threat.

      Given DARPA's track record I have more faith in them than most, and frankly almost anything would be an improvement on those terrifying ES&S voting machines that some states use, but so far I've yet to see anything that beats paper ballots (with automatic or one-step online voter registration, and a mail in option as a simple checkbox on the registration) that are then counted in a public place open to anyone who feels like coming to keep an eye on things. In the case of elections, transparency tends to go further than almost anything done in the name of security.

      [Edit] Initially blamed the wrong machine manufacturer, although the article does say both major vendors are as bad as each other

      9 votes
      1. masochist Link Parent
        Indeed. I'm absolutely not a fan of the DoD or the military, but I have to admit they do at least some good work (like that thing you may have heard of, the ARPANET). Given that election tampering...

        Given DARPA's track record I have more faith in them than most,

        Indeed. I'm absolutely not a fan of the DoD or the military, but I have to admit they do at least some good work (like that thing you may have heard of, the ARPANET). Given that election tampering is clearly a matter of national security, the DoD does have a vested interest in doing it right, too. I imagine the alphabet soup agencies are going to get involved, too, if they aren't already.

        4 votes
      2. Amarok Link Parent
        I'd like to take it a step further and allow any individuals to verify their own vote is correct in the record. Having the vote topics in random order and providing the user with a receipt that...

        I'd like to take it a step further and allow any individuals to verify their own vote is correct in the record. Having the vote topics in random order and providing the user with a receipt that also includes that order is enough to do the job without letting everyone else see how that person voted. That'd kill fraud dead and end any discussions about the trustworthiness of the system forever, which is why I think it's a worthwhile aspect.

        This can also be done as a software only system. Preventing tampering with the hardware isn't possible if you allow voting outside of voting stations with secure hardware. Detecting tampering and invalidating any altered clients or data is, however, using distributed computing. It's not dissimilar to how the etherium network handles contract computation in principle.

        I read a think tank proposal for an outline of this kind of voting system that had cracked a lot of these issues and come up with a bulletproof software-only design. The network would just reject anything that had been altered, so any attempt to tamper simply broke that particular node and it was discarded as untrustworthy. That was years ago on reddit back during the ron paul era. I've never been able to find that damn paper again and it's always bothered me whenever these discussions pop up.

        One aspect I think we overlook in these discussions is what happens if they actually manage to make it work. That would mean anyone could vote from their phones, or any public library computer, or fast food joint with a wireless connection. This guarantees voter turnout at record-setting unprecedented levels. Might even make it into the 90%+ range on a regular basis with a system like that.

        Is that a good thing, or a bad thing? If most of the people who don't bother with voting join in on the elections, what happens? Just looking at turnout in the USA, those people would decide the elections every time.

        3 votes
      3. [2]
        meghan Link Parent
        Firstly, the reason no such system exists is because being provably anonymous and verifiably unique are mutually exclusive properties. It wont happen. You cant be 100% sure about preventing...

        Firstly, the reason no such system exists is because being provably anonymous and verifiably unique are mutually exclusive properties. It wont happen. You cant be 100% sure about preventing duplicates without knowing the source. You can make connected systems that have this property but in this scenario both systems will be run and operated by the government (or contractors) so their disconnect wont matter.

        Secondly, a point I hadn't considered until just now that I haven't seen mentioned much, is that any sort of 2FA or etc tech we use to verify the identity of the people, either requires the govt having a db of biometric data or requires everyone who wants to vote to have a cell phone and we dont have a national standard of living to do that.

        1. [2]
          Comment deleted by author
          Link Parent
          1. meghan Link Parent
            which I also offered as an option, though I feel that currently the US would experience a lot of push back from both sides even if we tried to do that right now

            their mandatory national ID

            which I also offered as an option, though I feel that currently the US would experience a lot of push back from both sides even if we tried to do that right now