Electronic voting is fine as long as you don't do anything stupid like--oh, I don't know-- installing remote access software on them and connecting them to a network. Also, validated paper copies...
Electronic voting is fine as long as you don't do anything stupid like--oh, I don't know-- installing remote access software on them and connecting them to a network. Also, validated paper copies to allow for auditing are helpful. I agree that it's good to distrust these systems until they're proven to be resilient, though.
Definitely. At least in the near future, I believe we must have at least this level of audit. I work in security and honestly, I have so little trust in people being able to correctly spec, build,...
Also, validated paper copies to allow for auditing are helpful.
Definitely. At least in the near future, I believe we must have at least this level of audit.
I work in security and honestly, I have so little trust in people being able to correctly spec, build, setup, deploy, use, and audit something like this. And that's not getting into the more tin-foil hat issues.
I fully agree. The biggest problem is that (frankly) unqualified people are doing the contracting and being contracted to handle this task and we really need to have security experts overseeing...
I fully agree. The biggest problem is that (frankly) unqualified people are doing the contracting and being contracted to handle this task and we really need to have security experts overseeing and auditing these systems before, during, and after deployment. It's like they're handling this task only marginally better than the current state of IoT tech.
I couldn't agree more with the both of you, but is there any possibility that open source here could end up giving the tools for people to do screwy shit with electronic voting devices?
I couldn't agree more with the both of you, but is there any possibility that open source here could end up giving the tools for people to do screwy shit with electronic voting devices?
I would argue that this is most certainly the case. Open source means that the public can report or even fix vulnerabilities (if added to a public repo), but it also means that they can discover...
I would argue that this is most certainly the case. Open source means that the public can report or even fix vulnerabilities (if added to a public repo), but it also means that they can discover and exploit them. In the case of a public repo, someone who is particularly sneaky could potentially even introduce a vulnerability and get it through an audit (even without a public repo, social engineering could be used in e.g. recommending a malicious but subtle code snippet to patch an existing issue).
There are always pros and cons to any solution you put in place.
Just to add my 2 cents on this part; It doesn't necessarily have to be open to everyone for review (since most people don't know anything about how to conduct free, fair and impartial elections),...
Just to add my 2 cents on this part;
If PUBLIC voting systems are not out in the open for EVERYONE to audit, something is fucky.
It doesn't necessarily have to be open to everyone for review (since most people don't know anything about how to conduct free, fair and impartial elections), but it definitely DOES need to be able to be verified and audited by impartial independent parties.
Definitely one of the reasons I can't be sold on electronic voting. It's extra scary that this wasn't checked or vetted to catch this before.
Electronic voting is fine as long as you don't do anything stupid like--oh, I don't know-- installing remote access software on them and connecting them to a network. Also, validated paper copies to allow for auditing are helpful. I agree that it's good to distrust these systems until they're proven to be resilient, though.
Definitely. At least in the near future, I believe we must have at least this level of audit.
I work in security and honestly, I have so little trust in people being able to correctly spec, build, setup, deploy, use, and audit something like this. And that's not getting into the more tin-foil hat issues.
I fully agree. The biggest problem is that (frankly) unqualified people are doing the contracting and being contracted to handle this task and we really need to have security experts overseeing and auditing these systems before, during, and after deployment. It's like they're handling this task only marginally better than the current state of IoT tech.
I couldn't agree more with the both of you, but is there any possibility that open source here could end up giving the tools for people to do screwy shit with electronic voting devices?
I would argue that this is most certainly the case. Open source means that the public can report or even fix vulnerabilities (if added to a public repo), but it also means that they can discover and exploit them. In the case of a public repo, someone who is particularly sneaky could potentially even introduce a vulnerability and get it through an audit (even without a public repo, social engineering could be used in e.g. recommending a malicious but subtle code snippet to patch an existing issue).
There are always pros and cons to any solution you put in place.
Very well said; thanks for that! Definitely a lot to think about/consider.
Just to add my 2 cents on this part;
It doesn't necessarily have to be open to everyone for review (since most people don't know anything about how to conduct free, fair and impartial elections), but it definitely DOES need to be able to be verified and audited by impartial independent parties.
If there was ever a practical use for blockchain, e-voting would be it.