patrick.net

One of the things I like about electronic voting -- IF it is done right -- is that it allows for voting systems that simply cannot be carried out by hand like the system I describe in my prior post.

Dan8267 says

The ten most popular political parties can each run a single candidates in each state after their primaries. That's 10 representatives for each state.

Same for California and Rhode Island? I suppose RI has at least 10 people, but California has a somewhat broader field, and certainly more voters.

curious2 says

Same for California and Rhode Island?

Same number of representatives, but not the same voting power. A state like CA would have representatives with much higher voting power than those from Rhode Island as each representative's voting power is a function of the number of his voters and his rank for each voter. In other words, representatives represent people, not states.

Oh, by the way, in addition to voting no confidence for anyone by not voting at all, each voter can decide only to rank some of the candidates. For example, a voter could vote first for the Green Party, then the People's Party, then the Democrats, and then stop ranking the candidates. The Tea Party, the Libertarian Party, and the Republican Party would get zero voting power from that voter. So each voter can decide not to let some of the representatives get any power from him.

Dan, I appreciate your technical insights.

If Constitutional architecture interests you, I strongly recommend reading Empire of Debt or The New Empire of Debt. The two editions are 90% the same, and either costs $4 with shipping if you buy used books (as I do). Both editions made me laugh out loud, literally. Either edition explains brilliantly how certain changes during the "Progressive" era have wrought consequences that were unintended by most people, and directly contrary to the promises made.

That brings me back to this thread. I imagine "otto" the shill is probably a self-styled "progressive" who might even call himself "liberal," working at a "technology job" searching for NPVIC every day on various search engines, and copying and pasting pre-authorized talking points wherever NPVIC is mentioned. (S)he/it did not explain, and probably cannot explain, why (s)he/it wants the human voters of California subjugated to the proprietary Diebold software and hardware, with no transparency, no audit trail, no paper records, and no technical specifications regarding hardware and software. I say "otto" probably cannot explain those things because "otto" lacks the depth of critical thinking to understand your comment and apply it to the NPVIC. Some PR agency offered a "new media" "social networking" "tech job" that didn't require any programming skills, and "otto" took it in order get paid and "work in tech" without learning anything that would require rigorous logic. For all we know, "otto" might be an AI bot, and no human made voluntarily any defense of NPVIC.

curious2 says

wants the human voters of California subjugated to the proprietary Diebold software and hardware, with no transparency, no audit trail, no paper records, and no technical specifications regarding hardware and software

Yes, clearly the Diebold machines are completely unacceptable. First off, there should be no trade secrets in any voting machine. The mere presence of secret mechanisms invalidates a machine's use in voting. I say it should be considered a violation of the 5th Amendment to use any "magic box" as evidence including the use of RADAR guns that are not inspectable by the full public. An error in the hardware or software could result in a false reading, and ever person given a ticket has the right to examine and challenge the evidence and the right to call upon anyone and everyone in the world for help doing so. Thus both the hardware and the software must be fully inspectable by the defense. Voting machines should also meet this requirement and for even greater reason.

I don't think that paper is the right way to go for auditing. Paper gives people who know nothing about technology a false sense of security simply because they are biased to trust paper more than electronics. Paper is actually easier to fake, harder to check, has fewer independent lines of verification, and takes a hell of a lot more time and effort to check than electronic records. As such, all paper solutions involve taking extremely small samples (less than 1%) and hoping they are representative of the whole. With electronic auditing one can constantly check every transaction. If done right, nothing slips through the cracks.

Of course, one has to take engineering seriously and devote the resources necessary to do electronic voting right. Our culture does not respect engineering and wants to treat engineers as cheap, unskilled labor. Whenever engineers are treated like this, people hire cheap and bad engineers and they get bad results. This is exactly why the ACA website was a national embarrassment that did not work when it was first released.

Engineering is hard, and those that do it well are very valuable people. We should encourage engineering by providing career security, good pay, and social respect for engineers.

Dan8267 says

I don't think that paper is the right way to go for auditing. Paper gives people who know nothing about technology a false sense of security simply because they are biased to trust paper more than electronics. Paper is actually easier to fake, harder to check, has fewer independent lines of verification, and takes a hell of a lot more time and effort to check than electronic records. As such, all paper solutions involve taking extremely small samples (less than 1%) and hoping they are representative of the whole.

Dan, I Liked your comment and agreed with most of it, but disagreed with some parts, including this part.

Auditing is a profession, like engineering. Paper is a tool, like a mouse or trackball or keyboard. In my opinion, paper can help make auditing more robust. Consider the following system:
1) Voter goes to polling place;
2) Voter uses touchscreen Machine A to vote;
3) Machine A prints a clearly marked paper ballot, like currency, using multiple colors and watermarks to foil counterfeiting or spoliation;
4) Voter inspects paper ballot to verify it says what Voter intended;
4a) In case of error, voter rejects ballot and reinserts it to Machine A for automatic voiding and count adjustment, then returns to step 2;
4b) If the ballot is correct, voter brings it to Machine B for counting and secure storage;
5) Machine B reads and counts each ballot. At the end of the day, Machine B's count should match Machine A's count. In case of discrepancies, the paper ballots can be counted.

In this way, you have a process that is both secure and seen to be secure. Each campaign can have human inspectors watch the process. "To avoid evil, avoid the appearance of evil." Ordinary citizens can see for themselves that the machine count matches the paper count.

Following the 2000 election debacle, the Florida Supreme Court ordered a manual recount of all 6 million votes; SCOTUS ordered that count to stop midway. Later, a consortium of newspapers counted all the ballots as the Florida Supreme Court had ordered. The newspapers found that Al Gore had got more votes in Florida than GW Bush. They found also, however, that the partial recounts Al Gore had requested would have left GW Bush the winner. Further, due to the different ballots used by different counties, there was a significant risk of overvoting (or possibly spoliation), undervoting, or misvoting. IOW, Al Gore bungled, and 5 Republicans on SCOTUS resolved the ambiguities by awarding the Presidency to their own party and prohibiting Florida from doing a full count. If there had been uniform paper ballots across the state, with dual electronic counts in each polling place, they could have completed a recount by uniform standards.

Without paper, the audit becomes more difficult. You must rely on experts, there can be different copies of databases, one or more copies might become corrupted, and everything comes down to which expert you believe. Sad to say, each major party can hire experts to speak the party line.

With paper, you have physical evidence and a chain of custody. Any conspiracy requires more participants, any of whom might talk. For that reason, most jurisdictions require paper.

I find it very suspicious that some jurisdictions (mainly Republican) have chosen to dispense with paper, and I find it even more suspicious that other jurisdictions (mainly Democrat) have decided to subjugate their human voters to the Republican Diebold proprietary paperless machines. And, I remain dismayed that Democrats failed to address this issue when they could, in 2009-11, but I see a possible explanation in the difficulties that Sanders voters reported recently in Arizona: both major party establishments want to centralize power, and prevent actual voters from electing insurgents. I find corroboration for that suspicion in the fact that many Democrats and partisan mouthpieces continue to condemn Ralph Nader (of all people) for Gore's "loss" in Florida, when in fact Gore didn't lose among voters in Florida, Gore bungled his campaign and then lost among Republicans in SCOTUS.

As with Obamneycare, the system operates as designed, and the only questions involve allocating blame/credit/patronage.

curious2 says

1) Voter goes to polling place;

2) Voter uses touchscreen Machine A to vote;

3) Machine A prints a clearly marked paper ballot, like a receipt;

4) Voter inspects paper ballot to verify it says what Voter intended;

4a) In case of error, voter rejects ballot and reinserts it to Machine A for automatic voiding and count adjustment, then returns to step 2;

4b) If the ballot is correct, voter brings it to Machine B for counting and secure storage;

5) Machine B reads and counts each ballot. At the end of the day, Machine B's count should match Machine A's count. In case of discrepancies, the paper ballots can be counted.

Several flaws. First, if there is an error as stated in 4a, there is no reason to believe that the same or another error will not occur when reinserting a receipt. Second, errors are easy to avoid. A voting system has to be able to withstand deliberate and sophisticated attack. A compromised machine can print a receipt that differs from the vote it records while still displaying on the screen what the voter expects.

A third and very important flaw is that the paper receipt reveals the voter's decision and thus can be used to punish voters and force them to vote according to someone else's will. No paper trail that undermines voter's anonymous ballet is acceptable.

There are ways to provide checks without revealing who voted for what, but such checks must be electronic, not paper.

For example, a voting system can use a distributed counting system so that if one machine is compromised it is detected. Such a system would require simultaneously compromising all the voting machines in the entire nation, a much, much harder problem and one that you cannot test beforehand. This makes it very risky to even attempt hacking the system.

curious2 says

Without paper, the audit becomes more difficult. You must rely on experts, there can be different copies of databases, one or more copies might become corrupted, and everything comes down to which expert you believe.

If the system is transparent, experts can check each other. That's the way peer-reviews work. And they do work. If any expert makes a mistake or tries deception in any way, he'll be caught and severely criticized. His reputation will be permanently destroyed. This is why scientists are very cautious about publishing results and check their work very carefully. It's pretty damn rare to hear about someone trying to game the system because the community knows what they did and reject them forever after.

In contrast, a paper trail covering 300 million or so voters can easily be manipulated. Remember the dangling chad problem? Remember the "lost box" of Ron Paul votes. Paper can be forged, burned, lost, altered, etc. And it's impossible to allow all 7 billion people in the world inspect a paper ballet. It's trivial to let all 7 billion people inspect electronic ballets.

curious2 says

With paper, you have physical evidence and a chain of custody.

With paper, you have physical evidence and a chain of custody that you cannot trust unless you trust all the people in the chain of custody and that no one outside that chain ever has access. These are very bad assumptions, especially if you are trying to fight a sophisticate and malevolent attack or prevent corruption in any system where billions of dollars are at stake.

In contrast, an electronic system can be made impenetrable. An electronic chain of custody can be truly secure. It's not a trivial problem, but we do it everyday with software that matters to us, particularly banking software. We're willing to spend the time and money to make sure our financial accounts aren't compromised. So we know we're capable of writing secure systems when we truly want to.

An electronic chain of custody can be inspected and verified by everyone in the world. No trust is required if the code and hardware are transparent. There are mathematics that can be applied to electronic accounting that simply cannot be applied to paper and manual processes. For example, I can digitally sign any document to prevent tampering and repudiation. This is not plausible with any analog solution.

I don't have a problem with a paper trail if the following conditions are met.
1. The paper trail cannot compromise voter privacy as doing so allows coercion of votes.
2. The system cannot in any way, shape, or form rely on the paper trail. Security must be guaranteed by the system itself, and any attack must be detectable without the paper trail. At most, the paper trail is just a bonus.
3. The system must still work if the paper trail fails for any reason. For example, a voting machine runs out of paper and can't print receipts. The votes cast using it must still count.

curious2 says

I find it even more suspicious that other jurisdictions (mainly Democrat) have decided to subjugate their human voters to the Republican Diebold proprietary paperless machines.

The Diebold machines should be banned. They clearly do not do anything correct and are antithetical to all the principles of honest and transparent elections. But the Diebold machines do not in any way represent what is possible to do with technology.

Thanks Dan, you make many valid points as usual, but I'd like to respond to these few where I think you might possibly have overlooked some things.

Dan8267 says

First, if there is an error as stated in 4a, there is no reason to believe that the same or another error will not occur when reinserting a receipt.

The most likely cause of error is the voter made a mistake. Trying again tends to solve that problem, which is why pencils have erasers. If the machine makes an error, then the voter can report that to the human supervisors at the polling place.

Dan8267 says

A compromised machine can print a receipt that differs from the vote it records while still displaying on the screen what the voter expects.

That's the reason for printing the ballot/receipt and putting the actual voter between the two machines: you look at your ballot/receipt and see that it matches what you expected.

Moreover, because only Machine A can print, and Machine B can only scan, a hacker would need to corrupt both Company A and Company B in order to produce matching counts, and even then the box in Machine B would still have the paper ballots/receipts that had been received and inspected individually by the actual human voters.

Dan8267 says

A third and very important flaw is that the paper receipt reveals the voter's decision and thus can be used to punish voters and force them to vote according to someone else's will. No paper trail that undermines voter's anonymous ballet is acceptable.

Every process has potentially that flaw. There is no way to eliminate it. Every vote I have ever cast could potentially have been monitored at the time. I choose not to worry about it. You could conceivably wear gloves and a mask when casting your ballot, if you are concerned about that, along with a tinfoil hat. We rely on a process in which campaign representatives have an opportunity to inspect everything in advance, to reduce the risk of abuses, but you could conceivably install hidden cameras in the ceiling and walls. Most current systems involve a voter completing a ballot by hand and then feeding it into the equivalent of Machine B, except it is the only machine. A paperless touchscreen machine involves only Machine A, doing double duty as the sole counter, and you have to hope it doesn't have a hidden camera or other device to identify you with your vote. (Of course, if it doesn't even count your vote, then you don't really matter, so maybe no one will care anyway.) You could put Machines A&B in each voting booth, with a tent overhead, to minimize the risk of cameras, but you can never get that risk to zero no matter what you do. And please note the spelling of ballot: we are not requiring elderly invalids to dance here.

BTW, the most insecure methods from the POV of punishing or rewarding votes are absentee voting by mail and home voting via Internet. Canvassers and ward bosses can literally go door to door with hired goons offering carrots and sticks. Absentee and home Internet voting are advocated mainly by Democrats, especially Chicago Democrats but even other cities where "turnout" is valued more highly than anything else.

With Machine B storing the ballots/receipts inside the polling place, there is no way for hired goons to see how you voted, other than cameras. Even if you have been threatened by goons or bribed to vote a certain way and show a photo from your smartphone, you could print the requested ballot and then photograph it, then reject it back to Machine A and print another. You could repeat that process as many times as necessary, if you want to appease rival hired goons or sell your vote several times, but unless the goons have and watch a high resolution video of the whole voting process you would be the only one who knows which ballot you placed into Machine B.

Dan8267 says

Remember the dangling chad problem? Remember the "lost box" of Ron Paul votes. Paper can be forged, burned, lost, altered, etc.

Yes, I do remember those, and Democrats' failure to do anything about it in 2009-2011. That's why I suggest Machine A print a robust ballot like currency, and the voter inspects that, and then Machine B counts. At the end of the day, you should have two matching counts, and a corresponding box of ballots like currency.

Dan8267 says

In contrast, an electronic system can be made impenetrable.

LOL. Please tell that to Sony, Chase, healthcare.gov, the DoD, and everyone else who has tried to make an "impenetrable" electronic system. When they stop laughing, they will explain to you their efforts to achieve that result and why it has yet to be reliably achieved. The inventor of PGP said publicly that any system can be hacked, and your best hope is to foil automatic hacking such that hacking requires more human time and effort.

Dan8267 says

If any expert makes a mistake or tries deception in any way, he'll be caught and severely criticized. His reputation will be permanently destroyed. This is why scientists are very cautious about publishing results and check their work very carefully.

Please tell that to the "Honorable" Katherine Harris, who despite criticism got elected to Congress, and who will enjoy a generous pension greater than that of most engineers. Ditto the SEC head who got criticized for saying, essentially, some executives are too big to prosecute; he was allowed to retire into a $4 million/year job in the private sector. People can survive criticism, it isn't the deterrent it might once have been. Also, please note the high percentage of peer reviewed results that cannot be replicated, and a significant number of retractions.

Respectfully Dan, you put too much faith in technology and expert peer review.

Dan8267 says

3. The system must still work if the paper trail fails for any reason. For example, a voting machine runs out of paper and can't print receipts. The votes cast using it must still count.

If Machine A runs out of paper, it reports that to the human supervisors, and they supply more paper. There is no vote until there is paper. That's the point. You cast your vote by putting your paper ballot into Machine B.

curious2 says

The most likely cause of error is the voter made a mistake.

Confirm the vote visually before ending the voter session. Paper adds nothing except allowing other people to see how the person vote.

curious2 says

Moreover, because only Machine A can print, and Machine B can only scan, a hacker would need to corrupt both Company A and Company B in order to produce matching counts, and even then the box in Machine B would still have the paper ballots/receipts that had been received and inspected individually by the actual human voters.

Trusting human election officials is a bad idea. These are precisely the people who tossed out entire boxes of Ron Paul votes and discounted valid votes for Al Gore because they didn't want Gore to win.

Any support from corrupt election officials would invalidate the benefits of a paper trail. Such officials could mock the system with counterfeit machines that pretend to register the votes and then the officials can dumb the paper ballots. This would defeat you countermeasure you proposed above.

Counterplan

Every voting machine talks back to thousands of clearinghouse machines. A distributed database means that thousands of machines must be compromised for a hack to go undetected. Every voter can check online that their vote was registered. Voters can also go to any other polling station in the world after they voted to securely check that their vote matches what they cast. This eliminates the possibility of being forced to review your vote and thus being coerced to vote for a particular candidate.

Communication between voting machines and clearinghouses is done using both encryption and digital signatures thus eliminating the possibility of counterfeit voting machines.

Finally, the number of redundant copies of the vote is in the thousands, not just two.

curious2 says

Every process has potentially that flaw. There is no way to eliminate it.

Actually, there are ways to eliminate this possibility. Turns out that mathematics isn't just beautiful, it's useful.

Consider the problem of storing passwords. You don't want anyone to be able to crack your online banking password, right? What happens if some criminal gets the hard drive that contains the user table of your online bank? Does the criminal have your password? Not if your bank isn't completely incompetent.

If done right, when you pick a password, no one stores your password. This is why your bank cannot tell you what your password is. They don't know.

This might sound surprising to a person outside of software development, but it is actually the industry standard way of dealing with passwords. You might think a user table looks like this:

UserId, Username, Password, FirstName, LastName
1, bob26, fuzzyBunny123, Robert, Culp
2, bigBoobs69, iampretty, Alison, Smith

In reality it will look something like this
UserId, Username, PasswordHash, Salt, FirstName, LastName
1, bob26, fjks9832fFdsk, ldIsa43fskal, Robert, Culp
2, bigBoobs69, dUslk7sd6, sl889saloa, Alison, Smith

There is no way to go from the "password hash", "fjks9832fFdsk", to the actual password, "fuzzyBunny123".

So it might seem like you can't login to your bank account, but clearly you do. So what's going on?

You pick a password, say "abc". Yes, that's too short, but I want to keep this example short.

This password is appended or prepended with a "salt", a random bit of data. Typically the salt includes your user ID to make it unique -- more on that later.

So "abc" becomes "1ldIsa43fskalabc". This string is feed into a one-way hash algorithm which basically is a function that takes a large set of inputs and maps them to a small -- well, relatively small -- set of outputs. The reverse mapping is neither unique nor predictable, hence the term "one-way hash". An example of a bad, but simple one-way hash is

int Hash (String text)
{
int sum = 0;

foreach (char ch in text)
sum = (sum + Convert.toInt32(ch)) % someMaxValue;

return sum;
}

Forgive the lack of proper indentation, but PatNet doesn't really support code examples. Basically, this function just adds up all the character codes in the text and returns the sum.

A better, but still not best, example is

int Hash (String text)
{
int sum = 0;
PrimeGenerator primes = new PrimeGenerator();

foreach (char ch in text)
sum = (sum + primes.NextPrime() * Convert.toInt32(ch)) % somePrimeMaxValue;

return sum;
}

And there are more sophisticated variations.

The end result is that it is possible to authenticate a user against an unknown password. The only vulnerability is a brute-force hack like trying every possible password until you find a matching hashcode to the database. That's why we use separate salts for each password an why we add the userId to the salt to ensure it's unique. If two people have the password "I like boobies" then cracking one password with a brute force attack does not compromise the other password because their salts and thus their hashes are different.

The bottom line is that well-known mathematics actually makes a lot of things you think are impossible easy.

curious2 says

Dan8267 says

In contrast, an electronic system can be made impenetrable.

LOL. Please tell that to Sony, Chase, healthcare.gov, the DoD, and everyone else who has tried to make an "impenetrable" electronic system.

These agencies actually try to make penetrable systems with back doors they can exploit.

People are so used to crappy software written by amateurs that they erroneously believe that software must be flawed no matter what. This simply is not true. Software is flawed because either its creators want it to be flawed for some nefarious reason or because its creators don't care enough to make the software flawless.

Software is no different in principle than a mathematical proof. Software is pure logic. Logic most certainly can be flawless and that is typically the case in a mathematical proof. If the logic in the submitted proof contains any flaws, no matter how minor, the proof is considered invalid and not even called a proof at all. Yet, throughout your career as a student you were exposed to proof after proof in every single math class starting with ninth grade algebra.

There is no law of mathematics or logic that states that a non-trivial program must contain a flaw. In fact one can take any program and simply iteratively remove a random flaw from it and eventually you end up with a flawless program. This is because of two things. First, there can only be a finite number of flaws. Second, removing a flaw never necessitates adding another one.

Now you may wish to argue that although software can be flawless, human programmers can never create flawless software, but empirical evidence suggests otherwise. When people are financially motivated, when there's enough money on the table and getting it right means getting rich, software is very reliable if not flawless.

There are also ways to automate formal verification of software, if you can apply certain constraints. This is like feeding a proposed mathematical proof into a program which tells whether or not the proof is valid. There are even automatic mathematical theorem generators and provers.

Put simply, if we put the same level of effort into making flawless electronic voting systems as we put into online marketing and predicting consumer behavior and stock performance, then we most certainly can create extremely reliable and unhackable systems. It's all a question of having sufficient political will to pay good engineers to build such a system.

It is the nature of technology to get smaller, faster, cheaper, more capable, and more reliable. Counting votes is like the easiest thing for a computer to do. There are some challenges dealing with preventing and detecting malicious behavior, but these challenges are small compared to others that have already been met.

curious2 says

Also, please note the high percentage of peer reviewed results that cannot be replicated, and a significant number of retractions.

Any study that cannot be reproduced is not accepted. This is the cornerstone of the scientific method.

curious2 says

The inventor of PGP said publicly that any system can be hacked, and your best hope is to foil automatic hacking such that hacking requires more human time and effort.

There is a war that has been raging for over two thousand years, a war between code makers and code breakers. Everybody thought this war would go on forever without any winner. However, modern encryption has decisively demonstrated that the code maker is the winner. The amount of time it takes to break a code increases exponentially faster than the amount of time to generate more secure code. In other words, it takes me twice as long to make this code then it takes ten squared times as much time for you to break it. If I spend three times as much time or CPU power, it takes you ten cubed as much CPU power. Eventually it takes you longer than the heat death of the universe to break a code.

This divergence between code making and code breaking time is the defining characteristic of modern encryption and how what we call encryption today differs from obfuscation, what we call the so-called "encryption" of the past.

Flaws in security, and there are many, are almost always either deliberate attempts to compromise security or are human errors. Making a system transparent solves the first problem. Crowd sourcing the checking of transparent code solves the second.

If someone uses a paper trail for auditing, then I laugh at them while I compromise the system knowing that only a few technologically illiterate, and often elderly, election volunteers need to be fooled. If I have to compromise a system that the whole world can see, I shit my pants and don't even try. All it takes is a single individual among the seven plus billion on this planet to catch me. Even if 99.99999% of people are complete idiots, the odds are stacked heavily against me. Add to that the ability to permanently store the data accessible to everyone on the Internet, there's no way I'd be able to hide my attack.

curious2 says

Respectfully Dan, you put too much faith in technology and expert peer review.

It's not faith. It's fear.

The common man fears that technology cannot be sufficiently advance to solve our problems perfectly. The common man fears the limits of technology.

The wise man knows that technology can become sufficiently advanced to do anything physically possible. The wise man fears the lack of limits of technology.

Technology can already do a lot of things you think it cannot do.
- The Incredible Story Of How Target Exposed A Teen Girl's Pregnancy
- Browser Fingerprints: A Big Privacy Threat
- An Efficient User Verification System via Mouse Movements
Yes, that means identifying you as an individual by how you move your mouse.
- Computer-generated copy is already used in sports and business reporting – will machines soon master great storytelling?
- Virtual composer makes beautiful music—and stirs controversy
- How Facial Recognition Systems Work

And that's just the tip of the iceberg. By tracking a person's movement using their GPS coordinates reported by their cell phone, a person with access to such data could identify every acquaintance you have and every acquaintance everyone else has. You could graph all business, social, and political relationships. You could data mine these relationships alone to accurately determine
- who someone is going to vote for
- how likely a person is to be arrested
- how many sexual partners a person has
- the sexual orientation of a person
- the person's religion and how strongly religious they are
- almost all political and social beliefs held by the person
- who is most likely to die of cancer or some other disease
- the person's hobby's, interests, and likes
- where the person works and when, and thus what the person's income likely is
- add to that where they play, and you certainly can have an accurate and precise estimate of their wealth and income

And that's all just from location data. Imagine adding all the other data generated by people in their everyday lives.

The only argument against electronic voting machines should be that voting is inaccurate and unnecessary. If we leveraged the data-mining power demonstrated every day by online marketing companies, we could replace politicians with bots who get their instructions from all the people in real time. No need to vote. Simply live your life and the expert system will figure out what you want far better than you can. And it will be more accurate than even the most incorruptible and wisest human leader could ever be even in principle.

Oh course, technology is neither good nor evil except how we use it.

So no, I don't have faith in what technology can do. I have fear. And that fear makes me know the problem isn't what technology can't do. It's what we end up using it for if we aren't extremely careful.

Interestingly, this little debate that curious2 and I are having boils down to a philosophical question. Which is more trustworthy, man or machine?

I think I understand what is going on in Curious2's mind because this is exactly the kind of subject that I'm always thinking about. However, I could be wrong about he believes so I apologize ahead of time if that's the case. But I usually can do a pretty good job of expressing the opposition's position even better then they can. So I will attempt that here, and if I get it wrong, please correct me.

Cursious2, like most people, fall into the camp that man is more trustworthy because man can understand man but cannot fully understand or know machine, or at least most people can't and only a few really intelligent experts can understand machines in sufficient detail.

I fall into the camp that machine is more trustworthy than man because machines can be made transparent -- I would never trust an opaque machine -- whereas man cannot. Also, I find it ridiculous that anyone would trust man given man's history.

The argument in favor of man revolves around human behavior being intuitively understood by everyone, being well-known having changed little since the Stone Age, and it being difficult for any group of men to fool all other men for long periods of time. In contrast, machines being so much more advanced and alien to most people, can fool just about everyone just about all the time and without limits on how long they can continue to fool people.

The argument in favor of machine is that transparent machines, and systems, can be examined by anyone and if only one person finds a flaw than the flaw can be demonstrated unequivocally, fixed, and verified. Crowd-sourcing to the entire world is more than sufficient to do this as even if only the tiniest portion of the people are both willing and capable of finding a flaw and even if 99% of those people fail, the flaw will still be exposed and fixed. Flaws simply cannot continue to exist in transparent systems. This is why all mathematical proofs widely accepted for even a few years are never later demonstrated to be wrong. You just don't hear that we were wrong about the square root of two being irrational and that it really equals 10/7.

Of course, just because machines can be trustworthy does not mean they all are. I'm looking at you, Starscream. The trustworthiness of a machine is often determine by the trustworthiness of the people creating the machines, although transparency does eliminate this problem. Still, in order to set up a trustworthy system, such as an electronic voting system, the people working on the problem must have good intentions even if the system is transparent. Otherwise, they will fail to build a trustworthy system and their project will ultimately collapse.

Dan8267 says

Cursious2, like most people, fall into the camp that man is more trustworthy because man can understand man but cannot fully understand or know machine, or at least most people can't and only a few really intelligent experts can understand machines in sufficient detail.

I appreciate truly your comments, and am still processing the salted hash education. I reply briefly here to say that most of all I appreciate honesty.

I feel some concern that the Democrats choose to extend nationwide the effect of the Republicans' proprietary Diebold/PES machines. It reminds me of Obamneycare, where the Democrats chose to impose HeritageFoundationCare. I feel sometimes that when Republicans have an incredibly disastrous deal in mind, they get gullible Demcocrats to enact it.

Humans have a longer history than machines made by humans. Conspiracies among humans tend not to last long, and we have a long history of containing the mischief that humans can cause. For this reason, I do tend to prefer mechanisms that humans can inspect without recourse to machines.

That preference is not intended to disparage machines or theories. Rather, it favors empirical observation. Theory must yield to data.

"Assume your adversary is capable of one trillion guesses per second."

I cannot find at the moment, but I remember, an interview in which Phil Zimmerman (inventor of PGP) said the best you can hope for is that hacking you would be difficult, and would require human effort and the allocation of scarce or at least limited resources. I have yet to see corroboration that any electronic system can be made impenetrable. To the contrary, I see over and over again that vulnerabilities may remain, and that even the availablilty of many eyes to look at something doesn't mean they have actually looked at it, or seen all.

So, yes, I do come back to the old ways, the human ways, though I recognize tech may surpass them. Whether we are there yet, I leave to others.

We don't need to change anything about voting. There is no fraud,gerrymandering or hanging chads.

HEY YOU says

We don't need to change anything about voting. There is no fraud,gerrymandering or hanging chads.

What did the Democrats change about it when they had power from 2009-2011? What legislation have the Republicans sent to the President since then?

curious2 says

I feel some concern that the Democrats choose to extend nationwide the effect of the Republicans' proprietary Diebold/PES machines.

The Diebold machines are clearly bad and should not be trusted. Actually, there should be no trust of any machine, person, or system. Transparency, not trust, is the only way to fight corruption and mistakes.

However, a bad, even malicious, implementation of a system does not mean that all possible implementations must be bad.

curious2 says

"Assume your adversary is capable of one trillion guesses per second."

Design the system so that the first wrong guess triggers an alarm. Ten wrong guesses triggers a big alarm.

curious2 says

I remember, an interview in which Phil Zimmerman (inventor of PGP) said the best you can hope for is that hacking you would be difficult, and would require human effort and the allocation of scarce or at least limited resources.

This is one school of thought. However, I strongly disagree with it. Those in this camp use their gut feelings and historical precedence to conclude that since all previous systems have flaws, all possible systems must have flaws. This is a non-sequitur. The 20th and 21st century have shown "new things under the sun" every single day.

There is no law of logic and no law of nature that says a logical system must contain flaws. On the contrary, flawless mathematical systems are frequent created and are considered the norm.

There is an old saying in Information Technology. No security through obscurity. This saying means that a transparent system can be made secured, but one with secrets cannot. The reason for this is that every flaw in a transparent system can be found and fix, whereas mistakes and maliciousness in opaque systems cannot.

If one accepts that any given mistake can be fixed without introducing another mistake, which is a reasonable assumption consistent with both all known laws of logic and all empirical evidence, then eventually transparent systems tend to perfection. The use of electronics and distributed computing enhances this ability.

As long as a paper trail does not compromise the system, say by revealing people's votes, then I have objections to there being one. At best and at worst it's redundant. However, there should be no reliance of a paper trail, and by that I mean physical paper, to ensure security, transparency, and accountability. The electronic system itself should guarantee these things itself regardless of whether or not the paper trail exists.

Although there is a tendency to believe that all systems are inherently flawed, there has never been a single example of a problem in any IT system that logically or physically cannot be solved. Yes, there are hard problems, but so far no unsolvable problems. And quite frankly, the problems with electronic voting systems aren't hard ones. Of course, the system must be completely transparent because no human being can be trusted. But the great thing about transparent systems is that they require absolutely no trust whatsoever.

"Hackers Elect Futurama's Bender to the Washington DC School Board"

#FeelTheBender, coming soon to a Presidency near you.

Time to bump this thread. Now that people are talking about Russia allegedly hacking American election systems, suddenly government and commercial press are praising the "clunky" old paper ballots that cannot easily be hacked online. Notice how they didn't care about that when they assumed the hacking would be domestic, e.g. by Diebold/PES or the former colleagues of Edward Snowden. Back then, Democrats were busily enacting NPVIC, and someone was paying shills (e.g. "otto") to copy and paste talking points in favor of it, thus making nationwide elections easier to hack. Oops. Be careful what you wish for. The states that enacted paperless ballots could easily be hacked, with no proof either way, and if NPVIC were in effect, they could swing the whole election. Now, suddenly, people are beginning to realize that the paperless electronic systems are more vulnerable, and (by extension) they might realize that NPVIC as currently written is potentially disastrous.

The recounts have alerted Senator Bernie Sanders to the necessity of paper ballots: "And I wouldn’t have said this a few years ago, but I will say it tonight. I was just researching this. You know, in Canada, they still do their voting with paper ballots. And maybe it takes an extra hour or two to get the results out to the media, but they manage to survive. And I kind of think we should go back to paper ballots, lock them up." Read the whole interview if you have time, and his new book. He talks about how the commercial media froze out coverage of his primary campaign events, and the systematic establishment efforts to block insurgent campaigns.

In particular, with regard to this thread, I hope idealistic Democrats will recognize the necessity of accountability, including verifiable paper ballots, prior to enacting NPVIC. Idealistic Democrats tend to have more hope than sense, more theory than practice. Paperless ballots enable the automation of election theft, with no recounts and no accountability. As noted in this thread, it's usually the Republican establishment that imposes these proprietary paperless ballots. Misguided Democrats are now taking up the cause, just as Obamacare imposed Romneycare nationwide. By replacing the state firewalls of the Electoral College, NPVIC would impose each state's potentially hacked paperless results nationwide. Cynical partisan establishments have exploited idealistic naivete too many times already.

If you want to replace the Electoral College with direct election, then enact legislation requiring each state to assign its electoral votes to the winner of that state's popular vote. If you want to replace statewide voting with nationwide voting, first make sure you have nationwide standards for voting, including paper ballots. Don't naively hand over control of elections to party establishments with no accountability.

NPR: "CIA Finds Russian Hackers Tried To Help Trump's Election"

Whether that finding is true or false, Democrats should reconsider the NPVIC. In recent years, Democrats have denied (bizarrely) that election fraud or rigging occurs, or can even occur. This year, Democrats said even the accusation would be "unpatriotic." Democrats have been enacting NPVIC, which would subjugate the human voters' paper ballots in blue jurisdictions to the easily hacked, paperless, proprietary electronic ballots in mostly red jurisdictions. NPVIC contains NO PROTECTION AGAINST HACKING OR OTHER FRAUD. If the "Honorable" Katherine Harris were to certify a billion Florida votes for "Jeb!", then NPVIC would commit California's electoral votes to follow. That would be even more idiotic and self-defeating than Obamneycare proved to be. Yet again, Republicans initiate a dangerously bad idea (HeritageFoundationCare, Diebold/PES proprietary paperless ballots), and credulous Democrats enact it. You can't save people from themselves, but you can try to warn them.

"An attempted hack into Georgia's voter registration database was traced back to the Department of Homeland Security, The Wall Street Journal reported Thursday.

A third-party security firm working for the state detected the unsuccessful breach and linked it to an IP address associated with DHS, the report said. Georgia Secretary of State Brian Kemp reportedly sent a letter to Homeland Security asking the department to confirm whether an attempt was made."

"An employee with DHS was using licensing databases on the Secretary of State's website to verify an individual's background, a Homeland Security official told Kemp in an e-mail last week.

Federal officials told Kemp that they believe the employee's computer was incorrectly set up so that a legitimate visit to the website inadvertently set off alarms. Kemp, however, believes further investigation is needed."

If Democrats continue enacting NPVIC, or if Republicans begin enacting it, then anyone will be able to steal an election by hacking some of the easily hacked paperless voting machines that control a quarter of all votes nationwide. It is conceivable that more than one set of hackers might hack different machines in the same election. The end result would be: boldest hackers win.

#Bender2020

curious2 says

attribution rather than plagiarize

I thought of everything before anyone else. Anything that anyone thinks,writes or says is plagiarizing me.
Everything posted on patnet must start with: HEY YOU says:

curious2 says

attribution rather than plagiarize

I thought of everything before anyone else. Anything that anyone thinks,writes or says is plagiarizing me.
Everything posted on patnet must start with: HEY YOU says:

curious2 says

What did the Democrats change about it when they had power from 2009-2011? What legislation have the Republicans sent to the President since then?

We shouldn't expect much from RETARDS! Disappointment SUX!

""Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.
***
Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions.
***
Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards.
***
Although the document does not directly identify the company in question, it contains references to a product made by VR Systems, a Florida-based vendor of electronic voting services and equipment whose products are used in eight states."

Will Democrats please now repeal the potentially disastrous NPVIC, before somebody hacks into paperless ballot machines and steals an election? They seem to be obsessed with Russian hackers, so this should get Democrats' attention. Will state Democrats please safeguard our elections better than they safeguard the DNC server?

curious2 says

What did the Democrats change about it when they had power from 2009-2011? What legislation have the Republicans sent to the President since then?

Two do nothing Parties.

The E.C. is not the problem,brainwashed ,gullible voters will continue to vote D/R.
Stupid might be forever. The status quo has worked so well,so far.
FMTT!

"Americans have reason to be concerned about the integrity of Georgia’s election system—and the state’s puzzling lack of interest in addressing its vulnerabilities. “The security weaknesses recently exposed would be a welcome mat for bad actors.”"

And yet, NPVIC contains no provision to guard against hacking or other fraud. Instead, NPVIC would strip away the firewall of the Electoral College, subjugating human voters in blue states to easily hacked machines controlled by red states. Cui bono?

Democrats want to:

- Destroy the electoral college
- Do away with voter ID laws
- Allow illegals to vote

How does any of this help the country?

Once we get voter ID's on a national level, all of this will be pointless since maybe only 3-4 states will go blue anyway.

"Several Ohio websites, including that of Gov. John Kasich, were hacked Sunday with a message that supported the Islamic State and opposed President Trump."

Will Democrats please repeal NPVIC, or at least amend it to require paper ballots and safeguard against hacking? If they continue enacting NPVIC as written, we could see the easily hacked paperless machines in Ohio and elsewhere hacked by ISIL or anyone else. I suspect it's possible that some in the Deep State might have supported NPVIC as a way to "manage" elections, perhaps not realizing that other hackers have skills too, including Russian hackers who are among the best in the world.

zzyzzx says

Once we get voter ID's on a national level, all of this will be pointless since maybe only 3-4 states will go blue anyway.

Only if your voter ID prevents citizens from legally voting. Otherwise it is a right-wing pipe dream to prevent democrats from being voted into office by passing ID laws. Hell, done right, more people would vote.

Of course, what we should do is make voting power proportional to the number of people being represented. Then the right would have zero power on the national level.

"We have significant vulnerabilities in our voting machines, our voter rolls and registration process, and the vote tabulation systems after the polls close. In January, DHS designated our voting systems as critical national infrastructure, but so far that has been entirely for show. In the United States, we don’t have a single integrated election. We have 50-plus individual elections, each with its own rules and its own regulatory authorities. Federal standards that mandate voter-verified paper ballots and post-election auditing would go a long way to secure our voting system. These attacks demonstrate that we need to secure the voter rolls, as well."

curious2 says

Some opponents have pointed out a risk of fraud, but supporters seem to dismiss or at least underestimate that risk.

A risk of fraud is not what we have to worry about.

Since the acrimonious debate around NAFTA, where Clinton assured, swore and attested that more US jobs would be created, and against Perot, who started large technology firms, said that there would be a dramatic loss of jobs.

Since we now know that this is a greater loss of jobs, and that the "Giant Sucking Sound of job loss" occurred this is where we need the electoral college. Why?? Because a great deal of the manufacturing was outside of city centers (save for Detroit, Fremont,...).

If the electoral college goes, then the city dwellers near the coast decide the election, and the representation of the minority of manufacturers (

curious2 says

Some opponents have pointed out a risk of fraud, but supporters seem to dismiss or at least underestimate that risk.

A risk of fraud is not what we have to worry about.

Since the acrimonious debate around NAFTA, where Clinton assured, swore and attested that more US jobs would be created, and against Perot, who started large technology firms, said that there would be a dramatic loss of jobs.

Since we now know that this is a greater loss of jobs, and that the "Giant Sucking Sound of job loss" occurred this is where we need the electoral college. Why?? Because a great deal of the manufacturing was outside of city centers (save for Detroit, Fremont,...).

If the electoral college goes, then the city dwellers near the coast decide the election, and the representation of the minority of manufacturers (~ 9% of the workforce) is ended.

Bill Clinton should have met with Dept of Labor and industry leaders in 1999 and asked "How is NAFTA doing?" It would have been the right thing to do rather than ignore the whole sale loss of jobs.

IRONY: If Bill Clinton would have had a critical look at NAFTA, suggested improvements to stop US job loss ( or Bush or Obama), the wife of said Lawyer might have been elected.

""Connecticut OKs Bill Pledging Electoral Votes To National Popular-Vote Winner...The bill adopts an interstate compact that's officially called "The Agreement Among the States to Elect the President by National Popular Vote." All of the states that have so far committed to the pact are also states whose electoral votes went to Clinton in 2016.

Democrats have led the recent push to change the way the Electoral College works."

Note that the NPVIC itself has not changed. There remains no protection against fraud, including hacking, no matter how obvious. The easily hacked, proprietary, paperless ballot machines in Ohio could literally award a trillion votes to the CEO of Diebold (or now PES), and Connecticut voters would have no say in the matter. It is practically an invitation to any skilled hacker, including state actors, including CIA/NSA, to hack American Presidential elections and control the Presidency.

The "National Popular Vote organization" does not disclose its donors on its website, although that information might be available somewhere. For example, the About page says, "Scott Drexel is the Managing Director of NMA Partners. A longtime advisor to some of the country's most active Democratic donors, activists, and business leaders, he serves on finance committees for several national Democratic committees, and has been active in the campaigns of numerous presidential, gubernatorial, U.S. Senate, and U.S. House candidates." I wonder who those "most active Democratic donors" might be, and how much they have paid into this misguided effort.

WarrenTheApe says

2) This whole exercise is just another example of why the suffix '-tard' is in the word Libtard. Why? Because it is yet another instance where the Left never really thinks things through. In this case, when the popular vote goes to a Republican...all those Bluetard states EC votes will go with him/her/xir. I can't wait for the voters of those states to experience this and riot in the streets over their own mass-stupidity. Truly. And with their luck, the first time that happens will be in 2020...with the re-election of one Donald Trump! :)

.

This is how Trump is going to beat Reagan's reelection electoral landslide.

"The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them."

Gosh, I wonder why Democrats in blue jurisdictions would want to subordinate their fellow human voters to machines in red jurisdictions.

I predicted in November 2016 that Trump would win California in 2020. Maybe this is how it comes to pass? I’ve been astonishingly accurate lately, so I can’t doubt myself!

"In 2016, I bought two voting machines online for less than $100 apiece. I didn't even have to search the dark web. I found them on eBay.
***
Within hours, I was able to change the candidates' names to be that of anyone I wanted. When the machine printed out the official record for the votes that were cast, it showed that the candidate's name I invented had received the most votes on that particular machine.
***
[In 2018], I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines—those that were used in the 2016 election—are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones. Our voting machines, billed as “next generation,” and still in use today, are worse than they were before—dispersed, disorganized, and susceptible to manipulation.
***
But while state and local election systems have been conducting risk assessments, we’ve also seen an 11-year-old successfully hacking a simulated voting website at DefCon, for fun.
***
By using a $15 palm-sized device, my team was able to exploit a smart chip card, allowing us to vote multiple times.
***
Since these machines are for sale online, individuals, precincts, or adversaries could buy them, modify them, and put them back online for sale.
***
But there’s an opportunity here to develop nationwide policies and security protocols that would govern how voting machines are secured. This could be accomplished with input from multiple sectors, in a process similar to the development of the NIST framework—now widely recognized as one of the most comprehensive cybersecurity frameworks in use."

Oddly, the author fails to point out the two most obvious methods to address this problem.
1) Require paper ballots. You can have a touchscreen machine print a ballot, but the voter must inspect it and, if accurate, feed it into a second machine that counts and stores the paper ballots. If the voter detects an error, that ballot gets cancelled visibly and the voter tries again. At the end of the day, the counts should match: the number of ballots printed by the printing machine, minus the number of ballots visibly cancelled, should equal the number of votes counted by the counting machine. If the numbers do not match, you can recount using the paper ballots. Otherwise, with a paperless system, you have no way to audit or recount: you have only what the easily hacked machine says, and no way to know if that is accurate.
2) Repeal NPVIC, or at least amend it, to require safeguards including paper ballots. By enacting NPVIC as written, Democrats are subordinating human voters to proprietary, easily hacked, and unaccountable machines controlled mostly by Republicans. It amazes me how Democrats can identify a problem and then propose only ways to worsen it. It makes me wonder whom are they really working for, and why. What would persuade a governor who is a Democrat to sign legislation subordinating human voters in his own state to easily hacked machines controlled by Republicans in another state? It reminds me of the "#Resistance" that seems to come at least partly from the CIA, which also invested in Palantir. If the goal is to automate election hacking, so that a deep state agency or similar actor can control the outcome of elections, then NPVIC as written would enable that.

Democrats complain that people in other countries, e.g. Russia, are skilled at hacking American computers including government systems. China and North Korea have also shown prowess. Yet, Democrats neither repeal nor amend NPVIC. They say they want the "popular vote" to determine the election result, by circumventing the electoral college, but that is not what they are doing. They are instead enacting legislation that would enable easily hacked machines to determine the election result. Why? Cui bono? What are they really trying to accomplish?

Can you imagine the Leftist tears when Donald Trump wins the popular vote in 2020 and California has to cast its electoral votes to him?