Election Security Proposal
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Election Security Proposal

  1. #1
    Banned
    Join Date
    May 2003
    Posts
    1,004

    Election Security Proposal

    So I've been charged with researching electronic security requirements and I must say, from a risk management perspective this is unlike anything I've ever come across before.

    What is the cost associated with voter fraud significant enough to steal an election? Half the population will be upset, the other half is likely to not only not care, but may actually be in favor of the fraud. Again, what is the cost? Some companies may benefit significantly if the election is swayed in a favorable way, but once the election is certified these gains will (presumably) be legal, so again this cost only harms some organizations while aiding others.

    Is the burden of the cost only on those who's agendas stand in opposition the fraud? How many Americans wouldn't mind their candidate winning by fraud? How many would give an honest answer to this?

    Considering the amount that a given organization could gain by stealing an election, it makes sense to assume that such an organization would be willing to spend a great deal to that end. Does it then make sense for the already drained local, state, and federal governments to bother spending anything to secure the elections? (An attacker could easily outspend as the gains are greater than the perceived costs.)

    It seems we have two choices:

    1. Attempt to secure the elections at a tax payer cost of potentially billions of dollars. (And piss off everyone over this expense that creates no improvement in the quality of life of those paying.)
    2. Do nothing, spend no money and piss off only about half the population.

    I gotta tell ya, if this was a company, I'd be leaning toward #2.

    cheers,

    catch

    PS. Before you pin this on my political beliefs, I am exceptionally liberal.

  2. #2

    Re: Election Security Proposal

    Originally posted here by catch
    It seems we have two choices:

    1. Attempt to secure the elections at a tax payer cost of potentially billions of dollars. (And piss off everyone over this expense that creates no improvement in the quality of life of those paying.)
    2. Do nothing, spend no money and piss off only about half the population.

    WTF ? How old is this? Oh well I will reply anyway: Voter Fraud is bad. Why?

    Well a Democracy is about what the majority want right?
    Not what the rich want.

    So without securing the voting systems (or even trying) and leaving it wide open to fraudulent people/company's Democracy is gone.

    But I am sure it doesnt matter in the US now anyway. Apparently the voting machines were the least secure devices ever or something... that what .. Berkely said I think it was... so long ago.

    But securing the voting systems is hardly going to stop corruption (although its a step)

  3. #3
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Well a Democracy is about what the majority want right? Not what the rich want.
    Unfortunately idealism and risk management don't blend well.

    So, how much is the presidency worth? $1 million? $100 million? $1 billion? $100 billion? How many corporate ties, legal changes, supreme court judges, whatever... how much? How about a Senator? A Congressman?

    Now how much do we want to spend of securing elections? $0.01 per user? $1 per user? Is a security system costing $100 million likely to be effective if the potential attackers have considerably more than that to gain?

    What if your district taxes the hell out of you to pay for improved security but some place across the country makes no such expenses and suffers huge fraud which is covered up by the incumbents... do you think your tax money was well spent?

    Think back to the 2000 election, how many Bush supporters wanted to even consider the possibility of voter fraud? Do you think it would have been different if Gore won suspiciously? The same argument, half the population at any given time doesn't care about voter fraud (not to mention those put in power by such fraud).

    From a simple cost benefit evaluation, one can only come to the conclusion that American democracy is dead. Which is dramatic and grim, but I see no other way to read the numbers and consequently no way to justify throwing the money away.

    cheers,

    catch

  4. #4
    I agree. American Democracy is dead.

    Apparently Bush and Kerry had almost the exact same scores at yale (that is **** scores)
    And the fact that the US fools can only vote for A or B is such a redundant expression of democracy anyway. especially when there is no real difference between the two.

    Then again there are other ways to change the world *hacks into DOD* lol

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmm,

    Over here there has been discussion of electronic voting, but I feel it is a good way off.

    My question for you, Catch is: do you have postal voting?.....that is where there is a real potential for fraud.

    It is OK to have ballot box and electronic security systems tight, but you must not forget postal votes if they are allowed.

    The reason I mention this is that we have had a big scandal over here just recently...........it is dead easy to hijack a postal vote


  6. #6
    Frustrated Mad Scientist
    Join Date
    Dec 2004
    Posts
    1,152
    I went to vote in the UK elections in May.
    I've moved house recently, not far so I'm at the same polling station.
    I didn't get my polling card so I went down with my passport driving licence etc.

    I spoke to the official and told him I didn't have a polling card and that I had moved house.

    I gave him my old address he found me on the register and handed me the ballot forms.

    I actually offered my passport to check but he wouldn't do it. Very scary. I really could have been anyone.

  7. #7
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741
    how hard does it technically have to be to create a secure e-vote machine? I know this question can spawn a whole mess of questions and concerns but hear me out...

    First you dont make it possible to be transmitted over any internet technology. Machine has to be hooked up in locked down area and then some program will tally the votes... The machine that you vote on is nothing more than a touch screen... No input/output options (ie keyboard, mouse, usb, serial, nothing). The admin mode of the machine doesnt have rights to anything more than a regular voter would.... the machine HAS to be connected a propriotary machine to be able to do anything (using its own 256 bit encryption whatever).

    Now what other security issues are there? physical security? this is an issue with paper voting as well as mail voting (as nihil stated).

    Does it matter how secure we make it? You have already stated what appears to be a pretty darn good truth, 1/2 of this country couldn't care. I give you the instance when Bush was first elected, thousands of pieces of paper with a little hole punched in them that either didnt punch right or was lined up wrong or whatever.... This may not be a computer but a security issue on its own.

    As far as what price do you put on an election? You can't, it infintely influences everything in the economy, worldwide and nationally. It influences every judge that is behind such and such party/person, every cabinent member, etc... there is no end
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  8. #8
    Banned
    Join Date
    May 2003
    Posts
    1,004
    First you dont make it possible to be transmitted over any internet technology. Machine has to be hooked up in locked down area and then some program will tally the votes... The machine that you vote on is nothing more than a touch screen... No input/output options (ie keyboard, mouse, usb, serial, nothing). The admin mode of the machine doesnt have rights to anything more than a regular voter would.... the machine HAS to be connected a propriotary machine to be able to do anything (using its own 256 bit encryption whatever).
    First off you need to have the system evaluated by multiple independent agencies with public findings. The security proofs, the source code, everything must be made public, and there must be a way to spot audit any given machine at any given time to ensure that it has not been tampered with.
    Next, every single vote must be auditable while not identifying the voter. Perhaps some sort of delayed line printer that prints out 10 votes at a time using two encryption keys. One based on the voters authentication information (district code + pin + passphrase) and the other based on the aggregate of data collected at that site (vote, voter sequence, time). The first will allow any given voter to later look up their own vote to ensure it has been collected correctly. The second to ensure that entire pages cannot be thrown out.

    You are still left with the system that can have unverifiable votes added. Where voters can arbitrarily denied the right (as happened in Florida). Where people don't care what the actual votes are, but what the media says they are. With a system that will be different in every state. A that will be prohibitively expensive because again, at any given time only half the country will care about such issues.

    cheers,

    catch

  9. #9
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741
    Sadly you are 100% correct as we both already knew.... but when has anyone cared about how much money the government seems to waste on everything anyway? 40,000 dollar hammers and such odd BS.

    In the end whatever system they end up using probably wont be secure, whether it be paper (you can still add cards) or electronic (hackable, crackable, etc). Either method allows for votes to be altered to whomevers prefered outcome.

    So back on track at what cost do you secure or come close to securing this method of voting? I don't think cost will matter, no matter how much money you spend on securing this, certain areas will lax and not follow security measures, others will be super tight, even the most secure of items has its weak points and allows for vulnerabilities. This brings you back to your other concern... Would anything happen if the election was rigged? Would anyone know? And would half the population actually take any action because of it. I don't think the outpour would be large enough that anything would happen other than an official statement saying "we are looking into it" blah blah blah

    Just my 2 cents
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  10. #10
    Senior Member
    Join Date
    Dec 2004
    Posts
    320
    seeing as the 'worlds biggest hacker' was able to hack the Pentagon! and NASA. Which I am sure have more defenses than your standard voting machine, I guess it would be kind of trivial to try and secure a voting machine that is connected to a WAN (I am assuming here). Without going into to much detail ( as I am sure your contract specifies ) what is the setup of this thing ? x86 on a WAN ? No disk drives or any of that crap I am assuming? ( I normally wouldn't post that dumb of a question, but as of late I have seen some pretty dumb sh*t ) Is it on a 802.3 ethernet, star or what ? I guess I am trying to say that it kinda depends on the setup. If it is on a windows machine then I wish you the best of luck. If it is some _totally_ unknown proprietary OS then you may have a shot.
    ... I am not even going to try and begin on the encryption schemes, althought some type of hash based off of voter ID and time and such wouldn't be a bad idea...
    ... but then again, I am only a repair tech. (cut me some slack, I am only starting my career )
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •