Search Mailing List Archives
rrb at g.clemson.edu
Wed Dec 7 07:17:59 PST 2016
With all these discussions too often vote selling
is overlooked. If I can vote from an insecure location,
I can vote in front of someone paying me $100 to
vote as they want.
On 12/07/2016 09:24 AM, Rich Kulawiec wrote:
> On Fri, Dec 02, 2016 at 02:26:49PM -0500, Andres wrote:
>> Rich, the article you link to talks about the risk of one individual voting machine being tampered with.
> I think you missed the point Schneier was making. It's NOT about one
> individual voting machine, it's about attacker budgets. Look at the
> big picture, not the small one he used to illustrate the point.
> An attacker with a $100M budget (a conservative estimate in 2004, now
> clearly only a fraction of that available) isn't going to use it to
> attack just one voting machine: that'd be a poor return on investment.
> A 2016 attacker, who could have a budget an order of magnitude larger,
> would likely attack in a systemic, distributed -- and subtle -- fashion.
>> When voting online you can use any hardware (PC, Mac, Linux, iPhone
>> or Android phone, public or private) to vote and later verify your vote.
> That last part ("...later verify your vote") disqualifies the system
> from use. This is a well-known problem with election systems (electronic
> of otherwise): if you can verify your vote at some later point, then
> so can someone else. And if someone else can verify your vote, then
> you can be induced (willingly or otherwise) to vote as directed.
> And even if that's addressed, there's a massive problem with this approach,
> or ANY approach that allows voters to use their own computing systems.
> End-user systems are compromised in enormous numbers. This is a well-known
> problem that's been discussed at length for much of this century, e.g.:
> Vint Cerf: one quarter of all computers part of a botnet
> When Cerf made that estimate, I thought -- based on my own research and
> consultation with others doing similar work -- that it was too high by
> perhaps 25% to 50%. With the benefit of hindsight, I think he was right
> and I was wrong. Given the passage of time since then, the numbers are
> undoubtedly far higher. (Doubly so since nothing truly effective has
> been done to reduce them or even slow down the growth rate, and many
> things have happened to make the situation much, much worse.) I suspect
> that the number of compromised systems is probably ten times what it was
> ten years ago and no doubt the mass deployment of IoT devices with horrible
> (or no) security will make this even worse. And if various governments
> are successful in forcing vendors to build in backdoors, it will get
> MUCH worse in a big hurry.
> Why does this matter? Because (as I've said ad nauseum) if someone else
> can run arbitrary code on your computer, it's not YOUR computer any more.
> If your phone is compromised, and you use it to vote, and you later
> use that phone to verify that your vote was cast as you think it was,
> how do you know that what you're seeing on the screen is correct?
> Why couldn't the same malware that redirected your vote from candidate
> A to candidate B also show you that you voted for candidate A? (That isn't
> a particularly challenging software problem given that the former has
> been solved.)
> Remember: it's not your phone any more. It's theirs. You may walk
> around with it, you may use it, but you don't own it. Not any more.
> So why would you expect someone else's phone to behave as you think
> or believe or want it to?
> Does that malware exist? I don't know. But I do know that if a
> sizable enough population starts using their phones to vote, it WILL
> exist, because it will become worth someone's effort. (And by the way:
> this will require far less than even the small $100M budget from 2004.)
> Substitute "tablet" or "laptop" or "smart home IoT device" or "desktop"
> or whatever without loss of generality for "phone".
> Any voting system which allows voters to use their own computing devices
> is fatally flawed and must be dismissed, with prejudice, immediately.
R. R. Brooks
Holcombe Department of Electrical and Computer Engineering
313-C Riggs Hall
PO Box 340915
Clemson, SC 29634-0915
email: rrb at acm.org
More information about the liberationtech