Become a fan of Slashdot on Facebook


Forgot your password?
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Re:Authentication then anonymity (Score 1) 214

"A one-way hash function serving as a checksum for the ballot content combined with the voter identity."

The government owns both the voting machine and the database storing the results, which means the government can MiM the hash. Which in turn means that it is not enough for the voter to be able to recall the hash, it needs to recover what his result is, to be sure it's what he indeed voted. But once the voter can do that, he can be coerced to vote one way or another.

Comment Re:"Technologically impossible?" (Score 1) 214

"This data must be recorded in a register of WHO voted, it must NOT be recorded in the register tallied votes."

Registered is the key here. How do you make sure whatever the voter decided is what got into the database?

Authentication means allowing the process to be submitted or not."

This is, by its own definition, authorization, not authentication, but I get your point. The problem is that this is *one* kind of authentication. You not only need to make sure the one voting is allowed to vote (you authorize by means of an authentication process followed by a tracking one), but you also need to make sure that the casted voted is counted as is. For this you also need authentication, the ballot's in this case.

"The numbers have to match, but the data doesn't have to be associated."

It needs to, if the system puts the vote in the shadows, where it may be modified from casting to counting.

Comment Re:Authentication then anonymity (Score 1) 214

"What you're missing, I believe, is that the authentication is required at a certain time"

What you are missing, I believe, is that authentication is required at more than one moment in time, for more of one action or good.

You need to authenticate the voter to be who he says to be in order to avoid him voting twice. This you can get with this kind of system. But then you also need to authenticate that whatever that person voted is in fact what he voted. With paper you get this by the voter having the ballot in his full control from the moment the vote is decided (the moment he puts the vote within an envelope) till the moment he puts it in the ballot box and having an in-plain-sight chain of custody from that moment up to the moment the vote is counted. With an e-vote, how do you make sure whatever the voter decided is what got into the storing database without, at the same time, losing the voter's anonymity?

"...and the anonymity is required at a different, later time"

No. Anonymity is required along the full process. There *is* a moment when anonymity is also under risk with physical ballots and it is the period that goes from the voter putting the ballot in an envelope till the moment he puts it in the ballot box, and that's why this is done on a public place.

So, let's recap: on physical vote you gain both anonymity and authentication the Sherlock Holmes' way "Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth." You don't really probe them, you just leave neither place nor time where/when the ballot can be tampered with or its content tied back to its caster. On a purely electronic system, there's no way you can offer neither such impossibility nor a positive proof that it cannot be done, as there's a single party -which is not to be trusted, owning the full process, from cast to storage.

Comment Re:"Technologically impossible?" (Score 1) 214

"This is not impossible. In fact it is a solved problem."

I don't think so.

I mentioned the perpetual motion device for a reason. This discussion remembered me of an essay from Isaac Asimov about perpetual motion devices. It went into explaining the Second law of thermodynamics, then some examples of faulty devices, and why they were faulty... and ended, more or less, like this: "...and don't waste your time sending to me your 'really working' perpetual motion devices' designs. I am just an 'aficionado' so it very well may happen that I can't see the flaw on your design but, believe me, there *is* a flaw".

This is more or less the same. You *think* you solved the problem. Well, you didn't.

"That system lets everyone vote exactly once, maintains secret ballot, and gives voters the tools to confirm their vote was counted, and if not they can cryptographically prove it to the media or any auditors available."

What you did is decoupling authentication from anonymity and shared the responsibility between to different authorities. Well done sir, but still insufficient. Because, while you did authenticate the *voting effort*, you didn't authenticate *the ballot*. How do you probe that the casted vote was the same one that was counted? With physical ballots you do it by an open-in-sight chain of custody; with electronic zeros and ones, and given that the full channel is under control of a single party (the government), there's exactly one party the voter can be confident of: himself. And that means signing the casted vote by himself, which brings proper authentication but, at the same time, loses anonymity and the vote can be tracked back to himself*1. With physical votes also happens the same, which is why it is the voter himself the one putting the ballot within an envelope for anonimity and then in a box, usually transparent, for authenticity -and the ballot's chain of custody being in the open from then on.

Again, the comparation with a perpetual motion device is spot on: most of the time it will be wrong, even if done by trustable people like you, and there also will be a lot of snake oil sellers / untrustable parties that will try to cheat me for their own advantage. You can play now the "true scotsman" game and even come with a properly functional system by calling "e-vote system" a "two-worlds vote system"*2 (one that mixes and matches physical world and cybernetic) but, in the end, why take the risk? Even me, I'm an 'aficionado' and can be cheated; the standard 'Joe the Voter' much moreso so the only healthy position is Asimov's one: "it very well may happen that I can't see the flaw on your design but, believe me, there *is* a flaw"

*1 You could think the ballot could be cryptographically signed by the counting/auditing party instead of the voter, but you can't as you are still open to MiM attacks, which can't be tracked down *unless* you know what was in fact voted, which only the voter knows.

*2 Not that these kind of mixed systems wouldn't be of any help. A system like the one you talked about *coupled* with a traditional paper-and-box one could mean the results could be published within one minute of closing the casting period with a high degree of confidence.

Comment Re:Blockchain technology (Score 2) 214

"If a vote is represented by a crytocurrency wallet balance"

Then you can always use a 2$ wrench to gain access to the wallet's content by brute force on the owner.

"and votes are randomly distributed to voters via paper wallets"

Which -so I hope, are destroyed after the owner deposits his or her ballot, then it is not an electronic voting system.

Comment Re:"Technologically impossible?" (Score 5, Insightful) 214

"we'll probably figure out how create a system that uses authenticated electronic ledgers to prevent fraudulent tampering (blockchains, etc) while still preserving anonymity."

We'll probably not.

Authentication means "undoubfully identifying something's author (or owner)". Anonymity means "impossibility to identify something's author (or owner)".

See the problem?

I'm with you about distrusting "any blanket assertion", but in this case is an obvious logical impossibility, not even physical impossibility (i.e.: a perpetual motion device)

Now, remember this whenever somebody comes to sell you a "trustable e-voting system": it's even less credible than a guy trying to sell you a perpetual motion device.

Comment Re: Just like trying to ban guns (Score 1) 446

"A one-time pad is a long as the message. If you have a method to securely send the one-time pad, why not use it to send the message instead?"

Because that's not the goal of steganography (which is what we are talking about here). While you can successfully cypher a message with a one-time pad, there's still the fact that the message has been sent (humm... what the hell are doing these two arch-enemies of me talking together?). Steganography hides the fact that there has been an information exchange at all.

Comment Re: Just like trying to ban guns (Score 1) 446

"The noise bits in images, sound, etc, aren't random in the same way that encrypted bits are, is the thing."

How do you know?

I bet you know because some algorithmical distribution (i.e.: they are not *really* random). But then again, a truly random one-time pad produces a truly random crypted message (i.e.: white noise) while an algorithmically distributed one-time pad will produce -you guess, and algorithmically seemingly-random distribution too.

Comment Re: Just like trying to ban guns (Score 1) 446

"thus far it seems you can always statistically distinguish between "random" bits in images, sound files, etc, from "random"-seeming encrypted data. There's no proof that this is necessarily true, however, so it may be lack of public-sector work in the area."

In the words of Dr Strangelove, it is not only possible, it is essential! err... trivial.

There's no magic in the bits being interspersed among other info. Just think of the message alone: can you imagine a way to obscure a text so it's resistant to statistical analysis? If you don't, google for "one-time pad encryption" and about the "there is no proof" part, google "Claude Shannon".

Comment Re: Just like trying to ban guns (Score 2) 446

"There are many kinds of encryption."

So what? Law is not about technology, but about definitions.

"Where do you draw a line?"

You basically don't need it. France has a long standing tradition on what Foucault described at Discipline and Punish to be alike a panopticon: this is the kind of "crimes" you put in place for "just in case" scenarios. You generally don't prosecute them but, by being vague and very difficult to avoid one way or another, you throw them at whomever you like, be it political dissent or someone you want to punish beyond what you have at hand. In you example, for instance, you don't ban saying "Uncle Henry is sick today" but add an "encryption" charge on top of whatever you have to the person you are after.

"What if I encode message into RAW camera image such that it does not affects how an eye see"

That's completly different. You just ban steganography along any other cryptography. You don't think the only way to "see" if a file comes with a hidden payload is to use your naked eye, do you?

"In real life less bits with smarter algorithm would have to be used to make impossible to prove that the image has hidden message beyond noise."

The only way to truly hide a message so it looks like noise is by using a one time pad. But we are talking about state power here, remember?

Comment Re:Not surprised (Score 2) 75

"Currently we are looking into Google cloud support as well. Our initial research showed that it has all the features we rely on like Virtual Private Networks between VMs, Floating IPs, Volumes, etc"

Do you see what's happening here, right?

For so many people (like you) AWS has had the "privilege" of defining how public clouds works, so feature sets are measured against them. That's been not for free for Amazon that has invested a ton of money on it and it has pay well for them, as they are the most expensive provider over there. As this race forward won't be sustainable forever, a time will come (is coming) when prices will have to go down. Again, AWS will have an edge as it still will own the feature set all other providers will be measured against and they'll probably be able to provide it at the lowest cost, so they'll slowly will cut prices just enough to have their competitors at check.

Comment Re:Seriously fuck the Olympics (Score 1) 188

"It's a big corrupt waste of time and resources, it funnels huge amounts of money out of the lower and middle class into the pockets of the wealthy and at the expense of nations."

It is a big STUPID corrupt waste etc.

Why they think they can funnel big amounts of money but because it used to be a world-level event? What do they think these policies will do to world-wide interest on the Olympics? How much money do they think they'll be able to funnel away once nobody pays attention to the event?

Slashdot Top Deals

"The medium is the message." -- Marshall McLuhan