Security quotes of the week

Posted Jul 19, 2018 19:42 UTC (Thu) by tome (subscriber, #3171)
In reply to: Security quotes of the week by smitty_one_each
Parent article: Security quotes of the week

Followmyvote (https://followmyvote.com/online-voting-platform-benefits/) claims that

"Our end-to-end online voting platform provides a way for the voter to follow their vote into the ballot box to ensure their vote was cast as intended and counted as cast. It also provides the voters transparency into the ballot box as a whole to ensure the election results that are being reported are truly accurate. Elliptic curve cryptography technology keeps the voting process secure, while protecting each voter’s right to privacy within the system."

and that using this platform, a voter

"submits their ballot to a secure blockchain based ballot box, while retaining anonymity and ballot secrecy."

Superficially that all sounds just about perfect, though

1) I don't know if that ballot secrecy includes privacy from the eyes of platform administrators,

2) I haven't taken the time to verify these claims, and to do so would be very non-trivial and I haven't even started, and

3) the Matt Blaze quote might lead one to suspect it's full of holes.

So I'm curious what others have to say who know more about this stuff in general and Followthevote in particular.

Security quotes of the week

Posted Jul 19, 2018 22:35 UTC (Thu) by smitty_one_each (subscriber, #28989) [Link]

Irrespective of the system advertised, you still have another system (at least in my locale) managing the poll book. If there is evidence outside of the ballot management system itself that can be correlated, even if by brute force attacks, we can expect it to occur.

Too, the insider threat cannot be eliminated.

This may be an example of a system with a requirement to sub-optimize itself by using a non-technical component, in support of a non-technical security requirement.

#NedLuddForever

Security quotes of the week

Posted Jul 26, 2018 0:07 UTC (Thu) by mstone_ (subscriber, #66309) [Link] (5 responses)

Yeah. So the problem with all of these "verify your vote" schemes is that it becomes possible to pay people for votes. Given the margins in elections around here, it would be *much* *much* cheaper to pay a relatively small number of people $100 or $1000 for a proven vote than it is to run a competitive campaign.

This is an actual thing, and it's why we have the secret ballot system that we have.

Also, since they mention blockchain, it's snake oil.

Security quotes of the week

Posted Aug 7, 2018 18:50 UTC (Tue) by bfields (subscriber, #19510) [Link] (3 responses)

Can't you mitigate by allowing people to change their vote? Then they can sell their vote and still go home and cast a new ballot for whoever they really want. That's not perfect, but it might make the vote-buying attack no longer worth risking jail for.

Security quotes of the week

Posted Aug 8, 2018 21:04 UTC (Wed) by nix (subscriber, #2304) [Link] (2 responses)

Yeah: the problem is that this is vulnerable to the opposite attack. You vote, go home, and shortly before the vote closes your village chief / abusive husband / local crimelord / evil twin sister (delete as applicable) is waiting at the door saying "you voted your way, now you're going to change the vote to vote the way *I* want you to."

(Sure, you could change it again -- but that's why this is done just before the vote closes. They stay with you to assume unchangingness until the vote has closed...)

Security quotes of the week

Posted Aug 14, 2018 18:17 UTC (Tue) by bfields (subscriber, #19510) [Link] (1 responses)

That's exactly what I was thinking of when I said "it might make the vote-buying attack no longer worth risking jail for." An attack that requires personally monitoring all of the voters whose votes you bought at the time of poll closing doesn't seem like it would scale to a level where it mattered.

But I'll admit I was imagining basically a single rogue actor. The "attacker" could be more pervasive (like husbands acting to protect a patriarchal system).

Security quotes of the week

Posted Aug 16, 2018 10:03 UTC (Thu) by nix (subscriber, #2304) [Link]

The classic cases here are village chiefs ordering everyone in the village to vote one way, and bosses ordering their underlings likewise. In both cases there aren't enough bad actors, *but* they usually have lots of people they can hire or convince to do some, uh, watching-and-threatening duty for one day. Whether this is too expensive depends on the cost of labour, I suppose. (I'm just guessing in the absence of data by this point.)

Security quotes of the week

Posted Aug 9, 2018 0:45 UTC (Thu) by nybble41 (subscriber, #55106) [Link]

> So the problem with all of these "verify your vote" schemes is that it becomes possible to pay people for votes.

Not *all* of them. Consider this scheme: Each choice on each ballot is secretly associated with a unique code. You record the code for your choice on a separate piece of paper and place that paper in the ballot box, optionally keeping a copy it for later verification. The page with all the codes on it is then destroyed. If you want to "prove" that you voted a different way, you record the code for that choice and then request a new ballot (without putting anything in the box). The first ballot is set aside. When the voting period is over all of the codes in the ballot boxes *and* all of the codes on the discarded ballots are shuffled together and publicized, along with the choices they represent—since the discarded ballots include one code for each choice these extra codes do not favor any particular position and can simply be subtracted from the final tally. Anyone who wishes to verify their vote can check that their code is present and associated with the correct choice. However, only the voter knows whether the code they recorded was the one they actually submitted or the one on the discarded ballot. To an aspiring vote-buyer these appear identical, but only the real code increases the tally for that choice relative to the other options.