Editing 2030: Voting Software

Jump to: navigation, search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision Your text
Line 8: Line 8:
  
 
==Explanation==
 
==Explanation==
This comic is a commentary on voting machines specifically, and more generally the contrast between what experts will trust and what the average user will trust.
+
The first two panels of this comic involve a reporter talking to professionals of a given field regarding the given safety of the products/solutions that each of their fields help to produce, or are at least involved in the installation of the products/solutions within another product (Airplanes from aircraft designers in Panel 1, Elevators from building engineers in Panel 2). While the two inventions selected are relatively new when compared to how long humans have existed, the two fields mentioned have existed for multiple human generations, giving enough time to find flaws in their products/solutions and solve said flaws to the point that they can be considered safe for the general public to use.
  
The first two panels of this comic involve a reporter talking to professional mechanical engineers, asking about the given safety of the products/solutions that each of their fields help to produce (airplanes from aircraft designers in panel 1, elevators from building engineers in panel 2). While the two inventions selected are relatively new when compared to how long humans have existed, the two fields mentioned have existed for multiple human generations, giving enough time to find flaws in their products/solutions and solve said flaws to the point that they can be considered safe for the general public to use.
+
The comic from Panel 3 onwards contrasts this with [[Megan]] and [[Cueball]] both agreeing that their given field (computer science / software development / software engineering) does not have the overall consistent competency that other fields have or, at the very least, appear to have. This is true (at least anecdotally) since there are very few ethical and security restrictions for what developers can/cannot do, and relatively minor consequences when catastrophes arise from poor decisions.  
  
The comic from panel 3 onwards contrasts this with computer engineers [[Megan]] and [[Cueball]], both agreeing that their given field (computer science/software development/software engineering) does not have the overall consistent competency that other fields have (or at least appear to have). Indeed, at least anecdotally there are very few ethical and security restrictions for what developers can/cannot do, and relatively minor consequences when catastrophes arise from poor decisions.  
+
When the reporter follows the interview up with a mention of {{w|blockchain}} technology, Megan and Cueball reflexively tell the reporter to avoid any voting system using the technology at all costs. {{w|Blockchain}} is a relatively new technology that is intended to solve some computer security issues by making it difficult to doctor old data. However, in the process of solving the old computer security issues, it has introduced new computer security issues that have not yet been ironed out. It also doesn't solve input fraud issues, only data-doctoring fraud, so if a program caused the voting machine to record a vote for candidate B whenever a vote for candidate A was cast (such a program could be uploaded to the voting machines through USB, or through the internet which the voting machine must be connected to for blockchain), blockchain would not prevent it. Blockchain has also had a large number of high-profile scams, thefts, and implementations with critical security holes. Thus, [[Megan]] and [[Cueball]] may not trust this blockchain solution because of this history.
  
When the reporter follows the interview up with a mention of {{w|blockchain}} technology, Megan and Cueball reflexively tell the reporter to avoid any voting system using the technology at all costs. {{w|Blockchain}} is a relatively new technology that is intended to solve some computer security issues by making it difficult to doctor old data. However, in the process of solving the old computer security issues, it has introduced new computer security issues that have not yet been ironed out; for instance, it doesn't solve input fraud issues, only data-doctoring fraud, so if a program caused the voting machine to record a vote for candidate B whenever a vote for candidate A was cast (such a program could be uploaded to the voting machines through USB, or through the internet which the voting machine must be connected to for blockchain), blockchain would not prevent it. Blockchain has also had a large number of high-profile scams, thefts, and implementations with critical security holes. Thus, [[Megan]] and [[Cueball]] may not trust this blockchain solution because of this history.
+
The title text confirms the comic's stance by implicitly saying that any digital voting systems that are produced are to not be used under any circumstances. It may also highlight that anyone working in the field is vulnerable to corruption, or at least that the field is far from maturity.
  
The title text confirms the comic's stance by implicitly saying that any digital voting systems are to not be used under ''any'' circumstances. It may also highlight that anyone working in the field is vulnerable to corruption, or at least that the field is far from maturity. Humorously the title text says digital voting systems should still be ''developed,'' but mostly to keep the people who want to use them occupied, rather than allowing them to actually publish their work in the real world where it can cause serious harm.
+
Computer systems, operating primarily in a digital domain, fail differently from most traditional areas of engineering, which operate in analog (or continuous) domains. A small error in an analog part often gives a result which is close to the desired properties (it almost fits, it works most of the time). By contrast, a small error in a digital system (just one bit being changed) can easily make the system function in radically different ways.  So not only is software engineering younger than other areas of engineering, but the domain is much less forgiving.  Even small errors/variations are likely to produce radically different behavior.
  
Computer systems, operating primarily in a digital domain, fail differently from most traditional areas of engineering, which operate in analog (or continuous) domains. A small error in an analog part often gives a result which is close to the desired properties (it almost fits, it works most of the time). By contrast, a small error in a digital system (just one bit being changed) can easily make the system function in radically different ways (if not just crash entirely). So not only is software engineering younger than other areas of engineering, but the domain is much less forgiving. Even small errors/variations produce catastrophe down the line.
+
This fear of computerized voting is a result of a fundamental difference between computer security and other types of safety measures -- in cryptography, there is ''always'' somebody trying to undo what you've built. Not only that, but new advances in cryptography tend to point out vulnerabilities with previous versions, making them not only obsolete, but dangerously so. For these reasons, it is especially important to make sure that whoever is selling you the security method is both competent and non-malicious, but because crypto software is highly technical and often confidential/proprietary, it can be hard to verify this if you're not an expert in the field (which you won't be, if you're buying it).
 
 
This fear of computerized voting is a result of a fundamental difference between computer security and other types of safety measures: Most engineers only have to deal with wear and tear, and very rarely have to guard against sabotage. In contrast, in cryptography there is ''always'' somebody trying to undo what you've built. Not only that, but new advances in cryptography tend to point out vulnerabilities with previous versions, making them not only obsolete, but dangerously so. For these reasons, it is especially important to make sure that whoever is selling you the security method is both competent and non-malicious, but because crypto software is highly technical and often confidential/proprietary, it can be hard to verify this if you're not an expert in the field (which you won't be, if you're buying it).
 
  
 
These issues are especially pertinent to {{w|voting machine}}s, which store incredibly sensitive information but are often catastrophically outdated due to lack of funding. There are also major issues with electronic voting in general; for example, [https://www.youtube.com/watch?v=w3_0x6oaDmI this video from Computerphile] raises issues of malware infections, transferring the votes to the election authorities without having them intercepted, and needing to trust both the machine's software and central counting system to present an accurate account of the votes. Furthermore, the people purchasing them, the politicians, are generally not known for their technical understanding -- or their impartiality.
 
These issues are especially pertinent to {{w|voting machine}}s, which store incredibly sensitive information but are often catastrophically outdated due to lack of funding. There are also major issues with electronic voting in general; for example, [https://www.youtube.com/watch?v=w3_0x6oaDmI this video from Computerphile] raises issues of malware infections, transferring the votes to the election authorities without having them intercepted, and needing to trust both the machine's software and central counting system to present an accurate account of the votes. Furthermore, the people purchasing them, the politicians, are generally not known for their technical understanding -- or their impartiality.
  
Interestingly, this comic was posted a day before DEF CON 2018, and it was shown there that the voting systems that will be used across America for the mid-term vote in November are, in many cases, extremely insecure. The topic of voting machines has been covered before in [[463: Voting Machines]], where the use of anti-virus software on the machines has been discussed.
+
Most computer security specialists are more worried about programs that randomly deliberately misreport a vote, than people changing the votes after they're already recorded, so blockchain would solve an issue that most computer security specialists are less worried about, while causing new issues (the perpetual internet connection among them).
  
===Blockchain===
+
Also, the security issues that Blockchain solves could also be solved via write-once memory, which would be more secure and more difficult to doctor.
The way blockchain works is that several computers have data being inputted into them. With each tick, they all share their current states with each other, and encrypt and hash it. That state then becomes a 'block' in the chain. They then share states, including that block as part of the state, then hash and encrypt it, and then it becomes a 'block' in the chain. Each 'block' is included in the cryptographic hash of all following blocks, so if a change is made to any given block, all blocks after that block must be changed.
 
  
Due to the distributed nature, if changes are made to any chain, it can be compared against the other chains, and so long as the majority say that the changes didn't happen, it's reverted and removed.
+
The topic of voting machines has been covered before in [[463: Voting Machines]], where the use of anti-virus software on the machines has been discussed.
 +
 
 +
Interestingly, this comic was posted a day before DEF CON 2018, and it was shown there that the voting systems that will be used across America for the mid-term vote in November are, in many cases, extremely insecure.
  
This is really great at preventing post-facto data changes. With blockchain you can somewhat guarantee that no one comes in after the election and changes the votes on the machines. (Unless they're handling the blockchain in a stupid fashion, for example without the distribution.) What you cannot do is prevent someone from installing a program on the machine that makes it think that there's a voter when it's idle, and makes it start registering the correct sequence of actions to signify a vote while idle.
+
The way Blockchain works is that several computers have data being inputted into them. With each tick, they all share their current states with each other, and encrypt and hash it. That state then becomes a 'block' in the chain. They then share states, including that block as part of the state, then hash and encrypt it, and then it becomes a 'block' in the chain. Each 'block' is included in the cryptographic hash of all following blocks, so if a change is made to any given block, all blocks after that block must be changed.
  
Also, the security issues that Blockchain solves could also be solved via write-once memory, which would be more secure and more difficult to doctor.
+
Due to the distributed nature, if changes are made to any chain, it can be compared against the other chains, and so long as the majority say that the changes didn't happen, it's reverted and removed.
  
Most computer security specialists are more worried about programs that randomly and/or deliberately misreport a vote, than people changing the votes after they're already recorded, so blockchain would solve an issue that most computer security specialists are less worried about, while causing new issues (the perpetual internet connection among them).
+
This is really great at preventing post-facto data changes. With blockchain you can somewhat guarantee that no one comes in after the election and changes the votes on the machines. (Unless they're handling the blockchain in a stupid fashion, for example without the distribution) What you cannot do is prevent someone from installing a program on the machine that makes it think that there's a voter when it's idle, and makes it start registering the correct sequence of actions to signify a vote while idle.
  
 
==Transcript==
 
==Transcript==
  
:[A Megan-like woman, with bushy hair, is holding a handheld microphone and interviewing Hairbun and Cueball, standing in a line]
 
:[Heading above the panel]:
 
 
:Asking aircraft designers about airplane safety:
 
:Asking aircraft designers about airplane safety:
 
 
:Hairbun: Nothing is ever foolproof, but modern airliners are incredibly resilient. Flying is the safest way to travel.
 
:Hairbun: Nothing is ever foolproof, but modern airliners are incredibly resilient. Flying is the safest way to travel.
  
:[In a frameless panel, Hairy is holding a handheld microphone and interviewing Cueball]
 
:[Heading above the panel]:
 
 
:Asking building engineers about elevator safety:
 
:Asking building engineers about elevator safety:
 
 
:Cueball: Elevators are protected by multiple tried-and-tested failsafe mechanisms. They're nearly incapable of falling.
 
:Cueball: Elevators are protected by multiple tried-and-tested failsafe mechanisms. They're nearly incapable of falling.
  
:[Ponytail is holding a handheld microphone and interviewing Megan and Cueball, standing in a line]
 
:[Heading above the panel]:
 
 
:Asking software engineers about computerized voting:
 
:Asking software engineers about computerized voting:
 
 
:Megan: That's ''terrifying''.
 
:Megan: That's ''terrifying''.
  
:[Zoomed in on Ponytail, Megan and Cueball's faces]
 
 
:Ponytail: Wait, really?
 
:Ponytail: Wait, really?
 
:Megan: Don't trust voting software and don't listen to anyone who tells you it's safe.
 
:Megan: Don't trust voting software and don't listen to anyone who tells you it's safe.
Line 63: Line 52:
 
:Megan: I don't quite know how to put this, but our entire field is bad at what we do, and if you rely on us, everyone will die.
 
:Megan: I don't quite know how to put this, but our entire field is bad at what we do, and if you rely on us, everyone will die.
  
:[Zoomed back out, showing Ponytail, Megan and Cueball standing in a line]
 
 
:Ponytail: They say they've fixed it with something called "blockchain."
 
:Ponytail: They say they've fixed it with something called "blockchain."
 
:Megan: AAAAA!!!
 
:Megan: AAAAA!!!
Line 75: Line 63:
 
[[Category:Comics featuring Hairbun]]
 
[[Category:Comics featuring Hairbun]]
 
[[Category:Comics featuring Cueball]]
 
[[Category:Comics featuring Cueball]]
[[Category:Multiple Cueballs]]
 
 
[[Category:Comics featuring Hairy]]
 
[[Category:Comics featuring Hairy]]
 
[[Category:Comics featuring Ponytail]]
 
[[Category:Comics featuring Ponytail]]
[[Category:Aviation]]
 
 
[[Category:Elections]]
 
[[Category:Elections]]
 
[[Category:Programming]]
 
[[Category:Programming]]

Please note that all contributions to explain xkcd may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see explain xkcd:Copyrights for details). Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following CAPTCHA:

Cancel | Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://www.explainxkcd.com/wiki/index.php/2030:_Voting_Software"