Difference between revisions of "Talk:2030: Voting Software"

Explain xkcd: It's 'cause you're dumb.
Jump to: navigation, search
Line 53: Line 53:
 
If something seems fishy, then paper votes can be recounted.
 
If something seems fishy, then paper votes can be recounted.
 
If you have a voting machine that only a trustworthy person has access to, then that means that this trustworthy person has to build every part of the machine from the smallest transistor on and also has to guard the machine the whole time. Because otherwise you could manipulate the machine in a way to count the votes wrong, but show correct results when you test it. Since this is completely unpractical in the end you'd have to count by hand anyway.[[Special:Contributions/162.158.91.251|162.158.91.251]] 12:53, 10 August 2018 (UTC)
 
If you have a voting machine that only a trustworthy person has access to, then that means that this trustworthy person has to build every part of the machine from the smallest transistor on and also has to guard the machine the whole time. Because otherwise you could manipulate the machine in a way to count the votes wrong, but show correct results when you test it. Since this is completely unpractical in the end you'd have to count by hand anyway.[[Special:Contributions/162.158.91.251|162.158.91.251]] 12:53, 10 August 2018 (UTC)
 
+
:Or just use paper ballots. They have been a perfectly adequate solution for centuries, and will continue to do so forever (and no, the paper usage for voting is not really significant, compared to the paper usage overall). [[Special:Contributions/162.158.202.64|162.158.202.64]] 20:00, 10 August 2018 (UTC)
 
If also we delete any and all software and firmware on the phones and central computer, and replace it by a piece of software that can literally only show you a multiple choice screen with names of candidates and save what you clicked, that sounds quite safe.
 
If also we delete any and all software and firmware on the phones and central computer, and replace it by a piece of software that can literally only show you a multiple choice screen with names of candidates and save what you clicked, that sounds quite safe.
 
Carrying the SD cards to the central computer would still take time, but we're carrying much smaller things so it might speed up somewhat (less stuff to haul around), and the voting can be done nearly as fast as the central computer can read in the SD cards.
 
Carrying the SD cards to the central computer would still take time, but we're carrying much smaller things so it might speed up somewhat (less stuff to haul around), and the voting can be done nearly as fast as the central computer can read in the SD cards.

Revision as of 20:00, 10 August 2018

I think this comic is referencing this twitter thread and the controversy behind it. 172.69.190.4 17:59, 8 August 2018 (UTC)

The Experts criticize West Virginia’s plan for smartphone voting article on ArsTechnica has more information (as much as possible when the company in question does not provide any details (note that it is about overseas voting). --JakubNarebski (talk) 19:44, 8 August 2018 (UTC)

Is he saying it's weird that we're so sophisticated in other areas of computer science but so far behind in voting technology, or is he making fun of the idea that electronic voting is somehow inherently unsafe?--108.162.216.106 18:10, 8 August 2018 (UTC)

No i think he is saying computer science is a mess and we should not trust it with voting(he is not making fun of the idea of it being unsafe, he is pressing on the point of it being unsafe[saying that all experts agree on that])18:18, 8 August 2018 (UTC)
I think he's commenting on how in most fields, the experts are very sure that they do their job well, and all the angles have been tried and tested, but in computer science the experts are more certain than anyone that there is absolutely no way for a person to actually build a complex software system with no flaws or vulnerabilities, even if they controlled every aspect of the system. in practice of course they control very little of the system and understand even less of it. 172.68.34.88 18:22, 8 August 2018 (UTC)
He's saying that software development is a terribly buggy process, most likely because the majority of software out there can have bugs without very dire real-world consequences (unlike aircraft or elevators).
Not to mention the fact that there are incredibly smart people with great interest in undoing the work that software developers do, whereas that isn't at all the case with airplanes or elevators. 108.162.219.214 18:29, 8 August 2018 (UTC)
Plus there's the general issue that the public as a whole takes the view that "Computers are majykal" (misspelling deliberate) and therefore somehow automatically safe & infallible, despite experts trying very hard to disillusion people about...pretty much all of that. Compare that to the common assumptions about aircraft and elevators--people need the safety verified, instead of assuming it like they do with computers. Werhdnt (talk) 19:08, 8 August 2018 (UTC)
There's a logical fallacy here. To compare airplaneS and elevatorS to a voting system program is comparing plural to singular. There would be significant opportunity to break/modify a single instance of those objects, although without the relative anonymity of electronic access involved. Once a computer system is infiltrated, the break-in can be replicated to all instances of that program relatively instantaneously, assuming communication pathways are available.162.158.75.130 19:12, 8 August 2018 (UTC)
No logical fallacy; there have been multiple attempts to get people to accept a voting system program, and the 'done by a computer=infallible' problem is not unique to voting programs. Mr. Babbage was being confused by people who were thinking it was possible to get the correct answers from a computer despite putting the wrong data in back in the 1860s (at least!), and the computer at the time was not much more than a fancy calculator. Werhdnt (talk) 20:23, 8 August 2018 (UTC)

A blockchain node doesn't technically need to be connected to the internet in order to function. It needs to have some method for receiving messages from other nodes on the blockchain network, and most blockchain nodes do indeed get these messages via the internet, but some magic beans nodes (for example) get updates about new blocks and new transactions from the Blockstream satellite. An internet connection is therefore not intrinsically necessary for a blockchain to work, it's just the most convenient way to do it.

Do you think that this comic had anything to do with the debacle in Johnson County, KS last night? 162.158.62.231 19:30, 8 August 2018 (UTC)

The comic ignores the fact that modern airplanes are heavily utilizing software of all kinds. A software failure in an aircraft could easily be fatal (and have been so various times in history already, while the consequences of a voting software working incorrect are relatively harmless), and still airplanes remain safe, as the comic recognizes. --YMS (talk) 21:05, 8 August 2018 (UTC)

Airplanes are not connected to internet and reasonably well protected from people putting their USB devices in their control system. Also, they are NOT build by lowest bid contractor. There ARE people now capable of building offline voting machine which would be reasonable secure. They are working in banks and stock exchanges and at those companies providing switches for internet backbone, are extremely well paid and wouldn't ever promise they will get the machine finished in single year. Noone asks THEM to make the voting machines. Voting over internet? With consumer-grade devices? Impossible. (I'm also working in IT, although not on mentioned high-security systems.) -- Hkmaly (talk) 22:24, 8 August 2018 (UTC)
Note that she is talking to aircraft designers, not to software engineers working on fly-by-wire systems (back when I took software engineering you got an answer similar to the one about voting machines when discussing fly-by-wire). I took this more as the aircraft designers glossing over the problems caused by software engineering. A voting system which uses paper ballots, with perhaps computer systems used for some stages of counting would be a reasonable analogy to the redundant systems used in aircraft. 162.158.106.228 23:08, 8 August 2018 (UTC)

Seems to me that the last panel references the E.T for Atari Desert Burial (https://en.wikipedia.org/wiki/Atari_video_game_burial), perhaps to draw some analogy as to the potential quality or likelihood of success of a Block-chain solution as compared to the ill-fated video game. Anyone think that's worth explaining? Da_NKP 10:15, 8 August 2018 (UTC) Da_NKP

What motive is there to "mine DemocracyCoin"? Who evaluates this blockchain? 162.158.150.100 22:27, 8 August 2018 (UTC)

That's simple, ideally it would be a private blockchain, and the evaluators would just be every voting computer in existence (They'd all be active for a similar fairly short time period). Presumably the evaluations would be ongoing during the voting process, then could be stopped once voting was complete. The last few votes of the night may not wind up being evaluated. 162.158.74.225
"The last few votes of the night may not wind up being evaluated" Thats horrifying. That alone should prove how terrible of an idea this is. 162.158.154.181 17:14, 9 August 2018 (UTC)

Wouldn't it be possible to run said blockchain on one's personal computer, instead of running on a voting machine? and you could compile open source software yourself to perform the voting. That sounds like a solid enough way to keep security fine to me, but if I'm missing something, please tell me. TheSandromatic (talk) 03:25, 9 August 2018 (UTC)

The bigger challenge in a voting system isn't making sure someone doesn't modify the record, it's making sure that each person only votes once and only for themselves -- think about past internet voting campaigns: Justin Bieber wasn't sent to North Korea by *changed* votes, but rather by flooding the system with *bogus* votes. 172.68.132.47 06:26, 9 August 2018 (UTC)
To be a bit clearer, magic beans (for example), doesn't and can't enforce that wallets correspond one-to-one with people -- multiple people can share a wallet (if they all know the private key), and one person can have multiple wallets. If you want to guarantee one-to-one correspondence, you have to validate identities and issue unique, signed keys at some prior point. Leaving aside whether or not it's possible to do this part securely and without error (and how big of a target the root signing key would be), you then have millions of people doing their own key management, just like you do with magic beans. When magic beans wallets are stolen en masse by key compromises (which does happen), only the wallet owners (who were ostensibly using poor security practices which allowed the compromise) suffer, so the harm is limited. If voting system keys were stolen en masse, but the votes still counted, society as a whole would likely suffer. 172.68.132.47 07:03, 9 August 2018 (UTC)

I think a problem that lies within voting machines is that a single flaw can and will be exploited along all machines. You wouldn't enter a plane if one plane crashing means that all other planes will crash too.

I am not American and not so inside American politics and its system, but I think there right now is (or just was) some kind of vote in Ohio? Randalls other comic about voting machines, (463)references Ohio directly as well. Even if not, that comic should definitely be referenced here. If no one else does I will in a few hours when I come home from work. Lupo (talk) 08:11, 9 August 2018 (UTC)

There was a special election for Ohio's 12th Congressional District on Tuesday to fill in a vacant spot in the US House of Representatives, yes. I hadn't heard anything specifically about any issues with Ohio's voting machines, though I do somewhat vaguely remember Randall making a comic that expressed horror at the fact that a voting machine needed anti-virus software in the first place. 162.158.63.154 12:58, 9 August 2018 (UTC)

I guess this may be of interest for reasons why not to have electroni voting https://www.youtube.com/watch?v=w3_0x6oaDmI 162.158.154.13


Wait, so I'm not into this *at all*, but a bunch of you seem to be, so: paper ballot voting works because we can assume the humans we choose to count oue votes to be trustworthy. Imagine that as the digital voting device, we use a cheapo Chinaphone. We remove any parts needed for wireless connection, and all USB ports and AUX ports (which are the only ports on such a device) are filled with hot glue (so, destroyed). Some of them are designed in an awkward way where you have to take the backside off in order to access the SD card, which normally is disadvantageous, but now it means that you can use a sort of sturdy phone cover with a physical lock to make the SD card inaccessible to anyone not owning the key. The key is with the trustworthy human that would otherwise hold the key for the box the paper votes go in. You could glue or screw the charger to it, so it was always full and you couldn't put a USB stick into that port without breaking the actual thing - and the trustworthy voting office humans would notice that. If it saves all votes on some SD card, the humans we trust to work for the voting can take the SD cards out, and bring them to a central computer that also has no wireless parts, and some trustworthy humans watching the SD ports. That central computer saves all the votes and counts them. If you doctor with paper votes, then you'd have to destroy them or there'd be evidence against you. Destroying them is not safe to do. If something seems fishy, then paper votes can be recounted. If you have a voting machine that only a trustworthy person has access to, then that means that this trustworthy person has to build every part of the machine from the smallest transistor on and also has to guard the machine the whole time. Because otherwise you could manipulate the machine in a way to count the votes wrong, but show correct results when you test it. Since this is completely unpractical in the end you'd have to count by hand anyway.162.158.91.251 12:53, 10 August 2018 (UTC)

Or just use paper ballots. They have been a perfectly adequate solution for centuries, and will continue to do so forever (and no, the paper usage for voting is not really significant, compared to the paper usage overall). 162.158.202.64 20:00, 10 August 2018 (UTC)

If also we delete any and all software and firmware on the phones and central computer, and replace it by a piece of software that can literally only show you a multiple choice screen with names of candidates and save what you clicked, that sounds quite safe. Carrying the SD cards to the central computer would still take time, but we're carrying much smaller things so it might speed up somewhat (less stuff to haul around), and the voting can be done nearly as fast as the central computer can read in the SD cards. No strange SD cards go into the central machine since they're carried by the same trustworthy human that counts the paper votes.

What things will go wrong? Zillions, I'm sure. But what zillions? I'm curious!