Add title in index pages, add reference in story

[gofetch.git] / test / expected / SLASHDOT / 0102640864

      BLOCKCHAINS ARE NOT SAFE FOR VOTING, CONCLUDES NAP REPORT    
                            (NYTIMES.COM)                          

  Thursday September 06, 2018 @11:30PM (BeauHD)
  from the ensuring-the-integrity-of-elections dept.

  o Reference: 0102640864
  o News link: https://politics.slashdot.org/story/18/09/06/2137245/blockchains-are-not-safe-for-voting-concludes-nap-report
  o Source link: https://www.nytimes.com/aponline/2018/09/06/technology/ap-us-tec-election-security-reform-report.html


    The  National  Academies  Press has released a 156-page report,
    called  "Securing  the  Vote:  Protecting  American Democracy,"
    concluding  that blockchains are not safe for the U.S. election
    system.   "While  the  notion  of  using  a  blockchain  as  an
    immutable  ballot box may seem promising, blockchain technology
    does  little  to  solve  the  fundamental  security  issues  of
    elections,   and   indeed,   blockchains  introduce  additional
    security  vulnerabilities,"  the report states. "In particular,
    if  malware  on  a  voter's device alters a vote before it ever
    reaches  a blockchain, the immutability of the blockchain fails
    to  provide the desired integrity, and the voter may never know
    of   the   alteration."   The   report  goes  on  to  say  that
    "Blockchains  do  not  provide  the anonymity often ascribed to
    them."  It  continues: "In the particular context of elections,
    voters  need  to  be  authorized as eligible to vote and as not
    having  cast  more  than one ballot in the particular election.
    Blockchains  do  not  offer  means  for providing the necessary
    authorization.  [...]  If  a  blockchain  is  used,  then  cast
    ballots  must  be  encrypted or otherwise anonymized to prevent
    coercion  and  vote-selling." The New York Times summarizes the
    findings:  The  cautiously  worded  report calls for conducting
    all  federal,  state  and  local  elections on paper ballots by
    2020.  Its  other  top  recommendation would require nationwide
    use  of a specific form of routine postelection audit to ensure
    votes  have  been accurately counted. The panel did not offer a
    price  tag  for its recommended overhaul. New York University's
    Brennan  Center  has  estimated  that  replacing  aging  voting
    machines  over  the  next  few  years  could  cost well over $1
    billion.  The  156-page  report  [...] bemoans a rickety system
    compromised  by  insecure  voting  equipment and software whose
    vulnerabilities  were  exposed more than a decade ago and which
    are  too  often  managed  by  officials with little training in
    cybersecurity.   Among   its  specific  recommendations  was  a
    mainstay  of  election  reformers:  All  elections  should  use
    human-readable   paper   ballots  by  2020.  Such  systems  are
    intended   to  assure  voters  that  their  vote  was  recorded
    accurately.  They  also  create  a  lasting  record  of  "voter
    intent"  that  can be used for reliable recounts, which may not
    be  possible in systems that record votes electronically. [...]
    The  panel  also  calls  for  all  states  to  adopt  a type of
    post-election   audit  that  employs  statistical  analysis  of
    ballots  prior  to  results certification. Such "risk-limiting"
    audits  are  designed  to uncover miscounts and vote tampering.
    Currently only three states mandate them.


  ** 

     ** Re:All security = an implementation. (Score:5, Insightful)
        (by PopeRatzo ( 965947 ))

        
        > To say blockchain is inherently unsafe is like saying
        > software is inherently unsafe
        Oh, you are so close to a breakthrough.
        When it comes to voting, blockchain, like software, IS
        inherently unsafe. If the main goal for voting security is
        maintaining the people's confidence in an election, the only
        system that will meet that standard is a system where people
        are actually keeping an eye on one another. And I mean
        physically watching one another. And that's the system we had
        in place before the advent of voting machines and election
        software. You had a room full of election judges from both
        sides, and they sat side-by-side checking in voters as they
        approached the voting booth and physically watched them put
        the ballot in the box. When the votes were counted, there was
        a whole bunch of people from both parties standing around
        keeping a close eye. When the ballots were sent for storage,
        one person from each party rode in the truck to drop them off
        after sealing the container - together - and signing off.
        It was trust, but verify. Was it possible to jigger with an
        election like that? Of course. But you had a list of names of
        people you could hold accountable at every step in the
        process. Electronic voting will never, ever be trusted. That
        is the effect of transparency.

        ** 

           ** Re: (Score:1, Insightful)
              (by Anonymous Coward)

              
              > " If the main goal for voting security is maintaining
              > the people's confidence in an election " - Well I don't
              > agree with that starting point definition. I think
              > security = security, not theater of.
              Then you're bad at security. Security is theater.
              There is no impregnable system. Security can only
              increase the difficulty of entering a system, it cannot
              stop a determined opponent. Is a CCTV system going to
              stop someone from breaking into your store? No, but it
              will make the person think twice about it, because they
              are likely to be recorded, found, and caught. Is the
              TSA likely to stop all bad guys from getting on planes?
              No, but it alters how much they must prepare to get on
              board the plane so hop

              ** Re: (Score:2)
                 (by Ocker3 ( 1232550 ))

                 
                 Sadly, the TSA haven't shown themselves to be any
                 good at their job, repeatedly. It's hard to get good
                 help when the work is shite, the 'customers' range
                 from sullen to hating you, and the pay is peanuts.




        ** Transparency is the key (Score:1)
           (by victor_alarcon ( 5520418 ))

           
           I thought that was the main selling point. Yes, I'm sure
           someone can come up with some anonymity scheme but
           transparency should be top priority. Apologies if the
           point is too naive.


        ** Re: (Score:1)
           (by Anonymous Coward)

           
           Paper votes aren't any better, just look at Russia's vote
           stuffing. Literately. Someone comes up to the booth and
           stuffs fake/coerced votes into the box.
           Now the way most US, Canadian, and UK elections are run,
           the paper vote is a two-step process.
           A) You go to a scrutineer to check your name off a PAPER
           list, they hand you a ballot with no identifying
           information on it
           B) You mark an X on the ballot, fold it in half or stick
           it in a privacy envelope and then stick it in a cardboard
           box with a hole on top.
           Now

           ** Re: (Score:2)
              (by PopeRatzo ( 965947 ))

              
              > Paper votes aren't any better, just look at Russia's
              > vote stuffing. Literately. Someone comes up to the
              > booth and stuffs fake/coerced votes into the box.
              That's right, because Russia doesn't have the same
              safeguards built into their elections that we have. You
              don't have election judges from both sides watching
              every vote from the time it's cast to the time it's
              counted to the time it's sent for storage. In the US,
              there have to be two election judges on hand when
              absentee ballots are opened.
              People can sti



        ** Re: (Score:2)
           (by Ocker3 ( 1232550 ))

           
           I'd invite you to visit us in Australia, where we have the
           Australian Electoral Commission (AEC), a non-partisan (not
           bi-partisan) body of people who are collectively
           considered the Platinum Standard of running elections
           around the world. We actually send people to the USA to
           train election staff. We don't have party reps in the
           voting area until the polls close, then the parties can
           send in scrutineers who check that the paper ballots are
           being counted as per the regulations (when I did this I
           actually not

           ** Re: (Score:2)
              (by PopeRatzo ( 965947 ))

              
              > I'd invite you to visit us in Australia,
              I've spent a fair amount of time in Australia. Yes,
              I've heard you guys do a good job with elections, but
              I'm not coming back until you get rid of those spiders
              that jump up and bite you on the eye. Oh, and drop
              bears and yowgwai. I don't need that kind of stress,
              thanks.




     ** Re: (Score:2)
        (by shellster_dude ( 1261444 ))

        
        Blockchains are obviously a terrible solution to election
        fraud. The only thing that prevents blockchain tampering is a
        ton of neutral third party machines checking the transactions
        (typically miners). We've already seen that this is a
        non-trivial problem when there is plenty of incentive for
        random people to fulfill that role (mining of crypto
        currency). National elections have very little incentive for
        people to invest thousands in hardware and electricity, and a
        ton of incentive for nation states like


  ** Oh the irony (Score:4, Insightful)
     (by the_skywise ( 189793 ))

     
     > All elections should use human-readable paper ballots by 2020.
     > Such systems are intended to assure voters that their vote was
     > recorded accurately. They also create a lasting record of "voter
     > intent" that can be used for reliable recounts,
     Now I agree with this and am happy to move back to paper ballots
     - But the entire reason we moved away from paper ballots was
     because of the 2000 elections where Florida used punch cards and
     political officers kept trying to argue over "partial punches",
     "dimpled chads" and "dangling chads" where they tried to
     reassess what the voter's INTENT was.
     And, of course, let's not forget magical disappearing and
     appearing boxes of ballots.
     Any system can be hacked but the electronic one is harder to
     track hacking than the good ol' traditional methods with paper
     ballots.

     ** Re: (Score:3)
        (by Dare nMc ( 468959 ))

        
        Their have been academic papers proposing electronic system
        that would be safe, where you could verify that your vote was
        counted (IE received at the server.)
        In theory with open software, hardware, and multiple servers
        (again all open source) we could have a very robust
        electronic voting system. This would require a large project
        likely done with universities, and it may even be similar to
        some bitcoin concepts.
        The technology side is very solvable, getting the project
        started, past the politics, and accept


  ** Key statement (Score:2, Insightful)
     (by Anonymous Coward)

     
     They key statement in the finding that most technology solutions
     fail to solve is this:
     "Such systems are intended to *assure* voters that their vote
     was recorded accurately."
     In the end, paper ballots may seem inefficient from a processing
     perspective, but that inefficiency becomes inherently difficult
     to tamper with and builds in systems for checks and recounts.
     The argument here is that blockchain is vulnerable before the
     data is stored in the blockchain, at the UI and the machine
     level, and blockchain th

     ** Re: (Score:2)
        (by presidenteloco ( 659168 ))

        
        Blanket arguments against computer algorithms for secure
        voting (or secure anything) are illogical, emotional, and
        flawed.
        People argue to the effect: Because many programs have been
        found to have a security flaw in either A) the algorithm
        mathematics and logical assumptions, or in B) the
        implementation, therefore ALL programs must have some flaw in
        A) or B) therefore there is no such thing is a secure
        computer program. That is just bullshit. It's incorrect,
        unsupported generalization from specific examples.

        ** Re: (Score:2)
           (by presidenteloco ( 659168 ))

           
           Ok, there's a stupid bug in slashdot apparently, not
           including my less-than sign.
           There. One bug.
           What's up with that. Let me try again. Hmm. There was a
           less-than in there just to the left of this sentence.
           That's lame on slashdot software's part.
           So you proved that ALL programs have bugs?
           Didn't think so.



  ** Paper ballots are by far the most secure solution (Score:4,
     Insightful)
     (by Seven Spirals ( 4924941 ))

     
     Gimme a break. Use paper. Computers will be better tools for
     tabulating and processing the votes after they are cast, but
     it's tough to beat paper for a recount. Even paper has it's
     flaws, but the hand waving crypto-bullshit is pathetic "Oh but
     this counter signature will detect if the previous
     initialization vector was properly zeroed inside of the S-Box"
     *rolls eyes*. KISS baby. Things don't get more secure by making
     them more complex and I can't think of any way to make something
     more complex than to introduce computers. Computers are great at
     some things, ideal for some tasks: not for voting. They suck at
     that.

  ** paper ballots (Score:1)
     (by Anonymous Coward)

     
     The only way you can have some measure of accountability while
     keeping votes anonymous.

  ** Or, for heaven's sake, you can just use paper (Score:3)
     (by mark-t ( 151149 ))

     
     Make a simple mark on a paper ballot indicating your vote, fold
     it, put it in a box.
     done
     Now theoretically you could bribe people who do the counting,
     but you'd have to bribe a *LOT* of people to make any kind of
     difference because each individual ballot box with the folded
     ballots contains but a tiny fraction of the number of votes, and
     nobody ever counts the ballots from more than one or sometimes
     two different boxes.

  ** the real story (Score:2)
     (by slashmydots ( 2189826 ))

     
     Blockchains are perfect, right? WRONG. And also right. They are
     mathmatically flawless BUT if you outprocess the rest of the
     network, you can finalize a block with whatever the hell you
     want in it. You can form a block that says you own all bitcoins,
     all transactions put them in your wallet, and you're also the
     queen of England. The reason this "51% attack" doesn't happen it
     because that amount of processing power doesn't exist. That many
     ASICs don't exist on Earth. But let's set up a separate
     blockchain an

     ** Re: (Score:2)
        (by Kaenneth ( 82978 ))

        
        Even with a 51% attack, the Bitcoin blockchain is filled with
        digital signatures; noone but your own nodes would accept the
        blocks, and you would only be 'fooling' yourself.
        Electronic voting could only work if every citizen had their
        own private, secure, digital signature key. Which can't
        happen in the US because poor people can't afford them, and a
        certain party would never give anything for free, while the
        other would protect the poor.


  ** 

     ** Re: (Score:2)
        (by jwymanm ( 627857 ))

        
        This was the dumbest comment in the article. Obviously
        software methods exist to verify after the fact that what you
        saved is what you expected.


  ** It's not how the vote was recorded... (Score:2)
     (by LynnwoodRooster ( 966895 ))

     
     > The report goes on to say that "Blockchains do not provide the
     > anonymity often ascribed to them." It continues: "In the
     > particular context of elections, voters need to be authorized as
     > eligible to vote and as not having cast more than one ballot in
     > the particular election.
     It's who casts the vote. Before we even worry about Blockchain,
     we need to ensure people casting the ballots are legally
     eligible to vote. Guaranteeing a vote was cast is no more
     important than guaranteeing who cast the vote was eligible to
     actually cast that vote.

  ** Paper ballots (Score:2)
     (by burtosis ( 1124179 ))

     
     Let me start out saying 100% electronic voting is going to be a
     disaster, triply so when done remotely and not at a secure
     voting machine. But what most people don't realize is we
     currently use unencrypted images of paper ballots in many states
     as backups. These are very insecure. Why not use paper ballots
     for the primary method, blockchain for the electronic backups?
     This ultimately seems far more secure than what we are doing
     now. We also could use open source machines and have audits at
     each polling