cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Vote by (smart?) phone ...

Electronic voting systems are weak on security.  That is known.

 

Electronic ballots cast over the phone, or over the Internet, have been considered dangerously weak for some time.  (A long, long time.)

 

And, we all know that portable devices have all kinds of security weaknesses.

 

So, in this climate, what do you think the smart thing is to do?

 

Of course.  Build a smartphone app for voting.  And have it used in West Virginia.  (Remember, these are the guys who just impeached their entire Supreme Court.)

 

How do you register?  Take a picture of your government ID, and a selfie style video of yourself.  Face recognition will do the rest.  (There's no weaknesses in face recognition, right?)

 

And it's protected by blockchain!  So nobody has to worry about anything, right?  (And nobody can extract data from a blockchain to find out how you voted, right?)


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
18 Replies
Caute_cautim
Community Champion

Would you really trust a Blockchain system, which was released to the Open Source community, and then some start up then decides to invest and sell shares in it, without looking under the hood and all the other ecosystems required to ensure its assurance levels.   Without standards, assurance controls, certification processes - there are many things that can go wrong.  I think it is too early, good for resolving business issues - of which about 85% of the time is where the real issues reside.  But the underlying infrastructure, has certainly been put together - lots of people are talking about it, including NIST, but until Governments put some legislation in place - would you trust it at this point time?   What about private Blockchain systems - many Government Analysts and auditors would want access to such system for monitoring and investigation purposes legitimately.

 

Regards

 

Caute_cautim

rslade
Influencer II


@rslade wrote:
And it's protected by blockchain!  So nobody has to worry about anything, right?  (And nobody can extract data from a blockchain to find out how you voted, right?)

And blockchain has now become a mainstream election platform ...

 

Repeat after me: blockchain is weak.  Blockchain is poorly understood ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Caute_cautim
Community Champion

I agree, and I happen to work with an organisation who actually put it into the mainstream market.  Even I don't believe it is ready, but this does not stop progress.  No Sir, you cannot stop or slow down progress.

 

Regards

 

Caute_cautim

Early_Adopter
Community Champion

I could imagine a lot of claims based security and ephemeral-ness going to an online voting system. Block chain, maybe a record resisting mutability that someone(a given secret key) had voted, and on the flip side in another similar chain with record that an entity(a given public key) had a vote - but recording that x had voted for y so that z could send the boys round for a cup of tea? Nah. 

 

Just because you have digital you don't get away form the analogue, or you risk 'the great forgetting'.

 

As an aside you can already vote on the things that are most important to many people with your smafone:

 

https://www.nbc.com/americas-got-talent/exclusives/agt-app

 

 

rslade
Influencer II


@Caute_cautim wrote:

  Even I don't believe it is ready, but this does not stop progress.  No Sir, you cannot stop or slow down progress.


As I mentioned:

 

"I have seen [progress] in an egg ... We call it going bad ..."
The Voyage of the Dawn Treader, C. S. Lewis


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Early_Adopter
Community Champion

Caspian”s egg analaogy(metaphor?) was just entropy(ok horrible simplification), I felt the egg was fertilised he would have speak of embryology. Being more pedantic he might have accurately reported that he saw the results of progress on the opening of his egg, unless he was an egg boffin, and that doesn’t leave much time for being a prince and whatnot.

 

The concept of progress Is however arguably overrated. I refactor the code and claim it’s progress, next minute QA tell me it’s a regression....

 

I’d say it’s more down to how quickly you can safely use the new tools, how close to the bleeding  edge do you want to be, and it’s not a race against a concept but more about how you stay ahead of bad actors without going broke or having catastrophic consequences because you were too fast/slow.

 

 

Early_Adopter
Community Champion

Caute_cautim
Community Champion

Very good indeed - but the nub of the issue is a human being developed it, and will implement it, and it is human beings were most of the fault lies.

 

Regards

 

Caute_cautim

Early_Adopter
Community Champion

Assuming that’s directed at Randall’s cartoon, I’d say “Well, yes...” but then point out that we could apply this to any product of artifice. Even if we look to a future where everything meaningful(or at least insureable) comes from an algolrythm you could posit a creator species that might have made better initial systems, I’m minded of this video:

 

https://www.bbc.co.uk/programmes/p06hdznx

 

TL;DR I made a learner, I gave it some pointless, statistically unreliable data, and well it came out with some pretty spurious assumptions.

 

So notwithstanding a deep FMEA on our fleshy infrastructure by superior machine beings, yes people are involved, they are flawed(and in the balance I think highly likely to fail en mass* in the next certruary or so), but at the moment they are probably the best option that we have - and well, if democracy doesn’t make itself available on the most used platforms, then it will at some stage go out of fashion( I think reality shows might help out here in keeping the lights on).

 

Lots of devil  in detail, Attack trees and adoption of technologies needed to do e-voting properly, but I don’t think it’s beyond to acheive reasonable results in this field.