You are viewing an obsolete version of the DU website which is no longer supported by the Administrators. Visit The New DU.
Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Reply #123: Missing the Point [View All]

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » Archives » General Discussion (Through 2005) Donate to DU
Nederland Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jul-11-03 12:03 PM
Response to Reply #81
123. Missing the Point
While I don't agree with Fredda, I do think you are missing the point here: MS Access is not the problem.

Now perhaps I'm wrong on this, but most of your post seems to center around MS Access and the various ways in which it sucks and how Diebold purposely sidestepped certain features. It is my contention that MS Access is a mere sideshow to the main problem: lack of cryptographic techniques in storing the votes. Sure, Diebold uses a sensible bit of cryptography when it comes time to transmit the votes to another machine, but votes stored on the machine itself are, as far as I can tell, completely in the clear. As a result, regardless of what database was used, the Diebold product would suck. This is because ultimately, a database is merely a collection of files on a disk. There is nothing magical about it, other than its structure is optimized for fast queries and the like. In fact, I would argue that using a database, any database, for storing votes is a bad idea. This is because a DB would merely add unnecessary complexity to the program. Given that all we ever want to do with the data is to count how many people voted for each candidate, a linear iteration through a simply flat file would do just fine.

The key to securing the votes is two fold. First, each and every voter's choice needs to be hashed and then have that hash encrypted by a private key (a classic digital signature scheme). Second, the combination of the voter's choice and the d-sig needs to be stored in two places: on the machine (on hard disk, flash card, etc--doesn't really matter so long as its a reasonably robust medium), and on paper. For ease of use, the d-sig could be put into bar code format on the paper. A further bit of security could include having multiple private keys all sign the vote data--the key owners being representatives from any sufficiently paranoid political party. At the end of an election, the voter data could be posted on a web site and decrypted and verified by absolutely anyone that wants to using whatever tools they wish. Since both the format of the data file and the method of digitally signing the ballots would be public knowledge, a person could even write their own tool to verify results.

The beauty of this system is clear and far exceeds the security of your proposed system involving triplicate carbon-copy ballot stored in different locations. In your system you have no way of knowing if a paper ballot is real or fake. Provided the printing is done with a reasonable amount of skill, you can't tell the difference between a fake ballot and a real one. Sure, the likelihood of a person being able to change all three ballots in all three locations is low, but they don't need to get all three. All they have to do is get to one of them and then you have a dilemma--since the three ballots don't match, what do you do? Do you assume that the corrupter got to only one ballot and the other two represent the real ballot, or do you throw it out altogether? Making assumptions is always a bad idea, and throwing out a ballot alters the total.

However, with a digital signature, any ballot with an invalid signature is immediately tossed out as a known fake. This is the beauty of using cryptography. Faking a ballot no longer merely involves access to a suitable printing press, it requires access to a digital private key. In the extreme paranoid case, you could have private/public key pair generated at a public ceremony, the public key posted onto a website, and the private key placed inside some type of portable storage device. The storage device would be taken to each precinct to intialize the voting machines and remain in public view at all times.

A UK company makes these cool little things: http://www.eyenetwatch.com/USB_hard_drive/cryptoidentity.htm

Now, just to impress trumad, I'm going to propose an XML based ballot format:

<ballot>
<ballotcount>1</ballotcount>
<president>DEAN</president>
<senator>STRICKLAND</senator>
<congressman>UDALL</congressman>
<signature>
A9993E364706816ABA3E25717850C26C9CD0D89D
426D155B41AB66410435CBSWHC3BD5KS67DMS4SJ
</signature>
</ballot>
<ballot>
<ballotcount>2</ballotcount>
<president>BUSH</president>
<senator>RIGHT-WING-WACKO</senator>
<congressman>FASCIST-PIG</congressman>
<signature>
8BAC1AB66410435CB7181F95B16AB97C92B341C0
41E2345F1F56DF2458F426D155B4BA2DB6DCD8C8
</signature>
</ballot>
.
.
.


Its only a quick swag, so don't pester me with my petty errors. However, adding the <ballotcount> field does prevent a person from simply deleting records. Clever, eh?
Printer Friendly | Permalink |  | Top
 

Home » Discuss » Archives » General Discussion (Through 2005) Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC