Re: Voting Security (was: The Next Genaration)
Joseph Lorenzo Hall <joe@cdt.org> Sun, 15 September 2019 20:38 UTC
Return-Path: <jhall@cdt.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 007AF12008F for <ietf@ietfa.amsl.com>; Sun, 15 Sep 2019 13:38:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cdt.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NRVUn-8arF98 for <ietf@ietfa.amsl.com>; Sun, 15 Sep 2019 13:38:45 -0700 (PDT)
Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81087120041 for <ietf@ietf.org>; Sun, 15 Sep 2019 13:38:45 -0700 (PDT)
Received: by mail-io1-xd30.google.com with SMTP id q10so2275106iop.2 for <ietf@ietf.org>; Sun, 15 Sep 2019 13:38:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cdt.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Ly4OB6FyRMBSqOuvF3pSg9eRTd1KfnnChh41+g5bTk4=; b=q92GBQvAS54/uoE5A2SRBGnOzcfHQY7ohSi9+AOU+IRmbmMZC54ZO0BUwYPE2w9vrP msDdTYc8NR1gu2EJPQJ8jPPQRDmJXqCTYLvoHJsqOjG5nQwCORrFn6SVPmqplQX9q8o3 MdQdQZ66RSbIRn1aTRFXOaDxt+6ACBkrV9p0I=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ly4OB6FyRMBSqOuvF3pSg9eRTd1KfnnChh41+g5bTk4=; b=hxET2qrTohG3HJGga8snJC6Vn6QNPPYCh+mlFA1PyQQ07R+cl9YJutf1etfS/vnnTT v6IX/Ao+qVPO40QxvM4bSoGJdLSRvENzDuyJa/cNl9+AAmIAqrTcGmN+ql61zQwgVQhl +AIO2bJ6kYXlNGVEw3OAP0N9jnjpFjq8x3WdFCH00LfeTjpe5bX2F2edw7/+Es3/m2kV ck0UqYx6qugVA1K09Y9iBv7FqL2yF2vvZuhc7BYfjF5NK8Sl+gGeQzDWlUV7th8XHyhE ilY8sCbojnL99hT18hlS3/e59LvLg+bprrRT7m5G7vwxjQZ7g+WfKUJ27nd+aFWzG68m P7Mw==
X-Gm-Message-State: APjAAAWbxf/9RfTK5sjO/xZLwfAP4iP1rBTvGbyi9xk0nJw499U6m1XA zn1qTV909IQ39OVDbbchx/6dZmSU6ikXkntKH6EqAQ==
X-Google-Smtp-Source: APXvYqwlRzH6wzZD0eyv69ZClpl+yEEZ1ZnK3sgUgm3ZfGjh3IkdspUKVGd6+gfwCsv6vrSt9s2Og2FiLHn8By4qluY=
X-Received: by 2002:a05:6638:d9:: with SMTP id w25mr9322020jao.69.1568579924385; Sun, 15 Sep 2019 13:38:44 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6Sz3j0iLGsB2bGvfitPzCkiTCJYHfmUF5S-8zPYMt1r+3A@mail.gmail.com> <6.2.5.6.2.20190911094010.0c933fa8@elandnews.com> <20190911194723.GC18811@localhost> <6.2.5.6.2.20190911131143.11401cb8@elandnews.com> <CAMm+Lwi2CDBCDUhMG7Z487G-BYVp4rRJ=YG73Z=M=TkZ=jaAbQ@mail.gmail.com> <alpine.DEB.2.21.1909121135080.32554@sleekfreak.ath.cx> <CABcZeBMp7dzvTGnPTk=q79pf5KYiMd0eepEXiyFw=imPNkSfBg@mail.gmail.com> <B7BC79DD-617E-4FFA-A414-76C5C0287C00@hopcount.ca> <alpine.DEB.2.21.1909140303190.32554@sleekfreak.ath.cx> <CABtrr-UQXtjUmEMHxr_eV=jJ-h8YtwtEY60aLe9u_Bb+zAiJdg@mail.gmail.com> <4908F69C-29E8-438C-BCCF-E399EA229C66@gmail.com>
In-Reply-To: <4908F69C-29E8-438C-BCCF-E399EA229C66@gmail.com>
From: Joseph Lorenzo Hall <joe@cdt.org>
Date: Sun, 15 Sep 2019 16:38:33 -0400
Message-ID: <CABtrr-WV4u7Up2Oj1ABj151ZwvVnBHukmy6e9EF2zbgAQwGLeQ@mail.gmail.com>
Subject: Re: Voting Security (was: The Next Genaration)
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Cc: IETF Discussion Mailing List <ietf@ietf.org>, shogunx@sleekfreak.ath.cx
Content-Type: multipart/alternative; boundary="00000000000031f59405929d798e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/V22je1tEPNuVRwVtYHhw8wAmkWc>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Sep 2019 20:38:48 -0000
On Sun, Sep 15, 2019 at 06:20 Kathleen Moriarty < kathleen.moriarty.ietf@gmail.com> wrote: > > > Sent from my mobile device > > On Sep 14, 2019, at 1:19 PM, Joseph Lorenzo Hall <joe@cdt.org> wrote: > > (I've had this argument dozens maybe hundreds of times, not going to do > that here.) > > > Since you cited yourself and EKR as experts that could work on this, where > would you like to have the conversation? A draft perhaps as a starting > point as the IETF likes to do things on list, so maybe timing was bad? A > collection of problems with reasoned responses could be useful if this was > taken on as work. Or do you have a paper reference with your thoughts/a > response? > > There is a vast literature here. I would be happy to talk more about it with anyone interested in a more synchronous medium (I'll be in SIN for 106). It doesn't seem to have a lot of relevance to issues at IETF, unless I'm missing something. Until then, here is a bit: The first chapter of my PhD thesis talks about the necessity of mechanization (and now computerization) of elections in the United States, good cites there to a handful of books: https://josephhall.org/papers/jhall-phd.pdf Doug Jones and Barbara Simons' book has since come out and it is marvelous on this, I recommend the whole thing: Here are some good, deep popular articles: Ronnie Dugger, "Counting Votes" New Yorker (October 30, 1988), https://www.newyorker.com/magazine/1988/11/07/counting-votes Jill Lapore, "Rock, Paper, Scissors; How we used to vote" New Yorker (October 6, 2008), https://www.newyorker.com/magazine/2008/10/13/rock-paper-scissors Rebecca Onion, "How did they count all those balls before voting machines" Slate (November, 8 2016) https://slate.com/news-and-politics/2016/11/how-did-they-count-ballots-before-voting-machines.html Best regards, > Kathleen > > > On Sat, Sep 14, 2019 at 3:28 AM <shogunx@sleekfreak.ath.cx> wrote: > >> > >> > This is pretty off-topic for IETF, but might be interesting to people. >> > >> > I certainly agree that software independence >> > (https://en.wikipedia.org/wiki/Software_independence) is a good >> > objective for voting systems, and hand-counted paper ballots are one >> > good way to achieve that. >> >> Hand counted paper ballots are the only way, IMHO. >> >> > However, there are voting environments where >> > they are problematic. Specifically, because the time to hand-count >> > ballots scales with both the number of ballots and the number of >> > contests, in places like California where there a large number of >> > contests per election it can be difficult to do a complete hand-count >> > in a reasonable period of time. >> >> This depends on what we consider reasonable. If it takes a month, it >> takes a month, just like the good old days. The wait is a small price to >> pay in order to ensure the correct functioning of this critical component >> of democracy, difficult or not. >> >> > >> > One good alternative is hand-marked optical scan ballots which are >> > then verified via a risk limiting audit >> > (https://en.wikipedia.org/wiki/Risk-limiting_audit). This can provide >> > a much more efficient count that still has software independence up to >> > a given risk level \alpha. >> >> I, for one, am not really willing to risk optical scan machines having >> hardware backdoors in the processor, as has been demonstrated, or easily >> manipulated firmware, particularly in the name of expediency. Further, >> this does nothing to address the vectors of vulnerability that lie in the >> central tabulators, or the route the data takes from collection point to >> tabulation point. The latter is potentially an IETF matter, and if so, >> should be addressed with no less fervor than BGP security. >> >> I would cite Bush v Gore, 2000; specifially -19000 votes for Gore in >> Volusia County, FL. Was the vector the optical scan ballot system, the >> tabulation system, or a routing MITM? Tough to know, although the >> localization and sneakernet transport system from balloting to tabulation >> in FL generally would rule out a routing problem in this instance. IIRC, >> there was a questionable route involved in the Ohio, 2004 discrepancy, >> although this could have been manual routing through tunnels that caused >> the issue. Would publicly hand counted paper ballots have prevented >> these >> attacks, potentially 18 years of war, falling behind on climate >> adaptation, and a host of other wrongs? Quite possibly. This much, I >> know for sure: without legitimate elections in a democracy, there can be >> no legitimate government. >> >> > >> > >> > The theory and practice of elections and the specific challenges with >> > on-line voting is a whole ecosystem of its own with conferences, >> journals >> > and an active community of academics, vendors and governments >> discussing a >> > fairly broad spectrum from information theory, statistics and >> cryptography >> > through to operational and platform security, software quality, public >> > policy and law. >> > I am no expert in any of this but I happen to have an academic >> supervisor >> > who is. If anybody would like an introduction to that world e.g. as an >> > alternative to trying to reinvent it at the IETF, I'd be happy to make >> one. >> > >> > >> > Joe >> > >> > >> >> > > -- > > Joseph Lorenzo Hall > Chief Technologist, Center for Democracy & Technology [ > https://www..cdt.org <https://www.cdt.org>] > > > 1401 K ST NW STE 200, Washington DC 20005 > <https://www.google.com/maps/search/1401+K+ST+NW+STE+200,+Washington+DC+20005?entry=gmail&source=g> > -3497 > e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key > Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 > > -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] 1401 K ST NW STE 200, Washington DC 20005-3497 e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871
- The Next Generation Rob Sayre
- Re: The Next Generation Dan Harkins
- Re: The Next Generation Keith Moore
- Re: The Next Generation Rob Sayre
- Re: The Next Generation Kyle Rose
- Re: The Next Generation Melinda Shore
- Re: The Next Generation Keith Moore
- Re: The Next Generation Jared Mauch
- Re: The Next Generation Dan Harkins
- Re: The Next Generation Rob Sayre
- Re: The Next Generation John C Klensin
- Re: The Next Generation Michael StJohns
- Re: The Next Generation Alissa Cooper
- Re: The Next Generation Kyle Rose
- Re: The Next Generation Rob Sayre
- Re: The Next Generation lloyd.wood@yahoo.co.uk
- Re: The Next Generation Keith Moore
- Re: The Next Generation Leif Johansson
- Re: The Next Generation George Michaelson
- Re: The Next Generation Masataka Ohta
- Re: The Next Generation Keith Moore
- RE: The Next Generation Michel Py
- Re: The Next Generation Kathleen Moriarty
- Re: The Next Generation Keith Moore
- Re: The Next Generation John C Klensin
- Re: The Next Generation Keith Moore
- Re: The Next Generation John C Klensin
- Re: The Next Generation S Moonesamy
- Re: The Next Generation Nico Williams
- Re: The Next Generation Warren Kumari
- Re: The Next Generation Rob Sayre
- Re: The Next Generation S Moonesamy
- Re: The Next Generation Phillip Hallam-Baker
- Re: The Next Generation shogunx
- Voting Security (was: The Next Genaration) Eric Rescorla
- Re: Voting Security (was: The Next Genaration) Joe Abley
- Re: The Next Generation Phillip Hallam-Baker
- Re: Voting Security (was: The Next Genaration) Joseph Lorenzo Hall
- Re: Voting Security (was: The Next Genaration) shogunx
- Re: Voting Security (was: The Next Genaration) Joseph Lorenzo Hall
- Re: Voting Security (was: The Next Genaration) Kathleen Moriarty
- Re: Voting Security (was: The Next Genaration) Joseph Lorenzo Hall
- Re: Voting Security (was: The Next Genaration) Joseph Lorenzo Hall
- Re: Voting Security (was: The Next Genaration) Salz, Rich
- Re: Voting Security Keith Moore
- Re: Voting Security shogunx
- Re: Voting Security (was: The Next Genaration) Eric Rescorla
- Re: Voting Security Phillip Hallam-Baker
- Re: Voting Security shogunx
- Re: Voting Security Vittorio Bertola