IETF Logo Mail Archive

Re: Voting Security (was: The Next Genaration)

Joseph Lorenzo Hall <joe@cdt.org> Sat, 14 September 2019 01:52 UTC

Return-Path: <jhall@cdt.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 328661200A1 for <ietf@ietfa.amsl.com>; Fri, 13 Sep 2019 18:52:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cdt.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LsD1ruRWLDRT for <ietf@ietfa.amsl.com>; Fri, 13 Sep 2019 18:52:18 -0700 (PDT)
Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C292120048 for <ietf@ietf.org>; Fri, 13 Sep 2019 18:52:18 -0700 (PDT)
Received: by mail-io1-xd36.google.com with SMTP id h144so66631404iof.7 for <ietf@ietf.org>; Fri, 13 Sep 2019 18:52:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cdt.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9VpKgi0y/zt5L4CUrPi3ADw9wq9nilLPlrG8jav6yUU=; b=QMZ2ImwfvaOlBzXnThRZg1/1nnrW0cSpMyh6quzjdxss+vm4Bbv2KsWgljxyrZaxsg AlmFJ8S2DnuV1IoDourFgv4xAieLK0ugDPLMYrA31C4p5JxWS7LitEG6mVjnDI/CPohJ +b6MuX7+kxOWDdN36Uc4BLwVjPDkl+uYQtkWI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9VpKgi0y/zt5L4CUrPi3ADw9wq9nilLPlrG8jav6yUU=; b=ZZSH3NjbuI3KOH6CPXgS7bGSoWHgR2eLEDw+sa4QMUDoD6/XnTwdHDpLZa7vgeEknw 6Si3eJ8Qra0ZnJEsBxOV8AoSJGB0XQpVQs5QzUgxS1Y6BR/+wtKnmL2C4N4e2ukOe9t/ 8vDtc48jl/CmVcqsezUMJPSCFzLeWRcjngsXptgf9BfL0DqHOTj8u9MMnR9NL9BrImP9 zTKfwk2eVDspjV32nw7Ycm395ExxGGtrVorMC1b8us0ej49p+9ZPbrQqz7Mb54l8Uu8/ 9xtVmkmD8e5dkM8DB9a3C9acf8eikdBj05+tajZgAPG4Dnm0WV0wwZzr2+LB1iEZcfcc tF9g==
X-Gm-Message-State: APjAAAUaZZa58euGiAojk+fyWKeDHu8P0CtevQexsmNK0A4JiWrLr00p gGj48/gQ2iqM4CSYa6456WXRpu9XX/ZniYMk6dzwmQ==
X-Google-Smtp-Source: APXvYqw2Q7KMjk2xRTq0uhDv/A8+I6PK4Zy+SI6EgsjDpcztr4IPtbirREbBahASPw8VoNUioc0z/NjmWX+FlYxfwhQ=
X-Received: by 2002:a02:ba17:: with SMTP id z23mr2018171jan.24.1568425937548; Fri, 13 Sep 2019 18:52:17 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6Sz3j0iLGsB2bGvfitPzCkiTCJYHfmUF5S-8zPYMt1r+3A@mail.gmail.com> <6.2.5.6.2.20190911094010.0c933fa8@elandnews.com> <20190911194723.GC18811@localhost> <6.2.5.6.2.20190911131143.11401cb8@elandnews.com> <CAMm+Lwi2CDBCDUhMG7Z487G-BYVp4rRJ=YG73Z=M=TkZ=jaAbQ@mail.gmail.com> <alpine.DEB.2.21.1909121135080.32554@sleekfreak.ath.cx> <CABcZeBMp7dzvTGnPTk=q79pf5KYiMd0eepEXiyFw=imPNkSfBg@mail.gmail.com> <B7BC79DD-617E-4FFA-A414-76C5C0287C00@hopcount.ca>
In-Reply-To: <B7BC79DD-617E-4FFA-A414-76C5C0287C00@hopcount.ca>
From: Joseph Lorenzo Hall <joe@cdt.org>
Date: Fri, 13 Sep 2019 21:52:06 -0400
Message-ID: <CABtrr-UdKyzZbGFNZY8M78fY83asvnfyKOnFf0tjG0NMky5a1g@mail.gmail.com>
Subject: Re: Voting Security (was: The Next Genaration)
To: Joe Abley <jabley@hopcount.ca>
Cc: Eric Rescorla <ekr@rtfm.com>, IETF Discussion Mailing List <ietf@ietf.org>, shogunx@sleekfreak.ath.cx
Content-Type: multipart/alternative; boundary="000000000000dd4ed10592799e7f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/bYW3WQSnTuzaY72VlUwkm-Xr-Vw>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Sep 2019 01:52:21 -0000

We have a few resident experts in this area (like myself and EKR); happy to
lead a discussion on this or present as needed.

On Thu, Sep 12, 2019 at 14:21 Joe Abley <jabley@hopcount.ca> wrote:

> On 12 Sep 2019, at 11:56, Eric Rescorla <ekr@rtfm.com> wrote:
>
> [Changing the subject line because this is a change of topic.]
>
> On Thu, Sep 12, 2019 at 8:37 AM <shogunx@sleekfreak.ath.cx> wrote:
>
>> IMHO, if the interest is in protecting the democratic process, the first
>> place we should look is the digital voting infrastructure, as that is the
>> vector most abused.  Knowing what I do about network and computer
>> security
>> in general, I have come to the conclusion that hand counted paper ballots
>> with a strong chain of custody are the only way to ensure a free and fair
>> election.
>>
>
> This is pretty off-topic for IETF, but might be interesting to people.
>
> I certainly agree that software independence (
> https://en.wikipedia.org/wiki/Software_independence) is a good objective
> for voting systems, and hand-counted paper ballots are one good way to
> achieve that. However, there are voting environments where they are
> problematic. Specifically, because the time to hand-count ballots scales
> with both the number of ballots and the number of contests, in places like
> California where there a large number of contests per election it can be
> difficult to do a complete hand-count in a reasonable period of time.
>
> One good alternative is hand-marked optical scan ballots which are then
> verified via a risk limiting audit (
> https://en.wikipedia.org/wiki/Risk-limiting_audit). This can provide a
> much more efficient count that still has software independence up to a
> given risk level \alpha.
>
>
> The theory and practice of elections and the specific challenges with
> on-line voting is a whole ecosystem of its own with conferences, journals
> and an active community of academics, vendors and governments discussing a
> fairly broad spectrum from information theory, statistics and cryptography
> through to operational and platform security, software quality, public
> policy and law.
>
> I am no expert in any of this but I happen to have an academic supervisor
> who is. If anybody would like an introduction to that world e.g. as an
> alternative to trying to reinvent it at the IETF, I'd be happy to make one.
>
>
> Joe
>
-- 
Joseph Lorenzo Hall
Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
1401 K ST NW STE 200, Washington DC 20005-3497
e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871

v2.23.0 | Report a Bug | By Email