Discussion
turbobloke said:
Quite. No, hang on, impossible! 
Having just encountered touching if tactical faith in officialdumb in another thread, the latest version from XCP is equally comforting
I'm not saying it is impossible to find out how someone voted. I am saying it is incredibly difficult and time consuming. In a GE anyone wishing to do so would have to thumb through tens of thousands of ballot papers post count, even assuming they could get access to them. Can you think of a reason ( apart from possible fraud) where this would be worth doing?Having just encountered touching if tactical faith in officialdumb in another thread, the latest version from XCP is equally comforting
irc said:
Anyone who can't be arsed to walk to their local school and put a tick in a box doesn't deserve the vote. Postal only for special cases IMO.
Online? No
Only if I can bring a brush cutter to hamstring all the OAPs who waited until after 8pm to vote. Some of us have just got back from work, you had all day you lazy fOnline? No
kers.Keep paper voting.
It doesn't entirely prevent fraud, tampering and interference, but it significantly increases the scale of the effort required to cheat an election.
I simply do not see any way in which electronic voting with current technology could ever provide the same levels of surety that the election results were genuine.
It doesn't entirely prevent fraud, tampering and interference, but it significantly increases the scale of the effort required to cheat an election.
I simply do not see any way in which electronic voting with current technology could ever provide the same levels of surety that the election results were genuine.
Yet we use digital for far more critical things every day, a sufficiently robust system can't be that hard, inroads on this soon hopefully.
https://www.fujitsu.com/uk/news/pr/2020/fs-2020113...
https://www.fujitsu.com/uk/news/pr/2020/fs-2020113...
pork911 said:
Yet we use digital for far more critical things every day, a sufficiently robust system can't be that hard, inroads on this soon hopefully.
https://www.fujitsu.com/uk/news/pr/2020/fs-2020113...
https://www.fujitsu.com/uk/news/pr/2020/fs-2020113...
I think we can close the thread.
XCP said:
Roofless Toothless said:
The ‘government’ can see how you voted at a polling station if they want to under the present system.
Only if they could persuade a judge to allow the papers to be checked against the polling record, and were prepared to expend a lot of time and money to do so. They would also need a very good reason.I do not think they need a judge to do this, but I am ready to be corrected.
I've been building websites for decades, I've got a house full of network-connected tech and I do almost everything online. I wouldn't be in favour of online voting.
Voting has a paradox that other online services don't. For things like online banking or HMRC services, you want to establish that a person is who they claim to be. There are good, robust and secure ways of doing that nowadays.
The problem is, voting is supposed to be anonymous so you can't use any of those methods.
You would have to start with an identity layer that establishes that you really are a person who is eligible to vote, which then lets in you access a voting layer that is then anonymous. It's one thing doing that in real life but on a globally accessible network, between those two steps is a whole world of vulnerabilities.
If you're Ivan the spy with a British passport, you can legitimately get past the first system and you have everything you need to invite your chums to access the second system.
The other thing is that you are trusting the Government to keep those layers separate. It would be absolutely trivial to track somebody from the identity layer to their vote. It's difficult to believe that trust wouldn't be betrayed, either through incompetence or malice.
Voting has a paradox that other online services don't. For things like online banking or HMRC services, you want to establish that a person is who they claim to be. There are good, robust and secure ways of doing that nowadays.
The problem is, voting is supposed to be anonymous so you can't use any of those methods.
You would have to start with an identity layer that establishes that you really are a person who is eligible to vote, which then lets in you access a voting layer that is then anonymous. It's one thing doing that in real life but on a globally accessible network, between those two steps is a whole world of vulnerabilities.
If you're Ivan the spy with a British passport, you can legitimately get past the first system and you have everything you need to invite your chums to access the second system.
The other thing is that you are trusting the Government to keep those layers separate. It would be absolutely trivial to track somebody from the identity layer to their vote. It's difficult to believe that trust wouldn't be betrayed, either through incompetence or malice.
Mr Penguin said:
Could Ivan the spy piggyback on someone else's access or would it need to be his own?
The worst case and if it was implemented really badly, is that once you've proven your eligibility, you are given the key to the voting system and you can pass that key on to anyone.pffft! Forget election fraud by casting fake votes, it's too easy to spot and stop in any numbers that will actually impact the result, the real experts are doing all their election interference by nudging people on social media. There's a reason why the tories and their client journalists are pushing the culture wars online...
tangerine_sedge said:
pffft! Forget election fraud by casting fake votes, it's too easy to spot and stop in any numbers that will actually impact the result, the real experts are doing all their election interference by nudging people on social media. There's a reason why the tories and their client journalists are pushing the culture wars online...
Yeah it's probably cheaper, easier and more effective to do that because social media companies don't really have much incentive to give a st. As long as it keeps people clicking on their ads, they're not going to spend too much effort combatting it.I wonder how many Pistonheads accounts have been set up to do it...
Roofless Toothless said:
If you walked in to a polling station and were told somebody had already voted in your name, and you could prove your identity, they are able to find the invalid voting slip by reference to the counterfoil with your poll number on it. You then get another vote.
I do not think they need a judge to do this, but I am ready to be corrected.
You get a 'tendered vote'. This is not placed with the main body but kept separate. It is not counted. Nobody goes looking for the first ballot paper, unless there is an investigation. That would be done after the count has taken place.I do not think they need a judge to do this, but I am ready to be corrected.
XCP said:
Roofless Toothless said:
If you walked in to a polling station and were told somebody had already voted in your name, and you could prove your identity, they are able to find the invalid voting slip by reference to the counterfoil with your poll number on it. You then get another vote.
I do not think they need a judge to do this, but I am ready to be corrected.
You get a 'tendered vote'. This is not placed with the main body but kept separate. It is not counted. Nobody goes looking for the first ballot paper, unless there is an investigation. That would be done after the count has taken place.I do not think they need a judge to do this, but I am ready to be corrected.
Matthen said:
Hardly - if your bank account gets hacked, you can revert it. If your tax account is hacked, you can fix it. If everyone's is hacked, HMRC restore a cold backup.
If a general election result is changed: a: how would you know? Assuming you were aware of malicious behaviour, how would you convince the "winner" that they hadn't really won? Suppose it comes to light years later: What are you going to do after the PM is sworn in and their policies have been enacted? Kick them out again and revert the changes they've made?
These systems are secure in some sense, but they have very little value for a foreign state - controlling who our PM is on the other hand : much more valuable, definitely worth the investment/using that 0 day they discovered.
Thinking anything online, especially something that 70 million people need to be able to access, is secure is frankly ridiculous.
They don’t even have to control our PM. Only undermine trust in the system. Casting doubt on the legitimacy of an election would be hugely damaging, and very much in the interest of many states. Trust in politics is already low, but at least we trust that those in power were actually voted for.If a general election result is changed: a: how would you know? Assuming you were aware of malicious behaviour, how would you convince the "winner" that they hadn't really won? Suppose it comes to light years later: What are you going to do after the PM is sworn in and their policies have been enacted? Kick them out again and revert the changes they've made?
These systems are secure in some sense, but they have very little value for a foreign state - controlling who our PM is on the other hand : much more valuable, definitely worth the investment/using that 0 day they discovered.
Thinking anything online, especially something that 70 million people need to be able to access, is secure is frankly ridiculous.
Matthen said:
Hardly - if your bank account gets hacked, you can revert it. If your tax account is hacked, you can fix it. If everyone's is hacked, HMRC restore a cold backup.
If a general election result is changed: a: how would you know? Assuming you were aware of malicious behaviour, how would you convince the "winner" that they hadn't really won? Suppose it comes to light years later: What are you going to do after the PM is sworn in and their policies have been enacted? Kick them out again and revert the changes they've made?
These systems are secure in some sense, but they have very little value for a foreign state - controlling who our PM is on the other hand : much more valuable, definitely worth the investment/using that 0 day they discovered.
Thinking anything online, especially something that 70 million people need to be able to access, is secure is frankly ridiculous.
Spot on analysis. If a general election result is changed: a: how would you know? Assuming you were aware of malicious behaviour, how would you convince the "winner" that they hadn't really won? Suppose it comes to light years later: What are you going to do after the PM is sworn in and their policies have been enacted? Kick them out again and revert the changes they've made?
These systems are secure in some sense, but they have very little value for a foreign state - controlling who our PM is on the other hand : much more valuable, definitely worth the investment/using that 0 day they discovered.
Thinking anything online, especially something that 70 million people need to be able to access, is secure is frankly ridiculous.
I'll also add on insider threat. Someone is going to have access to the infrastructure, to the databases, to the code. It's a far less time consuming and resource intensive task to tell a database to update 10 million rows to show The Rabid Racists Party recieved the vote, rather than the Loony Leftist Blob Party. Much more so than having people erase pencil markings on 10 million ballot papers. It also only requires one person with the right access, rather than thousands in the right places all over the country.
turbobloke said:
Flumpo said:
I think it should go more old school. Use the blue ink finger system India use. It might even make it a bit more exciting.
Obviously there will be people who don’t have fingers, but I’m sure an alternative can be arranged.
It would be a case of toeing the line.Obviously there will be people who don’t have fingers, but I’m sure an alternative can be arranged.
Rivenink said:
Matthen said:
Hardly - if your bank account gets hacked, you can revert it. If your tax account is hacked, you can fix it. If everyone's is hacked, HMRC restore a cold backup.
If a general election result is changed: a: how would you know? Assuming you were aware of malicious behaviour, how would you convince the "winner" that they hadn't really won? Suppose it comes to light years later: What are you going to do after the PM is sworn in and their policies have been enacted? Kick them out again and revert the changes they've made?
These systems are secure in some sense, but they have very little value for a foreign state - controlling who our PM is on the other hand : much more valuable, definitely worth the investment/using that 0 day they discovered.
Thinking anything online, especially something that 70 million people need to be able to access, is secure is frankly ridiculous.
Spot on analysis. If a general election result is changed: a: how would you know? Assuming you were aware of malicious behaviour, how would you convince the "winner" that they hadn't really won? Suppose it comes to light years later: What are you going to do after the PM is sworn in and their policies have been enacted? Kick them out again and revert the changes they've made?
These systems are secure in some sense, but they have very little value for a foreign state - controlling who our PM is on the other hand : much more valuable, definitely worth the investment/using that 0 day they discovered.
Thinking anything online, especially something that 70 million people need to be able to access, is secure is frankly ridiculous.
I'll also add on insider threat. Someone is going to have access to the infrastructure, to the databases, to the code. It's a far less time consuming and resource intensive task to tell a database to update 10 million rows to show The Rabid Racists Party recieved the vote, rather than the Loony Leftist Blob Party. Much more so than having people erase pencil markings on 10 million ballot papers. It also only requires one person with the right access, rather than thousands in the right places all over the country.
Explaining that it's impossible because of highly technical reasons is not going to convince the layman.
And there might be a bug, anyway (see: Horizon scandal)
Awful Idea. Keep voting away from silicon.
Matthen said:
Rivenink said:
Matthen said:
Hardly - if your bank account gets hacked, you can revert it. If your tax account is hacked, you can fix it. If everyone's is hacked, HMRC restore a cold backup.
If a general election result is changed: a: how would you know? Assuming you were aware of malicious behaviour, how would you convince the "winner" that they hadn't really won? Suppose it comes to light years later: What are you going to do after the PM is sworn in and their policies have been enacted? Kick them out again and revert the changes they've made?
These systems are secure in some sense, but they have very little value for a foreign state - controlling who our PM is on the other hand : much more valuable, definitely worth the investment/using that 0 day they discovered.
Thinking anything online, especially something that 70 million people need to be able to access, is secure is frankly ridiculous.
Spot on analysis. If a general election result is changed: a: how would you know? Assuming you were aware of malicious behaviour, how would you convince the "winner" that they hadn't really won? Suppose it comes to light years later: What are you going to do after the PM is sworn in and their policies have been enacted? Kick them out again and revert the changes they've made?
These systems are secure in some sense, but they have very little value for a foreign state - controlling who our PM is on the other hand : much more valuable, definitely worth the investment/using that 0 day they discovered.
Thinking anything online, especially something that 70 million people need to be able to access, is secure is frankly ridiculous.
I'll also add on insider threat. Someone is going to have access to the infrastructure, to the databases, to the code. It's a far less time consuming and resource intensive task to tell a database to update 10 million rows to show The Rabid Racists Party recieved the vote, rather than the Loony Leftist Blob Party. Much more so than having people erase pencil markings on 10 million ballot papers. It also only requires one person with the right access, rather than thousands in the right places all over the country.
Explaining that it's impossible because of highly technical reasons is not going to convince the layman.
And there might be a bug, anyway (see: Horizon scandal)
Awful Idea. Keep voting away from silicon.
Gassing Station | News, Politics & Economics | Top of Page | What's New | My Stuff