Microsoft researchers propose using crypto technique as temp Band-Aid for making e-voting secure.

E-voting remains insecure, despite paper trail

Microsoft Research has revealed a potential flaw in verifiable e-voting machines through which fraudsters could easily use discarded ballot receipts as a guide for altering votes. Fortunately, the researchers also offered a solution -- linking new receipts to previous ones with cryptographic hashes -- but that alone won't make e-voting entirely secure, they cautioned.

Unlike the first generation of controversial e-voting machines, which lacked printing capabilities and suffered other back-end insecurities, new models from such companies as Scantegrity, Prêt à Voter, VeriScan, Helios, and MarkPledge can print out receipts. Not only can voters check the printouts to confirm their votes were cast correctly, they can also later compare their receipts against published election data.

The problem with the new generation of verifiable voting machines, according to the report (PDF), is that most people are highly unlikely to retain their receipts for future vote verification. However, ill-intentioned individuals could get their hands on those receipts -- by rummaging through garbage cans at voting centers, for example, or through social engineering techniques -- then use insider connections to change votes to their preferred candidate.

Using the discarded receipts as a guide for changing votes would be ideal, as they would represent voters with no intention of verifying their votes later. "Suppose that it is known that 5 percent of voters are expected to verify their receipts in an election," the report says. "With a standard design, an insider that randomly alters 10 ballots would escape detection about 60 percent of the time."
<snip>

http://www.infoworld.com/t/security/e-voting-still-insecure-even-paper-trail-177623

:rofl:

record. But,while it is true that the OS has been breached on numerous occasions, the problem if securing a one operation process, i.e.counting one vote, is vastly simpler than securing an entire OS. I believe that Microsoft or any other good software house could develop this satisfactorily.

And in comparison to the almost non-existence of any security on the voting machines, I think the ideas by microsoft on this subject are a good step in the right direction.

What good are security measures for systems that are rigged from the inside?

use it, we might was well develop some security trails that could work. We certainly need to do something because what we now have isn't safe.

What am I missing?

Voters can throw them away, indicating they will NOT be checking to see that their votes were recorded as cast. (This should NOT be conflated with checking to see that votes were COUNTED as cast, BTW, which is another problem.) Nevertheless, if a voting system issued a receipt to each voter and some voters discarded their receipts, someone could go through the trash, gather the discarded receipts, and switch the RECORDED votes of the voters who discarded the receipts and won't be checking. The authors propose a solution to that particular problem.

HOWEVER, there are not many voting systems that issue receipts to voters in the first place, and this should not be further conflated with voter-verified paper ballots (or paper records which may or may not be verified by voters). The receipt systems are mostly experimental at this point and the issuance of receipts alone does NOT confirm that votes will be COUNTED as cast, even if lots of voters don't throw their receipts away and actually check their receipts against some database of recorded votes.

A lot more expertise is required to see that votes are COUNTED as cast. Most voters don't have such expertise, but they might be willing to trust a panel of experts instead of their own eyes, or so the theory goes.

You could scan the ballots into a COMPUTER and then post them on-line and then everyone can see them on their COMPUTER and sit there and count them using SOFTWARE which is open source (and everybody knows if it's open source it has to be OK) and then if there's any discrepancy a judge will overturn the results, the clocks will all reset to to November 2000 and Gore wins and we all live happily ever-after. :shrug:

God Damn Microsoft needs 20 engineers and a group of county workers, to get anything down.


Complicate. Complicate. Complicate.

K.I.S.S.

Paper.