Thursday, April 07, 2011
computers never make mistakes
They do exactly what people have told them to.
Like say a former computer programmer.
Who counts the vote on a stand-alone computer. In her office.
And discovers over 7500 extra votes due to a spreadsheet copy error.
Is this kind of farce how you want to run elections?
from August 13, 2010 Journal Sentinel - Officials dispute reliability of Waukesha County clerk's election data system
and what happened in 2011?
April 7, 2011 - Journal Sentinel - Prosser's huge gain comes after Waukesha County flub is caught
Now let us imagine this story told this way:
* for security purposes, the elections official has boxes containing all the votes, in her private office
* oh and she's an expert in creating ballots
* oh and she just discovered another box of ballots over there in the corner
Do you think any elections observer in the world would buy this?
But it's all done with computers, so I guess it's impossible there could be anything suspicious.
Human nature doesn't change.
And humans program computers.
And humans create the security for computers.
Computer security does not exist in the abstract. Computers do not defend themselves or program themselves. But somehow people think it is a realm beyond human emotion and failings. In the end it's systems created by humans, used by humans, that have to resist threats from humans.
This is what happens when you vote over the Internet:
* Someone with some credentials they got somewhere votes. Hopefully it's you, with your rightful credentials. But it could be anyone who gained valid credentials, anywhere in the world.
* These credentials are used to vote. This involves your computer, full of hundreds of competing programs created by fallible humans, interacting with a website created by humans, over a network built managed and run by humans.
* The vote... or at least a vote, lands on a server... somewhere, a server running thousands of pieces of human-created software. A server installed, controlled, and managed by humans.
So the good news is, as long as you can absolutely trust every one of the thousands of people involved in that chain, and all of the one billion people on the Internet can't outsmart their security, then your vote is fine.
And the above is all if it's done WELL, not if it's some bogus "the counting computer is in my back closet" ridiculously compromised chain of custody.
Or alternatively, you could set things up so local people from competing political parties are watching one another, mark the votes on paper, watch the ballot box containing the votes, and count all the votes in public. In minutes (for a Canadian election).
So your choice is:
1. If you trust everyone who has ever created or maintained any device or software in the chain from your keyboard to the vote-counting server, and everyone with access to the server room, and everyone else in the world who is on the Internet, then Internet voting is a great choice.
2. If you trust people from your neighbourhood who have the very human motivation of competing interests, with a process that is visible to you end-to-end, and immediate local consequences if fraud is found, then you might want to vote on paper instead.
We are very very good at understanding voting risk scenarios in the physical world. We are very very bad at understanding risk in the digital world.
Where would you rather have your voting taking place?
Like say a former computer programmer.
Who counts the vote on a stand-alone computer. In her office.
And discovers over 7500 extra votes due to a spreadsheet copy error.
Is this kind of farce how you want to run elections?
Waukesha County Clerk Kathy Nickolaus' decision to go it alone in how she collects and maintains election results has some county officials raising a red flag about the integrity of the system.
Nickolaus said she decided to take the election data collection and storage system off the county's computer network - and keep it on stand-alone personal computers accessible only in her office - for security reasons.
"What it gave me was good security of the elections from start to finish, without the ability of someone unauthorized to be involved," she said.
Nonetheless, Director of Administration Norman A. Cummings said because Nickolaus has kept them out of the loop, the county's information technology specialists have not been able to verify Nickolaus' claim that the system is secure from failure.
...
In March, Nickolaus said, she moved the data off that server and into her own stand-alone system. She has a backup on a second computer, she said. In addition, she said, as she programs for elections, she does frequent backups during the day.
Nickolaus said she was a programmer for 15 years before becoming county clerk. And she said her staff knows how to operate the system, so "if I get hit by a bus, this election is going to run just fine."
from August 13, 2010 Journal Sentinel - Officials dispute reliability of Waukesha County clerk's election data system
and what happened in 2011?
David Prosser gained 7,582 votes in Waukesha County, after a major counting error of Brookfield results was detected, County Clerk Kathy Nickolaus announced in a stunning development this afternoon.
Nickolaus says the reason for the big change is that data transmitted from the City of Brookfield was imported but that she failed to save those results to the database. Brookfield cast 14,315 votes on April 5 -- 10,859 of those votes went to Prosser and 3,456 went to JoAnne Kloppenburg.
"The purpose of the canvass is to catch these kind of mistakes," Nickolaus said. She called it human error that is "common in this process." "I apologize," Nickolaus said.
April 7, 2011 - Journal Sentinel - Prosser's huge gain comes after Waukesha County flub is caught
Now let us imagine this story told this way:
* for security purposes, the elections official has boxes containing all the votes, in her private office
* oh and she's an expert in creating ballots
* oh and she just discovered another box of ballots over there in the corner
Do you think any elections observer in the world would buy this?
But it's all done with computers, so I guess it's impossible there could be anything suspicious.
Human nature doesn't change.
And humans program computers.
And humans create the security for computers.
Computer security does not exist in the abstract. Computers do not defend themselves or program themselves. But somehow people think it is a realm beyond human emotion and failings. In the end it's systems created by humans, used by humans, that have to resist threats from humans.
This is what happens when you vote over the Internet:
* Someone with some credentials they got somewhere votes. Hopefully it's you, with your rightful credentials. But it could be anyone who gained valid credentials, anywhere in the world.
* These credentials are used to vote. This involves your computer, full of hundreds of competing programs created by fallible humans, interacting with a website created by humans, over a network built managed and run by humans.
* The vote... or at least a vote, lands on a server... somewhere, a server running thousands of pieces of human-created software. A server installed, controlled, and managed by humans.
So the good news is, as long as you can absolutely trust every one of the thousands of people involved in that chain, and all of the one billion people on the Internet can't outsmart their security, then your vote is fine.
And the above is all if it's done WELL, not if it's some bogus "the counting computer is in my back closet" ridiculously compromised chain of custody.
Or alternatively, you could set things up so local people from competing political parties are watching one another, mark the votes on paper, watch the ballot box containing the votes, and count all the votes in public. In minutes (for a Canadian election).
So your choice is:
1. If you trust everyone who has ever created or maintained any device or software in the chain from your keyboard to the vote-counting server, and everyone with access to the server room, and everyone else in the world who is on the Internet, then Internet voting is a great choice.
2. If you trust people from your neighbourhood who have the very human motivation of competing interests, with a process that is visible to you end-to-end, and immediate local consequences if fraud is found, then you might want to vote on paper instead.
We are very very good at understanding voting risk scenarios in the physical world. We are very very bad at understanding risk in the digital world.
Where would you rather have your voting taking place?
Labels: electronic voting
[permanent link] posted by rakerman : 9:25 pm
Comments:
Post a Comment
