Hacker News new | past | comments | ask | show | jobs | submit login
Transparency in electronic voting machines
5 points by MarkHarmon on April 21, 2013 | hide | past | favorite | 6 comments
Is there a way to make a vote counting machine be fraud proof? Saying that it uses open source is not enough because there needs to be proof that the executing code is the same as the open source code. It doesn't have to use a computer at all if there is a way to mechanically engineer this or other solution then that would work too. I was thinking that something like bitcoin's system might work, but not sure. Btw, I'm not making this system, just curious.



If you haven't already, you should read these two papers on this topic by Professor Alex J. Halderman of University of Michigan.

Security Analysis of India’s Electronic Voting Machines -https://jhalderm.com/pub/papers/evm-ccs10.pdf

Attacking the Washington, D.C. Internet Voting System-https://jhalderm.com/pub/papers/dcvoting-fc12.pdf

source: https://jhalderm.com


In both cases it sounds like the designer/developers were not qualified to make the decisions they did about their systems. Not to sound like a snob or anything, but using Rails plugins? Really? That just sounds sloppy.


I believe the Paperclip Rails plugin was only used in the Washington DC situation. I wouldn't call it sloppy to use a 3rd party plugin, in many cases, that is actually much better than a "roll your own" solution. Rather, I think the sloppiness here stems from the fact that the exploit in Paperclip had actually been documented previously so the developers should have performed filtering which would have prevented shell injection in file uploads. It does seem that overall the developers could have done a much better job, but it's also very difficult to build such a piece of software without a massive team and constant testing with realistic deployment (mostly due to the security requirement, any unaccounted for vulnerability could lead to the downfall of an entire election).

To quickly comment on the other paper, it seems that it is just as much a political commentary as a case study on EVMs (electronic voting machines). It appears likely that a corrupt government may have intentionally made the voting system "hackable" so that elections could be manipulated.


You can never "look" into the machine, all you can do is to put the machines under tamper-evident seals and trust the authority which distributes these.


I'm trying to think of a way that the machine could be designed where it's veracity is verified and viewable by all as it works. In other words there is some kind of mechanism that prevents falsifying the count. Something equivalent to being able to watch over people's shoulders as they count votes. A website that anyone can go to and monitor each machine and its code as it is working but with read-only ability.


Mechanical.... but still if one was crafty enough it still could be made to give a false impression....




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: