
Buenos Aires Censors and Raids the Technologists Fixing Its E-Voting System - DiabloD3
https://www.eff.org/deeplinks/2015/07/buenos-aires-censors-and-raids-technologists-fixing-its-flawed-e-voting-system
======
a_c_s
The best thing about paper ballots is their simplicity: even children can
understand how to count and monitor them. Nearly any citizen has the skills to
participate and to spot fraud.

In comparison only a small percentage of the populace understands programming,
fewer still would be able to write a secure voting system and fewer still
would be able to debug such a voting system (code is harder to debug than to
write).

Given the above and the high stakes of government elections I think we have
yet to find a technology superior to simple paper ballots.

~~~
slapshot
> even children can understand how to count and monitor them

Except they have no error correction and admit ambiguity as to a voter's
intent. That's all great and theoretical, but the inability of some voters in
2000 in Florida to fully punch a paper ballot led to a recount that under some
scenarios would have led to President Al Gore rather than President George W.
Bush.

Maybe the occasional hanging chad is worth the other positive attributes of
paper, but don't write off all the advantages of an electronic system (error
correct, instant results, etc).

[https://en.wikipedia.org/wiki/United_States_presidential_ele...](https://en.wikipedia.org/wiki/United_States_presidential_election_in_Florida,_2000)

~~~
harry8
With the utmost respect, you can screw up anything. The florida voting paper
and damn hole punching was and remains utterly crazy. Obviously so to the
overwhelming majority of people in a way that anything electronic isn't and
will never be.

"This is really bad form design, look at this layout" \- she said pointing to
the piece of paper she was holding. Most people can assess the merit of that
argument, and in the case of Florida, have done so in a reasonable manner -
whatever their conclusion.

"This is a bad electronic system" \- 99% of people have to trust an authority
to even begin to form a view on that which makes disinformation and propaganda
of the usual kind, ie advertising and lobbying, more effective than it
deserves to be based on merit alone. Now that's fine for soda purchases but
not good enough to trust your democracy to.

------
rwallace
The push to e-voting actually surprises me - if it was just one country, I'd
write it off as just one of those things, but the fact that it keeps happening
in country after country. Generally speaking, most human behaviour can be
explained by assuming that people value status and power above all other
things. So you can expect those in power to try to keep that power.

But e-voting surely does the reverse: it throws open the playing field,
putting power up for grabs to whoever can hack the system, with no way to
predict who that will end up being. So why do those currently in power want
that to happen? (Not a rhetorical question: I'm actually curious about the
answer.)

~~~
rinon
Probably because politicians seem to think that these systems are perfectly
secure.

~~~
galago
I like how this can be read both ways. It could mean that the system is
'secure' in providing an accurate tally of voter intentions, or that it is
'secure' in assuring the desired outcome for whoever is in control. The latter
possibility makes more sense to me.

------
coldcode
Any e-voting system that is not entirely open for inspection is inherently
open to alteration. Of course if the intent is to allow the existing political
leadership to manipulate the results in their favor it is working as intended.

~~~
yummyfajitas
Any paper voting system that is not entirely open for inspection is inherently
open to alteration. Software systems are hardly unique in this respect.

[https://www.youtube.com/watch?v=sJfj9ySYg0Q](https://www.youtube.com/watch?v=sJfj9ySYg0Q)

~~~
danmaz74
The difference is that making paper voting systems entirely open for
inspection is inherently much easier than doing the same for an electronic
voting system. Especially for non-experts in engineering and cryptography,
that is, like, 99.9% of the population.

~~~
yummyfajitas
Apart from mass civilian surveillance combined with breaking in and entering
on a large scale, how do users inspect a paper system?

~~~
specialist
Observation works pretty good.

You can be a poll inspector, a poll judge, a poll observer, watch the central
count, attend the public certification hearings.

Different jurisdictions have different rules, so YMMV.

But the basic ideas are a) Australian ballot system b) verify the physical
chain of custody c) private voting, public counting.

Happy hunting.

------
rebootthesystem
Sad yet not surprising. Argentina, sadly, continues to devolve into a complete
joke of a country. I lived there for over ten years. I love the people and the
beauty of the country. However, Argentinians seem to suffer from a cancer that
causes them to be easily manipulated into voting the absolute worst
politicians into power. These politicians proceed to rape and pillage the
country and make a circus out of the whole thing. When you can watch this from
the outside and see it for what it is It is down-right sickening. You want to
yell: Wake the fuck up! Will they for the upcoming elections? If history is
any indication, no, they'll vote in the same pandering socialists criminals
who seem to always be able to convince the masses money will rain from the
sky. And nothing will change.

What's even worst is to see the parallels between what happens in Argentina
and the US political system only to see Americans fall prey to some of the
same sick politics and not see the reality of what politicians are doing to
us. That's another topic.

~~~
cag_ii
> ... manipulated into voting the absolute worst politicians ...

I've never really followed an Argentine election closely, but I'm curious is
they have options. In other words, Is there often a significantly better
political representative that is overlooked, or is it more of a "lesser of all
evils" situation?

~~~
rebootthesystem
The culture of crime and corruption in politics has such deep roots that it is
hard to answer your question. Not sure. I mean, people quite literally get
arrested, attacked, destroyed and even killed for opposing the powerful forces
at the top. It's a slow motion tragedy being played out for the world to see.

------
robertnealan
Has nobody created an open-source, non-tamperable e-voting platform yet (could
give the blockchain a solid purpose)? It seems like something that would make
for a great project - a voting system for the people by the people.

~~~
abecedarius
[http://zesty.ca/voting/](http://zesty.ca/voting/) was a nice start.

------
rm_-rf_slash
So is arresting people who charitably disclose vulnerabilities gonna be a
thing now? I find it hard to believe any society fifty years from now is going
to effectively function by shooting itself in the foot to prove how much blood
it doesn't need.

~~~
iwwr
This is not a unique thing for that country and current government. It's
illegal to challenge the validity of government-provided statistics and even
the "Big Mac Index" is manipulated by forcing McD to sell something called
"Big Mac" at a lower price. Basically, the IMF and other institutions were
using unofficial data to make their estimates since the official data was so
obviously bogus. The government responded by cracking down on those reporting
the unofficial data. (As an aside, Argentina is also selling inflation-
adjusted bonds, so it kind of makes sense to promote large underestimations of
that number).

So when the government put forward a voting machine, it became illegal to
question the validity of its workings.

~~~
bernawil
There're some big oversimplifications there.

1\. It's not illegal to "challenge" goverment statistics, everybody does it:
private agencies do it, provincial goverments challenge the federeal
goverment's stats, etc. Some official said some time ago they'd prosecute some
agencies that provided statistics but nothing happend.

2\. Goverment kind of "forced" (and not really directly) many companies to
leave the price of some products fixed amidst inflation and devaluation, so
Big Mc were pretty cheap for a while (that's been over since like 1.5 years).

3\. The goverment didn't really crack private agencies from reporting data,
they kind of tried and the courts didn't follow. There are lots of agencies
reporting inflantion, just check it up.

4\. Yes, they fixed the inflation data to fix the inflation-tied bonds (look
for "cupon pbi"). But argentina isn't "selling those bonds". Those bonds where
issued to funds after the 2002 default, it's a little messy but most funds
like these have been nationalized by now, the only people who trade those
bonds now are high risk gamblers.

------
gosukiwi
Beeing from Argentina, this sadly does not surprise me.

------
higherpurpose
We're at least decades away from making secure digital voting (if something
like that is _ever_ going to be possible). I also believe it will be somehow
based on blockchain technology that can't be easily altered to fraud the
votes. We mainly need to do authentication in a secure way that can't be
spoofed or hacked (easily).

------
quibit
So they put a paper ballot with an RFID chip inside into a machine which then
puts your vote into the chip, then you drop the ballot into a box? How is this
any different from a regular paper ballot?

~~~
de_Selby
I guess it would be easier to automate the counting. Still seems an odd
solution though.

~~~
demian
And even that's not happening.

The machine also prints the vote on the ballot, and because of the known bugs
in the system people are still counting them by hand.

~~~
rtpg
I don't get it. How are we unable to make a reliable mechanism to increment
numbers and then print the result at the end?!

~~~
demian
A known bug is that the counting machines doesn't validate the number of votes
per ballot, so you can cast multiple votes by rewriting the RFID chip with a
NFC enabled phone.

And even if they address that particular bug, because of the inherent nature
of the political process, parties' representatives will always want to count
the ballots by hand to prevent fraud.

EDIT: As of this moment there is no way an argentine political party would
accept black-boxing an election.

------
pvdebbe
I'm just thinking, this e-voting fad will make it really easy for the modern-
time hitlers and stalins.

~~~
halviti
e-voting does not necessarily mean "100% digital"

it's a relatively trivial matter to use a printer attached to a voting machine
to create a paper-trail.

even something like "choose your candidate, get a receipt, verify it yourself,
and put it in the box"

the election results would be instantaneous, and the paper trail would still
exist for irregularities.

~~~
pvdebbe
Agreed -- when done right, it's very secure.

But pretty much all the software suffers from shortcuts one after another,
ridden with bugs and backdoors. Someone will most certainly get to exploit the
state of affairs before these systems are solid enough for good.

------
mahouse
As anything the EFF writes, this article is heavily biased. There is a huge
difference between "technologists fixing a voting system" and "technologists
irresponsibly leaking the source code and private certs of a voting system"

~~~
wslh
That's true but the local government and the company were terrible in how they
handled the issues. Even the University of Buenos Aires who did the security
review couldn't find basic issues.

~~~
llazzaro
UBA did not review the security. however the security issues were so obvious
that it seems strange that they say nothing

~~~
flebron
Unfortunately they did. You can see the request for review here[1], and the
actual review here[2]. I know the guy who actually did it (Righetti), he sent
an email to the department a few days ago. The quality of that review was
absolutely terrible.

[1]
[https://www.eleccionesciudad.gob.ar/uploads/resoluciones/ade...](https://www.eleccionesciudad.gob.ar/uploads/resoluciones/adenda%20OAT.pdf)

[2]
[https://www.eleccionesciudad.gob.ar/uploads/OAT%20n%203-15-0...](https://www.eleccionesciudad.gob.ar/uploads/OAT%20n%203-15-06012015204749.pdf)

~~~
Fargren
I know the professor who did the review. He sent a mail explaining what
actually happened, as opposed to what is shown by the mayor's website. The
actual report will not be finished until August, so whatever you are seeing is
_not_ the complete report. What you are seeing is a preliminary result
concerning a specific part of the system.

Unfortunately, even after the actual report si finished, the university will
not have permission to make it public. So we may never see the real results.

~~~
flebron
The report is signed by him, so it's safe to say that report is an accurate
recollection of what happened according to him.

Having a report on the security of a system be issued months _after_ it is
used is completely stupid. This is not simply his fault, it's the entire
arrangement which is stupid.

The report shows that Righetti had access to the source code. Unless you are
trying to say that he did not have access to the files in which _actual_
security vulnerabilities were found, or that the source code he was given was
_different_ from the source code which was leaked, which contained egregious
vulnerabilities.

Keep in mind he pockets hundreds of thousands of dollars in this arrangement.
That's the part that adds insult to injury. Further, he does not teach
information security or anything similar at university (he teaches
networking), when there _are_ people teaching such things at UBA (FCEyN), who
would have been better suited for the task.

