back to article Worried about election hacking? There's a technology fix – Helios

Election hacking is much in the news of late and there are fears that the Russians/rogue lefties/Bavarian illuminati et al are capable of falsifying results. For example, voters in the state of Georgia's sixth district are going to the polls on Tuesday for a close-fought election, and serious doubts have been raised about the …

Silver badge
Joke

No! No! No!

You CAN'T use this system, ever! It uses ENCRYPTION, which is BAD 'cause TERRORISTS!

Blah blah unsupervised safe space blah blah you'll all die blah blah keeping you safe blah blah.

29
0

Re: No! No! No!

Actually the reason it can't be used is because a whole bunch of people with government connections won't be able to make tons of money off it they way they can off closed-source software.

22
0
Silver badge

Re: No! No! No!

Exactly Gnosis.

0
0
Silver badge

"Because you can"

Whine as you like about paper ballots being slow to count (apparently the only reason ever given to replace them) but they're still pretty difficult to hack (in countries inclined to be law abiding), and have the advantage that you can do a recount as many times as needed.

I don't see any really good reason to abandon paper and pencil in the voting booth. If candidates and TV networks are forced to wait for results it seems like a very small price to pay for a trustworthy election.

This seems like yet another example of a high tech solution to a problem that doesn't exist.

45
1

Re: "Because you can"

paper ballots marked with crayons pencil are definitely the way to go . . . at least for now.

how long have some of the i-bet-you-can't-hack-it challenges lasted when crowds get to sourcing solutions . . . hours? . . . minutes? . . . without a physical (non-electronic) record of each and every vote there's just too much room for shenanigans.

perhaps someday in the (far!) future when humankind has grown up, we can try electronic voting . . . until that day: trust no one!

[ paper isn't perfect but at least there are no dangly chads ]

12
0
Silver badge

Re: "Because you can"

Then how so you guard against bribes and Kansas City Shuffles?

5
1
Silver badge

Re: "Because you can"

The issue US has with paper voting systems is direct democracy prevalent in several states - f.e. California. They sometimes end up with 20 + items to vote for on election day.

Adding "yet another proposition" to a paper ballot is not cheap.

4
3
Silver badge

Re: "Because you can"

@Volands right hand

Adding "yet another proposition" to a paper ballot is not cheap.

Democracy ain't cheap...but it's a lot cheaper than the alternatives!

22
0
Silver badge

Re: "Because you can"

"Whine as you like about paper ballots being slow to count "

Actually in Germany we have paper ballots, they are counted by volunteers. Polling stations close at 18:00, and most polling places finish counting at about 18:30-19:00. In time for the 20:00 news there's already a "preliminary official end result".

15
0
Silver badge

Same in France and nobody is complaining about count time.

Might be time to review the voting system in the US and simplify things a bit ? Besides, I find it quite curious that the "popular vote" counts for everything except the election of the President. That is something that should be corrected right there.

10
0
Silver badge

@Voland Re: "Because you can"

Huh?

On election day, you have more than 20+ items.

Depending on the year, you could have POTUS, then State Senators, Reps.

Inside the state, you have various offices, Governor down to local judges, aldermen (councilmen) before you get to referendums and at the end non-binding referendums. (Things you can vote on that don't directly go into a law, but give an indication of what you favor. )

1
0

Re: "Because you can"

> Adding "yet another proposition" to a paper ballot is not cheap. <

You don't have to have just one sheet of paper, and you don't have to have all the elections and referendums taking place on the same day. Here in the UK we seem to manage local and national and EU elections pretty well with paper ballots - and referendums too, although we struggle to ask the right questions with those. Sometimes there's just one paper, possibly with a single question on it, and sometimes the ballot has a long list of names on it; sometimes we've even managed to have some of the papers for 'first past the post' elections and others for some form of 'PR' - on the same day. Paper is very flexible, and so are human counters.

7
1
Anonymous Coward

Re: @Voland "Because you can"

I'll apologize in advance for going off topic and getting ranty. Anything Government, voting or Economic drives me crazy, but I can't resist :)

In New Brunswick, Canada you are given a paper ballot inside a cardboard shield with the top of the ballot slightly protruding from the shield, you pull out the ballot, mark your choices, put the ballot back in the shield, take it to a vote counting machine slide the protruding end of the ballot into the voting machine which then reads your votes and stores the ballot.

So, what you have is an easily verifiable vote count and a count that is very fast. Is this possibly the best of both worlds?

Now, if we had proportional representation and if Governments hadn't sold themselves to Corporations we might have a functional Governmental system. This problem is the same Federally. PM Justin Trudeau is dropping campaign promises as fast as he made them.

http://www.torontosun.com/2017/03/25/10-key-promises-trudeau-has-broken-since-becoming-pm

(I know there are more comprehensive lists, but I couldn't find them quickly.)

I've read that we can't blame job loses on Globalization. I think that is largely or, at least, partly untrue and if Global Corporations had to pay taxes from where they got money and if, for instance, resource, energy and ISPs/phone companies where their resources are basically fixed to a location could not outsource and if taxation was closer to that of the early 1970s we could have a functional Government with functional health care, education...etc etc

So, people will say that would make these companies unprofitable. Well, then have they corrupted themselves into a corner? Many of the above are essential services, so if they can't be profitable then maybe the government does need to step in and take over these essential services.

Makes me wonder what people in the "Developed" World will do as it becomes less developed. Where will, really, livable incomes come from? How will people people who are, increasingly working in non-permanent jobs get loans to buy houses and cars? I guess for now we can continue to allow wealthy foreigners to buy up properties, but will they continue to want to as our economy and health care collapse?

5
1
Silver badge

Re: "Because you can"

There have been relatively well known ways to put a thumb on the scale in a paper ballot election for at least, I would guess, 150 years. Most of them are not difficult for a moderately skilled illusionist to execute, or for another to detect while being executed. That said, optical machine counting evades nearly all of them, although at a cost of a statistically knowable rate of read errors due to such things as smudges and dirt in the equipment.

The key thing that paper ballots have on their side is that the process for using and counting them is quite transparent and understandable by people of very modest technical skills, something that is untrue of touch screen voting machines (with or without a paper log) or even punch card ballots or the much earlier mechanical lever and wheel machines. It certainly is not true of encryption based gimmickry like the Helios system, which requires the voters and election administrators alike to accept on faith what might as well be magic.

6
2

Re: "Because you can"

Perhaps need to add "yet another proposition" to ballots at the last moment would appear less often if they were made with less haste and more thinking through to begin with?

Can "WE MUST HAVE A VOTE ON IT RIGHT NOW" possibly be an actual problem more often than an attempt to push something right now because in another week more facts may become public and the campaign will go belly up?

1
0

Re: "Because you can"

>Actually in Germany we have paper ballots, they are counted by volunteers. Polling stations close at 18:00, and most polling places finish counting at about 18:30-19:00. In time for the 20:00 news there's already a "preliminary official end result".<

Do you have a relatively small number of polling stations in Germany that people have to travel to? Or are they counted in the polling station itself? In a typical constituency of the UK it would take more time than that just to get the ballot boxes from the individual stations to the counting location.

1
0

Re: @Voland "Because you can"

>On election day, you have more than 20+ items.<

I think we're talking mainly about UK elections, which aren't done in such a confusing way as in the US. You just have one sheet of paper (maybe 2 if there's both a local and general election on the same day) and you mark an 'X' next to your preferred candidate's name.

0
0
Bronze badge

Re: "Because you can"

Newcastle central and sunderland south would tend to disagree, polls close at 22:00 count done and declared at 23:02 and 23:08

1
0

Re: @Voland "Because you can"

"In New Brunswick, Canada you are given a paper ballot inside a cardboard shield with the top of the ballot slightly protruding from the shield, you pull out the ballot, mark your choices, put the ballot back in the shield, take it to a vote counting machine slide the protruding end of the ballot into the voting machine which then reads your votes and stores the ballot."

We do the same here in Michigan. I've been voting in Michigan since the 1996 election and an optically scanned ballot is what I've always used here.

1
0

Re: @Voland "Because you can"

"In New Brunswick, Canada you are given a paper ballot inside a cardboard shield with the top of the ballot slightly protruding from the shield, you pull out the ballot, mark your choices, put the ballot back in the shield, take it to a vote counting machine slide the protruding end of the ballot into the voting machine which then reads your votes and stores the ballot."

"We do the same here in Michigan. I've been voting in Michigan since the 1996 election and an optically scanned ballot is what I've always used here."

Netflix has a documentary "Hacking Democracy". It details how easily the Optiscan (optical scanner of paper ballots) can be undetectably hacked. It is frightening.

1
0
Anonymous Coward

Re: @Voland "Because you can"

@ Sherrie Ludwig

I haven't seen that. I definitely will though. Thanks. :)

0
0

>the voter is given a tracking number to keep. That number can be checked against an election tally system to ensure that the vote was cast as specified

Issue right there.

10
1
Silver badge

My exact thought

This is hardly something that can be called anonymous voting.

6
0
Anonymous Coward

Re: My exact thought

Look on the Bright side.

Computerised voting will save the authorities time, money and effort when they come to record who you voted for on their Central Database of potential future troublemakers.

Then they can disregard your vote and rig the system to ensure that one of their own is 'Elected'.

7
0
Silver badge

Re: My exact thought

@Voland

This is hardly something that can be called anonymous voting.

But then neither is the present UK system, technically. The voter number and ballot paper number are recorded on a list. In practice this is only used to provide a sort of audit of papers issued, but in a close election can be used to remove fraudulent ballots.

But it could also be used to track down the 52% for punishment...

Paper is the way to go. It provides a solid and safe audit trail, and with the supervision at all stages it's very, very hard to fix (except for the postal bit - and they're working on that). Security is tight, sealed boxes etc, and (many years ago now) when I worked a couple of times as a polling supervisor, once the polls closed and the records were written up, I had a police escort to the counting centre to hand the box to the returning officer. And the count is then overseen by representatives of the candidates. In fact, back then (late seventies in Scotland) we had a plod in the polling station all day. On overtime for 15 hours!

One odd feature of the system that I suspect most people aren't aware of...

One election the Liberal candidate brought a sweet little old lady in to vote. Asked her her number/address and checked the roll - it had already been crossed off! Oh bum! But then checked the pile of cards and found her card. So either someone had already voted for her, or she'd voted already. Checked the procedures and issued her with a PINK ballot paper. If it's close then the original paper can be removed and replaced with the pink one. We asked her if she'd already voted, and she said no, not recently - but she had voted last month (previous election was a year before!)

8
0
Silver badge

Nope, please see the presentation. The secrecy of the vote is preserved, the key here is homomorphic encryption - your vote is encrypted before count, and you get the keep the encrypted copy. There is also small FAQ here. Perhaps jump the the last point right away - as explained, this is not a system of election which is appropriate for public office elections, because it is online-only.

On the other and, cryptographically very similar (but in-person rather than online) STAR-vote system does seem very appropriate.

5
3
Anonymous Coward

The secrecy of the vote is preserved, the key here is homomorphic encryption ...

It is a logical impossibility to have a voting system where a vote is both truly secret and verifiable - you have to choose one or another, and no amount of algoritnmic pixie dust can change this. For example, the system described in the article removes the voters' ability to lie about how they voted - something which is crucial to a truly free election. This opens all kinds of possibilities for voter coercion and vote selling. Knowing that your choice is potentially verifiable at a latter time also affects how people vote even in the absence of overt coercion.

5
1
Anonymous Coward

Re: My exact thought

"This is hardly something that can be called anonymous voting."

UK voters may notice that the ballot paper has a unique number on it, and the person handing them out in the polling station writes down your electoral registration number on a list of other numbers. That makes me uncomfortable every time I vote. It seems an easy way for votes to be connected to individuals. Perhaps someone more observant (or knowledgeable) could confirm whether my suspicions are correct or I'm being unnecessarily paranoid.

2
0
Anonymous Coward

Re: My exact thought

You are being necessarily paranoid. There is almost no such thing as too paranoid* when it comes to ensuring our elections are carried out in a safe and secret manner.

*Voting in pen because MI5 might rub out your pencil vote is definitively too paranoid.

Every ballot paper has an identification number. That number is recorded against your details when the paper is issued to you by the staff at the polling station. Therefore British ballots are definitively not secret.

The papers and the register of who received which paper are turned over to the custody of the Lord Chancellor (in practise they end up stored in a government warehouse somewhere) so that should any accusations of voting fraud arise they can be resolved. This obviously represents a risk of abuse, and as such the records can only be accessed by order of the High Court or by Act of Parliament.

The papers are destroyed one year and one day from the date of the election.

This is a pretty high bar, so as designed the system is probably a fair balance between securing the absolute privacy of your vote and the need to guard against potential fraud or error. However we don't spend nearly enough time looking at what practical safeguards are in place (i.e. in terms of physical security of the papers themselves or the assurance of their destruction), and certainly in the 70s and 80s rumours were rampant that the Security Service would trawl the records to compile lists of Communists and other such enemies of the state.

Unfortunately instead the government of the day is concerned with imposing voter ID restrictions on in-person voting, and making it more difficult than ever to register to vote. Thankfully the government of the day is a lame duck, so they won't actually be able to do any of that.

3
0
Silver badge

Re: My exact thought

According to the Helios claims, the system ensures anonymity. The documentation is a bit sketchier than a set of Linux man pages, but I suppose one with suitable skills might go through the source code to see how it is done and, perhaps, whether the code is as bulletproof as it needs to be.

0
1
Silver badge

Re: My exact thought

In the US State of Ohio, when I was involved with precinct level election management, the ballot number was recorded before the ballot was given to the voter, and the strip with the ballot number was removed when the voter returned the ballot, and the ballot, without identifying marks, was put in the ballot box (later, fed into the locked and sealed counting machine). This ensured anonymity to a high degree of certainty.

0
0
Silver badge

That number can be checked against an election tally system to ensure that the vote was cast as specified.

This is more down a to a poor explanation of the system than a risk within Helios itself.

The Python Software Foundation recently switched to Helios. I don't think it's perfect as a system but it goes further to dealing with the potential issues than any other system I've seen.

I'm a huge fan of paper-based systems for national elections but I think that the Estonians have raised several credible reasons for some potential problems.

As for the US: fraud and system failure would be less of a worry if more people could be bothered to vote in the first place. Turnout at elections in the US is routinely abysmal.

0
0
Silver badge

Re: My exact thought

It's not "an easy way" to find out how somebody voted. Do *you* want to sort through 55,000 pieces of paper looking the *one* piece of paper with the serial number on it that you are searching for? And that's after getting a court order from an Election Court to allow you to even get your mits on the 55,000 pieces of paper.

0
0
Bronze badge

One issue: what happens if gov't X politely asks you for the tracking number? Offering of course to feed and house you indefinitely in a domicile of their choice should you pretend to forget it. Not as far-fetched as one might imagine.

0
0
Bronze badge

Although the opposite (contrapositive?) is interesting too. If legislation protected your tracking number, could you use it to encrypt your documents and thus evade the long arm of anti-terrorism (or whatever they're saying it is this week) laws? "No, occifer, I regret that I am unable to give you my mobile phone password because it is the same as my recent election tracking number, which may not be divulged under S.382 (2018)." - or something like that. Faint hope, I suppose.

0
0
Gold badge
Unhappy

One of the applications of public key encryption systems is verifying who you are

So if the "document" is a voting form and signed with your private key.

Of course that would mean everyone would have to have a public key pair and they might start emailing stuff that could not be broken without a court order.

And we've seen how much governments feel constrained by due process.

1
0
Anonymous Coward

Re: One of the applications of public key encryption systems is verifying who you are

It's possible to have multi-key systems, where stuff encrypted by one can be decrypted by either.

Which makes government issued public/private key pairs, or software for generating them for the public, completely unworkable.

1
0
Silver badge

No need for something needlessly complex like Helios

Just use paper ballots, or use electronic machines that print paper ballots that the voter can double check before turning in. You can scan the paper ballots or use the electronic records, doesn't matter. What is important is that you choose a few percent of precincts at random for a mandatory hand count, and if there is an error more than a very small acceptable threshold a full state recount is ordered.

Besides, having a way for a voter to prove they have voted means that parties, churches, bosses and other "interested" parties can pressure voters to prove that they voted. Imagine a local party organization publishing a list of 'naughty republicans' or 'naughty democrats' who failed to vote after a close election was lost? You think the naughty democrats wouldn't get a lot of crap from fellow democrats in one of the three states where Clinton lost by a small margin and cost her the election? Imagine the pressure fellow churchgoers would put on those evangelicals who failed to turn up at the polls to support the anti-abortion candidates? People should not be able to prove they've voted, because others will demand the proof, and no good can come of it. We have a right to vote for who we want to, but also need to keep the right to NOT vote if we so choose.

10
2

Re: No need for something needlessly complex like Helios

In Australia we have compulsory voting. I guess this would really annoy you.

But the thing is, since you cant know how I voted, it still is anonymous. You can leave your paper blank. You can draw a pretty picture on it, or other less polite ways of performing an invalid vote.

In India they actually have electronic voting at polling stations if memory serves. With a clever distributed, non-online cheap, anonymous mechanism. In many countries where for example the UN is present supervising a vote, marking ink eg on right thumb, is used to show a person has voted to stop multiple voting.

So in the system described, I can see my vote has not been changed, but I cant be forced to show someone how I voted. Which I agree with you that is a fundamental necessity.

3
0
Silver badge

Re: No need for something needlessly complex like Helios

I don't understand the logic of compulsory voting. Why should you force people who don't care about an election to make a choice?

If I was forced to vote in a local school board election, which I don't give a damn about, I might just pick someone at random or vote for/against someone who has the same last name as someone I know (depending on whether I like them or not) or do some other stupid thing that adds unnecessary noise to the result. Let the people who care enough to show up make the choice, and don't waste the time of those who don't.

4
0
Anonymous Coward

Re: No need for something needlessly complex like Helios

"I don't understand the logic of compulsory voting. Why should you force people who don't care about an election to make a choice?"

Because otherwise there's the possibility of less than a majority of the total electorate determining a stupid result. Astute readers may be able to think of a couple of recent examples.

6
0
Gold badge
Unhappy

"Besides, having a way for a voter to prove they have voted "

Or perhaps it's time to repeal the fact that you have to express a preference for voting when you register to vote?

Actually the suggestion was not to prove you'd voted.

It was to verify that a vote could be identified back to a real person, if necessary.

0
0
Silver badge

Re: "Besides, having a way for a voter to prove they have voted "

In the US nobody has to express a preference when registering unless they want to vote in a partisan primary election. In that case, they have to indicate a preference for a political party and, in some places to attest that they voted for more of that party than of others in a prior election if they were not previously registered to that party. And there is, of course, no requirement that the expressed preference be truthful, which in some states has led to gaming of a sort that is easily imagined.

0
0
Silver badge

@AC "possibility of less than a majority of the electorate determining a stupid result"

So you'd prefer to force people who don't care about the election to cast a vote, thus increasing the chance of a stupid result? Yeah, that makes sense...

1
0
Anonymous Coward

Re: @AC "possibility of less than a majority of the electorate determining a stupid result"

I wasn't claiming that forcing everyone to vote would prevent a stupid result. It would mean that the result, stupid or otherwise, was valid democratically.

0
0

Re: No need for something needlessly complex like Helios

on the flip side, we *encourage* people to vote who don't care enough about issues to do any research or even, after decades, bother to get even basic ID (or so they claim to avoid any sort of election fraud prevention).

If knowing ID is needed for voting and 20 or 30 years later you still couldn't stop off once for a free ID, then is letting that person vote better than forcing everyone who DOES have ID to vote?

0
0
Anonymous Coward

you can keep this system

... the Helios system allowed the voting team to check the levels of votes by different years of students (freshmen, juniors, etc), and saw that while voting rates among other years had spiked after the email had been sent out, this wasn't true for sophomore students.

Realistically, the only way to collect this, and other demographic data is to associate each ballot with a student ID or its hash. This can be done either by explicitly asking for it (and this is likely the method used, since the rest of the article does mention that each vote is associated with a unique verification code), or by asking enough "innocent" demographic questions to uniquelly identify the voter.

Presumably the front-end of the electoral database will include some safeguards on directly quering the votes based on voter's ID, but ultimately the data is collected, stored, and available to anyone with the skill to directly perform an SQL query. At worst, one might need to build a rainbow table of the ID numbers; for any plausible number of voters, up to and including the entire population of Earth, this is a trivial task.

I am sorry, but this system is no better than an "election" by an open show of hands at a town-hall meeting: a candidate most capable of threatening and cajoling the voters will always win. I am a very conscientious voter, and I have voted in every single election I was eligible to cast a ballot in for the past 20 years. However, I will never, ever take part in an "election" which so blatantly abandons the principle of a secret ballot.

2
0
Anonymous Coward

Look citizens you all keep voting wrong so we need to move to electronic voting so you all vote correctly.

Kind Regards,

The Establishment.

P.S. We still have a good chortle over our foie gras that you think you live in a democracy when in reality no matter who you vote for they are equally our stooges after we have finished funding them.

7
0
Silver badge

No, elections don't work this way

The big problem is that only very few people will understand that protocol. An average person will not be able to check an election.

It doesn't matter how easy it is to fake an election, as long as people, without any kind of special training or abilities, are able to understand that system enough to check for all possible kinds of fraud. With a pen and paper system that is easy. At the start of the election you look into the ballot box to check that it's empty. Then you check that everyone entering the polling station will be crossed out from the list, and only throw one ballot into the box. Then at the end, you count all the ballots and check if they are the same as crossed out names on the list. If everything matches up, you can be sure nobody did ballot stuffing. Then you manually count them (or watch the people doing it) and make sure those numbers match up with the others.

Then you compare the numbers to the ones published on the election website or in the newspaper.

Seriously all of those steps can be done by someone who doesn't have any kind of special knowledge. Any anybody can come up with those points when they only think hard enough.

You can only have trust in a system you can understand, and elections are all about trust.

9
0
Silver badge

Re: No, elections don't work this way

That still doesn't help against ballot swapping, where the boxes or contents are switched out via a Kansas City Shuffle and the switched contents also have the same number of ballots.

What man can make, man can also usually subvert.

3
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017