On 6/22/23, Douglas Lucas <dal@riseup.net> wrote:
Replying to two points form Karl.
First, Karl writes: "Given we have seen chip manufacturers placing hidden hardware backdoors in common microcontrollers, it seems like the use of almost any voting machine would severely undermine the intent of democracy, unless the contents are presented for full public review."
Just to clarify a factual matter. The breach of the Coffee County elections building consisted of multiple intrusions in Jan 2021, each performed by a different operative or operatives. The very first intrusion, on January 7, 2021, involved (among others) four employees of Atlanta-based cyber forensics firm Sullivan Strickler. I confirmed with computer security expert for the plaintiffs Kevin Skoglund that THAT team -- I'm unsure about the later operatives -- did NOT copy any firmware from the voting computers. Seems to me ALL the operatives were
I infer this seems pretty likely to be the case. Of course it is very very hard for anybody to know for certain, but much easier if they were physically present.
moreso after operating systems, software, higher-level code, but I've only confirmed that for SullivanStrickler and their Jan 7 2021 intrusion.
Second, Karl writes: "The cryptographic software communities have developed working examples of transparent voting protocols for decades now, in the hopes of these things being adopted by governments."
I would appreciate any hyperlinks to these communities. I think the source code for any voting computers -- say, robustly audited optical scanners processing handmarked paper ballots -- needs to be free/open software, fully available to public inspection, always. How to get from where we are now, to there, is a difficult question.
Yes. A reference that often comes up for me is how an emissions security researcher was able to delay the use of voting machines by demonstrating a van eck phreaking attack (which still usually work) to a decision-maker (maybe a mayor?). This was roughly the primary information on van eck phreaking attacks after the fact. Citations at https://en.wikipedia.org/wiki/Van_Eck_phreaking#Potential_risks . I'm sorry that after all these years it's no longer easy for me to recall who the worldwide cypherpunk communities were that stlil today make all these cryptographic voting systems, but here are some links I'll try to find. If you can reach other people they will know much more than me and much more accurately, my mind is jello nowadays. After writing the few links below I might guess you might get the clearest and most direct return if you asked people from gnunet about this. - https://en.wikipedia.org/wiki/End-to-end_auditable_voting_systems - https://www.metzdowd.com/mailman/listinfo/cryptography (but the p2p,decentralization,anonymity people, not the pro-centralization voices that chime in quickly) - here's a publication from https://gnunet.org/ on cryptographic voting: https://git.gnunet.org/bibliography.git/plain/docs/ba_dold_voting_24aug2014.... . gnunet is kind of the main center arm of free community peer-to-peer software after napster, and has a small community of academics and free software hackers. - google tells me it estimates there are 142,000 papers on "decentralized electronic voting" https://scholar.google.com/scholar?q=decentralized+electronic+voting . that's the kind that's community-controlled rather than government-controlled. it looks like most of the recent ones might be blockchain clutter where often more dollars equals more votes, but not always. - you can often find things like this in publicly-viewable-gated-communities on secure scuttlebutt if you walk the social graph enough, sometimes need to configure your client to download very old messages. nowadays it takes some learning about the different scuttlebutt protocols to get connected depending on what client you have. - people also hang out on librechat , i suspect there are dedicated matrix spaces for some of this stuff, but also on secure p2p communication channels that I'm afraid i haven't frequented for so many years that different ones are popular nowadays. [I am not a cryptographer, but to me it seems the biggest issue is cryptographic proof of being an individual citizen, which to me seems most easily solved with something akin to an rsa card, since so many people have chip cards now anyway, but can be done in any way people are comfortable with, and likely has modern solutions developable that meet any given combination of concerns. controversy around this issue may be why digital activists did not make more progress on provable digital voting.]
Doug