Re: cypherpunks Digest, Vol 120, Issue 160
Replying to two points form Karl. First, Karl writes: "Given we have seen chip manufacturers placing hidden hardware backdoors in common microcontrollers, it seems like the use of almost any voting machine would severely undermine the intent of democracy, unless the contents are presented for full public review." Just to clarify a factual matter. The breach of the Coffee County elections building consisted of multiple intrusions in Jan 2021, each performed by a different operative or operatives. The very first intrusion, on January 7, 2021, involved (among others) four employees of Atlanta-based cyber forensics firm Sullivan Strickler. I confirmed with computer security expert for the plaintiffs Kevin Skoglund that THAT team -- I'm unsure about the later operatives -- did NOT copy any firmware from the voting computers. Seems to me ALL the operatives were moreso after operating systems, software, higher-level code, but I've only confirmed that for SullivanStrickler and their Jan 7 2021 intrusion. Second, Karl writes: "The cryptographic software communities have developed working examples of transparent voting protocols for decades now, in the hopes of these things being adopted by governments." I would appreciate any hyperlinks to these communities. I think the source code for any voting computers -- say, robustly audited optical scanners processing handmarked paper ballots -- needs to be free/open software, fully available to public inspection, always. How to get from where we are now, to there, is a difficult question. Doug
Date: Thu, 22 Jun 2023 14:54:46 -0400 From: "Undescribed Horrific Abuse, One Victim & Survivor of Many" <gmkarl@gmail.com> Cc: Cypherpunks <cypherpunks@lists.cpunks.org> Subject: Re: New by me at BradBlog/BradCast: Elections breach cover-up in rural town with national implications Message-ID: <CALL-=e6RefaD6mEfVqkVM2jtPmxEonQs8KRb6DLeS-eFeO4oDg@mail.gmail.com> Content-Type: text/plain; charset="UTF-8"
My attempt at my conventional thoughts and opinions:
- Given we have seen chip manufacturers placing hidden hardware backdoors in common microcontrollers, it seems like the use of almost any voting machine would severely undermine the intent of democracy, unless the contents are presented for full public review.
- The cryptographic software communities have developed working examples of transparent voting protocols for decades now, in the hopes of these things being adopted by governments. These are some of the same groups that have struggled as politics have heaved.
[sorry, i had a couple more items but I've forgotten them. i've only read a little bit of the article, it's intense, it's great to see]
It's notable that there are a number of different severely important things here. Many different important and dangerous topics are involved here at once. This can make it hard to integrate the material and possibly easier for partisan influences to change the story.
On 6/22/23, Douglas Lucas <dal@riseup.net> wrote:
Replying to two points form Karl.
First, Karl writes: "Given we have seen chip manufacturers placing hidden hardware backdoors in common microcontrollers, it seems like the use of almost any voting machine would severely undermine the intent of democracy, unless the contents are presented for full public review."
Just to clarify a factual matter. The breach of the Coffee County elections building consisted of multiple intrusions in Jan 2021, each performed by a different operative or operatives. The very first intrusion, on January 7, 2021, involved (among others) four employees of Atlanta-based cyber forensics firm Sullivan Strickler. I confirmed with computer security expert for the plaintiffs Kevin Skoglund that THAT team -- I'm unsure about the later operatives -- did NOT copy any firmware from the voting computers. Seems to me ALL the operatives were
I infer this seems pretty likely to be the case. Of course it is very very hard for anybody to know for certain, but much easier if they were physically present.
moreso after operating systems, software, higher-level code, but I've only confirmed that for SullivanStrickler and their Jan 7 2021 intrusion.
Second, Karl writes: "The cryptographic software communities have developed working examples of transparent voting protocols for decades now, in the hopes of these things being adopted by governments."
I would appreciate any hyperlinks to these communities. I think the source code for any voting computers -- say, robustly audited optical scanners processing handmarked paper ballots -- needs to be free/open software, fully available to public inspection, always. How to get from where we are now, to there, is a difficult question.
Yes. A reference that often comes up for me is how an emissions security researcher was able to delay the use of voting machines by demonstrating a van eck phreaking attack (which still usually work) to a decision-maker (maybe a mayor?). This was roughly the primary information on van eck phreaking attacks after the fact. Citations at https://en.wikipedia.org/wiki/Van_Eck_phreaking#Potential_risks . I'm sorry that after all these years it's no longer easy for me to recall who the worldwide cypherpunk communities were that stlil today make all these cryptographic voting systems, but here are some links I'll try to find. If you can reach other people they will know much more than me and much more accurately, my mind is jello nowadays. After writing the few links below I might guess you might get the clearest and most direct return if you asked people from gnunet about this. - https://en.wikipedia.org/wiki/End-to-end_auditable_voting_systems - https://www.metzdowd.com/mailman/listinfo/cryptography (but the p2p,decentralization,anonymity people, not the pro-centralization voices that chime in quickly) - here's a publication from https://gnunet.org/ on cryptographic voting: https://git.gnunet.org/bibliography.git/plain/docs/ba_dold_voting_24aug2014.... . gnunet is kind of the main center arm of free community peer-to-peer software after napster, and has a small community of academics and free software hackers. - google tells me it estimates there are 142,000 papers on "decentralized electronic voting" https://scholar.google.com/scholar?q=decentralized+electronic+voting . that's the kind that's community-controlled rather than government-controlled. it looks like most of the recent ones might be blockchain clutter where often more dollars equals more votes, but not always. - you can often find things like this in publicly-viewable-gated-communities on secure scuttlebutt if you walk the social graph enough, sometimes need to configure your client to download very old messages. nowadays it takes some learning about the different scuttlebutt protocols to get connected depending on what client you have. - people also hang out on librechat , i suspect there are dedicated matrix spaces for some of this stuff, but also on secure p2p communication channels that I'm afraid i haven't frequented for so many years that different ones are popular nowadays. [I am not a cryptographer, but to me it seems the biggest issue is cryptographic proof of being an individual citizen, which to me seems most easily solved with something akin to an rsa card, since so many people have chip cards now anyway, but can be done in any way people are comfortable with, and likely has modern solutions developable that meet any given combination of concerns. controversy around this issue may be why digital activists did not make more progress on provable digital voting.]
Doug
grarpamp, Steven, anybody else, do you guys know where to find the state of community research, work, or activism on voting protocols or designs that could be used in a voting machine or for digital voting that respects citizens?
Second, Karl writes: "The cryptographic software communities have developed working examples of transparent voting protocols for decades now, in the hopes of these things being adopted by governments."
I would appreciate any hyperlinks to these communities. I think the source code for any voting computers -- say, robustly audited optical scanners processing handmarked paper ballots -- needs to be free/open software, fully available to public inspection, always. How to get from where we are now, to there, is a difficult question.
participants (3)
-
Douglas Lucas
-
Karl Semich
-
Undescribed Horrific Abuse, One Victim & Survivor of Many