[liberationtech] Looking for collaborators for free-range voting project at Knight News Challenge:

Rich Kulawiec rsk at gsp.org
Tue Feb 26 04:35:22 PST 2013


It won't work.  Until the bot/zombie is solved, online voting is
a non-starter, since any election worthy of being stolen can be.
It doesn't matter what you do on the server side: you can construct as
elaborate and clever and secure an infrastructure as you wish...because
on the client side, there is no way to ensure that what the user sees
is what's actually happening.  (After all: it's not *their* computer
any more.  Its new owners can, if they wish, cause a vote for candidate
A to be sent as a vote for candidate B, and they can prevent the user
from knowing that's happened.)

And given that (a) we're now about a decade into the zombie problem
(b) no significant effort against them has ever been attempted,
let alone completed [1] and (c) the problem is already epidemic and
continues to get worse [2] [3], there is no reason whatsoever to think
it will be mitigated, let alone solved, in the forseeable future.

This doesn't just apply to your proposal: it applies to *all* of
them.  Unless you can propose and execute a viable plan for solving
the zombie problem, then whatever you design/build can be undercut
whenever someone chooses to make the effort.  (And provided they're
not foolishly heavy-handed about it, it's unlikely you would be able
to detect this. [4])

---rsk

[1] Botnet "takedowns" are unimportant and irrelevant; their only
purpose is to provide a forum for the spokesliars at Microsoft et.al.
to trumpet their prowess while a gullible press and public overlook
that they *created* this problem.  Merely removing C&C networks does
nothing to remediate the individual members of the botnets, which are
still compromised, still vulnerable, and likely to be conscripted into
other botnets before the day is out.

[2] We're now seeing portable devices zombie'd: phones, tablets, etc.

[3] Estimates of zombie population vary, of course, but clearly, any
estimate under 100M should be laughed out of the room.  Vint Cerf gave
an estimate of 150M just about six years ago, and based on my own work
as well as that of others in the anti-spam/abuse area, I thought that
was on the high side at the time...but it's most certainly not now.
I think the number's probably in the 200-300M range at this point.
See: http://arstechnica.com/news.ars/post/20070125-8707.html for
Cerf's comments.

[4] See Schneier's insightful and chilling piece on this here:

	https://www.schneier.com/crypto-gram-0404.html#4

That piece should be absolutely mandatory reading for anyone even
considering voting systems.  It not only provides a method for
estimating attacker budgets, but it correctly points out that attackers
quite often could tip the balance of an election by manipulating a
rather small number of votes -- with a corresponding reduction in the
probability that the manipulation will be detected.

Note that Schneier wrote that in 2004.  If you repeat his analysis
with numbers from the 2012 election cycle you'll end up with *much*
large attacker budgets.  For example, Schneier says that in 2002,
Congressional candidates raised over 500M.  But

	https://www.opensecrets.org/news/2012/10/2012-election-spending-will-reach-6.html

says that in 2012, they spent about $1.82B.

--
Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

-- 
-- 
Zero State mailing list:
http://groups.google.com/group/DoctrineZero

--- 
You received this message because you are subscribed to the Google Groups "Doctrine Zero" group.
To unsubscribe from this group and stop receiving emails from it, send an email to DoctrineZero+unsubscribe at googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE





More information about the cypherpunks-legacy mailing list