cypherpunks Digest, Vol 120, Issue 160

Undescribed Horrific Abuse, One Victim & Survivor of Many gmkarl at gmail.com
Thu Jun 22 14:38:35 PDT 2023 

On 6/22/23, Douglas Lucas <dal at riseup.net> wrote:
> Replying to two points form Karl.
>
> First, Karl writes: "Given we have seen chip manufacturers placing
> hidden hardware backdoors in common microcontrollers, it seems like the
> use of almost any voting machine would severely undermine the intent of
> democracy, unless the contents are presented for full public review."
>
> Just to clarify a factual matter. The breach of the Coffee County
> elections building consisted of multiple intrusions in Jan 2021, each
> performed by a different operative or operatives. The very first
> intrusion, on January 7, 2021, involved (among others) four employees of
> Atlanta-based cyber forensics firm Sullivan Strickler. I confirmed with
> computer security expert for the plaintiffs Kevin Skoglund that THAT
> team -- I'm unsure about the later operatives -- did NOT copy any
> firmware from the voting computers. Seems to me ALL the operatives were

I infer this seems pretty likely to be the case. Of course it is very
very hard for anybody to know for certain, but much easier if they
were physically present.

> moreso after operating systems, software, higher-level code, but I've
> only confirmed that for SullivanStrickler and their Jan 7 2021
> intrusion.
>
> Second, Karl writes: "The cryptographic software communities have
> developed working examples of transparent voting protocols for decades
> now, in the hopes of these things being adopted by governments."
>
> I would appreciate any hyperlinks to these communities. I think the
> source code for any voting computers -- say, robustly audited optical
> scanners processing handmarked paper ballots -- needs to be free/open
> software, fully available to public inspection, always. How to get from
> where we are now, to there, is a difficult question.

Yes. A reference that often comes up for me is how an emissions
security researcher was able to delay the use of voting machines by
demonstrating a van eck phreaking attack (which still usually work) to
a decision-maker (maybe a mayor?). This was roughly the primary
information on van eck phreaking attacks after the fact. Citations at
https://en.wikipedia.org/wiki/Van_Eck_phreaking#Potential_risks .

I'm sorry that after all these years it's no longer easy for me to
recall who the worldwide cypherpunk communities were that stlil today
make all these cryptographic voting systems, but here are some links
I'll try to find. If you can reach other people they will know much
more than me and much more accurately, my mind is jello nowadays.

After writing the few links below I might guess you might get the
clearest and most direct return if you asked people from gnunet about
this.

- https://en.wikipedia.org/wiki/End-to-end_auditable_voting_systems
- https://www.metzdowd.com/mailman/listinfo/cryptography (but the
p2p,decentralization,anonymity people, not the pro-centralization
voices that chime in quickly)
- here's a publication from https://gnunet.org/ on cryptographic
voting: https://git.gnunet.org/bibliography.git/plain/docs/ba_dold_voting_24aug2014.pdf
. gnunet is kind of the main center arm of free community peer-to-peer
software after napster, and has a small community of academics and
free software hackers.
- google tells me it estimates there are 142,000 papers on
"decentralized electronic voting"
https://scholar.google.com/scholar?q=decentralized+electronic+voting .
that's the kind that's community-controlled rather than
government-controlled. it looks like most of the recent ones might be
blockchain clutter where often more dollars equals more votes, but not
always.
- you can often find things like this in
publicly-viewable-gated-communities on secure scuttlebutt if you walk
the social graph enough, sometimes need to configure your client to
download very old messages. nowadays it takes some learning about the
different scuttlebutt protocols to get connected depending on what
client you have.
- people also hang out on librechat , i suspect there are dedicated
matrix spaces for some of this stuff, but also on secure p2p
communication channels that I'm afraid i haven't frequented for so
many years that different ones are popular nowadays.

[I am not a cryptographer, but to me it seems the biggest issue is
cryptographic proof of being an individual citizen, which to me seems
most easily solved with something akin to an rsa card, since so many
people have chip cards now anyway, but can be done in any way people
are comfortable with, and likely has modern solutions developable that
meet any given combination of concerns. controversy around this issue
may be why digital activists did not make more progress on provable
digital voting.]

>
> Doug

More information about the cypherpunks mailing list