From nobody Sat Feb 12 17:56:40 2022 X-Original-To: freebsd-chat@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 59E5D19555F0 for ; Sat, 12 Feb 2022 17:56:52 +0000 (UTC) (envelope-from doariekna@yandex.com) Received: from forward101p.mail.yandex.net (forward101p.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Jwyq72mv0z4tcY for ; Sat, 12 Feb 2022 17:56:51 +0000 (UTC) (envelope-from doariekna@yandex.com) Received: from sas1-3ec2fff6de95.qloud-c.yandex.net (sas1-3ec2fff6de95.qloud-c.yandex.net [IPv6:2a02:6b8:c08:bf81:0:640:3ec2:fff6]) by forward101p.mail.yandex.net (Yandex) with ESMTP id 6BE0959CE99C for ; Sat, 12 Feb 2022 20:56:41 +0300 (MSK) Received: from 2a02:6b8:c1b:2988:0:640:94b1:a863 (2a02:6b8:c1b:2988:0:640:94b1:a863 [2a02:6b8:c1b:2988:0:640:94b1:a863]) by sas1-3ec2fff6de95.qloud-c.yandex.net (mxback/Yandex) with HTTP id cugVlo1efeA1-ueeqJmgt; Sat, 12 Feb 2022 20:56:41 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1644688601; bh=cUAmae9kEDxELPLdjK56Y5UQ9DVSPjhKAoOvtxy1GiQ=; h=Message-Id:Date:Subject:To:From; b=v+cdid/NnGe/gzhjVwlpIwaX/Xu8wlT2Q/PCHt1ywN9N5/RffGqQMYc4RLSGFaWnB 0cxGUfZW8LeB3+Q/35mHPxWXlXb8lOfWDyrj3rATvsyOsM46UPSLNjj91VYAgwdWGe eisvT9kuWa2cSMvXxrMJDS65TwE4y9RBbOADJjLs= Received: by sas8-94b1a863fa47.qloud-c.yandex.net with HTTP; Sat, 12 Feb 2022 20:56:40 +0300 From: doari ekna To: freebsd-chat@freebsd.org Subject: Voting: where are the open standards, open source elections systems? List-Id: Non technical items related to the community List-Archive: https://lists.freebsd.org/archives/freebsd-chat List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-chat@freebsd.org MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] 5.0 Date: Sat, 12 Feb 2022 20:56:40 +0300 Message-Id: <1056311644688600@sas8-94b1a863fa47.qloud-c.yandex.net> Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Rspamd-Queue-Id: 4Jwyq72mv0z4tcY X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.com header.s=mail header.b="v+cdid/N"; dmarc=pass (policy=none) header.from=yandex.com; spf=pass (mx1.freebsd.org: domain of doariekna@yandex.com designates 2a02:6b8:0:1472:2741:0:8b7:101 as permitted sender) smtp.mailfrom=doariekna@yandex.com X-Spamd-Result: default: False [-3.10 / 15.00]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[yandex.com:s=mail]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; FREEMAIL_FROM(0.00)[yandex.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-chat@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCVD_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0:1000::/52]; DKIM_TRACE(0.00)[yandex.com:+]; DMARC_POLICY_ALLOW(-0.50)[yandex.com,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MLMMJ_DEST(0.00)[freebsd-chat]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[yandex.com]; ASN(0.00)[asn:208722, ipnet:2a02:6b8::/32, country:FI]; SUBJECT_ENDS_QUESTION(1.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[2a02:6b8:0:1472:2741:0:8b7:101:from] X-ThisMailContainsUnwantedMimeParts: N Your vote is not like paying your money into a proprietary-algorithm investing robo-advisor, an arbitrarily-managed mutual fund, a clothing subscription service, jelly of the month club, assorted farm produce delivery, or randomized donation giving fund. Even worse, imagine a purchase where your money cannot be tracked, because there is no log of the specific transactions, no delivery of the exact specified purchase, and no accountability. For decades, flaws in voting systems have been widely documented and frequently identified and exploited. Many countries have had widely reported fraud examples, court cases, and disputes. This past six years, the United States has had continuous discussion and news. United States Representative Mark Pocan, Senator Ron Wyden, Senator Amy Klobuchar, Senator Elizabeth Warren, and many others shared their concerns about vulnerabilities and a lack of transparency in the election technology industry. In particular, there were concerns with the few voting machine and software vendors used for 90% of all eligible voters. Many examples of fraud over many years had been highlighted. The book, "Securing the Vote: Protecting American Democracy" (2018), was a committee-driven analysis of election system problems, then-current technologies, and recommendations. This set of election researchers and famed computer scientists concluded "There is no realistic mechanism to fully secure vote casting and tabulation computer systems from cyber threats." Fifteen months ago, 59 computer scientists and specialists in election security (including consultants for the above book and many of which are your peers) were signatories for a statement again warning about security weaknesses in voting systems, advocating for better security for election systems, and recommending post-election risk-limiting audits. While the 2020 general election was still being counted in multiple states, they also collectively stated that no technical vulnerability had altered the outcome of any US election and that "no credible evidence has been put forth that supports a conclusion that the 2020 election outcome in any state has been altered through technical compromise." This could be considered disingenuous as many of their personal and professional writings were biased to one election outcome and they never shared any of their own research about how their previous elections issues or other fraud findings no longer applied. Since at least one of the signatories is someone I respect and have participated in projects with and had specifically and personally contributed to my own work, I was interested and more curious about this. I soon found a plethora of issues widely and extensively documented. I am your peer, your co-developer. I am honored to use your open source contributions and the entire Internet world uses software that I personally committed and contributed to. I spent time doing my own research, I collected data, I wrote simple analysis tools, and I found thousands and thousands of anomalies. For example, for one state: applications dated before possible, applications applied for after ballot was received, applications after deadlines, applications dated after ballots mailed out, applications dated after already processed, ballots dated before applications were submitted, ballots dated after original and extended deadlines, missing application dates, missing voter birthdates, missing voting district details, huge county or district variations in percentage of voters doing mail-in ballots, high percentage of unique surnames beyond normal citizen rates, many birth months and days matching application month and days, unknown or inconsistent party affiliations or application types, impossibly too old ages (such as 35 voters over 110 years old), voters born in 1800s (and not using default 1/1 type dates), over 3000 voters over 90 years old voted in primary election but not popular general election (even if all died, another 3000 voters would have aged up), and even an infant and young teenager voted. In one state, there appeared to be over 322 thousand unique voter identifiers for mail-in ballots in a primary election that did not exist in the general election a few months later. 22% of primary mail-in voters decided to vote in person (during pandemic), or died, or moved, or decided not to vote, or data was lost. Some counties had no or very few anomalies, while others had tens of thousands. The total number of voters should not effect whether one county has different quality assurance processes. Subsequent voter databases fixed typos or changed problem dates, but continued to introduce many more mistakes. Also anomalies were seen from 57 counties with 1.4 times one applicant party designation over the rest combined. Voter registration databases over several time periods with full identification details and dates for elections voted in had counties that weren't updated even for months after the specific general election. (So counties had many anomalies, many mistakes recorded in some records, while other databases chose not to record the same significant counties at all.) The documentation for the databases didn't cover the amount of provided details nor explain how anomalies were allowed or why there was significant missing data. Many attempted communications with county elections management staffs to gain clarifications and even FOIA documentation requests went unanswered. At least one state FOIA was responded to which provided several documents and elections email communications but specifically stated that the documentation for management to my specific areas were proprietary and could not be disclosed. This is just a small vague summary of my own research. I also reviewed many others' research. For example, one state's own contracted audit report appeared to be written and published many months after the state reported its results which was only a validation that software wasn't modified because their undisclosed SHA-256 values has not changed (and it didn't include the system kernel, other shared libraries, plugins, nor configuration files). This state provided no other public audit results other than this hash match. If quality and correctness is not a focus, if transparency is not a focus, then fraud is certainly easier. I want a standards setting process that is open to any technical contributor with the goal to provide debated, high quality, open documents on managing, implementing, and proving elections. I want competing open source softwares that are peer-reviewed, continually tested, and always audited for managing, implementing, and proving elections, Imagine the IETF and FreeBSD. The most significant problem in common elections is no identified individual tracking of voted selections within context of entire identified population's individual voted selections. If a single person's results can be shown by itself without all the others, you have no way to know if that vote is presented individually the real way, while counted a different way within the group. And if the entire target population of voters' individual identities and votes are not available, you have no idea if voters are excluded and phantom voters are inserted. The main arguments against disclosing identity with corresponding vote selections are coercion, harassment, and payoff for proving they voted the way another desired. Those are risks. What else can be done? I had defined a detailed proposal which includes public logging of every vote and merged votes and every decision with checksums and crypto-signatures at every step fully output for all to read or collect in near real-time. One uses non-easily-identifiable tokens provided both by the system and by the voter, where voters can track their own votes in the final results and intermediate stages. But this does not answer for the (many) others' tokens if they are real voters. Closed black-box elections can easily see that some percentage of a possible registered pool did not vote and can insert additional "tokens" with votes. (And using tokens can still be abused for proof for payments or coercion.) The original Internet was developed with the assumptions of trust and honor. It was soon seen there was no honor system and for 30 years, new -- even experimental -- Internet technologies have been overlayed over the former infrastructures to help prove identities of senders and recipients while also anonymizing and de-identifying communications, to encrypt communications, and more designed to not trust everything. There is no acceptable technical way for anonymous voting to be done via any way whether it is software or hand counted. Once the ballot is separated from the voter (without any link), you have no way to prove that any vote counts accurately represent the original voters decision. Currently, the assumption of checks and balances is done by multiple human monitors or software solutions. But again, this is faulty due to relying entirely on a honor system. Is there any way to have anonymous voting? What are your solutions? Who is openly designing and developing open standards and open source software for voting systems? Does anyone care? Do you like non-standardized, proprietary, closed-box elections? Using open source software, providing thousands of documents, thousands of eyeballs, and thousands of steps for hardening elections does not make an election correct. Any time there is a software, there is a bug. Any time there is a human, there is a flaw.