Ex-MI6 Boss: When It Comes To Voting, Pencil And Paper Are 'Much More Secure' Than Electronic Systems
from the and-he-should-know dept
Techdirt has been worried by problems of e-voting systems for a long time now. Before, that was just one of our quaint interests, but over the last few months, the issue of e-voting, and how secure it is from hacking, specifically hacking by foreign powers, has become a rather hot topic. It's great that the world has finally caught up with Techdirt, and realized that e-voting is not just some neat technology, and now sees that democracy itself is at play. The downside is that because the stakes are so high, the level of noise is too, and it's really hard to work out how worried we should be about recent allegations, and what's the best thing to do on the e-voting front.
What we really need is someone distant from the current US debate, and yet with a great deal of knowledge of how foreign intelligence services hack into computer systems. Maybe someone like Sir John Sawers, former head of MI6, the UK's CIA. Here's what he said recently to the BBC on the subject of e-voting:
"Bizarrely the stubby pencil and piece of paper that you put your cross on in the ballot box is actually much more secure than anything which is electronic."
And added:
"The more things that go online, the more susceptible you are to cyber attacks."
Since MI6 has probably been involved in quite a few of those attacks, Sir John speaks with a certain authority. He also has a good analysis of why there is this constant push for e-voting, even though security experts are pretty unanimous in their warnings of the dangers:
"The only trouble is, the younger generation of people expect to be able to do things remotely and through electronic devices."
That also goes some way to explaining the naivety of most people when it comes to the Internet of Things. Many people just "expect" everything to be digital and online and linked to its own app, even when it's just a hair brush.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cybersecurity, e-voting, evoting, john sawers, mi6, security, uk
Reader Comments
Subscribe: RSS
View by: Time | Thread
surveillance
[ link to this | view in thread ]
But then we only vote on a single issue; a choice of candidates for one (1) position. From what I've heard from election officials in the US, - where citizens are often voting on multiple issues at once - counting pen and paper ballots can become a nightmare.
[ link to this | view in thread ]
been bitching about voting systems...
paper ballots
hand counted
locally reported
also, ranked choice voting will eventually -if not immediately- overturn the rethug/dem'rat duopoly of the one Korporate Money Party...
it is not that open source s/w and h/w could not be used to design a secure, AUDITABLE, and transparent computer-based voting system, it is just that under the current incarnation of Empire, that will NOT HAPPEN...
of course, there are a ton of ancillary issues to address beyond the actual vote mechanism, but unless that is secured, all the rest is meaningless...
[ link to this | view in thread ]
Electronic Voting is okay
Having the artifacts of the pencil and paper ballots mean that recounts can be done, either electronically or manually.
One could even do manual random statistical recount sampling to see if anything smells funny.
The electronics are there to assist, not to make it possible to subvert the entire process.
[ link to this | view in thread ]
Re: been bitching about voting systems...
~Government(s)
[ link to this | view in thread ]
Of course!
The biggest reason why is simple. In a federal election, like Britain, we only have one vote- "Who do you want for Member of Parliament of your riding?"
None of this American stupidity of so many votes, you even elect judges, sheriffs and dog catchers; ballots so big you need a butterfly ballot and a serious concern is that people can't follow a line across a page because the print is so small.
My ideal electronic system would be simple too - you select your votes on a computer, the computer then spits out paper ballots marked accordingly with both machine readable and bar-code values. You can count the votes using sheet feeder and barcode reader, but can validate any results by comparing bar-codes and text. (Or use a sorter - if you suspect hacking, sort all the ballots for A by bar code into one bin, then flip through them to look for incorrect text). Paper is solid and indelible. Unregistered people who sign in could have their ballot coded to allow for retroactive (in)validation of their vote, while registered voters retain anonymous ballots. Time-stamp ballots to a 5-minute range or 20-voter range to allow tracking of ballots watching for box stuffing.
However, the biggest problem with US elections? NOT ENOUGH POLLING STATIONS. In Canada, typically every neighbourhood school is a polling place. American polling stations seem to have several times more people in line at any one time than my whole polling station is set for.
[ link to this | view in thread ]
Seems like pen and paper would be better.
[ link to this | view in thread ]
Freedom to Choose is important
Do you want a liar or a clown?
Do you want someone who will ruin the country for their own personal agenda, or who will sell out the country for their own personal profit?
Your vote should count!
[ link to this | view in thread ]
Re: Seems like pen and paper would be better.
Like with nukes, no lone person alone with the nuke, er . . . ballot box. Maybe it should take multiple local officials to unlock the ballot box, etc.
I trust these kinds of measures more than pure electronic voting. The electronics can assist with real time counting as you pass your ballot through a counter as it drops into the sealed ballot collection box.
The more transparent, the better.
[ link to this | view in thread ]
Re: Seems like pen and paper would be better.
[ link to this | view in thread ]
Re: Seems like pen and paper would be better.
[ link to this | view in thread ]
Pen and paper are by no means more secure.
A successful attack on an electronic voting system is quite harder. But if you succeed, the payoff is ludicrous. We are not talking about tampering with a single ballot or a single ballot box or a single court house here.
[ link to this | view in thread ]
Re: Re: Seems like pen and paper would be better.
[ link to this | view in thread ]
"The only trouble is, the younger generation of people expect to be able to do things remotely and through electronic devices."
Mail in ballots, a week or more to decide and pencil in your vote. When done, drop it in the mail or an official dropbox.
That is convenience, secure and gives voters a a week or more to cast their vote with no time off from important appointments or work or school.
[ link to this | view in thread ]
Re: Electronic pre-COUNTING is okay
Electronic voting provides a QUICK pre-count for the news.
MANDATORY human re-counting provides the official tally.
That is how you have a secure election that also had fast (pre) results.
[ link to this | view in thread ]
Re: Re: Re: Seems like pen and paper would be better.
2. Scrutineer ! ! ! is that for real ? do you get a badge ? *i* want to be a Scrutineer ! ! !
(still get bonus points if it is a neologism, good one...)
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
pencil and paper
[ link to this | view in thread ]
Re: Re: Re: Re: Seems like pen and paper would be better.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Seems like pen and paper would be better.
[ link to this | view in thread ]
Re: surveillance
Now, if we were a country with a history of electoral fraud, or maybe we used voting machines with questionable security...
[ link to this | view in thread ]
Two words: smart vibrator.
Don't underestimate the bs.
[ link to this | view in thread ]
Re: pencil and paper
[ link to this | view in thread ]
"Bizarrely the stubby pencil and piece of paper that you put your cross on in the ballot box is actually much more secure than anything which is electronic."
I wonder if he's aware of something called an eraser...
[ link to this | view in thread ]
IMHO The trouble has everything to do with the cost of scaling pencil and paper compared to scaling a web site and nothing to do with what young people expect. Since when does anyone care what the vastly outnumbered young people think anyway :)
[ link to this | view in thread ]
In the Netherlands we still vote with with pencil and paper, as a result of protests. "We don't trust voting machines".
[ link to this | view in thread ]
[ link to this | view in thread ]
So.
Does not have a verification system?
And all the Cheap tech they can PUT in a box?
ISNT secure?
And a BOX full of paper ballots? could be safer? As it has to be taken and traveled to a location to be counted?
[ link to this | view in thread ]
Some of us don'tunderstand this new fangled technology
Bring back chisels and stone tablets.
[ link to this | view in thread ]
Re: been bitching about voting systems...
paper ballots
hand counted
locally reported"
Also, arguably the most crucial: shuffled. So that voter anonymity is protected.
When the votes are in that box, nobody knows who voted for who as they are all mixed up, not even the "shuffler". Not even a good magician can pull off any sneaky zarrow techniques in these circumstances. This way you can't tell who voted what by taking a note of the order voters walked into the booths.
Try making computers scramble the votes in the same way and you can't do it. Because since the votes have to be stored in memory at some point, it is possible to record the order in which they were stored. Doesn't matter if you entropy-shuffle it after: the damage of storing the order in the first place had already been done.
Digital voting is a utopia, even from a blockchain perspective. It doesn't work, and the paper ballot is superior for this reason of shuffling alone.
[ link to this | view in thread ]
Re: Re: been bitching about voting systems...
What are you talking about? Of course it's possible. It's probably possible to design systems which _don't_ do it, but even assuming that the votes were cast on a system which doesn't, it's always possible to transfer the votes into a different system and then scramble them around there.
I've already thought of at least three ways to approach this just off the top of my head - one of which I could implement easily if you gave me access to a system that includes functions to load a data file containing already-cast ballots with unique sequential IDs, and functions to write out such a file, and a definition of the format of the data structure which contains the ballots. Copying the ballots across in random order into a new copy of the same data structure, leaving the original unique IDs behind and generating new ones at copy time, would be trivial; delete the original data file and just use the new one, and hey presto, your ballots are shuffled and there's no way to reconstruct the original order.
I really don't know where you're coming from on this.
[ link to this | view in thread ]
Re:
So there's no computer cheating possible. There's no dumb hanging chad. Once you fill out the paper(s) you slip it right into the single machine where it add's up the votes. So it's simple. best of all, there's a paper record right there for all those forms with filled in bubbles.
It's been working great for schools in test taking and it works great in voting. You setup a bunch of stations for people to stand or sit that cost very little money. A screen to kind of block others from viewing what you're doing and some pens. There's just the single scanning machine so costs are much lower.
I just don't see voting computers are a smart investment. They are used very little and get outdated fast where after so many years you can't get parts at all to fix them. I know this in the food Industry I work in and the touch screen computers the machines use. They get outdated and you can't fix them, you have to replace them at great cost. Replacing hundreds or thousands of voting machines maybe every 8-10 years seems costly!!! Why have a bunch of costly computer voting machines at one voting place when you can just have a single scanner and a real paper trail?
[ link to this | view in thread ]
Re: Re: Re: been bitching about voting systems...
Except the hidden script that would record the order in memory. If this were an attempted magic trick shuffling cards, an audience would be quite right to assume something else is going on inside that CPU and it would be a lousy trick, because computers can't be trusted to really shuffle the cards.
With an empty tangible box that can be witnessed to be locked in that empty state beforehand, not even the most sophisticated trick-boxes in the world would be able to tell from hundreds of folded, concealed papers which order they went in.
People can see empty boxes, they can't see empty bits.
[ link to this | view in thread ]
Re: Re: Re: Re: been bitching about voting systems...
I'm working from the assumption that the ballots have been recorded in a data file, and I'm writing a program which will read in the contents of that data file. Nothing other than what is in the data file is available.
That seems like a valid assumption, because if the data isn't recorded into a file rather than being stored in memory, there's no way to get it off the voting machine where the vote was tabulated to begin with.
Once the ballots are in the data file, if the hidden record of their original order isn't stored there, it's lost - and if it _is_ stored there, it's visible to whatever program I'm writing, and my program is capable of storing whatever values it wants in that field when it writes out a shuffled version of the file.
(Yes, the original file still exists, but it can be deleted.)
If you're arguing "we can't trust that what the computer says it's doing / recording is what it's really doing/recording", that's an argument for open-source, community- and professionally-audited voting-system software - but it doesn't support the idea that it's impossible to make a computer shuffle votes into a storage order that has nothing to do with the order in which they came in. (It's even trivially possible to design a program which would store them in random order in the first place.)
[ link to this | view in thread ]