[E-voting] Current state of evoting in Europe

Joseph Kiniry kiniry at gmail.com
Mon Jan 2 19:53:04 GMT 2017


Hi,

On Mon, Jan 2, 2017 at 8:41 AM, Kommer Kleijn <vooreva at kommer.be> wrote:

> Hi!,
>
> Yes I agree. Although their partial and incomplete results failed to
> provide proof of tamper, it did not exclude it at all. But they did admit
> so themselves. The report that reveals that recounts are almost impossible
> in a certain state is quite worrisome. In addition I was puzzled by their
> response to an audience question that recommended to examine DRE machines
> after the election. The presenters confirmed such audits would be useful
> without warning that well made attacks on DRE's may be conceived in a way
> to erase themselves and all traces of the manipulation from memory before
> quitting, and leave a totally 'clean' machine and memory card behind after
> the facts.


The CCC audience need not be reminded of the capabilities of self-deleting
malware.  We are well aware of the challenges of forensically auditing
compromised equipment by sophisticated (possibly state level) actors.  The
amusing and sad fact related to this matter is the testimony of PA's expert
witness, Michael Shamos, which the federal judge believed hook, line, and
sinker, over Alex's testimony.  Have a look at Shamos's court testimony on
this matter if you want to be furious.


> If you find proof of tamper then you have proven tamper, but if you do not
> find a trace then that does not actually prove that there was none!


Correct,


> Therefore I feel such audits may (again) provide false re-assurance and
> that therefore their usefulness is debatable.


Knowing that they may find nothing does not mean you shouldn't do them.


> A second reason why they are debatable is that they can not be executed by
> 'normal' (read non-IT) people, and therefore would probably be delegated to
> private companies again as soon as executed in any significant number.
>

It is true that only a small number of public employees (folks like Alex
and Dan), companies (like mine and a few others we work with), and federal
actors (some folks in the DOJ and DOD) are capable of doing this work.  I
agree that it is very difficult to do this kind of audit work in such a way
as to provide irrefutable public evidence of the investigation's veracity
and trustworthiness.


>
> Lastly the presenters put DRE+VVAT at the same level as scanned ballots
> while we know that a significant number of DRE voters do not actually read
> the printed trail before pressing the confirmation button, and that
> therefore scanned paper ballots are clearly superior to DRE+(VV)AT.
>

I agree with this assessment from the usability and voter verifiability
point of view.  Lumping those two together was mainly done, from my
understanding, only as a matter of presentation and foundation of evidence
wrt paper-based audits.

Joe


>
> Best regards,
>
> Kommer, Belgium.
>
>  On 10:44 02/01/2017, Margaret McGaley wrote:
> -
>
> I'm also fascinated that they were reassured by their failed recounts.
>> Why did they bother with Pennsylvania if it's all DRE without VVAT?
>> And their home-state? I know if I was mounting an attack I wouldn't
>> start with the state where those researchers live and work. I'd also
>> take into account the laws in my target states. States where it's hard
>> or impossible to call for a recount would be at the top of my list.
>>
>> Margaret
>>
>> On 2 January 2017 at 04:25,  <cansbro at eircom.net> wrote:
>> > Interesting link.
>> >
>> > Much that's excellent, and much that gives me serious concern.
>> Inaccuracies are repeated to the point of being disinformation. The
>> statistical audit methodology recommended is based on false assumptions.
>> >
>> > Why are these excellent researchers unaware of technical revelations
>> published prior to the election?
>> >
>> > Why do these researchers mention election management systems, but fail
>> to note the critical flaws in the central tabulators, which it is now known
>> can be used to produce specific results in multiple precincts, counties,
>> and states--with pinpoint precision (e.g. targeting only certain precincts,
>> or certain demographics in a certain address range)?  This now-proven
>> vulnerability has been used,  apparently for years. It was initially
>> applied as an unauthorized "patch" to some central tabulators starting in
>> 2001.
>> >
>> > The ability of election insiders (such as the 3rd-party contractors
>> they mentioned, who administer elections) to have complete control to rig
>> votes in ways that will not raise red flags has been proven. This method
>> means the risk-reduction approach to auditing is completely
>> ineffective--the speakers said their proposed audit approach assumes that
>> any rigging would be applied to an entire county or state, as it would be
>> too hard to rig individual machines. This assumption is wrong and the
>> proposed audit method is dangerous as it would be yet another
>> confidence=promoting gesture, encouraging us to trust results that may have
>> been rigged.
>> >
>> > See the "Fraction Magic" 6 short reports and digest the information
>> there. THEN watch the Fraction Magic video.
>> >
>> > THEN read the articles on Audits and Recounts and related matters at
>> blackboxvoting.org
>> >
>> > The situation is once again revealed to be far worse than we imagined.
>> >
>> > Catherine
>> >
>> > ----- Original Message -----))
>> >> From: "Margaret McGaley" <mmcgaley at gmail.com>
>> >> To: "Irish Citizens for Trustworthy Evoting" <
>> e-voting at lists.stdlib.net>
>> >> Sent: Sunday, 1 January, 2017 16:24:20
>> >> Subject: Re: [E-voting] Current state of evoting in Europe
>> >
>> >> Thanks so much for all the replies. I'll give you updates on the thing
>> >> I'm writing soon I hope. In the meantime you might be interested in
>> >> this talk:
>> >>
>> >> https://media.ccc.de/v/33c3-8074-recount_2016_an_uninvited_
>> security_audit_of_the_u_s_presidential_election
>> >>
>> >> On 16 December 2016 at 17:48, Margaret McGaley <mmcgaley at gmail.com>
>> wrote:
>> >>> Hi all,
>> >>>
>> >>> I'm writing a thing, and I'm finding it hard to get up-to-date
>> >>> information on e-voting in Europe. I'm particularly interested in the
>> >>> current status of:
>> >>>
>> >>> Belgium
>> >>> Germany
>> >>> The Netherlands
>> >>> Estonia
>> >>> Switzerland
>> >>>
>> >>> Does anyone still subscribe to this list? And if so, does anyone know
>> >>> the latest on these (or any other) countries?
>> >>>
>> >>> Thanks,
>> >>> Margaret
>> >>
>> >> _______________________________________________
>> >> E-voting mailing list
>> >> E-voting at lists.stdlib.net
>> >> http://lists.stdlib.net/mailman/listinfo/e-voting
>> >> http://evoting.cs.may.ie/
>>
>> _______________________________________________
>> E-voting mailing list
>> E-voting at lists.stdlib.net
>> http://lists.stdlib.net/mailman/listinfo/e-voting
>> http://evoting.cs.may.ie/
>>
> ---
>
>
> _______________________________________________
> E-voting mailing list
> E-voting at lists.stdlib.net
> http://lists.stdlib.net/mailman/listinfo/e-voting
> http://evoting.cs.may.ie/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.stdlib.net/pipermail/e-voting/attachments/20170102/dfd77044/attachment.htm 


More information about the E-voting mailing list