Is it time for the voting process to embrace safe and fair technology?

#61
OP,
It is all well and good what you propose, but what would be the cost of "Retina" machines, bearing in mind that at General Elections, there are as a minimum 20 to 30 nominated election stations. As a minimum you therefore need 12,000 Retina Scanners, plus another 12000 token machines. Also remember that in some rural area's, the Polling Station is set up in a "Cafe" or even a "Caravan", so how would you ensure connectivity between machines and the "data-base".
Have you read this?

https://people.csail.mit.edu/rivest/pubs/NASEM18.pdf

IMO the only place for AI would be as a 'first pass' attempt at scanning for fraudulent transactions. All hits to be passed to humans for checking.

Blockchain is susceptible to a 'majority attack' (aka 51%) and, as a 'decentralised ledger', doesn't provide any real advantage in what is still a necessarily centralised process. Is there a blockchain that can handle, say, 200 million votes in 12 hours? Bitcoin has currently max'ed at approx half a million a day and that is handled by a vast amount of compute power that has cost $billions to put in place. The 'non-repudiation' of bitcoin transactions is locked-in by the huge cost of subverting it. (Other altcoins have been attacked in just this way.)

Adding more 'technology', that fewer people understand, will not lead to increased trust in the system. There is certainly room for increasing the robustness of the present processes, but the introduction of changes needs to be managed as a cost benefit against a suitable threat analysis. The law of diminishing returns will kick in. Are people happy with a voting system that is 99% accurate for £x million spent per election? Is it worth spending a huge amount more to get to 99.99%? An otherwise totally trustworthy design can be attacked simply by rumour to spread doubt and dis-trust.
I foresee retina/iris technology becoming mainstream as people begin to have less trust in the current methods of personal authentication like chip & pin, knowing if an ID is valid...or not even signing on the line.

An interesting piece comparing Iris and Retina tech:

Iris Recognition vs. Retina Scanning - What are the Differences? - M2SYS Blog On Biometric Technology

Unlike retina scanning, iris recognition uses camera technology with subtle infrared illumination to acquire images of the detail-rich, intricate structures of the iris. Digital templates encoded from these patterns by mathematical and statistical algorithms allow unambiguous positive identification of an individual. Databases of enrolled templates are searched by matcher engines at speeds measured in the millions of templates per second per (single-core) CPU, and with infinitesimally small False Match rates. Hundreds of millions of persons in countries around the world have been enrolled in iris recognition systems, for convenience purposes such as passport-free automated border-crossings, and some national ID systems based on this technology are being deployed. A key advantage of iris recognition, besides its speed of matching and its extreme resistance to False Matches, is the stability of the iris as an internal, protected, yet externally visible organ of the eye.
If a single CPU core can deal with millions of IRIS templates per second, I don't think speed and capacity is an issue.
eg, A cheap old Intel Atom Quad-core (single chip) CPU is capable of 3800 MIPS / 2.4 Giga-FLOPS in calculations, Even cheaper options are available for clients, The hardware to serve one station today could be packed into a small flight case the size of one ballot box and my guestimate would be under 10k for a well-made client.
Server side the sky is the limit, 3 secure sites in hot-spots (guaranteed leccy no matter what) with a stack of Oracle T7 blades in each, replication across all three sites for failover and away you go. The government already runs the sites so popping in a new rack full of would be a doddle.
In the big picture that would not be expensive, at least not in the way the government (lucratively) procures hardware these days and days gone, I say that because £700+ for an Intel Core 2 Duo E6700 in 2008, get to ****, They were under £300 at launch in 2006!, Brown envelopes all round eh ;)
People wonder why IT projects went over budget, It's not what you buy, It's who you get to buy it!
Lifespan, well current trends in high-performance servers and standard clients tend to run on the 3-5 year mark for complete replacement, Government is NEVER "high performance", so that answers that. Take a poke at it and add 3 years.

Anyways, people don't like the idea, I understand that.
My main concern is voter fraud, ie the person marking the box should not be. Something that is damn near bulletproof needs to be employed to identify people in the coming years, and not just for voting.
It would be nice to have a universal ID system that could fit that, eliminating the worry of fake votes would be a start.

So if (hypothetically) you had a solid method (authentication) of giving people a green light to vote ie who is legal to do so and we kept the rest of the current ballot system, who watches the counters? Who monitors the journey of the ballot boxes?
 
#62
I foresee retina/iris technology becoming mainstream as people begin to have less trust in the current methods of personal authentication like chip & pin, knowing if an ID is valid...or not even signing on the line.

An interesting piece comparing Iris and Retina tech:

Iris Recognition vs. Retina Scanning - What are the Differences? - M2SYS Blog On Biometric Technology



If a single CPU core can deal with millions of IRIS templates per second, I don't think speed and capacity is an issue.
eg, A cheap old Intel Atom Quad-core (single chip) CPU is capable of 3800 MIPS / 2.4 Giga-FLOPS in calculations, Even cheaper options are available for clients, The hardware to serve one station today could be packed into a small flight case the size of one ballot box and my guestimate would be under 10k for a well-made client.
Server side the sky is the limit, 3 secure sites in hot-spots (guaranteed leccy no matter what) with a stack of Oracle T7 blades in each, replication across all three sites for failover and away you go. The government already runs the sites so popping in a new rack full of would be a doddle.
In the big picture that would not be expensive, at least not in the way the government (lucratively) procures hardware these days and days gone, I say that because £700+ for an Intel Core 2 Duo E6700 in 2008, get to ****, They were under £300 at launch in 2006!, Brown envelopes all round eh ;)
People wonder why IT projects went over budget, It's not what you buy, It's who you get to buy it!
Lifespan, well current trends in high-performance servers and standard clients tend to run on the 3-5 year mark for complete replacement, Government is NEVER "high performance", so that answers that. Take a poke at it and add 3 years.

Anyways, people don't like the idea, I understand that.
My main concern is voter fraud, ie the person marking the box should not be. Something that is damn near bulletproof needs to be employed to identify people in the coming years, and not just for voting.
It would be nice to have a universal ID system that could fit that, eliminating the worry of fake votes would be a start.

So if (hypothetically) you had a solid method (authentication) of giving people a green light to vote ie who is legal to do so and we kept the rest of the current ballot system, who watches the counters? Who monitors the journey of the ballot boxes?
The machines will cost about 5-10x what you think they will. Well-built, reliable IT equipment is not the same as the HP desktop you bought from PC World.

You will have to roll out tens of thousands of these machines, possibly hundreds of thousands.

They all need to be kept up to date, maintained and secure. This costs. BIG costs.

You will have to deal with communications faults and over the wire/air security.

Centralising the digital data makes it a huge attack target, with major pay offs for anyone who can just flip a small percentage of the right ballots.

You cannot check the data once it's in the system.
 
#63
The machines will cost about 5-10x what you think they will. Well-built, reliable IT equipment is not the same as the HP desktop you bought from PC World.

You will have to roll out tens of thousands of these machines, possibly hundreds of thousands.

They all need to be kept up to date, maintained and secure. This costs. BIG costs.

You will have to deal with communications faults and over the wire/air security.

Centralising the digital data makes it a huge attack target, with major pay offs for anyone who can just flip a small percentage of the right ballots.

You cannot check the data once it's in the system.
You might be correct on the price if the government take care of procurement unchecked.
Who mentioned PC world and an HP desktop? WTF?

Of course they need to be maintained, How much do you think a 24/7 system like the benefits system costs to maintain? They get to use technology to make the job easy at the minimized expense of the voter/taxpayer.

Communications faults...oh dear, you do realize that almost all of our lives are running on 24/7 systems and voting only occurs once every 4 years, The databases that holds our information already exists So knowing that, tell me then, when was the last data breach where the details of every citizen were compromised.

Once again, everything is centralized today, or do you think these systems don't talk to each other?


"You cannot check the data once it's in the system"
Ok, WTFF?
The whole point is to check the data, where do you think you bloody tax bill comes from, any bill for that matter.
Have you ever worked on a database or administered a domain, ever sent an email....or was that a typo?
 
#66
Who mentioned PC world and an HP desktop? WTF?
I did, you seem to think that decent servers cost the same as PC prices.

"You cannot check the data once it's in the system"
Ok, WTFF?
The whole point is to check the data, where do you think you bloody tax bill comes from, any bill for that matter.
Have you ever worked on a database or administered a domain, ever sent an email....or was that a typo?
I run a datacentre and host some major public facing sites for household names. I sit on the change board (as the SME) for some corporate clients. I have over 30 years commercial experience in IT. When I am at work, I would be described as an IT professional.

Part of that job is explaining to people what is and is not possible, what is and is not sensible, and when "moar computahs" is not the solution.
 
#67
I did, you seem to think that decent servers cost the same as PC prices.



I run a datacentre and host some major public facing sites for household names. I sit on the change board (as the SME) for some corporate clients. I have over 30 years commercial experience in IT. When I am at work, I would be described as an IT professional.

Part of that job is explaining to people what is and is not possible, what is and is not sensible, and when "moar computahs" is not the solution.

15 years server and domain admin and 5 ICT infrastructure here.

Can you please highlight how you came to that conclusion? After all, you never asked how I came to mine, I feel you may have missed my point.

So, 30 years datacentre experience and "You cannot check the data once it's in the system"

Can you please explain that, for the less experienced?
 
#68
15 years server and domain admin and 5 ICT infrastructure here.

Can you please highlight how you came to that conclusion? After all, you never asked how I came to mine, I feel you may have missed my point.

So, 30 years datacentre experience and "You cannot check the data once it's in the system"

Can you please explain that, for the less experienced?
How do you intend to verify that the vote that is registered in the centralised system is the vote that was entered in the first place? You have confirmed the identity of the voter. You have accepted their vote. You have stored it in a central, replicated database. Everything is secure.

Now I access the system and change the vote. Maybe I hacked in, maybe there is a back door. Maybe I am the DBA for the system.

There is no record of what I've done, because you have already assumed the system is secure. The only change is to the backend data.
 
#69

TL;DW: No.
Slightly longer answer: Electronic voting isn't the best idea

(apologies if that video has been posted here before; I admit I've skipped a page or two)
 
#70
How do you intend to verify that the vote that is registered in the centralised system is the vote that was entered in the first place? You have confirmed the identity of the voter. You have accepted their vote. You have stored it in a central, replicated database. Everything is secure.

Now I access the system and change the vote. Maybe I hacked in, maybe there is a back door. Maybe I am the DBA for the system.

There is no record of what I've done, because you have already assumed the system is secure. The only change is to the backend data.

I am definitely going to answer this, good stuff. I have got some domestic shite to sort out for work first.

Sorry I am not a db techy, But I am interested.

Wait out.
 
#71
I am definitely going to answer this, good stuff. I have got some domestic shite to sort out for work first.

Sorry I am not a db techy, But I am interested.

Wait out.
No problem. All I would say is look at the debate, questions, requirement and expense to try and provide a system that *might* be better than the one we already have.
 

Similar threads

Latest Threads

Top