U tweetove putem weba ili aplikacija drugih proizvođača možete dodati podatke o lokaciji, kao što su grad ili točna lokacija. Povijest lokacija tweetova uvijek možete izbrisati. Saznajte više
Kicking off the Governing session of @enigmaconf with "Trustworthy Elections" by Joey Dodds, Galois and Free & Fair
#enigma2020
Election evidence for trust: * paper trail * quality of paper trail * audits of elections * tabulation procedures * certification of devices and processes * the outcome ... the source code isn't enough, even for a software engineer. Other people need other types of evidence.
Everyone who votes should be able to trust the outcome of an election is my goal in a perfect world [ why only the voters? that seems like an odd limitation ]
Achieving this goal is an open question, but there are lots of people who are working together to chip away at this problem.
Elections is a particularly challenging area both technically and politically (but going to set aside political part aside for this talk -- just know it's there and harder)
Challenge: ballot secrecy. Not only can no one else know how you voted, you can't prove how you voted [ this is for anti-bribery and intimidation ] This is an easy problem without that constraint: you could just post the votes and let people check them
We separate records from votes at polling stations: separate signature page (who's allowed to vote) from the ballots (what people voted) We don't know how to do this electronically -- they can't provide evidence that they did this. So *must* have paper verifiable record.
Risk limiting audits: play the game. Audience is election official, speaker is Bad Guy. [ claims he is not in real life. judge for yourself. muhahaha. ]
The Bad Guy reports who won and by how much. Election official wants to catch it if the Bad Guy cheated. [ there's a game here where we randomly open up boxes and check what's inside and can make statistical bounds on the level of confidence that the election was run correctly ]
If don't have confidence in the election from statistical sample, do a full recount using that paper backup trail. Most of the time we don't think that's going to happen. [ ... so we don't need to run all the recounts all the time ]
Because the calculated level of confidence goes up/down according to margin of victory and number of samples, not number of votes, so need a limited number of samples to get assurance.
Critical part of an audit is to make it transparent how you selected the ballots. Common way to do this: throw dice, feed output into PRNG, can reproduce the list.
We can't let people prove who they voted for, even if we open their ballot for the audit. So we use crypto! So we use homomorphic encryption to blind stuff and hide it [ this looks like partially homomorphic encryption is all that's required also I am totally not typing math ]
So everyone can reproduce the results [ there's math and zero-knowledge proofs and the speaker is not going to go there in this talk ] ... ok, so now how the heck do people who aren't cryptographers trust this result???
Get people to vouch for the math? Would this work? Send opinions to the speaker. Why don't we have these technologies today? Risk limiting audits are going well -- pilots are close to happening and you can tack them on to the end of an election so it's easier to deploy
But we're not seeing this development in end-to-end verifiable elections or secure voting machines? Why? Because the funding came after the 2000 election kerfuffle. And there isn't enough.
Certification: we certify elections to show trust. But it's expensive and slow to get the certification so it's making elections less secure which *erodes* trust.
What can we do? Security people doing all the security work is really important. Check out election guard -- write verifiers. Reach out if you have an idea to improve certification.
Q @flamsmark: why is the goal to convince voters in particular?
[ YES! Why only voters? ]
A: Well, I'm a voter and want to be convinced. Do you have a suggestion for a better target?
[ continued]
[ continued ] Q: People who can't vote but live in the affected area. People who live outside of the area entirely but who are very affected by an election. A: great insight.
Q: I've heard from election officials that they're worried about the level of transparency that you advocate. Have you encountered this type of resistance? A: We've all run into security through obscurity. But the best security comes through open source.
Q @n2vi : are there other aspects of the voting system where you think tech could help?
A: Voter registration databases. This is part of why doing security work in general is so important and this is stuff we know how to do.
Q nlidz: did you consider using a safer language rather than reproducing the mistakes of the past? A: I spend a lot of time ensuring that C is memory-safe. But the reality is that we need to use things that people can use, and C felt like a way to maximize that.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
