How do you protect against a user loading a malicious app (call it "Official MAGA Voter Guide") that on election day behaves convincingly like the official voting app but doesn't actually cast a ballot? That's not a sci-fi exploit. Security of user devices is hard.
-
-
Replying to @mattblaze @jeffmcjunkin and
As I said above, the potential scale of disruption is no worse than with mail-in ballots. How do you protect against a robocall that convincingly spreads misinformation about voting? The scale of disruption would be similar, so that's not a good argument to dismiss it.
3 replies 0 retweets 4 likes -
Replying to @taviso @jeffmcjunkin and
Except that you still have that problem, but also now this new one. Plus all the other new ones you and I haven't considered (I just made this attack up on the spot). You're strictly increasing the amount of vulnerability, as well as the avenues for casting doubt on the outcome.
3 replies 1 retweet 31 likes -
Replying to @mattblaze @jeffmcjunkin and
Not so, there are attacks against mail-in ballots and the postal service that would no longer work. Even so a modest increase in attack surface to make voting more accessible and reduce disenfranchisement would be a good trade... (Yes, evidence suggests it doesn't).
2 replies 0 retweets 2 likes -
Replying to @taviso @jeffmcjunkin and
You want only people who own smartphones to be able to cast absentee ballots by eliminating mail-in voting? Let me refer you to election law.
3 replies 0 retweets 25 likes -
Replying to @mattblaze @jeffmcjunkin and
That doesn't really sound like a good faith argument. I think you're saying "unless we turn of mail-in ballots, then we have more vulnerabilities", but that's not true - malicious disruptions to the postal service would still allow other forms of voting.
3 replies 0 retweets 0 likes -
Replying to @taviso @mattblaze and
Lot of "consider a spherical voter of radius R" energy here
1 reply 0 retweets 30 likes -
Replying to @Pinboard @mattblaze and
I don't know, Matt said "You're strictly increasing the amount of vulnerability", that seems worth addressing. There are attacks that are no longer possible, so it's not true... right?
2 replies 0 retweets 0 likes -
Replying to @taviso @mattblaze and
Vulnerability here extends out into non-technical domains like people's general confidence in elections being fair. Elections are not a technical problem but a general social consensus, and adding apps to the mix adds layers of serious risk even if they were provably error-free.
3 replies 2 retweets 27 likes -
Replying to @Pinboard @mattblaze and
Naturally, but the paper - cited by Matt - says that malware is the greatest threat, not non-technical domains. I'm saying that the threat from malware is overblown. That said, there are still other good arguments against it.
2 replies 0 retweets 0 likes
My claim is that making a distinction between technical and non-technical here at all is a category error.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.