On Fri, 16 Mar 2012 18:12:03 +0000 (UTC), soupdragon <
m...@privacy.com>
wrote:
>> The situation is the same in either case. It is not an offence to
>> tell someone else how you vote before, during or after you vote. ou
>> could wave your completed voting slip around and announce to the whole
>> polling station how you have voted and no policeman will be called to
>> arrest you.
>
>You think so? Well you're wrong.
No, I assure you I am correct.
>"No-one is allowed to see who you vote for so make sure you vote in a
> polling booth which has a screen around it. Put an ‘X’ by the person or
> party you want to vote for. Fold your ballot paper in half and put it in
> the ballot box." -
directgov.com
>"It is an offence under the Representation of the People Act 1983 for
>someone to ask you to show them your completed ballot paper, or for you
>to show your completed ballot paper to anyone, before lodging it in the
>ballot box. This includes the Returning Officers and station officials.
>Once you complete your ballot paper in the privacy of a voting booth, you
>should fold it in half and place it immediately in the ballot box"
> Electoral Reform Commission.
>So, a policeman will most certainly arrest someone waving their completed
>paper and telling the station how you voted.
I note that you do not understand what you have quoted. It is indeed
an offence to try to find out how another person has voted. It is not
however an offence to *volunteer* that information.
Sort of similar to how it is an offence to take someone's money
without their permission, but it is not an offence to hand £20 notes
out to anyone who wants one.
>> Impersonating someone who is *not* under your control will be much
>> more difficult in a computer system, because you would need their
>> login details rather than just a name and address.
>Trivial to obtain using a key logger. And once you have it, no risk
>of being indentified at a polling station.
You haven't thought that through, have you? You will only use your
login details *once* in order to cast your vote. So a keylogger will
only be able to gather that information after it is too late for
anyone else to use it. Try again.
>>>ensure all your details are at that station. You can't just wander
>>>into any polling station.
>> I didn't AFAICR - I recall deciding whether to pop out from work and
>> vote or wait until after I got home, which would have entailed 2
>> different polling stations. All the stations in the area had the same
>> list, and I suppose the lists were compared later to see if anyone
>> voted at more than one polling station.
>Well, now you're just making this up as you go along. Have you ever
>voted? It doesn't sound like it, at least not in the UK.
I could say exactly the same about you. Or maybe it's just the case
that different areas have different methods in that regard.
>> How will your neighbour know what name you are voting under? You will
>> only be showing the official your polling card.
>..which has my name on it. Duh!
Explain to me how *your neighbour* will get to see what name is
written onyour polling card.
>> simply assume you are voting under your own name.
>You've never voted, have you?
Yes, which is why you will have to explain yourself, because I can
assure you that when I voted I was under no obligation to let everyone
in the polling station see my polling card or tell anyone except the
official at the desk what name I was voting under. It is not even an
offence to register and vote under an assumed name, and quite a few
people register under an assumed name in order to keep their real name
out of the electoral register.
>>>The probability that my neighbour would spot someone impersonating me
>>>would be considerable.
>> How? Your neighbour will see a stranger handing across a polling card
>..with my name on it..
How would they know that the card has your name on it?
>> and going in to vote. They will not know that they handed in *your*
>> polling card.
>Of course he will. My name is on it.
Do *you* read the names on other people's polling cards when you go to
vote?
>> The same nonsense that you are talking about. You no more need to use
>> your *own* computer to vote than you need to use your *own* polling
>> station. So ownership is irrelevant.
>
>Err no. Ownership is highly relevant. Under your system, I need a
>computer to vote.
Only in the same way as you need a polling booth to vote in the
present system.
> Under the current system, all I need to do is walk a
>few hundred yards to a polling station.
And in a computerised vote all you would need to do would be to walk
even less distance to the nearest available computer.
>> will be able to get to a computer easier than they can get to a
>> polling station.
>And your evidence for this is.. ?
Ummm - becaues there are a tad mnore computers in any given town than
there are polling stations.
>
>[Voting fraud..]
>>>Well yes, it is. Phishing scams are reconded to rake in a considerable
>>>amount of money, with very little that banks can do about it.
>> The perpetrators are usually caught,
>What world do you live in? The perpetrators are almost *never* caught.
Um - you are quite wrong wrt perps who operate from a country that
takes such things seriously. I have *once* had my CC details used
fraudulently, and the perp was behind bars a month later.
>> and in any event the dynamics are
>> completely different to voting, because the phisher is rarely the
>> person who actually uses the information.
>Which is exactly how it will work at an election. Data passed on to
>'interested party' who will then use it to place blocks of votes. So
>the 'dynamics' are identical.
There are *very* few "interested parties" wrt voting fraud, and the
big difference is that they are all likely to be in the same country
as where the scam is taking place, which makes a huge difference.
Most of the difficulty in catching people is due to having to split
the police work between different forces in different countries - the
language barrier alone is a considerable hinderence before taking into
account vastly different prioriities and differences in laws and
procedures.
>>>>>But your talking above about _secure_ computers, not public
>>>>>computers which, by their nature are not secure.
>>>> The computer you vote from does not need to be secure at all if the
>>>> system is set up reasonably.
>
>>>But 25% don't own one and, of the 75% left, a large number have very
>>>poor security leaving them vulnerable to attacks from malware,
>>>keyloggers, port sniffing, etc.
>> Port-sniffers etc. would not facillitate voting fraud.
>Yes they would.
Explain the mechanism by which they could do so.
>> most they would allow someone to find out who you voted for - which I
>> suggest is not a goal that anyone would find worth the risk.
>Nope. A keylogger would give them your login details because you will
>have to register your details with HMG website before voting.
> A MitM
>> attack or a specifically targetted virus is about the only way a vote
>> could be rigged, and there are several ways to make that eventuality
>> detectable pre-voting day, making it a very high-risk venture for the
>> fraudster.
>How so? Name one. How would the fraudster be at risk when he is
>hiding behind a proxy?
As said, both a machine virus and a MitM attack would have to be set
up some time before the actual day of the vote for fairly obvious
reasons (you cannot undetectably redirect or infect thousands of PCs
at a second's notice). Anything that is set up to affect a
significant percentage of the population would be discovered by
*someone* PDQ, almost certainly prior to the day of the vote. Whilst
the source of a virus might not be traceable (though it ususlly is if
found early and enough effort to trace it is expended), its effects
could be negated with suitable pre-planned security measures, and a
MitM machine *cannot* by its nature "hide behind a proxy" because it
must be a machine that is contactable by the voter (active listening
ports on a direct and thus traceable IP address.
One big advantage of a computer vote is that if necessary it can be
postponed at short notice for a week or so without a great deal of
cost or disruption.
>Checking *by the voters* could trivially be
>> set up to provide statistical evidence of significant fraud.
>
>Explain how this would work.
As one method of several possibilities: The computers taking the
votes would have access to two databases. One will be an existing
database of all registered voters and whatever login details will be
required, and the other will be a database of the votes cast. When a
person logs in to vote, they are verified by a lookup of the voters'
database, which has a field to denote whether that voter has already
voted or not. If the voter is verified and has not already voted, he
is permitted to cast his vote. His selected vote is entered into the
votes' database together with a unique number, and his entry on the
voters' database is marked as "voted" together with the IP address the
vote was cast from. The unique number is both stored against the vote
in the votes' database and sent back to the voter, and voters are
encouraged to store or make a note of that unique number.
After the close of the vote, copies of the voters' database are given
to each party (as confidential files) so that the parties can check
that (a) the number of entries in the votes' database is the same as
the number of entries in the voters' database marked as having voted,
and (b) any IP address that was used to cast an extraordinarily high
number of votes is explainable.
The second (vote's) database is made public for anyone who wants to
download. Thus anyone can count the votes for themselves, and also
ensure that every associated number is indeed unique.
In addition, any voter can lookup their their unique number in the
database (which they received when they voted), and ensure that the
vote recorded against that number was indeed the party that they voted
for. As only the voter knows the number they were given, the numbers
will not tell anyone else how any particular person voted.
Having the possibility for every voter to check *after the fact* that
their vote was accurately recorded is probably the best security
against substituted votes. With every party having the list of who
did and who did not vote (as indeed they do at present) enables them
to carry out spot checks of people marks as having voted to ensure
that they did in fact vote.
Any fraud on a large enough scale to be likely to affect the outcome
of an election would be pretty much certain to be detected after the
fact by those methods.
>> Having a publically accessible computer is not anything like as
>> expensive as setting up a polling station
>
>Really? A polling station consists of a few bits of wood, a box and
>a curtain. Maintenance involves painting the wood occassionaly and fixing
>the occassional torn curtain. Lifespan is probably around 30 -40 years
>before needing replacement. Lifespan cost? Probably no more than a couple
>of hundred pounds including purchase costs.
>What would the equivalent cost for a public PC polling station? Well lets
>see. Half dozen PCs, cost of operating system, installation of a secure
>network and associated switches and routers. Provision of Internet access
>via 3rd party ISP. Installation of neccessary security for each PC.
>Maintenance costs include software updates, replacement of failed
>hardware. Being generous, 10% capital costs. Lifespan - 10 years tops
>before hardware becomes obsolete and can't handle software updates.
>Less expensive? I sense you've never worked in IT.
You would obviously use computers that *already exist* for other
purposes, so it would cost you absolutely nothing extra except someone
to man the public buildings that are kept open a few hours longer than
usual. I sense that you have never worked in a job that requires you
to think very hard.
--
Cynic