This is TikiWiki CMS/Groupware v1.9.11 -Sirius- © 2002–2008 by the Tiki community Tue 24 of Oct, 2017 [09:44 UTC]
Menu
Last actions

Playing Fast and Loose

Playing Fast and Loose with eDemocracy Inside the European Commission
print

Playing Fast and Loose with eDemocracy Inside the European Commission


We have been warning about the risks to democracy that are inherent in the eVote 1, 2, 3 , for nearly a year now. As was to be expected, DG “Human Resources” and its subsidized unions have turned a blind eye and a deaf ear. For its part, SID remains more mutinous than mute.

Math phobic readers should skip the next paragraph. Those also intimidated by computers need to fast-forward by two paragraphs.

The work of Turing on the so-called halting problem and of Emile Post on the correspondence problem , and others proves scientifically that it is impossible to eliminate all bugs from a program. This is true for us humans with our limited life span; no matter how faster our hardware runs. Meta-mathematically speaking, it is also true for immortal beings. Furthermore, debugging is NP-complete which means something like; if all the matter in the universe were used to build a trans-galactic supercomputer and all the energy to power it, we still could not debug programs 100%.

A whole folklore of debugging has sprung up among programmers. See “The Mythical Man Month”, Weinberg's “The Psychology of Computer Programming” and of course Weizenbaum´s “Computer Power and Human Reason” for tales about the eternal struggle between natural stupidity and artificial intelligence.

When paper ballots are used "Fraud at the Elections" is possible but, given will and skill, so is its detection. Fraud and other malfunctions are possible in electronic elections, but they can only be detected by luck. That tells us something about the eVoting fans.

In the margins of an official meeting, a key player in the Social Monolog Unit of the Resourceful Humans DG that the bosses declared that he would defend the eVote to the best of his ability because it is so much cheaper than the paper kind. This writer would be glad to pay 1% more tax in exchange for rescuing the EU from the eVote. Looking at the reports of the Court of Auditors one sees that misguided and mismanaged subsidies and not an excess of internal democracy are putting the budget under pressure, so we can afford real democracy on the budget in place.

Considering that the Commission is the draftsperson of first resort for many of the laws e imposed on half a billion EU-citizens one wishes for a 99% squeaky clean Commission. That goal remains elusive as long as high ranking officials skimp on democracy as though it were among the office supplies. As long as the Commission fails to practice internally what it preaches to the EP voters, its credibility will be limited, and so will be turnout on eDay.

One obvious way to make life a little more difficult for eVote fraudsters is to store the exact time at which an eVote is cast along with the record of the vote itself. Votes cast in the middle of the night when the voter was fast asleep could be identified as being dubious. This would force eCheaters to do their dirty work during the day, when risk of being caught is higher. That would be a small, but measurable step towards making the eVote less insecure.

Of course, this proposal was roundly refused. Try to guess the reason advanced. Think. Ready?
The HR gentleman explained that such a device would put the secrecy of eVote at risk because someone might write down the time at which a vote was cast and the voter's identity. Armed with that information she or he might hack into the database of votes already cast and then positively id the voter and his choice.

It is only at election time that one sees such sadistically tortured logic. First; if someone manages to get past the firewall and into the database of eVotes we have problems far more serious than a few time stamps. Second; HR has constantly assured us that such a breach is absolutely impossible. (Who cares what the proportions of self deceit and computational illiteracy are that go into making such a statement without even blushing?) Third; someone peeking over the shoulder of an unwary eVoter might leave the hacking to the NSA professionals and simply take some snapshots of the screen with the camera in his phone.

This is where I left the HR gentleman because the little lost boy look in his eyes was getting to me. He was just doing his job by repeating his carefully memorized answer verbatim. That the answer he gave was ridiculous is all his boss' fault. But there is plenty more to say.

Fourth; some Eurostat colleagues are allowed to work from home. But only if they use security devices far beyond our combination of user id and password. The raw data they work on has passed through many hands before it reaches their hard disk and, at any rate, the final product is published and positively thrust at the public via websites and press releases. What does it tell you, dear reader, that the price of beans in Estonia
has a higher security rating than the votes of EU workers? Money rules! Not people.

Fifth; the practice of sharing passwords with colleagues is banned, but it happens. This writer recalls the hurt look on the face of a colleague when he refused to give his password.

Sixth; there is always the real possiblitiy of what the hacking community calls social engineering.

Seventh; a little five second video of hands typing a password can be made, either in person, or by a concealed webcam. What risk is the eCheat running?

Eighth; the electromagnetic radiation from a keyboard can b e scanned, recorded and decoded.

Ninth; a keystroke logger with a 1 cm diameter can be placed between the keyboard and the machine and retrieved a day later. No one can take a comfort break and return to his PC in the one minute needed for walking in, unplugging, plugging, re-plugging and walking out.

Tenth; at least half of the adult Europeans have sufficient skills in reading, writing and arithmetic to help with verifying a pVote. That percentage is more like a per mille for the eVote where a graduate degree in computer science and some years of practical experience are required. This is the underlying cause of the problem; the smaller a group of experts is, the easier it is to bribe or otherwise manipulate. The widespread lack of job security in the IT field makes things that much worse.

Eleventh; no, let's stop here. Those who still believe that the eVote is secure always will because that is their will.

We have already seen two serious technical failures of the system which needed crisis intervention.

The first occurred in Brussels in 2009 . Based on experience going back to the days of the IBM 360 and punched cards this writer concludes that there were important gaps in the testing and debugging. The fact that the counting module could n o t read what the recording module had written to the disk is ample proof. The validation was clearly done with unrealistically small files of test data. That is why the system gave up the ghost when, for the first time in its existence, it was asked to process thousands rather than dozens of votes.

This error is as honest as it is glaring. In houses trap doors are concealed under carpets. Software trapdoors are hidden under layers of complex source code. Some have been found in the very parts of a system that were supposedly dedicated to making it “impenetrable”. It is certain that we do not know whether there is no trap door, or two or three. Things like that happen.

The second security breach occurred in Luxembourg in November 2010. The system ran for more than four hours before producing the results of the Staff Committee elections. The hardware could have processed millions, if not billions, of votes in that time. In fact there were less than three thousand voters to process. This made it necessary to officially reschedule the opening of the newly elected Staff Committee.

It is very close to impossible that there were no problems with the system because it had processed a bigger file of votes in Brussels in much less time. (Once it had been patched up, that is.) If it ran over four hours, something must have been wrong. Some other program or programs must have been eating up most of the computers time while running in the “background". What other programs? What did they do? Who put them there? Why was no one told? Was the election server part of a cloud?

No explanation for this discrepancy has been offered, leaving us to guess at what happened to our votes. There may have been a series of system crashes that took the team an afternoon to overcome. We are still waiting for the incident report. Those of us who have patched and fixed faulty systems under pressure know how error prone such work is. Even in the absence of malice, all sorts of things may have happened to our votes.

Maybe the Brussels and Luxembourg Staff Committee elections in the Institution supposedly working for half a billion Europeans were honest. Maybe. What a disgrace!

Created by: admin last modification: Saturday 29 of January, 2011 [23:13:17 UTC] by admin


Current events
Powered by Tikiwiki Powered by PHP Powered by Smarty Powered by ADOdb Made with CSS Powered by RDF
RSS Wiki RSS Maps rss Calendars
Powered by Tikiwiki CMS/Groupware | Installed by SimpleScripts