Posted on 12/05/2020 9:13:41 PM PST by zeugma
*sigh*
The server side software would be open source, you WOULD be notified by email if your account was changed (that is very standard practice on my planet, I don’t know about yours), and the most important thing is that any large-scale tampering would be NOTICED. People would look up their ballots in the published list and find they don’t match, and red flags would go up. As for the tabulation, anyone would be able to download the published list into Excel and run the totals for themselves.
Transparency means you can see the evidence of tampering easily. The only thing an attacker could do is spoil the election possibly, but there would be no way to alter the outcome without detection.
As for your voting system, as I told the OP, there's a lot more to it. Once you solve the registration problem the voting problem is pretty simple. Also I should not have said in my last post that all you need is the fob. If that's the case, then you could sell your fob and thus sell your vote. Otherwise I think fobs are great and I am a fan of them.
Another way to sell your vote is the lookup system you described.
No, you’re wrong. If you can’t use your email because you lose your phone, that’s sad for one thing, and for another you would have to make an in-person appearance and provide ID, to explain your carelessness and reset your account to your new email address. The rules are part of the package.
No doubt James Bond or the Mission Impossible crew would be able to come up with your duplicate ID and use a custom latex mask to impersonate you at the government office, after killing you or imprisoning you in a castle somewhere so that you don’t notice and complain. All this to hijack your ONE vote.
How much you would you pay me for access to my voter account and my ONE vote? Not enough to make me want to risk 10 and 10, because allowing unauthorized access to my account would be classified as national security violation, meaning Federal crime. The penalties are part of the package, too.
The voter validates by anonymously looking up his unique ballot in the published list. Only the voter knows which ballot is his. There is a master file which links the voter to the ballot, but it can be queried only with a court order specifying the query.
Not at all in reality. You lose your phone you simply answer two security questions and provide the number for your new phone. That's the reality of 2FA using a phone, but your solution is a fantasy: a perfect phone auth system.
How much you would you pay me for access to my voter account and my ONE vote? Not enough to make me want to risk 10 and 10, because allowing unauthorized access to my account would be classified as national security violation, meaning Federal crime. The penalties are part of the package, too.
Just like the OP you propose detection and penalties. There isn't any detection or penalties now and there won't be unless you figure out to detect mass registration fraud.
....custom latex mask to impersonate you at the government office...
Fraudulent registrations are encourage by that office. They want more fraud. They don't care who you are, illegal, duplicate, desd, whatever, it doesn't matter to them.
What you seem to be pushing is internet voting verified by a phone text message. Our adversaries will port millions of numbers and fail to port a large percentage of those. For those they fail to port they will attack with apps that intercept your SMS and send it to them. Then you have to be faster to the voting site than them. Barring that they will use false attempts and lock your accountm then masquarade (online as usual) and get a new one-time password from themselves. Or they will simply lock everyone's account and prevent voting by anyone.
You seem to have a problem with reading comprehension. The rules about making a personal appearance and providing ID to register, reset or renew your online account are part of the package.
It’s my idea, so my rules apply. If you want to apply your own rules, then it’s your system and not mine.
Your attack scenarios are fantastic and would be NOTICED. If online voting was somehow disabled by a system-wide attack, you would have to schlep yourself down to the polling station and vote on paper, oh the horror.
Already a non-starter.
To register to vote you must complete a voter registration application on paper or online at RegisterToVote.ca.gov. When you register online, the system will search the Department of Motor Vehicles (DMV) database for your California driver license or identification card number, date of birth, and last four digits of your social security number. If your information is found and you authorize elections officials' use of your DMV signature, an electronic image of your DMV signature will be added to your voter registration application after you click "submit" at the end of the online application. If there is no signature on file with DMV, all of your information will be transmitted to your county elections office; you will just need to click "print," sign the paper application, and mail it. Your county elections official will contact you when your voter registration application is approved or if more information is needed to confirm your eligibility.
Some California counties are good about looking up the person and making sure they aren't registered elsewhere in the state. They do not use https://ericstates.org/who-we-are/ in California so out-of-state registrants won't be detected. The adversary just needs to choose a lax California county and sign up 100,000 new voters. Many of those will fail but some will succeed.
If the Dems take over in Congress they will force the rest of the country to use Calfornia's online system, the opposite of what you are proposing. Even if we forced them to use your system and the adversary can't register online, they will pay the community organizers to register people in person. Then those accounts will be purchased, hijacked, or hacked. One of the ways they will be hijacked is number porting. The adversary will send "forgot password" requests that will send text messages to phone numbers they are able to hijack (not all, but some), or rescue emails to email accounts they can hijack.
Here's a very simple hijack example: https://www.cnbc.com/2019/01/04/how-secure-is-your-account-two-factor-authentication-may-be-hackable.html Requires phishing. As noted in the article it is defeated by a fob. A fob can't be phished.
If you vote, you must present yourself at a bone fide polling place, present a phot ID proof of registration and vote.
If you are old and can’t physically go vote, you can’t vote. If you are out of the country or away from home and can’t vote early, you forfeit your vote.
Vote by mail is preparation for voting by phone. Once the concept of voting by mail is inplace, it is but a short step to voting by phone.
You can afterall buy a car or a house by phone. Why note vote?
I’m not talking about voter registration per se, which should be greatly tightened up however.
I’m talking about registering an online voter account if you are already a registered voter. This part must be stringent because afterwards you have no interaction except online. No showing your ID to vote at a poll, no signing a mail-in ballot and having your signature checked. The only chance to control access is at the moment of setting up the account. It must be stringent, or the deal is off.
Will registering for an online account in person stop corrupt officials from creating fake or fraudulent registrations? No and the way you will know it happened is the purchase of 100,000 burner phones in Philly. Will any court in the country allow a state to require in person registration at a trustworthy location e.g. a location where both parties can observe and verify every registration? Unlikely, and if they did the corrupt dem jurisdictions would kick out the republican observers just like election night.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.