Posted on Nov 5, 2014
Elections and voter fraud - what we can do about it?
12.5K
105
80
2
2
0
My analysis of elections, voter fraud, and how we, as a country, can nearly 100% eliminate it...
Tonight, on the way home from my current job as a network administrator, I was listening to late night talk (you know the one - the one that is always talking about UFOs and Bigfoot...) Anyway, tonight the topic was voter fraud. George Noory (the host) had a guest on who was discussing how voter fraud is always going to be a problem, no matter what country you live in, or what voting procedures you have...
I found myself in complete disagreement. Sure, under current standards, with the technology we are currently fielding, we don't have a way to stop voter fraud, especially when states refuse to require people to have IDs so you can vouch that they are the actual people casting a ballot. I'm not trying to get into a political debate on this though... what I'm trying to point out, is that there is a way to stop voter fraud dead... as in, almost IMPOSSIBLE to commit. That's right... nearly impossible.
Here's how it works: Anyone in IT, is (or should be) familiar with the Public and Private key infrastructure that we use to encrypt and decrypt messages, as well as generating a hash value. Think of a package, within a package, within a package, and so on, much like the Russian wooden dolls that are hollow, and each time you open one, there's another doll inside it.. similar concept.. I know, this is complicated, so if you don't care, fine, but I do, and I think this will work 99-100%!
What we need to do, as a country/state, whatever, is every person should be able to pick up a Driver's license or state ID (even if it is subsidized) that proves who they say they are - let's call it a Personal ID or PID. Embedded in the PID, should be a smart chip. On the chip, just like on our CAC and PIV cards, is the person's encrypted private key, their public key, and a hash key. For those of you who don't understand this, bear with me for a minute.
When a person goes to vote, whether through a polling station, the internet, whatever, they insert their PID into the slot just like we do with a DoD CAC or PIV. They then cast their vote. When their vote is cast, several things happen:
First, the persons vote is recorded, and then encrypted with the person's private key. The only way to change it, is using the private key. However, you can decrypt it and read what was cast with the public key - just bear that in mind for a moment. So here's our package [encrypted vote]<-using person's private key
Second: The encrypted vote, combined with some personal identification values and the person's public key, is then hashed (that is, a hash is generated using the person's hash key).
Now our package looks like this: ([encrypted vote] + [personal id values] + [person's public key]) x [personal hash key] = [personal hash value]
Third: the encrypted vote, the person's ID values, the person's public key, and the person's hash are ALL encrypted using the Government's (or voting authority - doesn't matter what you call it) Public Key (yes, this is important, the government/voting authority must have both a public and private key, and a hash key as well). What this does is makes the info that was encrypted, unreadable UNLESS you have the private key for the voting authority.
Our package now looks like this: {[encrypted vote] + [personal id values] + [Personal hash key] + [Personal hash value] + [person's public key]} = [encrypted package] <-- using voting authority's public key
Fourth: The data is then REHASHED using the government's Hash key. [encrypted package] x [Voting Auth Hash Key] = [VA Hash Value]
Fifth: The encrypted data, and the generated hash are then both sent to the voting authority. So now our package: ([Encrypted package]+[VA Hash Value]) sent to Voting Auth.
Sixth: The voting authority, using their hash key, re-hashes the encrypted package, the same as step four above. This should create the exact same hash key, which verifies that the encrypted data was NOT tampered with during transmission to the Voting Authority.
SO [encrypted package] x [Voting Auth Hash Key] should still = [VA Hash Value]
The package can now be stripped of the hash value that was sent with it:
[Encrypted Package]
7th: The Voting Authority takes private key that belongs to them, decrypts the data. Since the package was sent with the VA's public key, the only key that can decrypt it is the private key the VA has. This gets them to here:
[encrypted vote] + [personal id values] + [person's hash key] + [person's hash value] + [person's public key] <-- decrypted with VA's private key.
8th: The voting authority can take the person's hash key, and re-hash the encrypted votes with that person's ID values - if the encrypted vote data and the person's ID data was not tampered with, the hash key should generate the SAME hash value that was sent with all the other data to them.
So ([encrypted vote] + [personal id] + [person's public key]) x [personal hash] should still = [personal hash value]
9th: Since the hash value they generated above should be the same as what was transmitted, the VA can now decrypt the encrypted vote using the person's public key.
The entire process does the following: 1) It makes the vote unalterable. If it is altered, the hash values change and won't match. 2) it makes the vote irrefutable - the person can't say they didn't cast the ballot, because their personal ID is tied to the vote. 3) it makes the the vote nearly 100% unforge-able. Because the vote is tied to the person's personal data that only they will have, it can't be forged and if it is, the person can almost 100% prove they didn't send the vote. 4) no one on either end can tamper with the vote results, and if they do it becomes instantly obvious. 5) LAST, and most important, it makes it so that if there is EVER a question about the vote, an independent party can come in and verify all of the above.
So for those of you who understood every step I described above, what do you think? Leave me some feedback or vote below!
Thanks.
V/R
Marc Wayman
Tonight, on the way home from my current job as a network administrator, I was listening to late night talk (you know the one - the one that is always talking about UFOs and Bigfoot...) Anyway, tonight the topic was voter fraud. George Noory (the host) had a guest on who was discussing how voter fraud is always going to be a problem, no matter what country you live in, or what voting procedures you have...
I found myself in complete disagreement. Sure, under current standards, with the technology we are currently fielding, we don't have a way to stop voter fraud, especially when states refuse to require people to have IDs so you can vouch that they are the actual people casting a ballot. I'm not trying to get into a political debate on this though... what I'm trying to point out, is that there is a way to stop voter fraud dead... as in, almost IMPOSSIBLE to commit. That's right... nearly impossible.
Here's how it works: Anyone in IT, is (or should be) familiar with the Public and Private key infrastructure that we use to encrypt and decrypt messages, as well as generating a hash value. Think of a package, within a package, within a package, and so on, much like the Russian wooden dolls that are hollow, and each time you open one, there's another doll inside it.. similar concept.. I know, this is complicated, so if you don't care, fine, but I do, and I think this will work 99-100%!
What we need to do, as a country/state, whatever, is every person should be able to pick up a Driver's license or state ID (even if it is subsidized) that proves who they say they are - let's call it a Personal ID or PID. Embedded in the PID, should be a smart chip. On the chip, just like on our CAC and PIV cards, is the person's encrypted private key, their public key, and a hash key. For those of you who don't understand this, bear with me for a minute.
When a person goes to vote, whether through a polling station, the internet, whatever, they insert their PID into the slot just like we do with a DoD CAC or PIV. They then cast their vote. When their vote is cast, several things happen:
First, the persons vote is recorded, and then encrypted with the person's private key. The only way to change it, is using the private key. However, you can decrypt it and read what was cast with the public key - just bear that in mind for a moment. So here's our package [encrypted vote]<-using person's private key
Second: The encrypted vote, combined with some personal identification values and the person's public key, is then hashed (that is, a hash is generated using the person's hash key).
Now our package looks like this: ([encrypted vote] + [personal id values] + [person's public key]) x [personal hash key] = [personal hash value]
Third: the encrypted vote, the person's ID values, the person's public key, and the person's hash are ALL encrypted using the Government's (or voting authority - doesn't matter what you call it) Public Key (yes, this is important, the government/voting authority must have both a public and private key, and a hash key as well). What this does is makes the info that was encrypted, unreadable UNLESS you have the private key for the voting authority.
Our package now looks like this: {[encrypted vote] + [personal id values] + [Personal hash key] + [Personal hash value] + [person's public key]} = [encrypted package] <-- using voting authority's public key
Fourth: The data is then REHASHED using the government's Hash key. [encrypted package] x [Voting Auth Hash Key] = [VA Hash Value]
Fifth: The encrypted data, and the generated hash are then both sent to the voting authority. So now our package: ([Encrypted package]+[VA Hash Value]) sent to Voting Auth.
Sixth: The voting authority, using their hash key, re-hashes the encrypted package, the same as step four above. This should create the exact same hash key, which verifies that the encrypted data was NOT tampered with during transmission to the Voting Authority.
SO [encrypted package] x [Voting Auth Hash Key] should still = [VA Hash Value]
The package can now be stripped of the hash value that was sent with it:
[Encrypted Package]
7th: The Voting Authority takes private key that belongs to them, decrypts the data. Since the package was sent with the VA's public key, the only key that can decrypt it is the private key the VA has. This gets them to here:
[encrypted vote] + [personal id values] + [person's hash key] + [person's hash value] + [person's public key] <-- decrypted with VA's private key.
8th: The voting authority can take the person's hash key, and re-hash the encrypted votes with that person's ID values - if the encrypted vote data and the person's ID data was not tampered with, the hash key should generate the SAME hash value that was sent with all the other data to them.
So ([encrypted vote] + [personal id] + [person's public key]) x [personal hash] should still = [personal hash value]
9th: Since the hash value they generated above should be the same as what was transmitted, the VA can now decrypt the encrypted vote using the person's public key.
The entire process does the following: 1) It makes the vote unalterable. If it is altered, the hash values change and won't match. 2) it makes the vote irrefutable - the person can't say they didn't cast the ballot, because their personal ID is tied to the vote. 3) it makes the the vote nearly 100% unforge-able. Because the vote is tied to the person's personal data that only they will have, it can't be forged and if it is, the person can almost 100% prove they didn't send the vote. 4) no one on either end can tamper with the vote results, and if they do it becomes instantly obvious. 5) LAST, and most important, it makes it so that if there is EVER a question about the vote, an independent party can come in and verify all of the above.
So for those of you who understood every step I described above, what do you think? Leave me some feedback or vote below!
Thanks.
V/R
Marc Wayman
Ideas
Voting
Posted 11 y ago
Responses: 26
2
2
0
SFC Marc Wayman, That was awesome!!! Like CW5 Montgomery noted, first things first; get every state to require ID!!!! I was surprised to be reminded by my parents, that as long as you knew your name and address you can vote in Illinois. If I knew my buddy wasn't voting, I could vote my way as him by altering my looks, voting early, etc. It would not surprise me if it doesn't happen some. Besides, some of the folks running the poling places aren't as professional as you would expect either. The system definitely needs help. Unfortunately, you presented a graduate level solution, for an infrastructure that could barely handle a middle school level concept I'm afraid...
(2)
(0)
SFC (Join to see)
LTC (Join to see): LOL! I suppose it is quite an advanced concept. It could work - and while I don't think it is ever possible to eliminate all fraud 100% of the time, you could certainly make it much, much harder.
(1)
(0)
2
2
0
I like it. Only problem is we can't get the buttheads in DC to approve a National ID/ID card which would make this more possible.
(2)
(0)
Lt Col John Grimes
National ID's are often considered a danger to privacy, and a means for govt control.
(0)
(0)
1
1
0
Kind of does away with the secrecy of the ballot box. The voting authority could start tracking the voting habits of individuals.
There's a simpler way to stop in-person voter fraud--implement ID requirements at registration.
There's a simpler way to stop in-person voter fraud--implement ID requirements at registration.
(1)
(0)
SFC (Join to see)
MSG (Join to see): Yes, we should implement mandatory voter ID requirements, however, but I don't believe that will stop voter fraud 100% - maybe 95%, but not 100%. I have never believed you can stop all voter fraud, but I do agree that if we implement 100% mandatory requirement for ID, we can stop a lot of it.
Additionally, with electronic voting becoming more and more mainstream, it will become easier and easier the "rig the system" to either electronically generate false votes, or miscount them, or even "switch" votes from one party/candidate to the other.
This suggestion simply puts a system of checks and balances in place that also allows for complete and true "transparency" - which the current administration is so fond of claiming they have - which is an absolute must for any true voting system - the citizens voting have to be able to see that their vote was recorded properly, that all the votes counted, and that there were no shenanagins going on.
Additionally, with electronic voting becoming more and more mainstream, it will become easier and easier the "rig the system" to either electronically generate false votes, or miscount them, or even "switch" votes from one party/candidate to the other.
This suggestion simply puts a system of checks and balances in place that also allows for complete and true "transparency" - which the current administration is so fond of claiming they have - which is an absolute must for any true voting system - the citizens voting have to be able to see that their vote was recorded properly, that all the votes counted, and that there were no shenanagins going on.
(1)
(0)
MSG (Join to see)
You are correct, and your suggestion will do that. but I don't want my voting to be transparent to others.
(1)
(0)
SFC (Join to see)
MSG (Join to see): Actually, if you look at the flow chart I published here, you'll see that the voter's ID is hashed, and can't be directly tied back to the voter except by the voter. There is no way to un-hash a hashed ID. All that can be done, is a voter can rehash their ID, and it will match the original hash so long as that ID has not changed, which proves the voter's ID is what created the hash.
Long story short, you could not be identified by reversing the hash, and your vote would still be private, but counted. At the same time, you could check what vote you submitted to the voting authority simply by inputting your user ID Hash for that vote, without revealing who you are - Both Integrity and Confidentiality exist in this.
Long story short, you could not be identified by reversing the hash, and your vote would still be private, but counted. At the same time, you could check what vote you submitted to the voting authority simply by inputting your user ID Hash for that vote, without revealing who you are - Both Integrity and Confidentiality exist in this.
(0)
(0)
1
1
0
This is what i know. When i went to get my voters registration card all i did was give my name and they gave me the one i never got delivered no ID or anything. When i wen to vote i just gave my name and they ok go to station 2. I was amazed i did not have to prove who i am. I need an ID to get my fishing license but not to vote i think it is nuts.
(1)
(0)
PO2 Corey Ferretti
Ohh ok yeah this was my first year voting in 12 years. I know real bad i just never understood politics and thought i could not make a difference. then some stuff was coming up and i was like wait how can i complain about it if im not voting on it. So even though i am 30 i am completely ignorant on politics and the voting process
(0)
(0)
1
1
0
Why does this sound like the beginning of theAntiChrist and the Mark of the Beast??? IJS
(1)
(0)
SFC (Join to see)
Sgt Jay Jones: It's not... the mark will actually be on/in your body... like embedded id chips under your skin that will also track finances and health as well.
(0)
(0)
1
1
0
F) All of the above?
The problem with any system is that someone can break it and fraud is possible. The question is, how much can be reduced and especially, can it be reduced a level where it does not effect the outcome of the election?
There will always be some level of error. We are working with humans? If nothing else, human error. They mark the wrong circle, push the wrong button, ETC. It would be nice if we did live in a perfect World, but we don't...at least not yet.
The problem with any system is that someone can break it and fraud is possible. The question is, how much can be reduced and especially, can it be reduced a level where it does not effect the outcome of the election?
There will always be some level of error. We are working with humans? If nothing else, human error. They mark the wrong circle, push the wrong button, ETC. It would be nice if we did live in a perfect World, but we don't...at least not yet.
(1)
(0)
1
1
0
My vote is my vote. I hold my vote private and do not disclose who or what I vote for. Non of your listed options account for that. As well your theory means that anyone with the public key would then know who voted for what. I would be against that.
(1)
(0)
SFC (Join to see)
Cpl (Join to see): Actually, you could just hash the voter's ID. The voter could always hash their own ID and compare it to the ID Hash stored at the Voting Authority server, and in fact, that is how the voter's vote would have to be looked up if the voter wanted to verify what the Voting Authority has for his vote. With a Hash, it is physically impossible to "reverse engineer" it to a particular voter.
(0)
(0)
SFC (Join to see)
PO1 Ernie Foster : At the very basic level of networking,you would be correct. There are way more secure systems and communications methods and many businesses and the US government use them. While not impenetrable, it takes someone with very specialized knowledge to hack these systems.
(0)
(0)
1
1
0
I've always wondered what's the big deal about getting ID? But even if that's too much for you and we decide as a nation to require some proof of identity in order to vote then why wouldn't we just use our thumb print? The idea makes the hair stand up on my neck, but if we got to be all big brother why not just use that instead of some fancy encrypted ID card?
You get up to the polling station, you whip out your thumb and put it on the scanner. OK, you are you...go vote. As for how to transmit those votes I'll leave it to someone who knows what language your speaking! LOL
You get up to the polling station, you whip out your thumb and put it on the scanner. OK, you are you...go vote. As for how to transmit those votes I'll leave it to someone who knows what language your speaking! LOL
(1)
(0)
Lt Col John Grimes
I can't imagine what some bunch in a govt that has gotten a bit to crazy could do with have virtually every voting citizens thumbprint. Can you imagine what the Nazis could have done with that information, especially with a computer system that could identify anywone in seconds.
(0)
(0)
PO3 (Join to see)
I don't think it's far off from that already sir. Facial recognition software and computerized drivers licenses spring to mind.
(0)
(0)
SFC (Join to see), absolutely agree that the concept of using PKI would stop it dead (as you said, no possibility of voter fraud any where along the process), but it would never happen, no matter what support you have, for a variety of reasons. Almost all of the reasons are economical, and if you can't get agreement on the low cost options of just using government issued photo ID, how would you expect to get any agreement for a more expensive solution?
DoD pays about $8 each for an Level of Authentication 4 credential (the CAC) which is what you are describing (less the biometric info). Figure at scale (200M eligible voters) the government could get it down to $5 ... that's still $1B just for the cards and a LOT more for the infrastructure (readers, management, etc). Think about all the stuff you have to go through for your passport (that's a LOA3 credential) and now add the PKI certs on top of that.
DoD pays about $8 each for an Level of Authentication 4 credential (the CAC) which is what you are describing (less the biometric info). Figure at scale (200M eligible voters) the government could get it down to $5 ... that's still $1B just for the cards and a LOT more for the infrastructure (readers, management, etc). Think about all the stuff you have to go through for your passport (that's a LOA3 credential) and now add the PKI certs on top of that.
(1)
(0)
LTC (Join to see)
Also note the number of DOD CACs that fail on any given day (chip goes bad, PIN locks, etc.) If those happen on election day, the backlog would be incredible. We would have to go to an election week to make this happen.
(1)
(0)
1
1
0
SFC (Join to see)
SPC David S.: While it is true you can break anything if you really try, the beauty of this system, which I forgot to mention, is that the VOTER gets an encrypted copy of his voting record. At any time, if he wants to compare his vote to the vote the voting authority is showing, he can check it. 2nd, the smart chip can be hacked, emulated, or stolen. What is nearly impossible to crack though, is an encrypted private key, tied to a 8-12 digit alphanumericspecial PIN.
Let's take an example: Say I have a smart chip in my Driver's License. The chip holds both my encrypted private key, my unencrypted public key, and my public Hash Key. If someone steals my ID, in order to verify WHO they are trying to say they are, they would have to guess what my alphanumericspecial PIN is. Since the government can issue these cards out, they can also enforce strength requirements, such as no dictionary words, must contain at least 2 numbers, 2 lower case, 2 upper case, and 2 special characters. So, I choose my pin and this is what I pick (Note: This is NOT a real PIN I use!): 1D_1wR4Pr3s! This pin, in my mind is simple for me to remember, because it has meaning to me (in fact, the meaning I came up with was this "One (1) Day(D_) I(1) will(w) Run(R) For(4) President!(Pr3s!)"
For you to crack that, you'd need some time (like weeks or months minimum), and serious processor power - more than what your average joe can afford. By the time you did crack it, I, as the original owner of the ID Card, will hopefully have notified the authorities to get a new card, and my previous Private Key is made invalid. I am issued a new ID card/DL, and a new encrypted Private Key. The old Private key no longer works to ID me, because if someone does break it open, the ID Servers that track it, will see it's invalid and not allow it to be used for ID.
Let's take an example: Say I have a smart chip in my Driver's License. The chip holds both my encrypted private key, my unencrypted public key, and my public Hash Key. If someone steals my ID, in order to verify WHO they are trying to say they are, they would have to guess what my alphanumericspecial PIN is. Since the government can issue these cards out, they can also enforce strength requirements, such as no dictionary words, must contain at least 2 numbers, 2 lower case, 2 upper case, and 2 special characters. So, I choose my pin and this is what I pick (Note: This is NOT a real PIN I use!): 1D_1wR4Pr3s! This pin, in my mind is simple for me to remember, because it has meaning to me (in fact, the meaning I came up with was this "One (1) Day(D_) I(1) will(w) Run(R) For(4) President!(Pr3s!)"
For you to crack that, you'd need some time (like weeks or months minimum), and serious processor power - more than what your average joe can afford. By the time you did crack it, I, as the original owner of the ID Card, will hopefully have notified the authorities to get a new card, and my previous Private Key is made invalid. I am issued a new ID card/DL, and a new encrypted Private Key. The old Private key no longer works to ID me, because if someone does break it open, the ID Servers that track it, will see it's invalid and not allow it to be used for ID.
(0)
(0)
(1)
(0)
SFC (Join to see)
SPC David S.: And that's a point me and my coworkers just got done discussing. I think the solution (partially) is of course, enabling voters to check and see what vote they cast is actually recorded on the server (transparency), without enabling them to make changes. Second, the hashing as I described it, would automatically indicate if a vote was changed when you try to rehash the "altered" vote. Third, because this sort of voting process as I described is nearly instant, a voter should be able, if they want, to instantly check and see what their recorded vote is. Last, the Registering Authority (the authority responsible for verifying the private key hashes) would have to be separate from the Voting Authority. In fact, it might need to be two or three Registering Authorities, each with only a portion of the private key hash. If any one of them was compromised, that portion of a person's private key hash would become invalid - thus invalidating the entire private key. The problem with this, is if a foreign entity wanted to disrupt the elections, they would need to only compromise the one RA.
So, perhaps, thinking about this, we'd still need some sort of "physical" vote tally - so paper ballots might not go away - instead a person would vote, and then, when they're done voting, they get a printout of their vote that they then turn in to the Polling center, and that paper is then scanned in at a central voting authority location and directly compared to the electronic vote. If there were fraud, the paper vote wouldn't match the electronic one. If someone tried to stuff the ballot, they wouldn't be able to do so electronically, and paper ballots that were stuffed in wouldn't have a corresponding electronic vote. To further protect the system, if there were a compromise, then they could just automatically tallying only paper votes...
No system is 100% perfect, but it's possible I think to get close.
So, perhaps, thinking about this, we'd still need some sort of "physical" vote tally - so paper ballots might not go away - instead a person would vote, and then, when they're done voting, they get a printout of their vote that they then turn in to the Polling center, and that paper is then scanned in at a central voting authority location and directly compared to the electronic vote. If there were fraud, the paper vote wouldn't match the electronic one. If someone tried to stuff the ballot, they wouldn't be able to do so electronically, and paper ballots that were stuffed in wouldn't have a corresponding electronic vote. To further protect the system, if there were a compromise, then they could just automatically tallying only paper votes...
No system is 100% perfect, but it's possible I think to get close.
(1)
(0)
(1)
(0)
Read This Next
Continue with Facebook 
Continue with Google