academic

warning: Creating default object from empty value in /home/gwolf/drupal6/modules/taxonomy/taxonomy.pages.inc on line 33.

E-voting and paper-based-voting - UNAM teaches us how to achieve the worst of all worlds

Submitted by gwolf on Mon, 03/30/2009 - 22:06

As my Institute's sysadmin, I was appointed as the responsible for my Institute's certificate handling for today's voting session for the Universitary Council (Consejo Universitario).

UNAM, Mexico's largest University, is moving towards an e-voting platform. I talked about this with our (sole) candidate for the Council, and she told me this has been used a couple of times already - And, as expected, it has led to having to repeat voting sessions, due in part to e-voting's inherent lackings: It is impossible to act on any kind of impugnation. The only thing we have is an electronic vote trail, no way to recount or to make sure that all votes got in. Besides, we had a perfectly antinatural and inadequate identification system, which means voter's identity have no way to be trusted.

Besides, we still have all the traditional Universitary bureaucratic paper flow, which completely obscures any positive points this e-voting system might have had.

Before going any further, if you are interested: There is a so-called security audit certificate for this system. In Spanish, yes. Take a look at it if you understand the language and want to crack some laughs.

I will not make a detailed review of (what I could gather about) the setup. But to make things short: I had to go to the central administrative offices to get a CD-ROM with the monitoring station's SSL certificate. This certificate is tied to an IP address, so only one computer was able to be set up as a monitoring station. So far, so good.

But, what is the monitoring station's real role? You will probably laugh. The voting session (at my Institute - Each dependency can specify its own opening and closing times) was from 10:00 and until 18:00. We were instructed to place this computer at a public location, from where:

  • Shortly before 10:00, we had to check the booth's status was set to closed and that zero votes were received.
  • During the votation period, the computer would continuously display the number of received votes, refreshing the page twice a minute1
  • During the day, anybody could go to the computer and check the number of total votes received. Its main function is, I think, to show that no votes are substracted precisely when a person is staring at it.
  • Shortly before 18:00, we had to check the booth's status was still set to open, and wait until 18:00 to witness the booth is now closed.
  • Get the needed data from the system and hand it over to the proper bodies. I'll get back to this point later on.

So, what is strange here? That there is a tremendous apparatus providing supposed security to... Information that is completely worthless. Just protecting a number that is, for all purposes, public. Oh, and the opening and closing of the booth - Of course, the system could have flaws during the process, or inject spurious votes along the way, or flip-flop the votes cast whichever way. But, did I mention votes? So far I have not mentioned how people are supposed to vote.

Together with our last paycheck, we got a piece of paper with all of the needed information: A randomly generated, 10-character-long-with-mixed-case-and-symbols password, and the link to a web page2. This paper was folded, yes, but it was in no way secured - So, whoever wanted to have all of our passwords could just go through the bunch of papers and get them.

Now, contrasting to the strong perception of physical security surrounding the oh-so-important monitoring stations, how can a person vote? Oh, sure, just fire up your favorite browser and go to https://www.jornadaelectoral.unam.mx/, produce your student number if you are a student or your full RFC3, select via checkboxes4, click on "submit", and voilà, you have voted. From any location, from any machine.

Yes, the University's population is largely itinerant, many people will be voting from abroad and all. It is good to give them a voice. But... At what price? Lets see... The security audit mentions the system is free from any malicious routine that can automatically alter the results and it has the minimum needed validations against spurious data injections from the most common Web browsers. However, if I am interested in modifying the results... I could put a trojan in a Faculty's laboratories, which modifies the votes sent by their users (students vote as well). Yes, I'd have to know how the system works, but lets accept security through obscurity does not work, and that this is a well-known system (as it has been used for over 3 years and is at version 3.5). PHP-based, for further points. Oh, and (if I recall correctly) a voter does not even get feedback as for which formula did he vote for, so no way of knowing if the computer really sent the information I requested. And given the low security for the password handling, I would not bet on it being worth much. Besides, this system was partly established to allow people voting from abroad - as long as they picked up their March 10 paycheck. That excludes anybody who has spent over three weeks away!

Many other things can be said. Last detail: e-voting's main selling point is that the results are known instantaneously, and (if no paper trail exists) no tedious re-counting is ever done, right?

Meet universitary bureaucracy. Technology changes, but processes don't. The Local Electoral Surveillance Commission has the responsability to enter once again the system after the vote has finished, and ask the server for the preliminary results. This consists of a tarball with the tally sheet (from the voters, who voted and who didn't), the total votes for each formula, and... one more file I don't remember. They also have to generate the signed legal documents where they testify to the received information. And then, ahem, they have to burn those files5 onto a CD-ROM, print them, and physically take them to the central administrative offices. Yes, take something from the server and get it to the server. For us it is not terrible (1.5Km can be readily done), but this same procedure must be done by people in other cities where there are University campii holding elections. How Nice!

Anyway... Worst of both worlds. The inefficacies of a paper-based ellection, together with the unaccountability of an e-voting ellection, sprinkled with fake sense of security here and there.

Bah.

  • 1. Except that it didn't. I guess they didn't stress-test the server, so every couple of minutes it returned a connection error. Of course, the page would no longer self-update. And after noticing that, I (and nobody else but me) had to go and give the password and certificate for the system to continue to operate.
  • 2. which is http://www.dgae-siae.unam.mx/ - The Schooling Administration General Direction (DGAE), an universitary body which has no relation with electoral issues. DGAE made available a poster detailing how to vote... But, again, lets ignore that fact for now
  • 3. A nationwide ID number, largely derived from name and birth date data - Both numbers are often widely known, they cannot be considered private in any way.
  • 4. Oh, for goodness sake... The "ballot" has 1..n options, and each has a checkbox, not a radio button. That means, you can select multiple options, which is of course invalid. Why? Because the electoral rules indicate that selecting more than one option in a ballot makes the ballot invalid, and thus, a way for making it invalid must be provided. Isn't logic beautiful?!
  • 5. Want some more insight on what needs to be done? Take a look at the instructions. Don't forget paying attention to the lexicon used - We are still asked to count the votes, an impossible feat given the vote is 100% system-based - Quote: Los miembros de la CLVE realizarán, con base en el reporte del sistema, el cómputo de los votos depositados en la urna a favor de cada una de las fórmulas, declarando nulos los votos que procedan.
( categories: )

EDUSOL 2009 Seminar - How to participate?

Submitted by gwolf on Tue, 02/24/2009 - 20:26

My attention was just drawn (thanks, Txopi!), slightly less than two days before the kick-off date, that although we have advertised quite thoroughly how to participate in this Thursday's EDUSOL Seminar session (didn't you read about it already?) via the formal videoconferencing channels (wow, we have 14 videoconferencing rooms signed up, w00t!), we have not yet announced how to participate by following the Ogg stream and the IRC channel. So, please:

Ogg stream
Connect to http://seminario.edusol.info:18000/edusol.ogg.m3u. What to connect with? If you are a Linux user, just about any media player will do. If you are not, download the great VLC - VLC for Windows, VLC for MacOS X.
IRC chat

Of course, you might be interested not only on listening to our talk but in participating as well, right? Take your favorite IRC client and enter the #edusol channel in irc.oftc.net. (I won't go into further details on this post on what is or how to enter IRC - But I will explain a bit more in the EDUSOL website, in Spanish, if you need it).

...We are very hurried and excited about this all. Hope to see you there, and during our work sessions for the many following months!

Inviting: First VC for the EDUSOL 2009 Seminar - Thursday, Feb 26

Submitted by gwolf on Tue, 02/17/2009 - 17:38

It's time to drive some buzz this way ;-) Although this post will only be a pointer towards the Spanish post I made on Planeta EDUSOL, for reasons soon to become obvious. In any case, the information I'm posting here is not exactly the same. Can you read Spanish? Please go on to the invitation for the first videoconference for the EDUSOL Seminar.

This year, we the organizers of the On-line Encounter of Education and Free Software (EDUSOL) are aiming higher - we are not "just" having a two-week encounter at the end of the year - We are having an all-year-long Seminar, focusing on the collaborative construction of knowledge. People from quite distinct backgrounds will be part of this project, and we aim to drive it towards the publication of a book.

We (mainly, Alejandro Miranda and me) have been quite busy bootstrapping this seminar, getting the proposed authors, thinking over the intended communication channels and ways, and setting up the needed infrastructure) and are ready to start the public-facing activities.

We will be having monthly videoconferencing sessions, the last Thursday each month, 16:00-18:00 Mexico Central time (currently GMT-6; GMT-5 after the beginning of April). The VC sessions will be also relayed through Ogg streams, and we will have an IRC channel available to offer full interactivity for those who do not have access to a H.323 VC setup.

This first session will be moderated by Victor Manuel Martínez; the speakers will be Alejandro Miranda and myself - The topics we will present are:

  • Short project presentation, delineating the list of invited authors and tematic lines we will pursue
  • Description of the collaboration scheme we expect to hold, including how everybody (not just invited authors) can participate
  • Presentation of one of the topics we will work into in the Seminar: Free Software and the Democratic Construction of the Society

If you have access to videoconferencing facilities, please get in touch with Carlos Cruz, the Videoconferences Coordinator at the Economic Research Institute, as soon as possible for all the needed coordination.

Syndicate content