site banner

Culture War Roundup for the week of September 16, 2024

This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.

Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.

We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:

  • Shaming.

  • Attempting to 'build consensus' or enforce ideological conformity.

  • Making sweeping generalizations to vilify a group you dislike.

  • Recruiting for a cause.

  • Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.

In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:

  • Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.

  • Be as precise and charitable as you can. Don't paraphrase unflatteringly.

  • Don't imply that someone said something they did not say, even if you think it follows from what they said.

  • Write like everyone is reading and you want them to be included in the discussion.

On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.

6
Jump in the discussion.

No email address required.

Tangential rant: why the fuck is the most powerful country on the planet apparently incapable of deploying world-class secured online voting?

To expand a bit on @netstack's comment, I believe that it is not enough that the voting process is fair, it also should be recognizable as fair to the average citizen.

With paper ballots, anyone can observe how many people cast their vote at your polling station, the fact that they are not in the position to prove to anyone how they voted and thus could not be bribed or coerced, and compare how many votes are counted after that, and that they are counted correctly. Passing elementary school basically gives you the ability to verify that.

As soon as the vote count is kept digital, that ability goes out of the window in a heartbeat. You could have a PhD in computer security and still would be highly unlikely that the hardware says what the specification says or that the software which is running on the machine you cast your vote is actually compiled from the unadulterated github sources, and that the formal verification tool which guarantees the vote integrity is itself sound.

In practice, people in IT security tend to be the voices most opposed to computerized voting, because they are the least likely to trust computer systems.

Of course, if you allow people to vote online from their own devices, it is not enough that the server infrastructure is sound (which will be completely impossible to verify, and even the people who build it would likely not bet their lives on it), you also have to trust the endpoint.

Most Americans are woefully unprepared to compute the crypto primitives used by TLS in their head, so they would have to trust the device in front of them. That device likely runs an operating system for which the vendor has stopped shipping security fixes five years ago, with the user having installed "free_legit_photoshop.exe" or the like. Even if you could solve the problem of identifying the user in front of the screen, a compromised device can just intercept your vote for Kang, change it to a vote for Kodos and change the confirmation message to read 'Vote for Kang confirmed'.

There is a reason why any serious bank has their customers use TAN generators, which are separate and very simple devices with a much reduced attack surface have a small shitty display which will show the user the numbers of the transaction they are making, so they can double-check in case their online banking device is compromised and was requesting a TAN for sending all of their balance to Nigeria instead. You could roll out similar devices for voting, which will display KANG before generating the transaction number, but even then you will have the problem that the integrity of the vote is likely not assured by the process and certainly can't be checked by the median voter.

Here in Germany, voting generally happens on Sundays, where most employees are not allowed to work. Within towns, polling sites are often within 500m, and the average time I had to wait in line to cast my paper ballot is perhaps five minutes. Yes, it takes a while for the votes to be counted, but typically we have the tally by Monday morning, which is good enough for me.

There is a reason why any serious bank has their customers use TAN generators, which are separate and very simple devices with a much reduced attack surface have a small shitty display which will show the user the numbers of the transaction they are making, so they can double-check in case their online banking device is compromised and was requesting a TAN for sending all of their balance to Nigeria instead. You could roll out similar devices for voting, which will display KANG before generating the transaction number, but even then you will have the problem that the integrity of the vote is likely not assured by the process and certainly can't be checked by the median voter.

You're honestly quite close to the core question. Generally, when people talk about digital elections, there are a couple camps. First, there are the academics who work on describing some properties that we might want from a voting system and checking to see if they can make the math work. Then there are the people who imagine the most theoretical of possible attacks (and believe me, I've seen a lot of theoretical attacks on systems, some of which have actually grown up to be real) and simply declare the problem impossible from first principles. Folks in this latter camp should properly say that message security is impossible, because there are endpoint security problems, and besides, the median user can't do the math that would be used in their head. Secure over-the-air updates are impossible, because then Apple or whoever has a valuable secret that will surely be compromised. Certainly, secure cloud storage is impossible; I can imagine quite the conspiracy happening, and besides, is the median user going to understand it? Well, maybe someone can figure out storage, but private cloud compute? Impossible. Do you know how many vectors of attack there could be?!?!

You speak of banks, and that is good. Did everyone just forget to tell banks that what they wanted to do was impossible? They can't possibly just let people log into their account from anywhere. They might be running an operating system for which the vendor has stopped shipping security fixes five years ago, with the user having installed "free_legit_photoshop.exe" or the like. They can't possibly just let a little piece of plastic and some numbers be a form of payment accepted across the world. I have theoretical attacks!

I'm well aware of a variety of specific problems for digital voting, but my main position is that one must discuss actual specifics in this domain, because there are a wide variety of possible specific conceptions. A lot depends on 'how much you want to prove', so to speak. Most people want to immediately jump all the way to 'proving the most', thinking that if you can't solve every problem in a way that lets me vote from my couch while wearing underwear, using just a web form, and question marks for authentication (because racism, probably), then any form of digital anything in elections is completely impossible. But honestly, one can easily propose digital components for elections that retain the same basic form, such that the digital component actually restricts behavior. For example, suppose for now that you still had to show up in person to vote, but instead of a weird, flimsy piece of paper being all that you have for your voter registration, you were instead issued a smart card or other hardware token that you needed to bring with you. That hardware token can be used in combination with those fancy maths that I linked to in order to quickly and accurately provide guarantees of eligibility to vote, no double-voting, etc. Hopefully, one of those fancy maths works can even allow for neat paper backups that manage to satisfy receipt-freeness while maintaining a significant level of auditability. I think some of them are getting close, but we'd have to dig into specifics.

Sure, there might be other political concerns that make such a proposal difficult (honestly, simple secrecy in voting concerns should be enough of a political difficulty to rule out a large swath of the most expansive proposals rather than even getting to technology considerations), but that's pretty irrelevant when what I'm generally hearing is a weird set of first principles-style claims that literally anything digital and related to elections is flatly impossible due to vague theoretical concerns.

The same banks massively bungle their software upgrades, locking people out of their accounts, logging them into other people's accounts, losing their transactions, etc.

E-voting is feasible. You can probably come up with a system that:

  • proves that your vote has been counted correctly without disclosing it
  • proves that all other votes have come from verified voters without disclosing their identities or their choices
  • doesn't disclose intermediate tallies
  • somehow solves the tyrant problem that voting by mail introduces

But why would someone implement it? Banks earn money by making their services easier to use. Governments don't earn anything from e-voting. Political parties don't earn anything from e-voting

The same banks massively bungle their software upgrades, locking people out of their accounts, logging them into other people's accounts, losing their transactions, etc.

Yep. They've realized that the optimal amount of problems is not zero, and consumers are still plenty happy to use their products over other banks who could say, "We're not offering that stuff, because we're more committed to your security." There are parallels here to elections. The optimal amount of election problems (even things like someone not being able to vote because of an edge case, tech-related or otherwise; who remembers the tempest in a teapot I think in 2016 when a video went viral on social media of a group of would-be voters showing up late to a polling station and getting pissed?) is probably not zero either, and one of the most major considerations for designing an election system is to ensure that it is viewed as legitimate by the electorate (within that margin of error for the optimal amount of imperfections being nonzero).

But why would someone implement it? Banks earn money by making their services easier to use. Governments don't earn anything from e-voting. Political parties don't earn anything from e-voting

This is a much more real concern in my mind. I haven't followed politics enough in countries who have adopted whatever version they have adopted in order to have a sense for what political dynamics incentivized them to do so. I'd super love an explainer from anyone who does. But I would note that this is completely in the bucket of "political problems", not "tech problems".