保持联系

现在是2020年。您几乎可以在手机上购买任何东西。您可以在手机上进行银行业务-那么为什么不可以在手机上投票呢?这周保罗& Rich discuss the security concerns 那 come with online voting. They also talk through the possible vulnerabilities in an online voting system 和 the danger of removing the people (and checks 和 balances) 那 come with traditional voting. Most importantly — go vote! 

成绩单

保罗·福特 Remember those New York City lever machines? Man, you knew you voted. 我不’不知道是否有人有这种经历,但这就像 [保罗使杠杆机发出噪音] You’d vote 和 you’d feel it. [音乐逐渐消失,单独播放15秒,然后逐渐降低]

Rich Ziade I’m gonna just ask you a question, Paul. And 那’ll just, it’ll just gush like our knowledge 和 a discussion will gush into the rest of this podcast. 您 ready?

PF Oh my god. 让’s do it. I’m ready.

RZ 为什么可以’我在手机上投票吗?

PF 哦,天哪。哦,哇,太好了。大凯撒’的鬼魂。这是困难的一个。

RZ 我只想-我想跟进我在手机上所做的事情。我用四根手指的水龙头在手机上买了一台价值2,000美元的笔记本电脑。像侧面按钮和我一样双击它’m paying for groceries 和 paying for whatever. For those 那 are listening to this podcast 10 years from now out of the Internet Archive, we’重新进行一次选举,这是相当大的一次。它’s 2020, we’在大流行中。乔·拜登即将与唐纳德·特朗普抗衡。您知道,由于大流行,在某个地方走来走去站着投票的想法被认为是冒险的。所以我们’重新通过邮件,纸张和邮寄邮件进行投票,同时,我的口袋里有一台电脑!

PF 嗯 

RZ 为什么可以’我在手机上投票吗?

PF 因为美国没有’相信数学是我最简单的方法’d put it. 

RZ 哇 

PF 好吧,这确实很棘手。首先, 最多 secure provable way to 有 voter security are pieces of paper 和 people going in person. 那 is almost just one of those conventional wisdom things 那 proves to be true over 和 over. Voting machines are very, very hackable, digital voting continues to be hackable. So, there is an argument to me 那 until there is some—until literally light opens up from the heavens 和 says ”用电脑投票,”我们应该坚持现在的方式。

RZ 你什么’再说一遍,我们显然具有技术能力。我的意思是,我们拥有在飞行模拟器中创建地球上任何地方的逼真的飞越图像的技术能力。我们显然 the technical capability to vote online, we 有 it, 那 is real.

PF 是。为了安全地投票,您可以拥有完全安全的指纹。

RZ 真的,你呢’再说的是对安全的担忧。害怕被黑客攻击,担心由于某些漏洞或某些外部演员而被非法化,有些外部演员喜欢破坏我们的选举。那’s the fear, correct?

PF 那 I think is the only truly 正当的 为什么不让人们通过电话投票。

RZ 让 me ask you this then, why can’t a high school 有 a student president vote by phone? Are 他们 doing it? Because there’那里的风险要小得多。

PF 我的意思是,我一直在Twitter上通过电话投票进行民意调查。我的意思是那里’s lots of various voting 和 polling applications online. And what you need are accounts 和 you need secure logins 和 stuff like 那. The basics of encrypting a message 和 signing it with a unique key are pretty well proven out 和 那 code has been pretty vetted. So I mean, the risk there is quite low. But when things get onto servers, trouble starts. The thing 那’s risky, right, is centralization, having one point of failure, or one aggregation of all the voting information 那 could be conceivably vulnerable in any way. And what works 真 well about paper voting is lots of people going to lots of places.

RZ 在这里,让’s create it. Right. [好的] 让’s be bold 这里. One of our bigger clients saw all kinds of obstacles to using certain software, the pandemic happen. They figured it out in like a week. 

PF 是的,它确实可以解锁很多。 

RZ 它确实解锁了很多。所以经常我不’t want to get into politics or political figures. And I know 他们’关于,您知道,纽约州州长安德鲁·库莫(Andrew Cuomo)是个两极分化的人物,但我必须归功于他。他说,每隔一段时间,”我想在星期四宣布这一消息。这样就完成了。所以我可以告诉大家我们做到了。”

PF 男孩,他呢。 [大笑]

RZ 对,好坏 

PF 您’关于安德鲁·库莫(Andrew Cuomo)-无论人们如何看待安德鲁·库莫。您确实听到了很多原因,某些事情可以做到’尤其是在大流行期间。最后,您是决胜局,您是–那是您的工作,然后就去了,”nah, no, it’会很蓝,而我’我要画一幅画”然后你宠爱你的狗队长。 [大笑]

RZ Alright, so 这里 we go. Ready? First off, we 有 the data. What I mean by 那 is the census. The US census is keeping track of people 和 voter registration, right, so I can’最多增加10,000人。让’s get 那 out of the way. 

PF 选民投票,地址等等。我们不知何故’ve创建了这种独特的敏锐方式,您的选民注册为您提供了唯一的ID。

RZ 那’s right. And then I go 和 get the US vote app 那 has been created. And let’忘记了它是如何创建的。但这显然是一个更为正式的过程。那里’有很多工作要做,没什么。好的。 

PF 其中80%是由一家加拿大公司建造的,并且-

RZ 与Postlight合作。

PF 是的 [保罗chuckles] 精细。随你。

RZ Alright, so time to vote. Are you ready to vote? Okay, so the face ID kicks in, face ID is so secure 那 the likes of one password actually let you use face ID to unlock your whole entire life. Right. So the fact 那 one password was comfortable enough to let you take the face ID confirmation 和 open up everything your bank accounts, your credit cards, all of it, means 那 it’非常安全。对?所以这件事打开了,说,”好吧,里奇你好。你好吗?你准备好投票了吗?”首先,它确认’是我。我说是。它给了我两个选择。它说”are you sure?”再次插入人脸ID,这一次不仅确认了’s me, but also snapshots my face, packages 那 up 和 sends it off somewhere. [好的] 让’s get to the somewhere in a second. Because 那 seems sounds like 那’是您的漏洞所在,对

PF 啊,那里’遍布各地的漏洞。纸还更好。邮件可能仍然是最安全的,对吗?

RZ 但是,在我刚浏览的内容中打孔会给我带来一些漏洞。

PF 好吧,首先,我们为什么要这样做?我们’re doing this because we want more people to vote. And if 他们’通过他们的手机进行操作,我们认为会有更多人投票。像其他情况一样,为什么要打扰呢?有哪些漏洞?它’s not 那 face ID has been mathematically formally verified, right? Like it’s software, there could be a side door, there could be a way to get to the encrypted hashes 那 are used to describe your face, 和 then submit those hashes elsewhere by pretending to be a face ID proxy client, right? And so there’s all of 那 stuff. And there’一百万个攻击点。 

RZ 让 me respond to 那. Census sends email 和 mails me stuff, paper mail, all the time. They mailed me a code, two factor voting. When I say I’m going to vote, it converts the face ID 和 then I 有 to punch in the eight digits 那 他们 mailed me. 

PF 您 know, I could call 和 get my my one time voter security key. 

RZ 无论如何,您都可以做到。是的好吧,所以我’ve got 那 in place. Now. It’被解雇了。我认为这在电话级别是可以解决的。并在用户级别。让’s assume face ID is something 那’普遍可用,等等。 

PF 很好很好好的。好的。

RZ Fired off! Now 那 this packet gets created 那 has my voting selections, 和 verification of my own identity, thus ending my ability, I can’不能获得退款,对吗?就像我走进展位一样,你只能走一次。

PF I’已经使用了投票服务器提供给我的一次性加密密钥,因此我无法再-

RZ 瓦解。 

PF Yeah, 那’s right.

RZ Not only 那, there’在我的手机上没有记录。围绕投票的隐私和机密非常重要。它可以’不要只是坐在我的手机上。怎么办?哪里’d it go? Where did this packet go, Paul? 您 take it from 这里.

PF Well, realistically, it goes to some government server 那 was hacked 18 months ago. [保罗& Rich laugh] 然后直接进入-你知道,它被虹吸到俄罗斯,你知道,在那里’s a huge congressional hearing, 和 the company admits 那 it outsourced all the work to Canada, which outsourced it all to India 和 the congressmen 和 congresswomen get 真 upset. Where could it go? Look, I mean, I think, again, the number one risk I 有 这里 is one point of failure, right? So like what it should do, if you were to digitize this process, I’d几乎想成为县一级的人。这是一个问题,你’我们将创建一个整体的软件环境,如果存在一个漏洞,该环境将像野火一样传播。还有 没门 使它真正安全。告诉您这确实是安全的任何人都对您说谎,就像是真正的100%。那里’s like a small window where you could argue 那 mathematically formal verification processes are a way to ensure 那 certain things can happen. But we’反过来,甚至不像那些技术那样’t 真 exist in the way 那 you’d need them to.

RZ 让 me ask you something, though. I mean, 我不’t know how the lever switch decisions get sent from my public school, two blocks away to some central place, but there is a place where 他们’重新将它们全部加起来?

PF Well, no, I mean, what 他们 tend to do is add them up at the polling station. And then there’此备份记录。那’据我所知,今天它的真正运作方式是什么’t just immediately call home to you know, to MasterCard slash voter tech. But instead what 他们’ve done is 他们’ve taken 那 analog, put the slip in the box idea 和 和 made 那 work so 那 you 有 the backup, you 有 the record. But you also 有 a digital counting mechanism, which accelerates everything 和 makes it possible to report much more quickly.

RZ So 他们’在本地重新添加,将总计发送出去。

PF 那’是最安全的权利。然后出现了,你知道,但是’各种可入侵的投票机。

RZ 您 could argue 那 voting in the way I described on your phone is more secure than the voting machine. Imagine it only goes to 那 one place, like it goes to my public school.

PF 这是我们的地方’现在。对?所以’s like, what Is the public record of it, you know, like where How does it stay accountable? My mental model of it is like, okay, 那’s possible if there’s a true accountable public record 那 is verifiable by the equivalent of poll workers 和 judges 和 stuff like 那. And 真 what happens is it feels like the technological solutions to voting, want to get all of those humans out of it, 他们 want to make it like ”在这里,点击红色按钮,” ”哦,我按了红色按钮,然后我投票了” ”Good job!”一只卡通猫爬上来说:”here’是民主的一部分” while it just flushes your vote into the toilet. And 真 like what makes voting work is the same thing 那 on a good day makes America work, which is a kind of checks 和 balances systems. There are poll workers or judges, there’在这两个主要政党的监督下’s like all these things 那 仍然 可以被游戏和黑客攻击。但是最终,您的参与度很高,而且围绕选民欺诈的文化非常重视。因此,所有这些问题紧密地联系在一起,并带有很多关于这是我们民主的绝对最关键功能是鼓励和支持投票安全的言论。从字面上看,这就像教堂和视觉状态。它’是我们谈论的一件事。当我们谈论“神圣”一词时,我们几乎都会使用它,对吗?现在我进来,我’先生,投票机先生。我说”they’我先按一下按钮,然后按一下按钮’会转到服务器,您就赢了’t even—just be it’ll, it’会通过电子邮件将投票结果发送给所有人’会很酷。您可以下载电子表格。” And then it’s like, ”嘿,我们可以看看源代码吗?” And 他们’re like, ”that’专有的商业秘密”对?您的选票没有源代码,它知道’s a it’一张纸。所以软件文化和投票文化并没有’t 有 the frankly, the same integrity 和 the same checks 和 balances 那 the legal culture around polling has in America. Like when you look at when people talk about some of the greatest sins 和 transgressions of America, it’就像人头税之类的事情,例如我们对投票采取任何节制和任何复杂性,认真对待它的人们,将其视为真正的社会正义问题。而且’s one of 最多 important things 那 we think about 和 talk about in our society. And then what you do when you when you make this into a technological hit a button on your phone solution, you productize it, 和 like those cultural values 和 those rules 那 we commit to around voting, like technology, isn’t there, it actually is there to get rid of a lot of 那 stuff. I mean this is why you can’t just 有 law as code. I think 那’s falls into 那 那 category of like, you can’只需将章程放在GitHub上,并在需要修改时发出请求请求。

RZ 同意为了解决这个问题,我们会在将来的某个时候达到某个点吗?’用我们的手机投票? 

PF 坦率地说,我是希望如此。但它’公民基础设施。我们现任政府的问题不是真正的,而是左,右,左,右’就像Google,Apple或Facebook想要解决它的愿望,对吗?喜欢它就在那里’s no infrastructure.

RZ And you view 那 as a problem.

PF 那’s a huge problem. 您 can’t 有 Google run your voting. 您 know what, actually, I think would actually Google will do a pretty fair job of it. 

RZ 我只是想大声问一个问题然后说”Isn’t—do you think 那’s a problem?

PF Frankly, 这里’s what I hate. I think 他们 do a great job. And I think 他们 would solve it 真, 真 well. And it would be the wrong solution. 

RZ Yeah, I think 那’s right. I think 那’是的。您知道,我认为值得我们深入研究的内容’re not going to do is, I wonder who does get subcontracted to set up the voting infrastructure 那 we 有 today? Because 那’s commercial interests 那 有 been brought to bear to solve a problem 那 is a truly civic problem, probably the greatest civic problem, civic challenge we 有. 

PF 您 know, it’s funny, I’过去22年来,我一直在阅读有关电子投票的文章,而最近几年的崩溃彻底抹掉了我的大脑。一世’m just like, let’s not worry about 那 anymore. Just go to the polls, [大笑] 或邮寄给我’m just—let’s, let’s stop pretending.

RZ 您’重新拨回您的期望。 [音乐淡入]

PF I’m just like, not, like just, yeah, like, stop all of it. And just let me—the sad thing about New York State is your vote essentially means nothing except for like a local judge. 您 can 有 a little difference there, but, you know, we’重新投票。状态’s going to go blue.

RZ 好的。是的我的意思是,让’s end it with by telling people to go vote. 那’s always a nice—

PF 是的 您 know what, 那’s—if there’从中得到任何教训。首先,我认为最好在手机上投票,就像平时一样,我’d喜欢看到解决方案。第二,去投票。 

RZ 投票。它’s important. 

PF It’s all we got. It’最重要的而我不’t know, if you’re young, 和 you’re like, ”I don’不知道,这真的重要吗?” No. But it 真 does. It 真 does. And you may not matter 那 much in 那 context. [大笑] 但是,男孩,从大的宏观角度来看是否重要。请,请,上帝,请,请,请投票。

RZ 保罗我们是Postlight,我们’re not going to sell too much 这里. Check us out at Postlight.com, we’一家数字策略设计和工程公司。那里有很多很好的案例研究。如有疑问,请与我们联系。 [email protected]。我们’非常乐于谈论和提供帮助。

PF 是的告诉我们有关电子投票的知识。

RZ 是。祝你有美好的一周!

PF 再见! [音乐加速,单独播放3秒钟,结束。]