TheOfficialACM

To be absolutely clear, there is no evidence of any tampering with the 2020 presidential election. We have high confidence that the election outcome was correct.

Here's the crazy part: there's nothing inconsistent with the above statement and saying that there are a number of security weaknesses in our election systems that we need to improve. We'd love to see more states adopt risk-limiting audits (the topic of this post!), which would improve our confidence in their elections. Similarly, it's great that the older generation of paperless electronic voting systems are being replaced with newer machines that use paper ballots. This helps mitigate against the worst risks of malware or tampering with voting systems' software.

The current business model of elections is that the vendors have no requirements for open source, but they do have the requirement that their systems are subject to certification and testing. The certification process requires the vendors to share their source code with the testing labs.

For what it's worth, there have been a number of attempts at doing an open source voting system that could be commercially viable in the U.S. market, but none of them have achieved significant market share to date, except perhaps the Los Angeles VSAP system, but the source code isn't actually open yet (article from 2018, but I don't think anything has changed since then).

(I do consulting with another open source vendor, VotingWorks.)

Great question! Almost everyone asks about cryptanalysis. But we (Simson Garfinkel) and I think the real action is in quantum sensing and simulation and wish more questions were raised about those categories of quantum technologies (QTs). Sensing and simulation are both more difficult to understand, but plumbing them reveals all sorts of interesting implications. The more prosaic implications surround civil liberties: what will it mean when sensing only available to militaries, intelligence agencies, and sophisticated companies (like extraction industry) devolve to law enforcement uses? This could trigger a fundamental rethink of observation in "public."

The implications of simulation are far more exciting than codebreaking. There's a nice consensus statement about the field here: https://arxiv.org/abs/1912.06938 I suspect the general excitement and familiarity about computing causes us not to see wet-sciences innovations that could change our lives.

Just how inadvertent is this summons? Is this an intentional act, or an accident? How foreseeable is the link between your QC use and Cthulhu's rise?

I suspect that you will not be held responsible because you have several good defenses: a lack of foreseeability, you shouldn't be responsible for the intentional wrongs of a monster, and because this sounds like an act of god :)

Are you a fan of RTL? I wish I could have afforded to go to this: https://www.youtube.com/watch?v=MOvA1MtOKFg

For starters, the modern Dominion equipment uses a printed paper ballot. This means that every voter can (and should!) take the time to read the paper ballot that the machine produces and, if something is wrong, they can "spoil" their ballot and do it again. This is an important defense against any hypothetical tampering or malware with the software inside the machines.

After that, you're not being asked to trust machines. You're being asked to trust process. Those paper ballots travel in ballot boxes that are suitably sealed. Election officials tabulate the paper ballots with election observers and the press watching what they do. Georgia also did a risk-limiting audit (the topic of this Reddit post!) during the 2020 election which confirmed the result in the presidential race. (More details: Carter Center report, Georgia SoS's page)

As you might imagine, there's a lot more to it than I can summarize in a few paragraphs, but you should have some comfort that the combination of certification & testing, plus the use of the right kinds of policies & procedures, are where we gain confidence in our election systems.