For deniability, faking data even the owner can’t prove is fake

I was speaking with a colleague yesterday about Loopt, the location-based social network, the rise of location-based services and the incredible privacy challenges they present. I heard the Loopt folks give a talk a few months ago, and I was generally impressed with the measures they’re taking to protect their users’ data. I particularly enjoyed the problem Loopt faced with respect to abusive spouses: if your spouse is spying on you, it’s not enough to turn off your location services, because then your abusive spouse will know that you’re hiding something. You have to actually be able to lie about … Continue reading For deniability, faking data even the owner can’t prove is fake

Sometimes it’s not counter-intuitive

Bruce Schneier writes that it’s reasonable for unmanned drones to broadcast unencrypted video streams, because the video stream is not that useful to enemies, and given that many people need access to the video feed, the key distribution problem would be very difficult to manage, and some allies could be severely handicapped if they happened not to have the key. So, Bruce is typically fantastic at finding those interesting areas of security where the answer is counter-intuitive. But huh? How can both of those points be true? If the video stream is valuable to allies, then I’m guessing it’s valuable … Continue reading Sometimes it’s not counter-intuitive

Takoma Park 2009: the conclusion

Well, it’s been a few weeks of craziness at home and catching up on other work, but I’ve finally wrapped up the Takoma Park 2009 audit. The final step: letting you, dear reader, run the audit all on your own. You’ll find the complete instructions here on the auditing site. I haven’t tested this on Windows, just Mac OS X, and it should work on Linux/Unix, too. You need Python 2.5 or above, PyCrypto, git, and subversion. You need about 30 minutes of download time, and 1 hour of processing. And then you can check the results you’ve computed against … Continue reading Takoma Park 2009: the conclusion

Takoma Park: verifying the shuffle and the unopened ballots

So the votes have been cast, the uncertified tally has been released, and the confirmation codes have been published for all voters to check. Now, it’s time to make sure that the coded votes, which were shuffled via the Shuffle Tables into the decoded votes in the Results table, were indeed shuffled and decoded correctly. Having trouble remembering which table is which? Here’s a reminder: Now of course we don’t actually see these tables in cleartext, rather what we have right now is: Next, the Scantegrity team used random stock data to seed a random number generator and decide which … Continue reading Takoma Park: verifying the shuffle and the unopened ballots

Takoma Park: auditing the auditor

Rick Carback from the Scantegrity team just pointed out to me that my totals are not quite the same as theirs, and he surmises that I may have read the Instant Runoff rules incorrectly. Specifically, my code considers that ballots that skip a rank, i.e. that go directly to choice #2 and never indicate a choice #1, are “exhausted”, meaning they don’t count anymore. In fact, the rules for Takoma Park state that, in that case, the next candidate choice counts, but if two choices are skipped, then it’s exhausted. He’s absolutely right, and I’ve updated my tally code appropriately, … Continue reading Takoma Park: auditing the auditor

Takoma Park: and those provisional ballots?

Coverage of the Takoma Park election continues, with a good article in Wired. And so does the audit! Some people who showed up on election day couldn’t be verified as registered voters. Thanks to one of the useful HAVA provisions, they got to vote provisionally, meaning their ballot was set aside in an envelope labeled with their name, and their eligibility was checked later. A number of folks did turn out to be eligible, so their ballots need to be tallied. The Scantegrity team has scanned those ballots, and has thus updated its D (shuffle) and R (results) tables which … Continue reading Takoma Park: and those provisional ballots?

Takoma Park: so can I see my confirmation code already?

[This post is part of my Auditing the Takoma Park Municipal Election series.] So the votes have been cast, and voters went home. Some of them wrote down their confirmation codes. They probably checked those codes against the official Scantegrity web site. But why would they trust that web site to do all of the math right in the backend? That’s where the audit work comes in. I’ve now run the Meeting 3 verification, and it looks good: the confirmation codes were properly opened, and I’ve posted my own re-computed version of the confirmation codes. If you’re a Takoma Park … Continue reading Takoma Park: so can I see my confirmation code already?