, 10 tweets, 4 min read Read on Twitter
Did you know a foreign-owned cloud provider has access to online votes on their way to the digital ballot box? When electors in Canada’s Northwest Territories vote online, their ballots pass through @Cloudflare servers and are briefly decrypted while in transit.
We wrote a paper about this practice in Australia’s online elections. Now it’s happening in Canada. #nwt @hilarybirdcbc @DavidWasylciw @markeldo @VTeagueAus @chrisculnane @papervote
whisperlab.org/blog/2017/Trus…
As a protection against denial-of-service attacks you can pay cloud providers to act as a kind of friendly man-in-the-middle. But protection comes in exchange for a high degree of trust: they need access to application-layer data to do things like inject fingerprinting JavaScript
That means they have privileged access to see and change your vote. The legitimacy of the election relies on the assumption they won’t. They say the won’t, and so far we’ve seen nothing to contradict that. But how would you find out if they did? How do you know your counted?
And what about the trust assumptions in the company actually running the election? Or its collocation provider? Or the all the organizations with access to emails containing voter login credentials?
You might reasonably ask whether all these trust assumptions are appropriate for an election of a sub-national legislature of an advanced democracy.
But before we can even have that conversation, we need to know what’s happening under the hood.
Maybe we as a society are ok with relaxing some properties like the secret ballot. Or maybe we’re not. My sense is not. Either way we need the cards on the table. We need the public’s informed conesent. It’s their election after all.
Here’s the thing. Online elections are no longer local elections, so we need to know: Where does my ballot go when I cast it? Who exactly has access to it? Which laws are they subject to? What trust assumptions do we have to make?
If we’re going to do online voting we will be made to confront these issues sooner or later. The only question is whether we do it before the first ballot is cast, or after the first major controversy arises.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Aleksander Essex
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!