I would like to know how schooling kids is going to change social economics of kids? That's more a parent thing. How long was this study run?

I did scan through the study and read the abstract and introduction twice. But on a phone I could have missed some points.

The article does not say they can detect doping. Their test was a flaw in a interconnect layer.

But great. You would do a statistical examination of batches of chips. Done. Their process is destructive.

Your first link is just your post, and it doesn't mention x-raying anything.

The second mentions optical inspection and checking against "golden chips" isn't x-ray, and there is no reference to x-raying hardware here in the abstract. And I don't have a subscription to read the paper.

I don't remember a link to talking about x-rays, and a review of the history didn't reveal a link from you I didn't read.

So what am I looking for?

Through testing, architecture, and audited manufacturing.

Auditable manufacturing processes at every level.

Altering chips requires massive changes in workflow and processes.

Certification of manufactures (Not having your hardware manufactured in suspect countries like china).

Hardware design that separates keys and security from general computing. Embedded hardware testing and verification.

Hardware can be architected to be self checking, such that changes or alterations do not produce the same timing and values as the proper hardware.

https://www.securityweek.com/closer-look-intels-hardware-enabled-threat-detection-push

I can't find any reference for detecting hardware modifications with x-rays.

Fair and reliable voting is the goal. We know paper ballots don't solve all problems. Nor does electronic voting.

As to increasing doubt of our election security....

Both the left and the right are casting doubt on elections in the USA.

It's the level of conflict between the far left and the right that's at the bottom of this. Once you have demonized the other side past a certain point, how can they work together to have fair honest elections?

And if the other side is a literal threat to the future, what is a justifiable limit in what you will do to keep them from power?

At least we are not assassinating public figures at the rate we did in the 1960's yet. But how far away are we? Given the level of rhetoric we've heard since Trump got involved?

Not sure what xraying voting machines is supposed to do.

Have we forgotten Florida already?

The kind of exploit you describe (making a call out over the network hidden in a bug fix) is in fact very unlikely. This is pretty easy to find in code that is reviewed and tested as with most Open Source projects.

Especially applications like voting applications that have no networking functions.

This is exactly the point. Fewer truly independent code bases, increased distribution of knowledge of the code, more tools deployed for automated verification/validation of the code, etc.

Proprietary code usually ends up devolving to the point most of it is treated like a black box. This is because knowledge of the internal code is restricted. And then over time the institutional knowledge is lost as people quit the effort (nobody is immortal).

At least with open source, knowledge can be distributed over larger bodies of people, and more experts can exist for the entire ecosystem to leverage. For applications where no "secret code" or "secret sauce" is required and in fact is nothing but a danger, Open Source is the solution.

Because we have never had issues with paper ballots. /s

If the hardware is modified, this can be detected. And deploying the hardware should be done with the consideration that the voting machines themselves are hostile. So keeping hardware off networks, using fixed communication channels, blockchain tech (which prevents processes from accepting data that isn't properly registered, does not go through fixed processes), etc. remains critical.

Proving security is impossible, but pragmatically it is possible. The unique requirements of voting software make it far easier to secure than any device that requires networking to be functional.

The most secure voting system is one that doesn't allow voting at all, preventing any exploit to capture or corrupt ballots. Since that isn't an option, we do the best we can. Which can be very good. None of the exploits discovered to date lack some process to address them.

Not really. A tiny inactive project can run all those risks,sure. But voting software to be used in the US is going to be a big, active project. And many interest groups will be willing to pay for reviews of the source.

Every change sticks out like a sore thumb; hiding an exploit in a bug fix is more of a movie plot than a reality. Automated testing and source analysis will pick up any call out of the software with no human intervention.

I am a big fan of RLAs. Basically we ran the election in 2020 in a way very few statistical tests could be run to compute a confidence level on the ballots.

However, software builds can be hashed and signed, and open source hardware can refuse to load unsigned builds. But how to evaluate the signature? This is where small cryptographic proofs from blockchains provide a distributed ledger.

The hardware and the software can be reviewed by everyone earning money in the voting game, and when disputes arise, there is no excuse to demand access to the voting machines because everyone has access by definition.

Open Source solves both pragmatic transparency issues, and political ones.

In this case, transparency is security (more review) and verifiable reproducible builds is a given.

[in addition, ] Open source hardware is a critical component here.

Edit: *Added "in addition"

Europe did several studies on postal ballots, and largely rejected them as insecure. I don't think the possibility with mail in ballots is in question.

You can require registration with an ID, but in the US maintaining voter rolls is hard.

All security limits how easy it is to do whatever it is you are securing. So you have a trade off of zero security and super simple voting, or massive security and very difficult voting. And everything in between. You have to choose.

In my opinion, postal ballots should be restricted to the smallest group possible. I don't mind an exception for the paranoid, but we don't need to break the system to accommodate the fringe cases.

Why do you think one party or the other is worse about honest elections?

Republicans have been pushing for more observers, more verifications, elimination of mail in ballots, laws against ballot harvesting, etc.

The Democrats are opposing election security. I'm not saying they are necessarily trying to steal elections, but they are not doing investigations into voter fraud, and opposing common sense election security so you can't catch voter fraud if it happens!

This guy is detailing some great ways to ensure nobody (including your Republican and her goods) can mess with the results. Something I applaud. But note none of his solutions work with mail in ballots outside of a monitored polling station.

If the hash doesn't give feedback to the voter that the ballot is counted correctly, I think you need open source to ensure that is actually done correctly.

My point really isn't about counting or verifying votes, but the monitoring of processes. Of course, being in the blockchain myself, I've focused on creating cryptographic proofs of sequences of events, and gathering all those proofs into summaries (block hashes if you will).

Allowing the logging of all the processes behind voting (the set up, poll, venue, setup, voting machine configurations), observers, workers, video, etc.) all to the blockchain, you end up with time sequences and actions that create responsibilities. Failures in process can't be hidden.

I feel actual voting and ballots don't gain much from the blockchain, though there are ways to use the blockchain for voting. The real gain is to audit the execution of the election.

Public blockchains are much more complex than your description, and do allow for selecting authorities in distributed locations that all contribute to a unified (cryptographically speaking) log of events.

Open source hardware and software is the only way to rid ourselves of accusations that are made about voting machines like we saw in 2020.

And it isn't an entirely baseless fear. We do know software is often compromised, and we even know hardware is often compromised.

The most secure software in the world is open source, and the best way to build forward with secure voting software with rich features is to ensure everyone can develop on a common base.

Hence require open source. It isn't about being commercially viable, if not providing an open source product means it isn't commercially viable.

Why don't we require all electronic voting to be done with open source hardware and software for true end to end auditability and transparency?

What do you think of requiring blockchain based audit trails of all processes around elections, voting, tallies, challenges, and recounts?