Difference between revisions of "463: Voting Machines"

Explain xkcd: It's 'cause you're dumb.
Jump to: navigation, search
(fixed spelling)
m (Explanation: Change emphasis to use wikitext italics)
 
(38 intermediate revisions by 26 users not shown)
Line 8: Line 8:
  
 
==Explanation==
 
==Explanation==
{{Incomplete|Reword and reformat}}
+
In the 2008 Ohio primary elections, there were numerous problems with electronic voting machines, which eventually required many districts to revert to pen and paper. Premier Election Solutions, the company that handled the machines, [http://voices.washingtonpost.com/44/2008/08/ohio-voting-machines-contained.html blamed these problems] on {{w|McAfee}} antivirus software. (The comic likely emphasizes the fact that Premier Election Solutions was formerly known as Diebold because Diebold voting machines had previously become [https://money.cnn.com/magazines/fortune/fortune_archive/2006/11/13/8393084/index.htm infamous] in the United States for their poor security during the 2004 and 2006 elections, and the company changed its name to distance itself from this bad reputation.)
  
In the 2008 Ohio primary elections, there were numerous problems with electronic voting machines, which eventually required many districts to revert to pen and paper. Premier Election Solutions, the company that handled the machines, [http://voices.washingtonpost.com/44/2008/08/ohio-voting-machines-contained.html blamed these problems] on {{w|McAfee}} anti-virus software.
+
It is not uncommon to see computer software contracts stipulating that the vendor will warrant that software and systems delivered will not contain any viruses or malicious code ("malware") — a knee-jerk reaction to this is for novice management to include malware-scanning "antivirus" software for systems that otherwise are closed. From a computer programming standpoint, having antivirus software on an electronic voting machine doesn't make sense, because ideally the machine shouldn't be connecting to ''anything'' external (eg the internet, USB, a local network, removable drives, bluetooth...) that would leave it open to malware attacks. While there are many ways that malware can reach a computer, ultimately the computer still has to run executable code that was not distributed with it in the first place, which is something that ''no election machine should encounter'' in normal operation. Hence, the question is whether the voting machine manufacturer has taken the proper precaution preventing any external access.
  
It is not uncommon to see computer software contract stipulating that the vendor will warrant that software and systems delivered will not contain any virus or malicious code — a knee-jerk reaction to this on novice management is to include virus scanning software for system with otherwise are closed. From a computer programming standpoint, having anti-virus software on an electronic voting machine doesn't make sense because the machine shouldn't be accessing the Internet in a way that would leave it open to virus attacks. While there are a lot of ways that viruses can propagate, ultimately the computer still has to download an executable file and run it, which is something that ''no election machine should do'' in normal operation. Rather than use anti-virus software, it makes more sense to simply disable the downloading of files, which is very doable. (Or, if the machine might need to receive hotfixes during operation, require that all executable files be signed by the manufacturer with something like {{w|ECDSA}}.)
+
Ideally, voting machines (as well as ATMs and other single-purpose appliances) should be {{w|embedded system}}s, supposedly making them incapable of doing the things that might necessitate antivirus software. However, in practice, such devices are more commonly built as application programs running on ordinary Windows PCs (inside of custom-shaped cases), and they download software updates over the internet, synchronize voting data to a single "Ballot Box" server over a local network, use USB peripherals which could potentially be replaced by a bad actor, etc. And even embedded systems are vulnerable to many classes of malware.
  
Hence the question is whether the voting macing manufacture have taken the proper precaution preventing any external access. The comic makes an analogy to a teacher who reassures you that he always wears a condom when teaching. Common sense should dictate that teachers should not end up in a situation where wearing a condom would be useful. rather the school-board and hiring authority should make sure that teachers are screen prior to being employed, and not allowed to continue to teach if any impropriety is even suggested.
+
The comic makes an analogy to a teacher who reassures you that he always wears a condom when teaching. While a condom could be considered "protection," and therefore a good thing, common sense dictates that teachers should never end up in a situation where wearing a condom in school would be useful; this parallels the idea that while security in the form of antivirus software on voting machines could also be considered protection and a good thing, it should never be required. The comment is more likely to make people worried about why the condom is there and what purpose it's serving. Similarly, informed people might worry why a voting machine has any access to malicious executable code.
  
 +
In panel one, both the {{w|facepalm}} and [http://knowyourmeme.com/memes/youre-doing-it-wrong "You're doing it wrong"] are {{w|Internet meme}}s, used to mock someone who made a foolish mistake.
  
Theoretically it's always good to have protection, but a situation where a condom would be useful should hopefully not arise during class. The comment is more likely to make people worried about why the condom is there and what purpose it's serving.
+
The title text refers to [[153: Cryptography]]. Voting software is also featured in [[2030: Voting Software]].
 
 
The title text refers to [[153: Cryptography]].
 
  
 
==Transcript==
 
==Transcript==
 +
:[Caption above panels:]
 
:Premier Election Solutions (formerly Diebold) has blamed Ohio voting machine errors on problems with the machines' McAfee antivirus software.
 
:Premier Election Solutions (formerly Diebold) has blamed Ohio voting machine errors on problems with the machines' McAfee antivirus software.
  
Line 41: Line 41:
 
[[Category:Banned from conferences]]
 
[[Category:Banned from conferences]]
 
[[Category:Cryptography]]
 
[[Category:Cryptography]]
 +
[[Category:Computers]]

Latest revision as of 18:24, 14 October 2024

Voting Machines
And that's *another* crypto conference I've been kicked out of. C'mon, it's a great analogy!
Title text: And that's *another* crypto conference I've been kicked out of. C'mon, it's a great analogy!

Explanation[edit]

In the 2008 Ohio primary elections, there were numerous problems with electronic voting machines, which eventually required many districts to revert to pen and paper. Premier Election Solutions, the company that handled the machines, blamed these problems on McAfee antivirus software. (The comic likely emphasizes the fact that Premier Election Solutions was formerly known as Diebold because Diebold voting machines had previously become infamous in the United States for their poor security during the 2004 and 2006 elections, and the company changed its name to distance itself from this bad reputation.)

It is not uncommon to see computer software contracts stipulating that the vendor will warrant that software and systems delivered will not contain any viruses or malicious code ("malware") — a knee-jerk reaction to this is for novice management to include malware-scanning "antivirus" software for systems that otherwise are closed. From a computer programming standpoint, having antivirus software on an electronic voting machine doesn't make sense, because ideally the machine shouldn't be connecting to anything external (eg the internet, USB, a local network, removable drives, bluetooth...) that would leave it open to malware attacks. While there are many ways that malware can reach a computer, ultimately the computer still has to run executable code that was not distributed with it in the first place, which is something that no election machine should encounter in normal operation. Hence, the question is whether the voting machine manufacturer has taken the proper precaution preventing any external access.

Ideally, voting machines (as well as ATMs and other single-purpose appliances) should be embedded systems, supposedly making them incapable of doing the things that might necessitate antivirus software. However, in practice, such devices are more commonly built as application programs running on ordinary Windows PCs (inside of custom-shaped cases), and they download software updates over the internet, synchronize voting data to a single "Ballot Box" server over a local network, use USB peripherals which could potentially be replaced by a bad actor, etc. And even embedded systems are vulnerable to many classes of malware.

The comic makes an analogy to a teacher who reassures you that he always wears a condom when teaching. While a condom could be considered "protection," and therefore a good thing, common sense dictates that teachers should never end up in a situation where wearing a condom in school would be useful; this parallels the idea that while security in the form of antivirus software on voting machines could also be considered protection and a good thing, it should never be required. The comment is more likely to make people worried about why the condom is there and what purpose it's serving. Similarly, informed people might worry why a voting machine has any access to malicious executable code.

In panel one, both the facepalm and "You're doing it wrong" are Internet memes, used to mock someone who made a foolish mistake.

The title text refers to 153: Cryptography. Voting software is also featured in 2030: Voting Software.

Transcript[edit]

[Caption above panels:]
Premier Election Solutions (formerly Diebold) has blamed Ohio voting machine errors on problems with the machines' McAfee antivirus software.
[Cueball is sitting at a computer, facepalming.]
Cueball: Wait. "Antivirus software"? On voting machines? You're doing it wrong.
[Cueball's friend enters the frame and speaks to Cueball.]
Friend: Why? Security is good, right?
Cueball: Of course. But, well—
Cueball: Imagine you're at a parent-teacher conference, and the teacher reassures you that he always wears a condom while teaching.
Friend: Ah. Strictly speaking, it's better than the alternative—
Cueball: —Yet someone is clearly doing their job horribly wrong.


comment.png add a comment! ⋅ comment.png add a topic (use sparingly)! ⋅ Icons-mini-action refresh blue.gif refresh comments!

Discussion

What's incomplete? 199.27.130.180 04:13, 8 March 2014 (UTC)

It seems fine to me. Removing the incomplete tag. LogicalOxymoron (talk) 23:19, 12 March 2014 (UTC)

What's "the alternative"? 108.162.208.98 20:55, 16 June 2014 (UTC)

I believe when the alternate Cueball references "the alternative" he has already realized what the first Cueball meant. Cueball 2 I'll call him, is thus referencing the alternative is no protection or security. I don't believe Cueball 2 is directly referencing the 'teacher wearing a condom analogy'. Official.xian (talk) 19:59, 10 July 2014 (UTC)
I think the alternative is the teacher being raped at school. That's right, Jacky720 just signed this (talk | contribs) 22:05, 12 May 2017 (UTC)
Other way around dude, other way around. Anonymous 00:05, 19 August 2018 (UTC)
It's not necessarily that the teacher is raping the students, but it does indicate the teacher might be having sex at school (for instance, with another colleague). --172.68.57.209 13:37, 22 May 2021 (UTC)

Ideally, there should be no voting machines. Here in Germany, we make a cross on a paper and put that paper in an urn. Counting is done manually under supervision. Voting machines are illegal for a reason. :) --141.101.104.4 15:05, 27 September 2015 (UTC)