I work in the public sector (K12 Education) and I find that many of the problems I deal with are the same impetus for the policy they've used.
You're right, however- I think it should be on a case-by-case basis. It's obvious that heavily used end-user desktops/laptops/etc need to be upgraded at least once every 13 years, but some server hardware might last a bit longer than 15 or so.
The whole problem is that if cost/benefit is evaluated with an artificially reduced benefit horizon (e.g. the period an administrator will spend in a position able to take credit for the improvement) then benefit will be systematically underestimated and outdated system will be irrationally favored. The 13-year policy recognizes this and serves as a stop-loss against the worst of these irrational judgements.
The replacement cycle is closer to 3 years than 15 in the private sector for hardware.
Major software releases [including those with full rewrites] happen more often than once every 15 years as well.
I'm not sure I buy the full rewrite bit simply because I know things can go horribly, horribly wrong with those. I'd be happier with a 5 year refresh cycle.
I imagine that the policy must make exceptions and involve a cost benefit analysis.
Any one with Kotka's level of experience must know that many companies don't rewrite their legacy systems because it is extremely expensive. Otherwise they would do it all the time. You might save in maintenance costs, but the cost of rewriting is much larger.
You usually rewrite software when it no longer does what you want it to do, or the cost of improving it exceeds the cost of rewriting. It can certainly take more than 13 years for the scales to tip in favor of a massive rewrite, especially for backend systems upon which many other systems rely.
Estonia is very impressive of how they have kept pace with technology. I think it helps that they have a 34 year old prime minister. Even his predecessors made it a priority to bring tech into government services and the citizens' everyday lives. We can see the benefits of those policies now.
The same analysts claim having broken it every time, yet the publication of their results is coincidentally always a few weeks before elections.
It is common knowledge in Estonia that this is the work of one political party whose electorate is less computer savvy and therefore they are afraid that more people who would not vote for them would have the chance to vote.
Not to mention that in case of offline voting the actual risks of fraud are much worse.
Based on the first link, it looks like the system does not solve the second concern (privacy of the ballot) at all.
If the user can verify how his vote was counted (in the example, using a smartphone app), then someone applying pressure on the voter can force him to verify that he voted the "right" way.
This is my problem with all these e-voting systems. They throw away hundreds of years of development in ballot security, assuming all those problems that have historically followed elections no longer apply.
Using regular paper ballot, you can force the voter to take a picture of his vote before he puts it in the box. It's that simple to put pressure on someone voting by paper. Oh, you can get a new voting form after you mark and photographed the first one? The criminal can stand outside the voting booth to make sure you don't go out and in again.
If you think papervoting is 100% secure you're naive. That's why e-voting doesn't need to be 100% secure, it just needs to be as secure as papervoting is now. The advantage with e-voting is that you can surpass the safety of papervoting.
Using e-voting it's actually much harder to put pressure on any voting. If you had read how it actually works, you'd have noticed that you're able to verify your vote only for up to 30 minutes after placing it. You're also able to change your vote by re-voting - the last vote counts. There still is a paperbased voting a week after e-voting ends, and if you go and vote by paper, that one overrides any electronic vote you might have made.
It shows a lack of respect that you try to put down a system you obviously haven't looked into and know nothing about. You hear "voting on the internet" and have a knee-jerk reaction that it's bad. Please in the future before you take a standpoint on any side of a discussion, research both sides, instead of throwing around opinions without merit. If everyone would have an informed opinion instead of just an opinion, society would be light-years ahead of where we are now.
The elections being discussed are performed over the internet, on the voters own computer. Where would the paper audit log be created, and how would you ensure it accurately reflects what the voter chose on his (possibly compromised) PC?
Edit: See the answer by user relix in this thread. This system does not solve the two issues I raised. As with all of these systems, they have to choose between "secure (verifiable) ballot" and "secret ballot". Estonia has clearly chosen the former.
The problem with that is that now people can be pressured to vote in certain ways, as they can prove after the fact how they voted. This has not been a big problem in first world countries for a long time - but I don't think that's because people have fundamentally changed, but rather that nobody tries it because the paper ballot system effectively stops such voter intimidation/manipulation.
>That said, not everybody is enthusiastic about uploading their country’s secrets onto the cloud. The opposition party, the leftist Central Party, is against it, just as it opposes electronic voting — insisting both initiatives pose too many potential security risks.
>But Kotka says all the data will be encrypted and impossible to access or erase without authorization. “You would have to bring the whole Internet down,” he explains, describing it as “untouchable.”
Whenever valid privacy and security concerns are raised with government IT systems (e-voting, centralised health care records, etc), this seems to be the kneejerk reaction: "No, it's all encrypted, you don't need to worry about it."
As a result, it's seems to be completely impossible to have a real discussion of the problems. In this case, this statement does nothing to answer the concerns, and yet it seems it placated the reporter.
19 comments
[ 3.0 ms ] story [ 192 ms ] threadYes, stagnated systems are also a huge problem, but I don't think setting a hard limit on a system's age is the solution.
I work in the public sector (K12 Education) and I find that many of the problems I deal with are the same impetus for the policy they've used.
You're right, however- I think it should be on a case-by-case basis. It's obvious that heavily used end-user desktops/laptops/etc need to be upgraded at least once every 13 years, but some server hardware might last a bit longer than 15 or so.
I guess it all boils down to cost/reward.
http://b2b.cbsimg.net/blogs/data-center-infographic__ashx.jp...
http://www.techrepublic.com/blog/data-center/infographic-the...
The replacement cycle is closer to 3 years than 15 in the private sector for hardware.
Major software releases [including those with full rewrites] happen more often than once every 15 years as well.
I'm not sure I buy the full rewrite bit simply because I know things can go horribly, horribly wrong with those. I'd be happier with a 5 year refresh cycle.
Any one with Kotka's level of experience must know that many companies don't rewrite their legacy systems because it is extremely expensive. Otherwise they would do it all the time. You might save in maintenance costs, but the cost of rewriting is much larger.
You usually rewrite software when it no longer does what you want it to do, or the cost of improving it exceeds the cost of rewriting. It can certainly take more than 13 years for the scales to tip in favor of a massive rewrite, especially for backend systems upon which many other systems rely.
http://en.wikipedia.org/wiki/Estonian_alien's_passport
http://www.theguardian.com/technology/2014/may/12/estonian-e...
It is common knowledge in Estonia that this is the work of one political party whose electorate is less computer savvy and therefore they are afraid that more people who would not vote for them would have the chance to vote.
Not to mention that in case of offline voting the actual risks of fraud are much worse.
You can read the official statement about these accusations here: http://www.vvk.ee/valimiste-korraldamine/vvk-uudised/vabarii...
If you can verify that, how do you protect the secrecy of the ballot?
More info: http://www.vvk.ee/voting-methods-in-estonia/engindex/
If the user can verify how his vote was counted (in the example, using a smartphone app), then someone applying pressure on the voter can force him to verify that he voted the "right" way.
This is my problem with all these e-voting systems. They throw away hundreds of years of development in ballot security, assuming all those problems that have historically followed elections no longer apply.
If you think papervoting is 100% secure you're naive. That's why e-voting doesn't need to be 100% secure, it just needs to be as secure as papervoting is now. The advantage with e-voting is that you can surpass the safety of papervoting.
Using e-voting it's actually much harder to put pressure on any voting. If you had read how it actually works, you'd have noticed that you're able to verify your vote only for up to 30 minutes after placing it. You're also able to change your vote by re-voting - the last vote counts. There still is a paperbased voting a week after e-voting ends, and if you go and vote by paper, that one overrides any electronic vote you might have made.
It shows a lack of respect that you try to put down a system you obviously haven't looked into and know nothing about. You hear "voting on the internet" and have a knee-jerk reaction that it's bad. Please in the future before you take a standpoint on any side of a discussion, research both sides, instead of throwing around opinions without merit. If everyone would have an informed opinion instead of just an opinion, society would be light-years ahead of where we are now.
If the election is contested in court, re-count by hand.
Seems simple enough. The voter can validate their votes on the paper print out before handing it over.
Of course I'm not sure this would be any better than the existing system since it adds costs.
Edit: See the answer by user relix in this thread. This system does not solve the two issues I raised. As with all of these systems, they have to choose between "secure (verifiable) ballot" and "secret ballot". Estonia has clearly chosen the former.
The problem with that is that now people can be pressured to vote in certain ways, as they can prove after the fact how they voted. This has not been a big problem in first world countries for a long time - but I don't think that's because people have fundamentally changed, but rather that nobody tries it because the paper ballot system effectively stops such voter intimidation/manipulation.
2) Voter validates ballot visually on printer. If voter is unhappy with print out matching his ballot, he makes notes.
3) Voter mails print ballot in, regardless.
Voting by mail is cheaper than voting in randomly selected first world location: http://californiawatch.org/dailyreport/cheaper-popular-mail-...
So worst case scenario is you are paying for the internet system + the paper mail system. That is still probably cheaper than just a paper system.
This system already exists and works without the issues you raise.
So what if it is compromised? If the printout doesn't match, a voter can manually correct it.
I'm uncertain why you would argue simultaneously:
1) Existing paper systems are good enough.
2) Existing paper systems used to verify internet ballots in the event of a dispute would not be good enough.
>But Kotka says all the data will be encrypted and impossible to access or erase without authorization. “You would have to bring the whole Internet down,” he explains, describing it as “untouchable.”
Whenever valid privacy and security concerns are raised with government IT systems (e-voting, centralised health care records, etc), this seems to be the kneejerk reaction: "No, it's all encrypted, you don't need to worry about it."
As a result, it's seems to be completely impossible to have a real discussion of the problems. In this case, this statement does nothing to answer the concerns, and yet it seems it placated the reporter.