Wednesday, 21 December 2016

Origami santa sleigh scene

I've had a lot of fun putting this together, and photographing it this morning. (Photography is hard!)

Credits and tutorial videos: Santa by Jo Nakashima & Camila Zeymer:

Sleigh by Jo Nakashima:

Reindeer by Jo Nakashima:

Sack by me: modified traditional waterbomb (I'll try to make a tutorial video or photoset if anyone's interested)

Snowflake by Dennis Walker:

Christmas tree by

Star (on Christmas tree) traditional:

Tuesday, 29 November 2016

On the potential for fraud in electronic elections

A lot of people have questions right now about the role of electronic voting in the recent US election. I have been steering clear of pretty much all news about the election (for obvious reasons) but I think I can still shed some useful light on the matter. In fact I think it might be more useful to speak in generalities, and you can apply this knowledge to specific news stories.

I'm afraid it's not going to be very reassuring.

I completed a Computer Science PhD on the topic of e-voting in 2008[1]. That's old, for a PhD, but there have not been any startling new developments in the field since then. In fact most of the e-voting systems in use in the US probably pre-date my PhD by quite a long way.

Let's start with the basics. Polling place e-voting systems[2] are usually broken down into 2 categories: DRE and Optical scan.


DRE stands for Direct Recording Electronic. These machines sometimes print out a ballot, but the main record of the vote cast is internal to the machine. This record is fundamentally unreliable, because the voter never sees it. The machine can display one thing on its screen and record something completely different (or indeed nothing at all) in its internal memory, and the voter has no way of knowing.

Optical Scan

Optical Scan systems fare somewhat better. The original ballot -- as seen by the voter -- still exists and can be rechecked. If you don't trust the system, you don't have to run the ballots back through it, you can count them by hand.

But this advantage is totally meaningless unless you sometimes count the ballots by hand. If you rely on the results from scanning machines you're back to the same problems the DRE systems have. And in reality these ballots are rarely counted. No one wants the added expense, or to have to deal with finding that the results don't match, so they don't look.


There's a famous essay[3] called Reflections on Trusting Trust where Ken Thompson outlines why you "can't trust code that you did not totally create yourself", and he means totally. I don't want to get too technical in this post (but I recommend giving the essay a go). Let's just say that it is well-known in computer science that computers are fundamentally untrustworthy.

Usually the first objection I get when I make this statement is something to do with electronic banking. We trust that, don't we? Well no, not really. We keep extensive audit trails (my bank records my side of the transaction, your bank records yours). And the wiser among us check those records. And identity theft, and banking fraud are huge problems. 

We can't keep an audit trail like that for elections. The secrecy of the ballot is vital to ensuring one-voter one-vote [4]

Possible Attacks

I'm not going to comment on any specifics from the recent election. As I've said, I've made a point of not reading about it. I'm not saying any of these things have happened to any system used in US elections. These are simply scenarios that I can imagine.


Employees of companies who sell voting systems may be politically or financially motivated to modify the behavior of those systems to help a particular party or candidate. It would take a very skilled engineer to make these changes and cover their tracks. But it's certainly possible.


All electronic voting devices have to have some way for poll workers to input the current ballot options. This is often done with a USB key, or a CD, or by connecting the device directly to another computer. Someone who knows the target system well enough could potentially get a virus [5] onto voting computers via these or other updates. (Do a search for 'stuxnet' for an example of a politically motivated virus).

Human error

Not technically an 'attack' I suppose, but just as serious. Code is written by humans. If a poll-worker counting paper ballots makes a mistake, that mistake affects the ballots in front of them. If a software developer makes a mistake, that error could potentially change the outcome of an election. Even high-quality software testing (which is sadly rare in the IT industry) cannot hope to find all errors.


The one saving grace that I see in US elections is their decentralization. In many countries there is one central authority running elections, designing ballots, buying voting machines. But the US is different. A US presidential election is essentially thousands of elections, because elections are often run at the county level (or sometimes even more locally).

On the other hand (partly because of the Electoral College) you don't actually have to subvert all of those elections to alter the final outcome. Some states, and even some districts, are more valuable than others. Focusing attacks on systems that are more vulnerable, in areas that are more valuable, where the expected outcome is less clear, could significantly reduce the required investment while still pushing your favorite candidate over the finish line.


The kinds of attacks I've outlined require significant investment. But elections in the US are at the very least a multi-billion dollar business. When you include all the political ramifications .... let's just say I find it hard to understand why this topic hasn't received more attention.

I'd welcome any comments or questions. You can comment on this post, or send me an email to mmcgaley[at]gmail[dot]com

Other Resources

I recommend this video, by Tom Scott:
You can read my PhD thesis here:
An essay on the history of e-voting in Ireland:
The findings of the Commission on Electronic Voting in Ireland:

[1] Sorry about the use of footnotes, I guess I'm still an academic at heart.
[2] I won't even go into Internet voting. (a) It's a horrible idea, and (b) it's not in widespread use.
[3] Famous among computer scientists. It was originally a lecture delivered when Thompson received his Turing Award, which is often called Computer Science's Nobel Prize.
[4] This is why I find Oregon's decision to use all-mail-in balloting baffling.
[5] There are actually several kinds of "malware" (malicious software) including viruses, trojans, and others. But 'virus' will do for this post.

Sunday, 7 August 2016

On vaccinations

I'm not sure how old I was when I almost died of measles. I can still just about remember the feeling of desperately trying to breathe. Back when the memory was clearer I asked my mam about it. I described the coughs that just kept going out, and the feeling that my lungs might never open up and let air in again. Was it whooping cough? "No", she said, "you had a very mild dose of whooping cough. That would be when you had measles. I'm surprised you remember. We thought we were going to lose you."

A couple of years ago a child I know was hospitalised with a high fever. Thanks to vaccination, measles has become so rare in Ireland that the hospital didn't even test for it, but when they came home the little one developed the classic rash. He had come in contact with someone who had measles, before he was old enough to get the vaccine.

That person, the one who gave my friend's child measles, may not have known they were sick. Not everyone who gets measles gets a bad dose. But the really powerful thing about vaccines is that so few people get any dose at all that the disease has nowhere to go. If everyone who can receive a vaccine against measles does so, the pockets of fertile land for the disease (people on immunosuppresants medication, kids too young to be vaccinated, the small percentage of people in whom the vaccine doesn't work) are so few and far between that the disease can't survive. We could make it *go away* like we did with smallpox, and have nearly done with polio. For my mother, polio was a fact of life. For me and my children polio is a fact of history.

And that's why you have a responsibility to vaccinate your kids.

I don't say that lightly. I've seen the injection-site swellings, and the vaccine-night fevers. I've winced and bitten my lip as my babies cried because someone stuck something sharp in them. But just as I have to teach them not to steal or hit, I have to teach their bodies not to pass on deadly diseases.