Online voting is convenient, but if the results aren't verifiable it's not worth the risk

Vote early, vote often - but if it's not secure people won't vote at all. vote by Feng Yu/shutterstock.com

In one of the most fiercely contested elections in years, the turnout of the 2015 British general election was still stubbornly low at 66.1% – only a single percentage point more than in 2010, and still around 10 points lower than the ranges common before the 1990s.

There has been all manner of hand-wringing about how to improve voter engagement and turnout. Considering the huge range of things we now do online, why not voting too? A Lodestone political survey suggested that 60% of respondents said they would vote if they could do so online, and this rose to around 80% among those aged 18-35. As recently as this year, the speaker of the House of Commons called for a secure online voting system by 2020.

But designing a secure way to vote online is hard. An electronic voting system has to be transparent enough that the declared outcome is fully verifiable, yet still protect the anonymity of the secret ballot in order to prevent the possibility of voter coercion.

End-to-end verifiability

Any online voting system has to arrive at its conclusion in such a way that voters and observers can verify the count, independently of the software used – this is called end-to-end verifiability. This way voters can be assured that their votes were recorded as they were cast, and that all cast votes were counted correctly.

The vital nature of this can be explained by analogy to online banking. Bank customers can verify their own bank statements – and need not care about the software that produced them. But what if the banks provided no evidence of your transactions, just your remaining balance – how could you verify that the bank wasn’t cheating you?

The difficulty in respect of online voting is that how each voter cast their vote must be kept secret – we can’t just have a huge banking-like “statement” recording who voted which way. Instead, all the votes cast are gathered together and presented on a website in encrypted form, in order to ensure ballot secrecy.

The challenge is to design a way of using encryption that allows an independently-verifiable tallying of individual votes, without removing the secrecy it affords the ballots. Methods have been invented that allow the voting server to generate cryptographically-sound proofs that its count is correct. This means voters, observers and media organisations can perform the necessary checks to establish that the declared outcome really does match the votes cast in the elections.

Paper ballots have worked well for centuries - any new methods must be at least as good. Cornelis Johan Hofker

Electronic voting in the real world

Online voting has been carried out eight times in Estonia, first in a local election in 2005 and, most recently, for its parliamentary elections in 2015. However the system Estonia uses does not support end-to-end verifiability. The tallying done by the server could be easily rigged, for example if someone has attacked the server with malware.

Norway also ran a trial of internet voting during local elections in 2011. The Norwegian system didn’t support end-to-end verifiability either – and in fact Norway has ended the project amid concern it could damage confidence in the electoral process. Nor has online voting in either country boosted voter turnout. There are benefits to electronic voting – verifiability, lower cost, speed – but on the real world evidence so far boosting turnout isn’t one of them.

We have recently seen researchers show how various attacks on existing electronic voting system are possible. Examples include iVote online voting system used in NSW elections in Australia or AVS WinVote machines used in three presidential elections in Virginia in the US. These attacks can affect the outcome of the election in an undetectable way, as there is no way for observers to verify independently the outcome of the election.

A system called Scantegrity was used in Takoma Park city municipal elections in the US in 2009, and vVote (an adaptation of the Prêt à Voter system) was recently used in Australian state of Victoria elections. These systems include mechanisms for end-to-end verifiability and so provide high assurance in the election results. But they are designed to be used in polling stations only, and so defeat the main perceived advantage of online voting by removing voters' ability to vote from anywhere.

The challenge of malware

Another challenge to designing verifiability in online voting is the possibility of malware infection of voters' computers. By some estimates between 30%-40% of all home computers are infected. It’s quite possible that determined attackers could produce and distribute malware specifically designed to thwart or alter the outcome of a national election – for example undetectably changing the way a user votes and then covering its tracks by faking how the vote appears to have been cast to the voter. Whatever verifability mechanisms there are could also be thwarted by the malware.

One way to try to prevent this kind of attack is to make voters use several computers during the voting process. Although this is hardly convenient, the idea is to make it more difficult for an attacker to launch a co-ordinated attack across several computers at once.

Online voting is attractive because it promises convenience. But providing true end-to-end verifiability remains an enormous challenge. Governments and politicians should be aware of the risks, and the possible loss of confidence in the voting system if whatever system introduced is found to be flawed. Democracy is important – if voting is to be done online it must be done properly, or not at all.

Here's what baboons can teach us about social media

No you can't join. This is the cool table. Alecia Carter

“Birds of a feather flock together” is a saying that exists in a number of different languages. “Gambá cheira gambá” (opossums smell other opossums) in Brazilian Portuguese is a particularly colourful example. The reason is that like-minded people like to hang out together across many cultures. And it seems the same is true of baboons.

Baboons' preference to spend time with similar personality types was revealed in a study of wild chacma baboons in Namibia. It found that the monkeys typically associate with other baboons based on personality type, age, rank and propensity to generate or use information. However, the study also found that this kind of cliquey behaviour hindered information sharing. For example, shy, high-ranking baboons often missed out on where to find the latest food sources as that information was typically held by bolder and younger baboons.

Perhaps there is a lesson there for us humans, reminding us that having a diverse set of friends may actually be an asset?

The limits of the Facebook share

Social media such sites such as Facebook are supposed to be democratising the world as they provide us with greater contact between individuals. In theory we have access to a world of information. But let’s be honest, our choice of friends is often guided by our interests, age and backgrounds. No one person’s Facebook is a random sample of the world’s population. Therefore the information shared is limited.

More than 90% of my friends on Facebook are biologists but I do not have friends who work in politics. This means that while I get the inside scoop on what is happening in biology – politics tend to take me by surprise. That’s not to say that associating with individuals of similar types doesn’t make a great deal of sense. Along with being a biologist I am also a father of two small children and therefore hang out with the parents of my kids’ friends, who are a great source of friendship and support.

Are we reading too much into social media? Damien Basile/Flickr, CC BY-SA

But while it may be easy to see why people like to form cliques, it is less obvious why animals do this. Female primates with young offspring often form a social group. Some of the benefits of this are practical – such as opportunities for their offspring to play together – but it may also be driven by the unique challenges this group of individuals faces. Adult males are more mobile than females, which creates an uneven competition for access to food. But as a group, these females are able to collectively look for food away from the males.

The study found that in chacma baboons it is younger and bolder individuals that typically try something new such as a strange food item or innovate in how to access a new food resource. The researchers were able to determine these associations by looking at who groomed who. Primates use grooming not only for hygiene, but also to make friends.

Similarly, studies in fish have suggested that positive association by personality type may increase cooperation between individuals – such as bolder individuals approaching a predator together to see if it is hungry or not. But if you are a shy individual, not associating with bold peers you might be in trouble because you’ll have no way of knowing that the predator is hungry.

Survival versus enlightenment

I get on the same train every day to work and therefore sit next to people who have the same working hours in roughly the same geographic location. But as this association is a matter of temporal and geographic convenience they do not influence what I do. However, I do take the highly selected information I get from my friends seriously and may act upon it – if it is in my benefit.

Can’t wait to share this with Jo and Steve. Tjeerd Wiersma/Flickr, CC BY-SA

For most social species, having the right kind of friends – which often means friends with similar personality – will enhance their chances of survival. But this may come at the cost of limited information flow.

The irony of living in a social network where information could flow freely is that by choosing your friends you limit your access to information. So before you unfriend that person on Facebook for uploading yet another “funny” cat video: remember variety is the source of information and not necessarily the spice of life.

Nepal hasn't had time to learn from the first earthquake but NGOs can prepare for future

Double disaster for Nepal Narendra Shrestha/EPA

Some countries experience far more disasters than others. This can offer them an opportunity to learn from previous events in order to help prepare for the next one and, hopefully, reduce the scale of devastation and death. The learning process is often slow and yet there are instances when the lessons learned from one disaster can be readily applied to another in a relatively short period of time.

Unfortunately, this may not be the case for Nepal, which has been struck by a powerful earthquake for the second time in three weeks. The latest earthquake, this time occurring with a magnitude of 7.3, has added 65 deaths and nearly 2,000 injuries (at the time of writing) to the list of more than 8,000 people who died during the 5.6-times larger quake of April 25.

To have two large disasters occur in the same place in such a short space of time is relatively rare. This means there are limited opportunities for governments or aid organisation to learn how to deal with double events. The last time Nepal experienced an earthquake that killed more than 5,000 individuals was in 1934.

At the same time, Nepal’s latest earthquake comes so soon after the previous one that the country may not have sufficient space to transfer any lessons it has learned. This applies to both the Nepalese governments and aid organisations in the field, which are already dealing with a disaster on scale rarely seen.

Learning curve

Disaster relief operations in countries with poor policies of disaster preparedness, such as Nepal, are characterised by steep learning curves. When a second disaster strikes, there is an opportunity to improve on disaster management as long as there is time to learn.

This seems to have been the case for Turkey when an earthquake killed approximately 17,000 people in August of 1999 and poor relief operations almost cost the country’s newly elected prime minister his job. When a second tremor hit the same region in November of that year, the Turkish government won praise for its organisation of relief efforts.

Unfortunately, Nepal’s situation today more closely resembles that of Mexico during September 1985, when a powerful 8.0 tremor hit Mexico City, killing approximately 10,000 people. The main quake was followed by an aftershock of magnitude 7.5 that destroyed additional buildings. Search-and-rescue operations, as well as aid distribution, had to be organized by private individuals, students and neighbours in the absence of government-led relief operations.

Starting again, again. Mast Irham/EPA

In the aftermath of Nepal’s earthquake on April 25, numerous obstacles delayed the provision of aid. To begin with, there were problems over coordination. Non-governmental organisations (NGOs) play a crucial role in providing disaster aid but governments occasionally block these operations. During this emergency, the Nepalese government has been criticised for blocking aid to remote areas and thwarting the work of NGOs. But NGOs have also been criticised for not reaching some remote areas in need of aid.

Unfortunately, we do not know whether NGOs would have reached these areas if they had had the full cooperation of the Nepalese government, which already has a poor political record. The distribution of aid has also been hampered by poor weather conditions and overwhelmed airports.

However, by May 6, the UN reported that government and humanitarian partners had reached all affected districts. The UN also recently reported that 330 humanitarian agencies are implanting 2,200 humanitarian activities and that 10% of the US $423 million appeal for aid has already been funded. The question is will this flow of aid carry over to the new event of May 12 or will it be hampered by it?

What next?

The answer to this question will become more evident in the coming hours. NGOs will be able to use their experience and presence in the field to to continue providing aid in the face of bad weather and poor infrastructure. This may be crucial since most (usually) government-sponsored international rescue teams sent in after the first quake had left the country by the time of the second.

In addition, since the government of Nepal has lost some credibility, NGOs will be able to use Nepal’s place on top of the news agenda across the planet to secure more funds for the flash appeal for aid.

As in Mexico 1985, Nepal does not have enough time to transfer lessons from one earthquake to the next. Yet NGOs will play a role in collecting, consolidating, sharing, and applying the lessons from 2015 to future disasters.

This may also have very positive political consequences: many of the individuals that organised rescue efforts in Mexico in 1985 joined forces with opposition parties that contributed to the eventual democratisation of the country.

Bacteria on shoes could help forensic teams catch suspects

There must be a dirty shoe here somewhere. DPA/EPA

Prospective criminals should take note: bacteria are everywhere. A small pilot study has shown that the germs on personal belongings such as shoes and mobile phones are actually a useful way of tracing a person’s whereabouts – something that may prove useful in forensic investigations.

Microorganisms like bacteria are small, diverse and often specific to certain environments, organisms or individuals. This is also what makes them excellent as a forensic tool. In fact, like DNA and fingerprints, a suspect can unknowingly leave microbes behind on a crime scene or victim, providing useful information about the identity or origin of the suspect for forensic scientists. One day, such microbial signatures of individuals may prove as important as DNA or fingerprints, although a lot more research is needed to get there.

The age of bacteria

Biology books typically state that we are living in the “age of mammals” that has followed the “age of dinosaurs” and the “age of the bacteria”. But, there are loads more species of bacteria than there are species of mammals. Looking at these numbers, along with the distribution and adaptability of the species, it seems we are still in the age of the bacteria.

Bacteria are the most abundant and genetically diverse organisms that we know. These germs ubiquitously inhabit the environment, including many extreme places like the glaciers in the high altitude, polar regions, or very hot thermal springs. Moreover, bacteria are present on different regions of the animal and human body, especially skin, mouth and the gastrointestinal tract. These body regions are home of diverse communities of bacteria and other microorganisms that can change depending on the health status and age of the host.

Several studies have been carried out to describe the human microbiome, which is the collection of bacteria we are associated with, and to verify that the microbial signature can be used in the investigative field and, a the end of the legal process, in the court as proper evidence.

When arriving at a crime scene, the suspect usually has to walk. This was the starting point for the study, which tried to determine the possibility to trace people’s origin using the microbial community of their shoes.

If only the suspect had stepped on this! EPA

This team looked at shoes from 89 participants randomly selected from attendees at three different scientific conferences in the US. They found that the shoes could be divided into three different groups according to the geographic locations of the conferences. This is because shoes that have travelled on different types of surfaces show distinct microbial signatures, in addition to a “core microbiome” belonging to an individual. This is obviously useful to forensic teams as it reveals the microbial signature of the owner as well as demonstrating where they have been before the sampling.

The team also showed that one of the most common objects that we use every day, the mobile phone, could also be of used in this way. They demonstrated that the pattern of microbes found on a telephone is unique. There are also differences between the front and the back since the back is mainly in contact with the hands and the front comes into contact with the face, and particularly with the mouth. These observations are supported by previous studies that demonstrated how different microbial communities are from different body parts – and that the personal microbial signature is unique.

Hurdles to overcome

However the authors also pointed to some difficulties in implementing the research. The microbiome on our soles typically changes throughout the day, which could make it hard to pinpoint the places we’ve been if we have walked around a lot. In the same way, the microbiome of a certain floor is also altered if a lot of people walk on it.

Cadaver-eating insects mapped. Danielle peña/Flickr, CC BY-SA

But the microbiome could have other uses in forensics than locating suspects. In the past few years a lot of work has been done in order to use the changes in the biome associated with decomposing bodies, called “necrobiome”, to estimate the time since death. The idea behind this approach follows what is already known and applied in another forensic discipline: forensic entomology. Insects, which colonise a cadaver in specific waves, are used in this field to give answers to one of the most crucial question on a homicide: when? This is because insects colonise a body in predictable waves, so the study of insects on cadavers tells us something about the minimum time since death.

The small study is important but will not be seen as a revolution by those working in forensics. It is simply the extension of “Locard’s exchange principle, one of the most robust pillars of the forensic work, to the microbial level: “Every contact leaves a trace”. More work is needed to determine the practical use of it in the future. A first step would be to scale up the experiment to include more people.

Many feared dead as second quake hits devastated Nepal

On top of the devastation following the first earthquake, a second has hit. EPA

The second earthquake to hit Nepal in less than a month caught local disaster relief agencies unaware and, despite being six times weaker than the massive quake on April 25, it is still thought to have caused hundreds of casualties.

The magnitude 7.3 that struck around 80km (50 miles) east of Kathmandu resulted from the same tectonic forces as the larger earthquake just over a fortnight before, caused by the Indian plate thrusting beneath the Eurasian tectonic plate along the front of the Himalayas.

While the earthquake could not have been predicted, geophysicists had noted that the fault that slipped on April 25 was weaker than might have been expected. It was not the “great Himalayan earthquake” that had been anticipated by some.

The latest large quake has been linked to stress after the first, which passed eastward along the fault system, running in front of the Tibetan plateau. In a domino effect, stress transferred along to a separate section of the rupture that has now been triggered as an earthquake.

Weaker but still fatal

Although weaker the previous quake, it was, nevertheless, of a similar magnitude to the Haiti earthquake of 2010, which killed more than 100,000 people.

Estimated population affected where the earthquake struck. USGS

Many buildings of un-reinforced brick and mud, were already weakened by the recent shakes. The earlier quake also generated secondary hazards such as landslides and liquefaction, the weakening and softening of soil following an earthquake, that might well have increased the damage in this second quake.

Photographers travelling with a US medical team captured the second quake on camera.

The United States Geological Survey has issued an impact assessment, rating the event as “severe” in the worst-affected area. It states that the quake will have caused significant casualties, with estimated fatalities sadly likely to reach a total of hundreds or more.

Orange alert level for shaking-related fatalities. Past events with this alert level have required a regional or national level response. USGS

Moving east

Andy Hooper, professor of geophysics and geodesy (the science that enables global positioning) at Leeds University said that the earthquake started at the eastern edge of where the fault slip reached during the 7.8 magnitude event of two and a half weeks ago. “The fault appears to have ruptured mainly eastwards and can be considered as a further unzipping of the locked fault” he said. “We do not have measurements yet, but because the fault slip in this earthquake occurred farther east, it may well have caused a significant drop in the height of Mount Everest.”

Yellow alert level for economic losses. Some damage is possible. Estimated economic losses are 0-1% GDP of Nepal. USGS

Yani Najman, Himalayan geologist at the Lancaster Environment Centre at Lancaster University, said there was little or nothing that could be done to stop earthquakes occurring in this region. “However, loss of life in future events can be reduced with stronger buildings, less likely to collapse,” he said. Najman added that when Nepal embarks on a a major phase of rebuilding, it should also be a time for education in the country, “promoting simple measures to ensure that housing is as well-built as it can be, taking into account also the limited resources available to people.”

Disclosure

Simon Redfern receives funding from NERC

How we recreated the early universe in the laboratory

The atmosphere of black holes contain a matter-antimatter plasma. NASA/Flickr, CC BY-SA

One of the all-time great mysteries in physics is why our universe contains more matter than antimatter, which is the equivalent of matter but with the opposite charge. To tackle this question, our international team of researchers have managed to create a plasma of equal amounts of matter and antimatter – a condition we think made up the early universe.

Matter as we know it appears in four different states: solid, liquid, gas, and plasma, which is a really hot gas where the atoms have been stripped of their electrons. However, there is also a fifth, exotic state: a matter-antimatter plasma, in which there is complete symmetry between negative particles (electrons) and positive particles (positrons).

This peculiar state of matter is believed to be present in the atmosphere of extreme astrophysical objects, such as black holes and pulsars. It is also thought to have been the fundamental constituent of the universe in its infancy, in particular during the Leptonic era, starting approximately one second after the Big Bang.

A fraction of a second of life

One of the problems with creating matter and antimatter particles together is that they strongly dislike each other – disappearing in a burst of light whenever they meet. However, this doesn’t happen straight away, and it is possible to study the behaviour of the plasma for the fraction of a second in which it is alive.

Understanding how matter behaves in this exotic state is crucial if we want to understand how our universe has evolved and, in particular, why the universe as we know it is made up mainly of matter. This is a puzzling feature, as the theory of relativistic quantum mechanics suggests we should have equal amounts of the two. In fact, no current model of physics can explain the discrepancy.

Pulsars, here one encased in supernova bubble, also have an atmosphere of matter-antimatter plasma. ESA/XMM-Newton/ L. Oskinova/M. Guerrero; CTIO/R. Gruendl/Y.H. Chu, CC BY

Despite its fundamental importance for our understanding of the universe, an electron-positron plasma had never been produced before in the laboratory, not even in huge particle accelerators such as CERN. Our international team, involving physicists from the UK, Germany, Portugal, and Italy, finally managed to crack the nut by completely changing the way we look at these objects.

Thinking small

Instead of focusing our attention on immense particle accelerators, we turned to the ultra-intense lasers available at the Central Laser Facility at the Rutherford Appleton Laboratory in Oxfordshire, UK. We used an ultra-high vacuum chamber with an air pressure corresponding to a hundredth of a millionth of our atmosphere to shoot an ultra-short and intense laser pulse (hundred billions of billions more intense that sunlight on the Earth surface) onto a nitrogen gas. This stripped off the gas’ electrons and accelerated them to a speed extremely close to that of light.

The beam then collided with a block of lead, which slowed them down again. As they slowed down they emitted particles of light, photons, which created pairs of electrons and their anti-particle, the positron, when they collided with nuclei of the lead sample. A chain-reaction of this process gave rise to the plasma.

However, this experimental achievement was not without effort. The laser beam had to be guided and controlled with micrometer precision, and the detectors had to be finely calibrated and shielded – resulting in frequent long nights in the laboratory.

But it was well worth it as the development means an exciting branch of physics is opening up. Apart from investigating the important matter-antimatter asymmetry, by looking at how these plasmas interact with ultra powerful laser beams, we can also study how this plasma propagates in vacuum and in a low-density medium. This would be effectively recreating conditions similar to the generation of gamma-ray bursts, some of the most luminous events ever recorded in our universe.

Rombertik 'kamikaze virus' is inventive and aggressive, but it's not the end of the world

Rombertik takes the nuclear option rather than be found. National Nuclear Security Administration

In human culture and warfare, the notion of self-destructive attackers like the Kamikaze pilots deployed during World War II, is pervasive. A more recent conflict is the cyber-war between those creating malware and the security firms and cyber-security specialists that attempt to thwart them. In this battle, the recently revealed Rombertik malware is an interesting evolution.

Rombertik is a complex malware form that’s capable of pulling the pin on a grenade and taking itself and the computer on which it resides down with it as it goes. Rombertik literally self-destructs on discovery, as a means of defending itself against detection. While it’s possible to detect, the malware makes it incredibly difficult to deploy any technological countermeasures.

Take no prisoners

Malware experts are struggling to learn the inner workings of this interesting adversary. Scanning for any opportunities possible, Rombertik will attach itself to a web browser and attempt to capture all the data passing through it. This means that nothing is safe: emails, passwords, personal details, which cat videos you watch – everything is up for grabs.

Worse is that if you attempt to analyse this nasty malware, Rombertik will deliberately attempt to corrupt the master boot record of your storage device, where crucial details such as the location of files on the disk and the layout of the disk’s partitions are stored. The result is that on the following reboot, the disk and everything on it will be useless until wiped and re-installed, removing all your data with it. It’s a pain, and while recovery isn’t out of the question, that’s an even bigger pain.

The war of attrition between those creating anti-virus software and those creating malware leads to a cycle of invention. Many malware have included forms of defence – for example those that stop the user running the Windows task manager to kill the virus process, or detect and disable antivirus software, or prevent internet connections – but Rombertik’s approach is certainly an example of the nuclear option.

Rombertik spreads as an email worm, and can seemingly arrive from a legitimate source. It is very good at concealing itself in all manner of attachments, and is a very small application capable of hiding in a considerably larger payload, once it has embedded itself in your web browser. It’s able to infect Chrome, Firefox and Internet Explorer browsers.

When active, it uses various tricks to confuse some of the various defences of the host operating system. Aimed solely at Microsoft Windows, this means anyone using Windows XP, 7, 8 and 8.1 and Internet Explorer should be concerned. While there’s a worldwide drop in the market share of Windows operating systems on the desktop, the statistics clearly show that there are hundreds of millions, if not billions of Windows installations. Rombertik’s creators are still assured of a popular platform to attack.

What can you do

However, don’t panic. While there’s considerable hype about Rombertik, preventing yourself from becoming a victim is no more difficult that following the common sense rules that apply to avoiding any other malware.

Ensure that you have anti-malware software, and ensure that it downloads the latest updates and anti-malware definitions – preferably set to do so automatically – and that it’s set to scan all incoming email. Many webmail services such as Gmail and Hotmail already do so. Nevertheless, don’t click on attachments in bizarre emails from unknown senders, nor on unexpected attachments from a trusted sender (this could be any file format). Treat unexpected mails with attachments as suspicious, and scan the file.

Rombertik suicide tactics are nothing new, and while the attack vector is aggressive, the solution is very old school.