As long as this digital infrastructure is developed by the administration itself, I find the idea of a digital bureaucracy great. But relying on proprietary products would undermine its purpose, imho.
Technology
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
Should be open sourced to. Auditing is crucial.
It scares me, honestly. The level of security for this to be viable is insane. Imagine some flaw or accident or attack that would erase me as a citizen. Scary thought.
This is one place where blockchain is actually useful. No one entity is responsible for the integrity of the "ledger". Of course it wouldn't be publicly writable so not exactly like the blockchains you normally think of.
I can't see how the blockchain would be particularly useful here either. The security features of the blockchain come at the cost of extreme energy usage. Storing documents using simple public-private key cryptography is waaaay more than enough imo.
You don't have to "mine blocks" to have a blockchain. It's just a continual list of transactions that can't be modified after the fact. So a hacker couldn't wipe out your existence from the chain without controlling the majority of the participants (in a consensus algorithm). Not saying it's an ideal use-case but highlighting that feature. There are many ways to avoid "data wipe" attacks.
So they are immutable basically.
Crypto fellaz always forget that we actually have this solution in most databases, and it's called write-ahead-log.
For most people not so scary until the one snafu to rule them all.
Hence it exists.
Can you change that people are stupid and find new and new ways to ruin their own lives? If you can't, just look and enjoy.
It's just that I don't want my own country to get any wild ideas. I mean, the ideal digital society utopia is an amazing thought experiment. But it feels very fragile for us at this time. We are still in our technological infancy as a species, even if we feel very advanced.
I don't think any utopia is reachable, but closest to that would look like Star Wars EU computing, where proprietary formats and stuff like what we use today are limited to toys for very rich people, computer systems are produced by a lot of different processes in a lot of different places, even if not very computationally powerful, everything is modular and tunable, and vendor locks are too a thing only for expensive toys.
Formats and environments and interfaces are simple, because of the need for portability of everything in such an environment. It's not impossible there to successfully integrate systems produced 100 years apart.
EDIT: What I meant is - it definitely won't happen the way we are trying now with centralized very complex and fragile systems built after what normies imagine to be good. Normies want magic - all-powerful arcanely complex systems, a deus ex machina. This is the direction exactly opposite from what a good engineer wants. It's scary actually how a lot of things around are attempts to replace the "wrong" humans. "Wrong" romantic partners, "wrong" employees, whole "wrong" professions (like many lawyers seem to hate engineers, and the other way around TBH), politicians try to replace "wrong" social responses with bot farms. Everybody is trying to use computers most of all to kill somebody else indirectly (or sometimes directly). I wonder when will it get to general conscience that this is not different from any other technological advancement.
I find it funny that people who think like that are from countries like the US and UK where you can live without an ID/passport your whole life. Identity theft in such countries is very common, while it's pretty much impossible in Estonia. You should be afraid of living without a digital state and a passport in your pocket.
I'm from Sweden. Also a developer by trade. 🤷♂️
It wouldn't really affect u even if ur id got deleted. Let me explain. Ur id is nothing but information correct (your name, address, etc.). The same goes with contracts. What makes ur id special is that the government has verified it to be legit.
A very simple way of doing this is by making the government cryptographically sign ur id/contact. I would really recommend getting a functional understanding of how public-private key cryptography works. Basically, the government just has to put up its public key online. If u have ur id, u can verify if the document is issued by the government using their public key.
As long as the public key stays there, and u don't lose ur id and contracts they won't technically be lost.
Also, if the public key suddenly changes/disappears without being notice, everyone would know that something's up. It's like ur government building's staff was suddenly replaced.
I would really recommend getting a functional understanding of how public-private key cryptography works.
I have an intermediate understanding of how it works. 👍
and u don't lose ur id and contracts
Ah, yeah... Therein might lie an issue. 😅
Ah, yeah... Therein might lie an issue. 😅
But that's an issue with papered systems as well, no?
I guess it is, but I'm assuming the government has a better system of keeping track of my papers than I would have of keeping track of my digital keys/identities. What if there's a fire and I lose my key pair without a backup? I'm screwed.
The government would have a copy as well! It's just that it's very hard for an entire government's data and your data to get wiped at the same time.
The government would have a copy of my public and private key?
Hmm, alright, I guess. It goes against my gut regarding key pairs but in this instance I guess it would be necessary. 😅
Nooo ur documents. Not ur private key lol (it wouldn't exactly be private now, would it). Let's say u lose ur private key. U would have to manually do shit like u do when u lose ur passport.
What I'm saying is, ur identity being deleted only if the government AND u lose all ur data on all devices at the same time. Which is incredibly unlikely.
It's like saying, "I don't trust a papered system because the state buildings and my house could burn at the same time with my documents in them"
Oh I see. So they have my data encrypted with their private keys. And I have my data encrypted with my own key? Or did I get lost again? 🫣
One thing I commonly hear as an argument against electronic voting is security and ease of vote tampering. Is Estonia solving this issue and, if so, how?
Idk if you watched the video but the reason it works is mentioned in the video, if not explored in detail.
You have a digital id and a digital signature that is tied to you as a citizen.
Each vote has to be signed with your personal voter signature.
I watched though about half of it, before concluding that this video is only going to be a summary video that won't answer my questions fully.
Digital ID and Digital signature are absolutely necessary, though depending on how those two are implemented I could still see fraud and vote manipulation being feasible. I was hoping someone with more knowledge about how Estonia is doing its security and verification systems to ensure records aren't being modified maliciously.
I’m happy to revisit and explain, but I don’t have much time to type right now - the wikipedia page for estonia has great info; you will need a basic understanding of cryptographic hashing and merkle trees
There should also be a 30sth page doc about how the e-voting machines are set up, configured and secured somewhere. But it is in Estonian and I can't be arsed to find it now
https://en.m.wikipedia.org/wiki/Estonian_identity_card
It's actually fascinating. Asymmetric keys with public keys hosted by the government and the private key in your ID.
A 4 digit pin1 code is required to use the authorization key and a 5 digit pin2 is required to use the signing key.
The average Estonian signs 50 documents per year using this method.
Everyone in Estonia has to have an ID card, which contains the RSA keys and x.509 certs for giving digital signatures.
And all the software is open source :)
Regarding electronic voting, you can either have reliable and secure, or anonymous, but not both. Sounds like Estonia went for option 1.
Turkey has been doing it for more than a decade. It is very convenient, but now you can find tons of info about every citizen on the web because of leaks.
Then it's a badly implemented system. A good system won't be able to have such leaks.
Except we won't. Too many of the religious fanatics think chips are the mark of the beast and 666 and all that bullshit.
And they control half the political power in the country.
Which country?
Here is an alternative Piped link(s):
https://piped.video/I5krZBe0Dck?si=3vkoWZ2cRfXOjosd
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.
FUCK YOU ML WE'RE BETTRR THAN YOU. 🥳🥳🥳🥳🥳🥳